SUSE-SU-2025:20405-1: moderate: Security update for systemd

[SLE-UPDATES]

# Security update for systemd

Announcement ID: SUSE-SU-2025:20405-1  
Release Date: 2025-06-12T07:16:22Z  
Rating: moderate  
References:

  * bsc#1236177
  * bsc#1237496
  * bsc#1241190
  * bsc#1242938

  
Cross-References:

  * CVE-2025-4598

  
CVSS scores:

  * CVE-2025-4598 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2025-4598 ( NVD ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

  
Affected Products:

  * SUSE Linux Micro 6.0
  * SUSE Linux Micro Extras 6.0

  
  
An update that solves one vulnerability and has three fixes can now be
installed.

## Description:

This update for systemd fixes the following issues:

  * coredump: use %d in kernel core pattern (CVE-2025-4598)
  * Revert "macro: terminate the temporary VA_ARGS_FOREACH() array with a
    sentinel" (SUSE specific)
  * umount: do not move busy network mounts (bsc#1236177)
  * man/pstore.conf: pstore.conf template is not always installed in /etc
  * man: coredump.conf template is not always installed in /etc (bsc#1237496)
  * Don't write messages sent from users with UID falling into the container UID
    range to the system journal. Daemons in the container don't talk to the
    outside journald as they talk to the inner one directly, which does its
    journal splitting based on shifted uids. (bsc#1242938)
  * This re-adds back the support for the persistent net name rules as well as
    their generator since predictable naming scheme is still disabled by default
    on Micro (via the `net.ifnames=0` boot option). (bsc#1241190)

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Micro 6.0  
    zypper in -t patch SUSE-SLE-Micro-6.0-352=1

  * SUSE Linux Micro Extras 6.0  
    zypper in -t patch SUSE-SLE-Micro-6.0-352=1

## Package List:

  * SUSE Linux Micro 6.0 (aarch64 s390x x86_64)
    * systemd-254.25-1.1
    * libsystemd0-254.25-1.1
    * systemd-debugsource-254.25-1.1
    * systemd-portable-debuginfo-254.25-1.1
    * udev-254.25-1.1
    * libudev1-254.25-1.1
    * systemd-container-254.25-1.1
    * libudev1-debuginfo-254.25-1.1
    * systemd-journal-remote-debuginfo-254.25-1.1
    * systemd-debuginfo-254.25-1.1
    * systemd-journal-remote-254.25-1.1
    * systemd-portable-254.25-1.1
    * udev-debuginfo-254.25-1.1
    * systemd-coredump-254.25-1.1
    * systemd-coredump-debuginfo-254.25-1.1
    * systemd-experimental-debuginfo-254.25-1.1
    * systemd-experimental-254.25-1.1
    * systemd-container-debuginfo-254.25-1.1
    * libsystemd0-debuginfo-254.25-1.1
  * SUSE Linux Micro Extras 6.0 (aarch64 s390x x86_64)
    * systemd-debugsource-254.25-1.1
    * systemd-devel-254.25-1.1

## References:

  * https://www.suse.com/security/cve/CVE-2025-4598.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1236177
  * https://bugzilla.suse.com/show_bug.cgi?id=1237496
  * https://bugzilla.suse.com/show_bug.cgi?id=1241190
  * https://bugzilla.suse.com/show_bug.cgi?id=1242938

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20250617/94b6310c/attachment.htm>