ELSA-2025-22660

ELSA-2025-22660 - systemd security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2025-12-04

Description

[252-55.0.3.7]
- serialize: don't allocate 1M on the stack just like that [LINUX-16166]
- Route logs from container mapped uids to the system journal [Orabug: 38135007]
- Drop delay when nspawn fails to reset loginuid [Orabug: 37793135]
- Improve logging for api bus connection and subscribers [Orabug: 38040980]
- Defer processing of timeout events in sd-bus api [Orabug: 38064217]
- coredump: use %d in kernel core pattern - CVE-2025-4598
- Add bus description to sd-bus outgoing sockets [Orabug: 37347576]
- Add log messages about daemon-reload requester and duration [Orabug: 37347576]
- Reverted back to previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved.
- drop IN_ATTRIB from parent directory inotify watches [Orabug: 37118224]
- 1A) Fix local-fs and remote-fs targets during system boot (replaces old Orabug: 25897792) [Orabug: 36269319]
- 1B) Add 'systemd-fstab-generator-reload-targets.service' file [Orabug: 36269319]
- 1C) Add required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 36269319]
- 1D) Important: Review 1001-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 36269319]
- Due to a new [Orabug: 36564551] filed on April 29 2024, reverting from back to
- previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved.
- drop IN_ATTRIB from parent directory inotify watches [Orabug: 37118224]
- Reverted back to previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved.
- Re-Added 1001-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792]
- Backport upstream pstore dmesg fix [Orabug: 34868110]
- Remove upstream references [Orabug: 33995357]
- Disable unprivileged BPF by default [Orabug: 32870980]
- udev rules: fix memory hot add and remove [Orabug: 31310273]
- set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874]
- allow dm remove ioctl to co-operate with UEK3 [Orabug: 18467469]
- shutdown: get only active md arrays. [Orabug: 34467234]
- Wait for an extra configurable time before udevd kills a worker [Orabug: 36017407]
- Removed unneeded patches from the systemd.spec
- 1A) 1004-orabug34272490-0001-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch [Orabug: 34272490]
- 1B) 1005-orabug34272490-0002-core-device-drop-unnecessary-condition.patch [Orabug: 34272490]
- 1C) 1007-orabug34868110-pstore-fixes-for-dmesg.txt-reconstruction.patch [Orabug: 34868110]
- Removed the following, associated with [Orabug: 36269319]:
- 2A) Remove 1001-systemd-fstab-generator-reload-targets.patch
- 2B) Remove Fix local-fs and remote-fs targets during system boot [Orabug: 36269319]
- 2C) Remove 'systemd-fstab-generator-reload-targets.service' file [Orabug: 36269319]
- 2D) Remove required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 36269319]
- 2E) Remove Important: Review 1001-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 36269319]

[252-55.7]
- core: fix array size in unit_log_resources() (RHEL-132120)

[252-55.6]
- timer: rebase last_trigger timestamp if needed (RHEL-127022)

[252-55.5]
- test: rename TEST-53-ISSUE-16347 to TEST-53-TIMER (RHEL-127022)
- test: restarting elapsed timer shouldn't trigger the corresponding service (RHEL-127022)
- test: check the next elapse timer timestamp after deserialization (RHEL-127022)
- timer: don't run service immediately after restart of a timer (RHEL-127022)
- test: store and compare just the property value (RHEL-127022)
- timer: rebase the next elapse timestamp only if timer didn't already run (RHEL-127022)
- coredump: handle ENOBUFS and EMSGSIZE the same way (RHEL-126114)

[252-55.4]
- cryptsetup: Add optional support for linking volume key in keyring. (RHEL-118294)
- cryptsetup: fix typo (RHEL-118294)
- cryptsetup: HAVE_CRYPT_SET_KEYRING_TO_LINK is always defined (RHEL-118294)
- basic: add PIDFS magic (#31709) (RHEL-118294)
- time-util: make USEC_TIMESTAMP_FORMATTABLE_MAX for 32bit system off by one day (RHEL-118294)
- coredump: make check that all argv[] meta data fields are passed strict (RHEL-104138)
- coredump: restore compatibility with older patterns (RHEL-104138)
- coredump: use %d in kernel core pattern (RHEL-104138)
- pidref: add structure that can reference a pid via both pidfd and pid_t (RHEL-104138)
- fd-util: introduce parse_fd() (RHEL-104138)
- coredump: add support for new %F PIDFD specifier (RHEL-104138)

[252-55.2]
- Revert 'test-time-util: disable failing tests' (RHEL-110954)
- test: use get_timezones() to iterate all known timezones (RHEL-110954)
- test-time-util: do not fail on DST change (RHEL-110954)
- test-time-util: suppress timestamp conversion failures for Africa/Khartoum timezone (RHEL-110954)
- test-time-util: do more suppression of time zone checks (RHEL-110954)
- test-time-util: fix truncation of usec to sec (RHEL-110954)
- test: unset TZ before timezone-sensitive unit tests are run (RHEL-110954)
- meson: extend timeout for test-time-util (RHEL-110954)
- time-util: use DEFINE_STRING_TABLE_LOOKUP_TO_STRING() macro (RHEL-110954)
- time-util: align string table (RHEL-110954)
- time-util: rename variables (RHEL-110954)
- time-util: add assertions (RHEL-110954)
- time-util: drop redundant else (RHEL-110954)
- time-util: do not use strdupa() (RHEL-110954)
- time-util: use result from startswith_no_case() (RHEL-110954)
- time-util: use usec_add() and usec_sub_unsigned() (RHEL-110954)
- time-util: shorten code a bit (RHEL-110954)
- time-util: rename variables (RHEL-110954)
- time-util: drop unnecessary assignment of timezone name (RHEL-110954)
- time-util: make parse_timestamp() use the RFC-822/ISO 8601 standard timezone spec (RHEL-110954)
- time-util: fix typo (RHEL-110954)
- ci: bump the tools tree to F42 (RHEL-110954)

[252-55.1]
- meson: /etc/systemd/network is also used by udevd (RHEL-111611)
- test: add tests for format_timestamp() and parse_timestamp() with various timezone (RHEL-110954)
- test-time-util: disable failing tests (RHEL-110954)
- test: test parse_timestamp() in various timezone (RHEL-110954)
- systemctl: logind: add missing asserts (RHEL-110954)
- systemctl: logind: make logind_schedule_shutdown accept action as param (RHEL-110954)
- systemctl: add option --when for scheduled shutdown (RHEL-110954)
- test-time-util: add test cases to invalidate 'show' and 'cancel' (RHEL-110954)
- sd-bus: make bus_add_match_full accept timeout (RHEL-111630)
- core/unit: add get_timeout_start_usec in UnitVTable and define it for service (RHEL-111630)
- core/unit: increase the NameOwnerChanged/GetNameOwner timeout to the unit's start timeout (RHEL-111630)
- core,sd-bus: drop empty lines between function call and error check (RHEL-111630)
- core: do not disconnect from bus when failed to install signal match (RHEL-111630)
- dbus: stash the subscriber list when we disconenct from the bus (RHEL-111630)
- manager: s/deserialized_subscribed/subscribed_as_strv (RHEL-111630)
- bus-util: do not reset the count returned by sd_bus_track_count_name() (RHEL-111630)
- core/manager: restore bus track deserialization cleanup in manager_reload() (RHEL-111630)
- core/manager: drop duplicate bus track deserialization (RHEL-111630)
- sd-bus/bus-track: use install_callback in sd_bus_track_add_name() (RHEL-111630)

Related CVEs

CVE-2025-4598

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 9 (aarch64)	systemd-252-55.0.3.el9_7.7.src.rpm	d18063e87deca6b11a19515e7d6ebf365cf159acbc6e0d77dce5321c13840149	-	ol9_aarch64_appstream
	systemd-252-55.0.3.el9_7.7.src.rpm	d18063e87deca6b11a19515e7d6ebf365cf159acbc6e0d77dce5321c13840149	-	ol9_aarch64_baseos_latest
	systemd-252-55.0.3.el9_7.7.src.rpm	d18063e87deca6b11a19515e7d6ebf365cf159acbc6e0d77dce5321c13840149	-	ol9_aarch64_codeready_builder
	systemd-252-55.0.3.el9_7.7.src.rpm	d18063e87deca6b11a19515e7d6ebf365cf159acbc6e0d77dce5321c13840149	-	ol9_aarch64_u7_baseos_patch
	rhel-net-naming-sysattrs-252-55.0.3.el9_7.7.noarch.rpm	bea0396d2b8a832f27f4f798d97b4b36e222edb88fd6748ff60423c49b9acdfb	-	ol9_aarch64_baseos_latest
	rhel-net-naming-sysattrs-252-55.0.3.el9_7.7.noarch.rpm	bea0396d2b8a832f27f4f798d97b4b36e222edb88fd6748ff60423c49b9acdfb	-	ol9_aarch64_u7_baseos_patch
	systemd-252-55.0.3.el9_7.7.aarch64.rpm	3b08b466bf123297fbb28873e9c7a245ffda0b7aeb06f4e23c9632060efabc9d	-	ol9_aarch64_baseos_latest
	systemd-252-55.0.3.el9_7.7.aarch64.rpm	3b08b466bf123297fbb28873e9c7a245ffda0b7aeb06f4e23c9632060efabc9d	-	ol9_aarch64_u7_baseos_patch
	systemd-boot-unsigned-252-55.0.3.el9_7.7.aarch64.rpm	856eee07542e09ceb629aceff9aff91f3e0d155b48f319b8ac1ed707a175b8f9	-	ol9_aarch64_codeready_builder
	systemd-container-252-55.0.3.el9_7.7.aarch64.rpm	95185b5926a89310ccc768e58017cac15ef11e7f70b11cc53b0c8ee2e0e16a63	-	ol9_aarch64_baseos_latest
	systemd-container-252-55.0.3.el9_7.7.aarch64.rpm	95185b5926a89310ccc768e58017cac15ef11e7f70b11cc53b0c8ee2e0e16a63	-	ol9_aarch64_u7_baseos_patch
	systemd-devel-252-55.0.3.el9_7.7.aarch64.rpm	a4707159a3ab361953451ed6a4d5309266054afbadceac934617115881b65b16	-	ol9_aarch64_appstream
	systemd-journal-remote-252-55.0.3.el9_7.7.aarch64.rpm	29ac8f7f71ac0fb94cba6f50c8ce9679664b8a3c96c06d668aa1bda8eaec2cb9	-	ol9_aarch64_appstream
	systemd-libs-252-55.0.3.el9_7.7.aarch64.rpm	a13b39f1ca35b5460faafb173b5d0700caab8f87c873bc83b0f41bc4a0f1d4a4	-	ol9_aarch64_baseos_latest
	systemd-libs-252-55.0.3.el9_7.7.aarch64.rpm	a13b39f1ca35b5460faafb173b5d0700caab8f87c873bc83b0f41bc4a0f1d4a4	-	ol9_aarch64_u7_baseos_patch
	systemd-oomd-252-55.0.3.el9_7.7.aarch64.rpm	2e04212e55bdadbb44515a919c17749f9d33983ad4400fb349875a005dfe8522	-	ol9_aarch64_baseos_latest
	systemd-oomd-252-55.0.3.el9_7.7.aarch64.rpm	2e04212e55bdadbb44515a919c17749f9d33983ad4400fb349875a005dfe8522	-	ol9_aarch64_u7_baseos_patch
	systemd-pam-252-55.0.3.el9_7.7.aarch64.rpm	e940b51310b4827f35b3d1fe4946862563a821f7fd630ce4999807ee7497e686	-	ol9_aarch64_baseos_latest
	systemd-pam-252-55.0.3.el9_7.7.aarch64.rpm	e940b51310b4827f35b3d1fe4946862563a821f7fd630ce4999807ee7497e686	-	ol9_aarch64_u7_baseos_patch
	systemd-resolved-252-55.0.3.el9_7.7.aarch64.rpm	7675bb97a9ef5ce3486f27dfd456b0ca063a2a708ac08521afa037fb498bf8de	-	ol9_aarch64_baseos_latest
	systemd-resolved-252-55.0.3.el9_7.7.aarch64.rpm	7675bb97a9ef5ce3486f27dfd456b0ca063a2a708ac08521afa037fb498bf8de	-	ol9_aarch64_u7_baseos_patch
	systemd-rpm-macros-252-55.0.3.el9_7.7.noarch.rpm	440845e87f53d716c8bf02ffa271a9ba46280fed2589677367e58b8c1aac604b	-	ol9_aarch64_baseos_latest
	systemd-rpm-macros-252-55.0.3.el9_7.7.noarch.rpm	440845e87f53d716c8bf02ffa271a9ba46280fed2589677367e58b8c1aac604b	-	ol9_aarch64_u7_baseos_patch
	systemd-udev-252-55.0.3.el9_7.7.aarch64.rpm	fed7dfe91a6fa80fd397892b88ddca9ad09e1260724eead83c5a4aab1fce3835	-	ol9_aarch64_baseos_latest
	systemd-udev-252-55.0.3.el9_7.7.aarch64.rpm	fed7dfe91a6fa80fd397892b88ddca9ad09e1260724eead83c5a4aab1fce3835	-	ol9_aarch64_u7_baseos_patch
	systemd-ukify-252-55.0.3.el9_7.7.noarch.rpm	9e6d3b5e3462c7f75ce864b86ac080e1b8dc3675fd055fb43fe12e5384351bbc	-	ol9_aarch64_appstream
Oracle Linux 9 (x86_64)	systemd-252-55.0.3.el9_7.7.src.rpm	d18063e87deca6b11a19515e7d6ebf365cf159acbc6e0d77dce5321c13840149	-	ol9_x86_64_appstream
	systemd-252-55.0.3.el9_7.7.src.rpm	d18063e87deca6b11a19515e7d6ebf365cf159acbc6e0d77dce5321c13840149	-	ol9_x86_64_baseos_latest
	systemd-252-55.0.3.el9_7.7.src.rpm	d18063e87deca6b11a19515e7d6ebf365cf159acbc6e0d77dce5321c13840149	-	ol9_x86_64_codeready_builder
	systemd-252-55.0.3.el9_7.7.src.rpm	d18063e87deca6b11a19515e7d6ebf365cf159acbc6e0d77dce5321c13840149	-	ol9_x86_64_u7_baseos_patch
	rhel-net-naming-sysattrs-252-55.0.3.el9_7.7.noarch.rpm	bea0396d2b8a832f27f4f798d97b4b36e222edb88fd6748ff60423c49b9acdfb	-	ol9_x86_64_baseos_latest
	rhel-net-naming-sysattrs-252-55.0.3.el9_7.7.noarch.rpm	bea0396d2b8a832f27f4f798d97b4b36e222edb88fd6748ff60423c49b9acdfb	-	ol9_x86_64_u7_baseos_patch
	systemd-252-55.0.3.el9_7.7.i686.rpm	536dce2c8921f9fd382d5a1eda771806ce3f932afc6f601e0726254f57039b6a	-	ol9_x86_64_baseos_latest
	systemd-252-55.0.3.el9_7.7.i686.rpm	536dce2c8921f9fd382d5a1eda771806ce3f932afc6f601e0726254f57039b6a	-	ol9_x86_64_u7_baseos_patch
	systemd-252-55.0.3.el9_7.7.x86_64.rpm	e7d49165bb8df9d15302888a33a571eec5904b6b2329626f69af60c3ee82fba6	-	ol9_x86_64_baseos_latest
	systemd-252-55.0.3.el9_7.7.x86_64.rpm	e7d49165bb8df9d15302888a33a571eec5904b6b2329626f69af60c3ee82fba6	-	ol9_x86_64_u7_baseos_patch
	systemd-boot-unsigned-252-55.0.3.el9_7.7.x86_64.rpm	2359e51eb00cc621e323ccc1b7aa1e1b7720fe0f0af1cec594a6f4dc12fc0553	-	ol9_x86_64_codeready_builder
	systemd-container-252-55.0.3.el9_7.7.i686.rpm	fa55cd1009cf954e52fd51331fd8043ad0b58aafc36fec4d733ff859087e081e	-	ol9_x86_64_baseos_latest
	systemd-container-252-55.0.3.el9_7.7.i686.rpm	fa55cd1009cf954e52fd51331fd8043ad0b58aafc36fec4d733ff859087e081e	-	ol9_x86_64_u7_baseos_patch
	systemd-container-252-55.0.3.el9_7.7.x86_64.rpm	2fa1d5ae44a4bec3492a0c1969ebcf8ff701ec9d10dbf26fbad1f0f0ebdd9219	-	ol9_x86_64_baseos_latest
	systemd-container-252-55.0.3.el9_7.7.x86_64.rpm	2fa1d5ae44a4bec3492a0c1969ebcf8ff701ec9d10dbf26fbad1f0f0ebdd9219	-	ol9_x86_64_u7_baseos_patch
	systemd-devel-252-55.0.3.el9_7.7.i686.rpm	0094d8aa6805f8155ccbe1684bcd4b4c7f91e3445417fc092ab9ebdca86d5f6d	-	ol9_x86_64_appstream
	systemd-devel-252-55.0.3.el9_7.7.x86_64.rpm	b8abfa812da17977a2437e18af512f24532400982b9f1b6344db5ef753fd63de	-	ol9_x86_64_appstream
	systemd-journal-remote-252-55.0.3.el9_7.7.x86_64.rpm	f0ccf650df62093f9d009f900ad9940aa62fc8bd9ca502c8445f64151dd86d50	-	ol9_x86_64_appstream
	systemd-libs-252-55.0.3.el9_7.7.i686.rpm	25b47c4e414300d57f938b61c04d1a803000f4f7ac72616957e2d69d6f348053	-	ol9_x86_64_baseos_latest
	systemd-libs-252-55.0.3.el9_7.7.i686.rpm	25b47c4e414300d57f938b61c04d1a803000f4f7ac72616957e2d69d6f348053	-	ol9_x86_64_u7_baseos_patch
	systemd-libs-252-55.0.3.el9_7.7.x86_64.rpm	aa88c3a43c2620b42ea00d7532dc81272fcf201d399f057aeb13bf9eeaff28b1	-	ol9_x86_64_baseos_latest
	systemd-libs-252-55.0.3.el9_7.7.x86_64.rpm	aa88c3a43c2620b42ea00d7532dc81272fcf201d399f057aeb13bf9eeaff28b1	-	ol9_x86_64_u7_baseos_patch
	systemd-oomd-252-55.0.3.el9_7.7.x86_64.rpm	e9acf7439b4d1f85cd49066383792dc1ffc5e9363e2390522b295cbe6ee01dbd	-	ol9_x86_64_baseos_latest
	systemd-oomd-252-55.0.3.el9_7.7.x86_64.rpm	e9acf7439b4d1f85cd49066383792dc1ffc5e9363e2390522b295cbe6ee01dbd	-	ol9_x86_64_u7_baseos_patch
	systemd-pam-252-55.0.3.el9_7.7.x86_64.rpm	47161ae52bb3764c2ceeac978afdf6aa4a89ff212fa9685fe7b67a6ed58a01d2	-	ol9_x86_64_baseos_latest
	systemd-pam-252-55.0.3.el9_7.7.x86_64.rpm	47161ae52bb3764c2ceeac978afdf6aa4a89ff212fa9685fe7b67a6ed58a01d2	-	ol9_x86_64_u7_baseos_patch
	systemd-resolved-252-55.0.3.el9_7.7.x86_64.rpm	8827e2b76bda33fe1c80cce41cde20cca93bcc629b3e523ce3e393e325b2d59b	-	ol9_x86_64_baseos_latest
	systemd-resolved-252-55.0.3.el9_7.7.x86_64.rpm	8827e2b76bda33fe1c80cce41cde20cca93bcc629b3e523ce3e393e325b2d59b	-	ol9_x86_64_u7_baseos_patch
	systemd-rpm-macros-252-55.0.3.el9_7.7.noarch.rpm	440845e87f53d716c8bf02ffa271a9ba46280fed2589677367e58b8c1aac604b	-	ol9_x86_64_baseos_latest
	systemd-rpm-macros-252-55.0.3.el9_7.7.noarch.rpm	440845e87f53d716c8bf02ffa271a9ba46280fed2589677367e58b8c1aac604b	-	ol9_x86_64_u7_baseos_patch
	systemd-udev-252-55.0.3.el9_7.7.x86_64.rpm	5f6f1db1ae999800acba2e326283a37018b6b3430db24360c36af26f8045759a	-	ol9_x86_64_baseos_latest
	systemd-udev-252-55.0.3.el9_7.7.x86_64.rpm	5f6f1db1ae999800acba2e326283a37018b6b3430db24360c36af26f8045759a	-	ol9_x86_64_u7_baseos_patch
	systemd-ukify-252-55.0.3.el9_7.7.noarch.rpm	9e6d3b5e3462c7f75ce864b86ac080e1b8dc3675fd055fb43fe12e5384351bbc	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team