<div class="container">
<h1>Security update for systemd</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2025:20405-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-06-12T07:16:22Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1236177">bsc#1236177</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1237496">bsc#1237496</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1241190">bsc#1241190</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1242938">bsc#1242938</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-4598.html">CVE-2025-4598</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-4598</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.7</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-4598</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">4.7</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Micro 6.0</li>
<li class="list-group-item">SUSE Linux Micro Extras 6.0</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves one vulnerability and has three fixes can now be installed.</p>
<h2>Description:</h2>
<p>This update for systemd fixes the following issues:</p>
<ul>
<li>coredump: use %d in kernel core pattern (CVE-2025-4598)</li>
<li>Revert "macro: terminate the temporary VA_ARGS_FOREACH() array with a sentinel" (SUSE specific)</li>
<li>umount: do not move busy network mounts (bsc#1236177)</li>
<li>man/pstore.conf: pstore.conf template is not always installed in /etc</li>
<li>man: coredump.conf template is not always installed in /etc (bsc#1237496)</li>
<li>Don't write messages sent from users with UID falling into the container UID
range to the system journal. Daemons in the container don't talk to the
outside journald as they talk to the inner one directly, which does its
journal splitting based on shifted uids. (bsc#1242938)</li>
<li>This re-adds back the support for the persistent net name rules as well as
their generator since predictable naming scheme is still disabled by default
on Micro (via the <code>net.ifnames=0</code> boot option). (bsc#1241190)</li>
</ul>
<h2>Special Instructions and Notes:</h2>
<ul>
<li>Please reboot the system after installing this update.</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Micro 6.0
<br/>
<code>zypper in -t patch SUSE-SLE-Micro-6.0-352=1</code>
</li>
<li class="list-group-item">
SUSE Linux Micro Extras 6.0
<br/>
<code>zypper in -t patch SUSE-SLE-Micro-6.0-352=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Micro 6.0 (aarch64 s390x x86_64)
<ul>
<li>systemd-254.25-1.1</li>
<li>libsystemd0-254.25-1.1</li>
<li>systemd-debugsource-254.25-1.1</li>
<li>systemd-portable-debuginfo-254.25-1.1</li>
<li>udev-254.25-1.1</li>
<li>libudev1-254.25-1.1</li>
<li>systemd-container-254.25-1.1</li>
<li>libudev1-debuginfo-254.25-1.1</li>
<li>systemd-journal-remote-debuginfo-254.25-1.1</li>
<li>systemd-debuginfo-254.25-1.1</li>
<li>systemd-journal-remote-254.25-1.1</li>
<li>systemd-portable-254.25-1.1</li>
<li>udev-debuginfo-254.25-1.1</li>
<li>systemd-coredump-254.25-1.1</li>
<li>systemd-coredump-debuginfo-254.25-1.1</li>
<li>systemd-experimental-debuginfo-254.25-1.1</li>
<li>systemd-experimental-254.25-1.1</li>
<li>systemd-container-debuginfo-254.25-1.1</li>
<li>libsystemd0-debuginfo-254.25-1.1</li>
</ul>
</li>
<li>
SUSE Linux Micro Extras 6.0 (aarch64 s390x x86_64)
<ul>
<li>systemd-debugsource-254.25-1.1</li>
<li>systemd-devel-254.25-1.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-4598.html">https://www.suse.com/security/cve/CVE-2025-4598.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1236177">https://bugzilla.suse.com/show_bug.cgi?id=1236177</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1237496">https://bugzilla.suse.com/show_bug.cgi?id=1237496</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1241190">https://bugzilla.suse.com/show_bug.cgi?id=1241190</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1242938">https://bugzilla.suse.com/show_bug.cgi?id=1242938</a>
</li>
</ul>
</div>