# Security update for systemd Announcement ID: SUSE-SU-2025:02019-1 Release Date: 2025-06-19T07:58:06Z Rating: important References: * bsc#1205000 * bsc#1208958 * bsc#1211576 * bsc#1211725 * bsc#1215241 * bsc#1243935 Cross-References: * CVE-2022-4415 * CVE-2023-26604 * CVE-2025-4598 CVSS scores: * CVE-2022-4415 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-4415 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-4415 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-26604 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26604 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26604 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-4598 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-4598 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves three vulnerabilities and has three security fixes can now be installed. ## Description: This update for systemd fixes the following issues: * CVE-2025-4598: Race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). * CVE-2023-26604: Privilege escalation via the less pager (bsc#1208958). * CVE-2022-4415: systemd-coredump was not respecting fs.suid_dumpable kernel setting (bsc#1205000). Other bugfixes: * clarify passno and noauto combination in /etc/fstab (bsc#1211725) * handle -EINTR return from bus_poll() (bsc#1215241) * /usr/ should never be unmounted regardless of HAVE_SPLIT_USR or not (bsc#1211576) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-2019=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2019=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2019=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2019=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-2019=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-2019=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2019=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2019=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * systemd-mini-debuginfo-246.16-150300.7.60.1 * systemd-container-debuginfo-246.16-150300.7.60.1 * systemd-coredump-246.16-150300.7.60.1 * systemd-debuginfo-246.16-150300.7.60.1 * libudev-mini1-debuginfo-246.16-150300.7.60.1 * udev-246.16-150300.7.60.1 * libsystemd0-mini-debuginfo-246.16-150300.7.60.1 * systemd-mini-container-debuginfo-246.16-150300.7.60.1 * nss-myhostname-246.16-150300.7.60.1 * systemd-journal-remote-246.16-150300.7.60.1 * systemd-network-debuginfo-246.16-150300.7.60.1 * nss-resolve-246.16-150300.7.60.1 * nss-mymachines-246.16-150300.7.60.1 * systemd-doc-246.16-150300.7.60.1 * systemd-portable-246.16-150300.7.60.1 * systemd-mini-container-246.16-150300.7.60.1 * systemd-mini-debugsource-246.16-150300.7.60.1 * udev-mini-debuginfo-246.16-150300.7.60.1 * nss-systemd-debuginfo-246.16-150300.7.60.1 * libudev1-246.16-150300.7.60.1 * systemd-mini-246.16-150300.7.60.1 * systemd-coredump-debuginfo-246.16-150300.7.60.1 * libsystemd0-debuginfo-246.16-150300.7.60.1 * systemd-sysvinit-246.16-150300.7.60.1 * nss-systemd-246.16-150300.7.60.1 * libudev1-debuginfo-246.16-150300.7.60.1 * systemd-mini-sysvinit-246.16-150300.7.60.1 * nss-mymachines-debuginfo-246.16-150300.7.60.1 * systemd-mini-devel-246.16-150300.7.60.1 * nss-resolve-debuginfo-246.16-150300.7.60.1 * udev-mini-246.16-150300.7.60.1 * libudev-mini1-246.16-150300.7.60.1 * libsystemd0-mini-246.16-150300.7.60.1 * systemd-devel-246.16-150300.7.60.1 * systemd-debugsource-246.16-150300.7.60.1 * systemd-network-246.16-150300.7.60.1 * libudev-devel-246.16-150300.7.60.1 * systemd-portable-debuginfo-246.16-150300.7.60.1 * systemd-logger-246.16-150300.7.60.1 * systemd-journal-remote-debuginfo-246.16-150300.7.60.1 * nss-myhostname-debuginfo-246.16-150300.7.60.1 * libudev-mini-devel-246.16-150300.7.60.1 * systemd-container-246.16-150300.7.60.1 * systemd-246.16-150300.7.60.1 * udev-debuginfo-246.16-150300.7.60.1 * libsystemd0-246.16-150300.7.60.1 * openSUSE Leap 15.3 (x86_64) * libudev-devel-32bit-246.16-150300.7.60.1 * nss-myhostname-32bit-debuginfo-246.16-150300.7.60.1 * systemd-32bit-debuginfo-246.16-150300.7.60.1 * libsystemd0-32bit-246.16-150300.7.60.1 * nss-mymachines-32bit-246.16-150300.7.60.1 * libsystemd0-32bit-debuginfo-246.16-150300.7.60.1 * libudev1-32bit-246.16-150300.7.60.1 * nss-myhostname-32bit-246.16-150300.7.60.1 * systemd-32bit-246.16-150300.7.60.1 * libudev1-32bit-debuginfo-246.16-150300.7.60.1 * nss-mymachines-32bit-debuginfo-246.16-150300.7.60.1 * openSUSE Leap 15.3 (noarch) * systemd-lang-246.16-150300.7.60.1 * openSUSE Leap 15.3 (aarch64_ilp32) * systemd-64bit-debuginfo-246.16-150300.7.60.1 * libudev-devel-64bit-246.16-150300.7.60.1 * libsystemd0-64bit-246.16-150300.7.60.1 * nss-mymachines-64bit-246.16-150300.7.60.1 * systemd-64bit-246.16-150300.7.60.1 * libudev1-64bit-debuginfo-246.16-150300.7.60.1 * nss-myhostname-64bit-246.16-150300.7.60.1 * libsystemd0-64bit-debuginfo-246.16-150300.7.60.1 * nss-myhostname-64bit-debuginfo-246.16-150300.7.60.1 * libudev1-64bit-246.16-150300.7.60.1 * nss-mymachines-64bit-debuginfo-246.16-150300.7.60.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * systemd-doc-246.16-150300.7.60.1 * systemd-journal-remote-debuginfo-246.16-150300.7.60.1 * systemd-container-debuginfo-246.16-150300.7.60.1 * systemd-coredump-246.16-150300.7.60.1 * systemd-debuginfo-246.16-150300.7.60.1 * systemd-sysvinit-246.16-150300.7.60.1 * udev-246.16-150300.7.60.1 * systemd-coredump-debuginfo-246.16-150300.7.60.1 * libudev1-246.16-150300.7.60.1 * systemd-container-246.16-150300.7.60.1 * libsystemd0-debuginfo-246.16-150300.7.60.1 * systemd-246.16-150300.7.60.1 * systemd-journal-remote-246.16-150300.7.60.1 * udev-debuginfo-246.16-150300.7.60.1 * systemd-devel-246.16-150300.7.60.1 * libsystemd0-246.16-150300.7.60.1 * systemd-debugsource-246.16-150300.7.60.1 * libudev1-debuginfo-246.16-150300.7.60.1 * libudev-devel-246.16-150300.7.60.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * systemd-lang-246.16-150300.7.60.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * systemd-32bit-debuginfo-246.16-150300.7.60.1 * libsystemd0-32bit-246.16-150300.7.60.1 * systemd-32bit-246.16-150300.7.60.1 * libudev1-32bit-246.16-150300.7.60.1 * libsystemd0-32bit-debuginfo-246.16-150300.7.60.1 * libudev1-32bit-debuginfo-246.16-150300.7.60.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * systemd-doc-246.16-150300.7.60.1 * systemd-journal-remote-debuginfo-246.16-150300.7.60.1 * systemd-container-debuginfo-246.16-150300.7.60.1 * systemd-coredump-246.16-150300.7.60.1 * systemd-debuginfo-246.16-150300.7.60.1 * systemd-sysvinit-246.16-150300.7.60.1 * udev-246.16-150300.7.60.1 * systemd-coredump-debuginfo-246.16-150300.7.60.1 * libudev1-246.16-150300.7.60.1 * systemd-container-246.16-150300.7.60.1 * libsystemd0-debuginfo-246.16-150300.7.60.1 * systemd-246.16-150300.7.60.1 * systemd-journal-remote-246.16-150300.7.60.1 * udev-debuginfo-246.16-150300.7.60.1 * systemd-devel-246.16-150300.7.60.1 * libsystemd0-246.16-150300.7.60.1 * systemd-debugsource-246.16-150300.7.60.1 * libudev1-debuginfo-246.16-150300.7.60.1 * libudev-devel-246.16-150300.7.60.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * systemd-lang-246.16-150300.7.60.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (x86_64) * systemd-32bit-debuginfo-246.16-150300.7.60.1 * libsystemd0-32bit-246.16-150300.7.60.1 * systemd-32bit-246.16-150300.7.60.1 * libudev1-32bit-246.16-150300.7.60.1 * libsystemd0-32bit-debuginfo-246.16-150300.7.60.1 * libudev1-32bit-debuginfo-246.16-150300.7.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * systemd-doc-246.16-150300.7.60.1 * systemd-journal-remote-debuginfo-246.16-150300.7.60.1 * systemd-container-debuginfo-246.16-150300.7.60.1 * systemd-coredump-246.16-150300.7.60.1 * systemd-debuginfo-246.16-150300.7.60.1 * systemd-sysvinit-246.16-150300.7.60.1 * udev-246.16-150300.7.60.1 * systemd-coredump-debuginfo-246.16-150300.7.60.1 * libudev1-246.16-150300.7.60.1 * systemd-container-246.16-150300.7.60.1 * libsystemd0-debuginfo-246.16-150300.7.60.1 * systemd-246.16-150300.7.60.1 * systemd-journal-remote-246.16-150300.7.60.1 * udev-debuginfo-246.16-150300.7.60.1 * systemd-devel-246.16-150300.7.60.1 * libsystemd0-246.16-150300.7.60.1 * systemd-debugsource-246.16-150300.7.60.1 * libudev1-debuginfo-246.16-150300.7.60.1 * libudev-devel-246.16-150300.7.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * systemd-lang-246.16-150300.7.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * systemd-32bit-debuginfo-246.16-150300.7.60.1 * libsystemd0-32bit-246.16-150300.7.60.1 * systemd-32bit-246.16-150300.7.60.1 * libudev1-32bit-246.16-150300.7.60.1 * libsystemd0-32bit-debuginfo-246.16-150300.7.60.1 * libudev1-32bit-debuginfo-246.16-150300.7.60.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * systemd-doc-246.16-150300.7.60.1 * systemd-journal-remote-debuginfo-246.16-150300.7.60.1 * systemd-container-debuginfo-246.16-150300.7.60.1 * systemd-coredump-246.16-150300.7.60.1 * systemd-debuginfo-246.16-150300.7.60.1 * systemd-sysvinit-246.16-150300.7.60.1 * udev-246.16-150300.7.60.1 * systemd-coredump-debuginfo-246.16-150300.7.60.1 * libudev1-246.16-150300.7.60.1 * systemd-container-246.16-150300.7.60.1 * libsystemd0-debuginfo-246.16-150300.7.60.1 * systemd-246.16-150300.7.60.1 * systemd-journal-remote-246.16-150300.7.60.1 * udev-debuginfo-246.16-150300.7.60.1 * systemd-devel-246.16-150300.7.60.1 * libsystemd0-246.16-150300.7.60.1 * systemd-debugsource-246.16-150300.7.60.1 * libudev1-debuginfo-246.16-150300.7.60.1 * libudev-devel-246.16-150300.7.60.1 * SUSE Enterprise Storage 7.1 (noarch) * systemd-lang-246.16-150300.7.60.1 * SUSE Enterprise Storage 7.1 (x86_64) * systemd-32bit-debuginfo-246.16-150300.7.60.1 * libsystemd0-32bit-246.16-150300.7.60.1 * systemd-32bit-246.16-150300.7.60.1 * libudev1-32bit-246.16-150300.7.60.1 * libsystemd0-32bit-debuginfo-246.16-150300.7.60.1 * libudev1-32bit-debuginfo-246.16-150300.7.60.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * systemd-journal-remote-debuginfo-246.16-150300.7.60.1 * systemd-container-debuginfo-246.16-150300.7.60.1 * udev-246.16-150300.7.60.1 * systemd-debuginfo-246.16-150300.7.60.1 * systemd-sysvinit-246.16-150300.7.60.1 * libudev1-246.16-150300.7.60.1 * systemd-container-246.16-150300.7.60.1 * systemd-246.16-150300.7.60.1 * libsystemd0-debuginfo-246.16-150300.7.60.1 * systemd-journal-remote-246.16-150300.7.60.1 * udev-debuginfo-246.16-150300.7.60.1 * libsystemd0-246.16-150300.7.60.1 * systemd-debugsource-246.16-150300.7.60.1 * libudev1-debuginfo-246.16-150300.7.60.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * systemd-journal-remote-debuginfo-246.16-150300.7.60.1 * systemd-container-debuginfo-246.16-150300.7.60.1 * udev-246.16-150300.7.60.1 * systemd-debuginfo-246.16-150300.7.60.1 * systemd-sysvinit-246.16-150300.7.60.1 * libudev1-246.16-150300.7.60.1 * systemd-container-246.16-150300.7.60.1 * systemd-246.16-150300.7.60.1 * libsystemd0-debuginfo-246.16-150300.7.60.1 * systemd-journal-remote-246.16-150300.7.60.1 * udev-debuginfo-246.16-150300.7.60.1 * libsystemd0-246.16-150300.7.60.1 * systemd-debugsource-246.16-150300.7.60.1 * libudev1-debuginfo-246.16-150300.7.60.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * systemd-journal-remote-debuginfo-246.16-150300.7.60.1 * systemd-container-debuginfo-246.16-150300.7.60.1 * udev-246.16-150300.7.60.1 * systemd-debuginfo-246.16-150300.7.60.1 * systemd-sysvinit-246.16-150300.7.60.1 * libudev1-246.16-150300.7.60.1 * systemd-container-246.16-150300.7.60.1 * systemd-246.16-150300.7.60.1 * libsystemd0-debuginfo-246.16-150300.7.60.1 * systemd-journal-remote-246.16-150300.7.60.1 * udev-debuginfo-246.16-150300.7.60.1 * libsystemd0-246.16-150300.7.60.1 * systemd-debugsource-246.16-150300.7.60.1 * libudev1-debuginfo-246.16-150300.7.60.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4415.html * https://www.suse.com/security/cve/CVE-2023-26604.html * https://www.suse.com/security/cve/CVE-2025-4598.html * https://bugzilla.suse.com/show_bug.cgi?id=1205000 * https://bugzilla.suse.com/show_bug.cgi?id=1208958 * https://bugzilla.suse.com/show_bug.cgi?id=1211576 * https://bugzilla.suse.com/show_bug.cgi?id=1211725 * https://bugzilla.suse.com/show_bug.cgi?id=1215241 * https://bugzilla.suse.com/show_bug.cgi?id=1243935