SUSE-SU-2025:01702-1

Опубликовано: 24 мая 2025

Источник: suse-cvrf

Описание

Security update for glibc

This update for glibc fixes the following issues:

CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP6

glibc-2.38-150600.14.32.1

glibc-32bit-2.38-150600.14.32.1

glibc-devel-2.38-150600.14.32.1

glibc-extra-2.38-150600.14.32.1

glibc-i18ndata-2.38-150600.14.32.1

glibc-info-2.38-150600.14.32.1

glibc-lang-2.38-150600.14.32.1

glibc-locale-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

glibc-locale-base-32bit-2.38-150600.14.32.1

glibc-profile-2.38-150600.14.32.1

libnsl1-2.38-150600.14.32.1

libnsl1-32bit-2.38-150600.14.32.1

nscd-2.38-150600.14.32.1

SUSE Linux Enterprise Module for Development Tools 15 SP6

glibc-devel-32bit-2.38-150600.14.32.1

glibc-devel-static-2.38-150600.14.32.1

glibc-utils-2.38-150600.14.32.1

openSUSE Leap 15.6

glibc-2.38-150600.14.32.1

glibc-32bit-2.38-150600.14.32.1

glibc-devel-2.38-150600.14.32.1

glibc-devel-32bit-2.38-150600.14.32.1

glibc-devel-static-2.38-150600.14.32.1

glibc-devel-static-32bit-2.38-150600.14.32.1

glibc-extra-2.38-150600.14.32.1

glibc-html-2.38-150600.14.32.1

glibc-i18ndata-2.38-150600.14.32.1

glibc-info-2.38-150600.14.32.1

glibc-lang-2.38-150600.14.32.1

glibc-locale-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

glibc-locale-base-32bit-2.38-150600.14.32.1

glibc-profile-2.38-150600.14.32.1

glibc-profile-32bit-2.38-150600.14.32.1

glibc-utils-2.38-150600.14.32.1

glibc-utils-32bit-2.38-150600.14.32.1

libnsl1-2.38-150600.14.32.1

libnsl1-32bit-2.38-150600.14.32.1

nscd-2.38-150600.14.32.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-202501702-1/
Link for SUSE-SU-2025:01702-1
https://lists.suse.com/pipermail/sle-updates/2025-May/039341.html
E-Mail link for SUSE-SU-2025:01702-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1243317
SUSE Bug 1243317
https://www.suse.com/security/cve/CVE-2025-4802/
SUSE CVE CVE-2025-4802 page

Описание

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP6:glibc-2.38-150600.14.32.1

SUSE Linux Enterprise Module for Basesystem 15 SP6:glibc-32bit-2.38-150600.14.32.1

SUSE Linux Enterprise Module for Basesystem 15 SP6:glibc-devel-2.38-150600.14.32.1

SUSE Linux Enterprise Module for Basesystem 15 SP6:glibc-extra-2.38-150600.14.32.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-4802.html
CVE-2025-4802
https://bugzilla.suse.com/1243317
SUSE Bug 1243317
https://bugzilla.suse.com/1243318
SUSE Bug 1243318

SUSE-SU-2025:01702-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP6

SUSE Linux Enterprise Module for Development Tools 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2025-4802

Описание

Затронутые продукты

Ссылки