Security update for systemd SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20405-1 Final 1 1 2025-06-12T07:16:56Z current 2025-06-12T07:16:56Z 2025-06-12T07:16:56Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for systemd This update for systemd fixes the following issues: - coredump: use %d in kernel core pattern (CVE-2025-4598) - Revert "macro: terminate the temporary VA_ARGS_FOREACH() array with a sentinel" (SUSE specific) - umount: do not move busy network mounts (bsc#1236177) - man/pstore.conf: pstore.conf template is not always installed in /etc - man: coredump.conf template is not always installed in /etc (bsc#1237496) - Don't write messages sent from users with UID falling into the container UID range to the system journal. Daemons in the container don't talk to the outside journald as they talk to the inner one directly, which does its journal splitting based on shifted uids. (bsc#1242938) - This re-adds back the support for the persistent net name rules as well as their generator since predictable naming scheme is still disabled by default on Micro (via the `net.ifnames=0` boot option). (bsc#1241190) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-352 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520405-1/ Link for SUSE-SU-2025:20405-1 https://lists.suse.com/pipermail/sle-updates/2025-June/040342.html E-Mail link for SUSE-SU-2025:20405-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1236177 SUSE Bug 1236177 https://bugzilla.suse.com/1237496 SUSE Bug 1237496 https://bugzilla.suse.com/1241190 SUSE Bug 1241190 https://bugzilla.suse.com/1242938 SUSE Bug 1242938 https://www.suse.com/security/cve/CVE-2025-4598/ SUSE CVE CVE-2025-4598 page SUSE Linux Micro 6.0 libsystemd0-254.25-1.1 libudev1-254.25-1.1 systemd-254.25-1.1 systemd-container-254.25-1.1 systemd-coredump-254.25-1.1 systemd-experimental-254.25-1.1 systemd-journal-remote-254.25-1.1 systemd-portable-254.25-1.1 udev-254.25-1.1 libsystemd0-254.25-1.1 as a component of SUSE Linux Micro 6.0 libudev1-254.25-1.1 as a component of SUSE Linux Micro 6.0 systemd-254.25-1.1 as a component of SUSE Linux Micro 6.0 systemd-container-254.25-1.1 as a component of SUSE Linux Micro 6.0 systemd-coredump-254.25-1.1 as a component of SUSE Linux Micro 6.0 systemd-experimental-254.25-1.1 as a component of SUSE Linux Micro 6.0 systemd-journal-remote-254.25-1.1 as a component of SUSE Linux Micro 6.0 systemd-portable-254.25-1.1 as a component of SUSE Linux Micro 6.0 udev-254.25-1.1 as a component of SUSE Linux Micro 6.0 A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality. CVE-2025-4598 SUSE Linux Micro 6.0:libsystemd0-254.25-1.1 SUSE Linux Micro 6.0:libudev1-254.25-1.1 SUSE Linux Micro 6.0:systemd-254.25-1.1 SUSE Linux Micro 6.0:systemd-container-254.25-1.1 SUSE Linux Micro 6.0:systemd-coredump-254.25-1.1 SUSE Linux Micro 6.0:systemd-experimental-254.25-1.1 SUSE Linux Micro 6.0:systemd-journal-remote-254.25-1.1 SUSE Linux Micro 6.0:systemd-portable-254.25-1.1 SUSE Linux Micro 6.0:udev-254.25-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520405-1/ https://www.suse.com/security/cve/CVE-2025-4598.html CVE-2025-4598 https://bugzilla.suse.com/1243935 SUSE Bug 1243935