SUSE-SU-2025:01702-2

Опубликовано: 04 июн. 2025

Источник: suse-cvrf

Описание

Security update for glibc

This update for glibc fixes the following issues:

CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).

Список пакетов

Container bci/bci-base-fips:latest

glibc-2.38-150600.14.32.1

Container bci/bci-busybox:latest

glibc-2.38-150600.14.32.1

Container bci/bci-init:latest

glibc-2.38-150600.14.32.1

Container bci/bci-micro:latest

glibc-2.38-150600.14.32.1

Container bci/bci-minimal:latest

glibc-2.38-150600.14.32.1

Container bci/bci-sle15-kernel-module-devel:latest

glibc-2.38-150600.14.32.1

glibc-devel-2.38-150600.14.32.1

glibc-locale-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

Container bci/dotnet-aspnet:8.0

glibc-2.38-150600.14.32.1

Container bci/dotnet-aspnet:latest

glibc-2.38-150600.14.32.1

Container bci/dotnet-runtime:8.0

glibc-2.38-150600.14.32.1

Container bci/dotnet-runtime:latest

glibc-2.38-150600.14.32.1

Container bci/dotnet-sdk:8.0

glibc-2.38-150600.14.32.1

Container bci/dotnet-sdk:latest

glibc-2.38-150600.14.32.1

Container bci/gcc:latest

glibc-2.38-150600.14.32.1

glibc-devel-2.38-150600.14.32.1

Container bci/golang:1.23

glibc-2.38-150600.14.32.1

glibc-devel-2.38-150600.14.32.1

Container bci/golang:1.23-openssl

glibc-2.38-150600.14.32.1

glibc-devel-2.38-150600.14.32.1

Container bci/golang:latest

glibc-2.38-150600.14.32.1

glibc-devel-2.38-150600.14.32.1

Container bci/kiwi:latest

glibc-2.38-150600.14.32.1

glibc-devel-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

Container bci/node:22

glibc-2.38-150600.14.32.1

Container bci/nodejs:latest

glibc-2.38-150600.14.32.1

Container bci/openjdk-devel:17

glibc-2.38-150600.14.32.1

Container bci/openjdk-devel:latest

glibc-2.38-150600.14.32.1

Container bci/openjdk:17

glibc-2.38-150600.14.32.1

Container bci/openjdk:latest

glibc-2.38-150600.14.32.1

Container bci/php-apache:latest

glibc-2.38-150600.14.32.1

Container bci/php-fpm:latest

glibc-2.38-150600.14.32.1

Container bci/php:latest

glibc-2.38-150600.14.32.1

Container bci/python:3

glibc-2.38-150600.14.32.1

Container bci/python:latest

glibc-2.38-150600.14.32.1

Container bci/ruby:latest

glibc-2.38-150600.14.32.1

glibc-devel-2.38-150600.14.32.1

Container bci/rust:1.86

glibc-2.38-150600.14.32.1

glibc-devel-2.38-150600.14.32.1

Container bci/rust:latest

glibc-2.38-150600.14.32.1

glibc-devel-2.38-150600.14.32.1

Container bci/spack:latest

glibc-2.38-150600.14.32.1

glibc-devel-2.38-150600.14.32.1

Container containers/milvus:2.4

glibc-2.38-150600.14.32.1

Container containers/ollama:0

glibc-2.38-150600.14.32.1

Container containers/open-webui-pipelines:0

glibc-2.38-150600.14.32.1

Container containers/open-webui:0

glibc-2.38-150600.14.32.1

glibc-devel-2.38-150600.14.32.1

Container containers/pytorch:2-nvidia

glibc-2.38-150600.14.32.1

glibc-devel-2.38-150600.14.32.1

Container containers/suse-ai-observability-extension-runtime:1

glibc-2.38-150600.14.32.1

Container containers/suse-ai-observability-extension-setup:1

glibc-2.38-150600.14.32.1

Container suse/389-ds:latest

glibc-2.38-150600.14.32.1

Container suse/bind:latest

glibc-2.38-150600.14.32.1

Container suse/cosign:latest

glibc-2.38-150600.14.32.1

Container suse/git:latest

glibc-2.38-150600.14.32.1

Container suse/helm:latest

glibc-2.38-150600.14.32.1

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest

glibc-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

Container suse/kiosk/firefox-esr:latest

glibc-2.38-150600.14.32.1

Container suse/kiosk/pulseaudio:latest

glibc-2.38-150600.14.32.1

Container suse/kiosk/xorg:latest

glibc-2.38-150600.14.32.1

Container suse/kubectl:1.29

glibc-2.38-150600.14.32.1

Container suse/kubectl:latest

glibc-2.38-150600.14.32.1

Container suse/mariadb-client:latest

glibc-2.38-150600.14.32.1

Container suse/mariadb:latest

glibc-2.38-150600.14.32.1

Container suse/nginx:latest

glibc-2.38-150600.14.32.1

Container suse/pcp:latest

glibc-2.38-150600.14.32.1

Container suse/postgres:16

glibc-2.38-150600.14.32.1

glibc-locale-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

Container suse/postgres:latest

glibc-2.38-150600.14.32.1

glibc-locale-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

Container suse/registry:latest

glibc-2.38-150600.14.32.1

Container suse/rmt-server:latest

glibc-2.38-150600.14.32.1

Container suse/sle15:15.6

glibc-2.38-150600.14.32.1

Container suse/stunnel:latest

glibc-2.38-150600.14.32.1

Container suse/valkey:latest

glibc-2.38-150600.14.32.1

Image SLES15-SP6

glibc-2.38-150600.14.32.1

glibc-i18ndata-2.38-150600.14.32.1

glibc-locale-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

nscd-2.38-150600.14.32.1

Image SLES15-SP6-Azure-3P

glibc-2.38-150600.14.32.1

glibc-i18ndata-2.38-150600.14.32.1

glibc-locale-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

nscd-2.38-150600.14.32.1

Image SLES15-SP6-Azure-Standard

glibc-2.38-150600.14.32.1

glibc-i18ndata-2.38-150600.14.32.1

glibc-locale-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

nscd-2.38-150600.14.32.1

Image SLES15-SP6-BYOS

glibc-2.38-150600.14.32.1

glibc-i18ndata-2.38-150600.14.32.1

glibc-locale-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

nscd-2.38-150600.14.32.1

Image SLES15-SP6-BYOS-EC2

glibc-2.38-150600.14.32.1

glibc-i18ndata-2.38-150600.14.32.1

glibc-locale-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

nscd-2.38-150600.14.32.1

Image SLES15-SP6-BYOS-GCE

glibc-2.38-150600.14.32.1

glibc-i18ndata-2.38-150600.14.32.1

glibc-locale-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

nscd-2.38-150600.14.32.1

Image SLES15-SP6-GCE

glibc-2.38-150600.14.32.1

glibc-i18ndata-2.38-150600.14.32.1

glibc-locale-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

nscd-2.38-150600.14.32.1

Image SLES15-SP6-Hardened-BYOS

glibc-2.38-150600.14.32.1

glibc-i18ndata-2.38-150600.14.32.1

glibc-locale-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

nscd-2.38-150600.14.32.1

Image SLES15-SP6-Hardened-BYOS-EC2

glibc-2.38-150600.14.32.1

glibc-i18ndata-2.38-150600.14.32.1

glibc-locale-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

nscd-2.38-150600.14.32.1

Image SLES15-SP6-Hardened-BYOS-GCE

glibc-2.38-150600.14.32.1

glibc-i18ndata-2.38-150600.14.32.1

glibc-locale-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

nscd-2.38-150600.14.32.1

Image SLES15-SP6-SAP

glibc-2.38-150600.14.32.1

glibc-32bit-2.38-150600.14.32.1

glibc-devel-2.38-150600.14.32.1

glibc-i18ndata-2.38-150600.14.32.1

glibc-locale-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

libnsl1-2.38-150600.14.32.1

nscd-2.38-150600.14.32.1

Image SLES15-SP6-SAP-GCE

glibc-2.38-150600.14.32.1

glibc-32bit-2.38-150600.14.32.1

glibc-devel-2.38-150600.14.32.1

glibc-i18ndata-2.38-150600.14.32.1

glibc-locale-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

libnsl1-2.38-150600.14.32.1

nscd-2.38-150600.14.32.1

Image SLES15-SP6-SAPCAL

glibc-2.38-150600.14.32.1

glibc-32bit-2.38-150600.14.32.1

glibc-devel-2.38-150600.14.32.1

glibc-i18ndata-2.38-150600.14.32.1

glibc-locale-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

libnsl1-2.38-150600.14.32.1

nscd-2.38-150600.14.32.1

Image SLES15-SP6-SAPCAL-GCE

glibc-2.38-150600.14.32.1

glibc-32bit-2.38-150600.14.32.1

glibc-devel-2.38-150600.14.32.1

glibc-i18ndata-2.38-150600.14.32.1

glibc-locale-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

libnsl1-2.38-150600.14.32.1

nscd-2.38-150600.14.32.1

Image ai_15_6

glibc-2.38-150600.14.32.1

SUSE Linux Enterprise Module for Basesystem 15 SP7

glibc-2.38-150600.14.32.1

glibc-32bit-2.38-150600.14.32.1

glibc-devel-2.38-150600.14.32.1

glibc-extra-2.38-150600.14.32.1

glibc-i18ndata-2.38-150600.14.32.1

glibc-info-2.38-150600.14.32.1

glibc-lang-2.38-150600.14.32.1

glibc-locale-2.38-150600.14.32.1

glibc-locale-base-2.38-150600.14.32.1

glibc-locale-base-32bit-2.38-150600.14.32.1

glibc-profile-2.38-150600.14.32.1

libnsl1-2.38-150600.14.32.1

libnsl1-32bit-2.38-150600.14.32.1

nscd-2.38-150600.14.32.1

SUSE Linux Enterprise Module for Development Tools 15 SP7

glibc-devel-32bit-2.38-150600.14.32.1

glibc-devel-static-2.38-150600.14.32.1

glibc-utils-2.38-150600.14.32.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-202501702-2/
Link for SUSE-SU-2025:01702-2
https://lists.suse.com/pipermail/sle-security-updates/2025-June/021079.html
E-Mail link for SUSE-SU-2025:01702-2
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1243317
SUSE Bug 1243317
https://www.suse.com/security/cve/CVE-2025-4802/
SUSE CVE CVE-2025-4802 page

Описание

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

Затронутые продукты

Container bci/bci-base-fips:latest:glibc-2.38-150600.14.32.1

Container bci/bci-busybox:latest:glibc-2.38-150600.14.32.1

Container bci/bci-init:latest:glibc-2.38-150600.14.32.1

Container bci/bci-micro:latest:glibc-2.38-150600.14.32.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-4802.html
CVE-2025-4802
https://bugzilla.suse.com/1243317
SUSE Bug 1243317
https://bugzilla.suse.com/1243318
SUSE Bug 1243318