Security update for systemd SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20554-1 Final 1 1 2025-08-12T14:05:24Z current 2025-08-12T14:05:24Z 2025-08-12T14:05:24Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for systemd This update for systemd fixes the following issues: - Remove the script used to help migrating the language and locale settings located in /etc/sysconfig/language on old systems to the systemd default locations (bsc#1247074) The script was introduced more than 7 years ago and all systems running TW should have been migrated since then. Moreover the installer supports the systemd default locations since approximately SLE15. - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - logs-show: get timestamp and boot ID only when necessary (bsc#1242827) - sd-journal: drop to use Hashmap to manage journal files per boot ID - tree-wide: set SD_JOURNAL_ASSUME_IMMUTABLE where appropriate - sd-journal: introduce SD_JOURNAL_ASSUME_IMMUTABLE flag - sd-journal: make journal_file_read_tail_timestamp() notify to the caller that some new journal entries added - sd-journal: cache last entry offset and journal file state - sd-journal: fix typo in function name - coredump: use %d in kernel core pattern (bsc#1243935 CVE-2025-4598) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-416 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520554-1/ Link for SUSE-SU-2025:20554-1 https://lists.suse.com/pipermail/sle-updates/2025-August/041299.html E-Mail link for SUSE-SU-2025:20554-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1242827 SUSE Bug 1242827 https://bugzilla.suse.com/1243935 SUSE Bug 1243935 https://bugzilla.suse.com/1247074 SUSE Bug 1247074 https://www.suse.com/security/cve/CVE-2025-4598/ SUSE CVE CVE-2025-4598 page SUSE Linux Micro 6.0 libsystemd0-254.27-1.1 libudev1-254.27-1.1 systemd-254.27-1.1 systemd-container-254.27-1.1 systemd-coredump-254.27-1.1 systemd-experimental-254.27-1.1 systemd-journal-remote-254.27-1.1 systemd-portable-254.27-1.1 udev-254.27-1.1 libsystemd0-254.27-1.1 as a component of SUSE Linux Micro 6.0 libudev1-254.27-1.1 as a component of SUSE Linux Micro 6.0 systemd-254.27-1.1 as a component of SUSE Linux Micro 6.0 systemd-container-254.27-1.1 as a component of SUSE Linux Micro 6.0 systemd-coredump-254.27-1.1 as a component of SUSE Linux Micro 6.0 systemd-experimental-254.27-1.1 as a component of SUSE Linux Micro 6.0 systemd-journal-remote-254.27-1.1 as a component of SUSE Linux Micro 6.0 systemd-portable-254.27-1.1 as a component of SUSE Linux Micro 6.0 udev-254.27-1.1 as a component of SUSE Linux Micro 6.0 A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality. CVE-2025-4598 SUSE Linux Micro 6.0:libsystemd0-254.27-1.1 SUSE Linux Micro 6.0:libudev1-254.27-1.1 SUSE Linux Micro 6.0:systemd-254.27-1.1 SUSE Linux Micro 6.0:systemd-container-254.27-1.1 SUSE Linux Micro 6.0:systemd-coredump-254.27-1.1 SUSE Linux Micro 6.0:systemd-experimental-254.27-1.1 SUSE Linux Micro 6.0:systemd-journal-remote-254.27-1.1 SUSE Linux Micro 6.0:systemd-portable-254.27-1.1 SUSE Linux Micro 6.0:udev-254.27-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520554-1/ https://www.suse.com/security/cve/CVE-2025-4598.html CVE-2025-4598 https://bugzilla.suse.com/1243935 SUSE Bug 1243935