# Security update for systemd Announcement ID: SUSE-SU-2025:02244-1 Release Date: 2025-07-08T08:44:27Z Rating: moderate References: * bsc#1242827 * bsc#1243935 Cross-References: * CVE-2025-4598 CVSS scores: * CVE-2025-4598 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-4598 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for systemd fixes the following issues: * CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). Other bugfixes: * logs-show: get timestamp and boot ID only when necessary (bsc#1242827). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-2244=1 openSUSE-SLE-15.6-2025-2244=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2244=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2244=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2244=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2244=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * systemd-254.25-150600.4.40.1 * systemd-coredump-254.25-150600.4.40.1 * systemd-portable-254.25-150600.4.40.1 * libudev1-debuginfo-254.25-150600.4.40.1 * libsystemd0-mini-debuginfo-254.25-150600.4.40.1 * systemd-journal-remote-debuginfo-254.25-150600.4.40.1 * systemd-sysvcompat-debuginfo-254.25-150600.4.40.1 * systemd-mini-container-debuginfo-254.25-150600.4.40.1 * systemd-doc-254.25-150600.4.40.1 * systemd-coredump-debuginfo-254.25-150600.4.40.1 * libsystemd0-mini-254.25-150600.4.40.1 * systemd-experimental-254.25-150600.4.40.1 * systemd-mini-debuginfo-254.25-150600.4.40.1 * udev-mini-254.25-150600.4.40.1 * systemd-mini-debugsource-254.25-150600.4.40.1 * udev-254.25-150600.4.40.1 * libsystemd0-254.25-150600.4.40.1 * systemd-debuginfo-254.25-150600.4.40.1 * systemd-homed-debuginfo-254.25-150600.4.40.1 * libudev-mini1-debuginfo-254.25-150600.4.40.1 * systemd-portable-debuginfo-254.25-150600.4.40.1 * systemd-debugsource-254.25-150600.4.40.1 * systemd-container-debuginfo-254.25-150600.4.40.1 * udev-mini-debuginfo-254.25-150600.4.40.1 * systemd-journal-remote-254.25-150600.4.40.1 * systemd-network-debuginfo-254.25-150600.4.40.1 * udev-debuginfo-254.25-150600.4.40.1 * systemd-mini-container-254.25-150600.4.40.1 * systemd-network-254.25-150600.4.40.1 * systemd-sysvcompat-254.25-150600.4.40.1 * systemd-experimental-debuginfo-254.25-150600.4.40.1 * systemd-mini-devel-254.25-150600.4.40.1 * systemd-mini-254.25-150600.4.40.1 * systemd-container-254.25-150600.4.40.1 * systemd-homed-254.25-150600.4.40.1 * systemd-devel-254.25-150600.4.40.1 * systemd-testsuite-254.25-150600.4.40.1 * systemd-testsuite-debuginfo-254.25-150600.4.40.1 * libudev-mini1-254.25-150600.4.40.1 * libudev1-254.25-150600.4.40.1 * libsystemd0-debuginfo-254.25-150600.4.40.1 * openSUSE Leap 15.6 (x86_64) * libsystemd0-32bit-debuginfo-254.25-150600.4.40.1 * libudev1-32bit-debuginfo-254.25-150600.4.40.1 * systemd-devel-32bit-254.25-150600.4.40.1 * systemd-32bit-254.25-150600.4.40.1 * libsystemd0-32bit-254.25-150600.4.40.1 * systemd-32bit-debuginfo-254.25-150600.4.40.1 * libudev1-32bit-254.25-150600.4.40.1 * openSUSE Leap 15.6 (aarch64 x86_64 i586) * systemd-boot-debuginfo-254.25-150600.4.40.1 * systemd-boot-254.25-150600.4.40.1 * openSUSE Leap 15.6 (noarch) * systemd-lang-254.25-150600.4.40.1 * openSUSE Leap 15.6 (aarch64_ilp32) * systemd-64bit-debuginfo-254.25-150600.4.40.1 * libudev1-64bit-debuginfo-254.25-150600.4.40.1 * systemd-devel-64bit-254.25-150600.4.40.1 * libsystemd0-64bit-debuginfo-254.25-150600.4.40.1 * libudev1-64bit-254.25-150600.4.40.1 * libsystemd0-64bit-254.25-150600.4.40.1 * systemd-64bit-254.25-150600.4.40.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * systemd-doc-254.25-150600.4.40.1 * systemd-254.25-150600.4.40.1 * systemd-coredump-debuginfo-254.25-150600.4.40.1 * systemd-debugsource-254.25-150600.4.40.1 * udev-debuginfo-254.25-150600.4.40.1 * systemd-sysvcompat-254.25-150600.4.40.1 * systemd-container-debuginfo-254.25-150600.4.40.1 * systemd-coredump-254.25-150600.4.40.1 * systemd-container-254.25-150600.4.40.1 * libsystemd0-debuginfo-254.25-150600.4.40.1 * libudev1-debuginfo-254.25-150600.4.40.1 * systemd-devel-254.25-150600.4.40.1 * systemd-journal-remote-254.25-150600.4.40.1 * udev-254.25-150600.4.40.1 * libudev1-254.25-150600.4.40.1 * libsystemd0-254.25-150600.4.40.1 * systemd-debuginfo-254.25-150600.4.40.1 * systemd-sysvcompat-debuginfo-254.25-150600.4.40.1 * Basesystem Module 15-SP6 (noarch) * systemd-lang-254.25-150600.4.40.1 * Basesystem Module 15-SP6 (x86_64) * libsystemd0-32bit-debuginfo-254.25-150600.4.40.1 * libudev1-32bit-debuginfo-254.25-150600.4.40.1 * systemd-32bit-254.25-150600.4.40.1 * libsystemd0-32bit-254.25-150600.4.40.1 * systemd-32bit-debuginfo-254.25-150600.4.40.1 * libudev1-32bit-254.25-150600.4.40.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * systemd-doc-254.25-150600.4.40.1 * systemd-254.25-150600.4.40.1 * systemd-coredump-debuginfo-254.25-150600.4.40.1 * systemd-debugsource-254.25-150600.4.40.1 * udev-debuginfo-254.25-150600.4.40.1 * systemd-sysvcompat-254.25-150600.4.40.1 * systemd-container-debuginfo-254.25-150600.4.40.1 * systemd-coredump-254.25-150600.4.40.1 * systemd-container-254.25-150600.4.40.1 * libsystemd0-debuginfo-254.25-150600.4.40.1 * libudev1-debuginfo-254.25-150600.4.40.1 * systemd-devel-254.25-150600.4.40.1 * systemd-journal-remote-254.25-150600.4.40.1 * systemd-journal-remote-debuginfo-254.25-150600.4.40.1 * udev-254.25-150600.4.40.1 * libudev1-254.25-150600.4.40.1 * libsystemd0-254.25-150600.4.40.1 * systemd-debuginfo-254.25-150600.4.40.1 * systemd-sysvcompat-debuginfo-254.25-150600.4.40.1 * Basesystem Module 15-SP7 (noarch) * systemd-lang-254.25-150600.4.40.1 * Basesystem Module 15-SP7 (x86_64) * libsystemd0-32bit-debuginfo-254.25-150600.4.40.1 * libudev1-32bit-debuginfo-254.25-150600.4.40.1 * systemd-32bit-254.25-150600.4.40.1 * libsystemd0-32bit-254.25-150600.4.40.1 * systemd-32bit-debuginfo-254.25-150600.4.40.1 * libudev1-32bit-254.25-150600.4.40.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * systemd-debugsource-254.25-150600.4.40.1 * systemd-debuginfo-254.25-150600.4.40.1 * systemd-network-debuginfo-254.25-150600.4.40.1 * systemd-network-254.25-150600.4.40.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * systemd-debugsource-254.25-150600.4.40.1 * systemd-debuginfo-254.25-150600.4.40.1 * systemd-network-debuginfo-254.25-150600.4.40.1 * systemd-network-254.25-150600.4.40.1 ## References: * https://www.suse.com/security/cve/CVE-2025-4598.html * https://bugzilla.suse.com/show_bug.cgi?id=1242827 * https://bugzilla.suse.com/show_bug.cgi?id=1243935