SUSE-SU-2025:01784-1

Опубликовано: 30 мая 2025

Источник: suse-cvrf

Описание

Security update for glibc

This update for glibc fixes the following issues:

Security issues fixed:

CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).

Other issues fixed:

Multi-threaded application hang due to deadlock when pthread_cond_signal fails to wake up pthread_cond_wait as a consequence of a bug related to stealing of signals (bsc#1234128).

Список пакетов

Container suse/ltss/sle15.5/sle15:latest

glibc-2.31-150300.95.1

Container suse/sle-micro-rancher/5.2:latest

glibc-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

Container suse/sle-micro-rancher/5.3:latest

glibc-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

Container suse/sle-micro-rancher/5.4:latest

glibc-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

Container suse/sle-micro/5.1/toolbox:latest

glibc-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

Container suse/sle-micro/5.2/toolbox:latest

glibc-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

Container suse/sle-micro/5.3/toolbox:latest

glibc-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

Container suse/sle-micro/5.4/toolbox:latest

glibc-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

Container suse/sle-micro/5.5/toolbox:latest

glibc-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

Container suse/sle-micro/5.5:latest

glibc-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

Container suse/sle-micro/base-5.5:latest

glibc-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

Container suse/sle-micro/kvm-5.5:latest

glibc-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

Container suse/sle-micro/rt-5.5:latest

glibc-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

SUSE Enterprise Storage 7.1

glibc-2.31-150300.95.1

glibc-32bit-2.31-150300.95.1

glibc-devel-2.31-150300.95.1

glibc-devel-32bit-2.31-150300.95.1

glibc-devel-static-2.31-150300.95.1

glibc-extra-2.31-150300.95.1

glibc-i18ndata-2.31-150300.95.1

glibc-info-2.31-150300.95.1

glibc-lang-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

glibc-locale-base-32bit-2.31-150300.95.1

glibc-profile-2.31-150300.95.1

glibc-utils-2.31-150300.95.1

nscd-2.31-150300.95.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

glibc-2.31-150300.95.1

glibc-32bit-2.31-150300.95.1

glibc-devel-2.31-150300.95.1

glibc-devel-32bit-2.31-150300.95.1

glibc-devel-static-2.31-150300.95.1

glibc-extra-2.31-150300.95.1

glibc-i18ndata-2.31-150300.95.1

glibc-info-2.31-150300.95.1

glibc-lang-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

glibc-locale-base-32bit-2.31-150300.95.1

glibc-profile-2.31-150300.95.1

glibc-utils-2.31-150300.95.1

nscd-2.31-150300.95.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

glibc-2.31-150300.95.1

glibc-32bit-2.31-150300.95.1

glibc-devel-2.31-150300.95.1

glibc-devel-32bit-2.31-150300.95.1

glibc-devel-static-2.31-150300.95.1

glibc-extra-2.31-150300.95.1

glibc-i18ndata-2.31-150300.95.1

glibc-info-2.31-150300.95.1

glibc-lang-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

glibc-locale-base-32bit-2.31-150300.95.1

glibc-profile-2.31-150300.95.1

glibc-utils-2.31-150300.95.1

nscd-2.31-150300.95.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

glibc-2.31-150300.95.1

glibc-32bit-2.31-150300.95.1

glibc-devel-2.31-150300.95.1

glibc-devel-32bit-2.31-150300.95.1

glibc-devel-static-2.31-150300.95.1

glibc-extra-2.31-150300.95.1

glibc-i18ndata-2.31-150300.95.1

glibc-info-2.31-150300.95.1

glibc-lang-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

glibc-locale-base-32bit-2.31-150300.95.1

glibc-profile-2.31-150300.95.1

glibc-utils-2.31-150300.95.1

nscd-2.31-150300.95.1

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

glibc-2.31-150300.95.1

glibc-32bit-2.31-150300.95.1

glibc-devel-2.31-150300.95.1

glibc-devel-32bit-2.31-150300.95.1

glibc-devel-static-2.31-150300.95.1

glibc-extra-2.31-150300.95.1

glibc-i18ndata-2.31-150300.95.1

glibc-info-2.31-150300.95.1

glibc-lang-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

glibc-locale-base-32bit-2.31-150300.95.1

glibc-profile-2.31-150300.95.1

glibc-utils-2.31-150300.95.1

nscd-2.31-150300.95.1

SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

glibc-2.31-150300.95.1

glibc-32bit-2.31-150300.95.1

glibc-devel-2.31-150300.95.1

glibc-devel-32bit-2.31-150300.95.1

glibc-devel-static-2.31-150300.95.1

glibc-extra-2.31-150300.95.1

glibc-i18ndata-2.31-150300.95.1

glibc-info-2.31-150300.95.1

glibc-lang-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

glibc-locale-base-32bit-2.31-150300.95.1

glibc-profile-2.31-150300.95.1

glibc-utils-2.31-150300.95.1

nscd-2.31-150300.95.1

SUSE Linux Enterprise Micro 5.1

glibc-2.31-150300.95.1

glibc-devel-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

SUSE Linux Enterprise Micro 5.2

glibc-2.31-150300.95.1

glibc-devel-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

SUSE Linux Enterprise Micro 5.3

glibc-2.31-150300.95.1

glibc-devel-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

SUSE Linux Enterprise Micro 5.4

glibc-2.31-150300.95.1

glibc-devel-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

SUSE Linux Enterprise Micro 5.5

glibc-2.31-150300.95.1

glibc-devel-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

SUSE Linux Enterprise Server 15 SP3-LTSS

glibc-2.31-150300.95.1

glibc-32bit-2.31-150300.95.1

glibc-devel-2.31-150300.95.1

glibc-devel-32bit-2.31-150300.95.1

glibc-devel-static-2.31-150300.95.1

glibc-extra-2.31-150300.95.1

glibc-i18ndata-2.31-150300.95.1

glibc-info-2.31-150300.95.1

glibc-lang-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

glibc-locale-base-32bit-2.31-150300.95.1

glibc-profile-2.31-150300.95.1

glibc-utils-2.31-150300.95.1

nscd-2.31-150300.95.1

SUSE Linux Enterprise Server 15 SP4-LTSS

glibc-2.31-150300.95.1

glibc-32bit-2.31-150300.95.1

glibc-devel-2.31-150300.95.1

glibc-devel-32bit-2.31-150300.95.1

glibc-devel-static-2.31-150300.95.1

glibc-extra-2.31-150300.95.1

glibc-i18ndata-2.31-150300.95.1

glibc-info-2.31-150300.95.1

glibc-lang-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

glibc-locale-base-32bit-2.31-150300.95.1

glibc-profile-2.31-150300.95.1

glibc-utils-2.31-150300.95.1

nscd-2.31-150300.95.1

SUSE Linux Enterprise Server 15 SP5-LTSS

glibc-2.31-150300.95.1

glibc-32bit-2.31-150300.95.1

glibc-devel-2.31-150300.95.1

glibc-devel-32bit-2.31-150300.95.1

glibc-devel-static-2.31-150300.95.1

glibc-extra-2.31-150300.95.1

glibc-i18ndata-2.31-150300.95.1

glibc-info-2.31-150300.95.1

glibc-lang-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

glibc-locale-base-32bit-2.31-150300.95.1

glibc-profile-2.31-150300.95.1

glibc-utils-2.31-150300.95.1

nscd-2.31-150300.95.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

glibc-2.31-150300.95.1

glibc-32bit-2.31-150300.95.1

glibc-devel-2.31-150300.95.1

glibc-devel-32bit-2.31-150300.95.1

glibc-devel-static-2.31-150300.95.1

glibc-extra-2.31-150300.95.1

glibc-i18ndata-2.31-150300.95.1

glibc-info-2.31-150300.95.1

glibc-lang-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

glibc-locale-base-32bit-2.31-150300.95.1

glibc-profile-2.31-150300.95.1

glibc-utils-2.31-150300.95.1

nscd-2.31-150300.95.1

SUSE Linux Enterprise Server for SAP Applications 15 SP4

glibc-2.31-150300.95.1

glibc-32bit-2.31-150300.95.1

glibc-devel-2.31-150300.95.1

glibc-devel-32bit-2.31-150300.95.1

glibc-devel-static-2.31-150300.95.1

glibc-extra-2.31-150300.95.1

glibc-i18ndata-2.31-150300.95.1

glibc-info-2.31-150300.95.1

glibc-lang-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

glibc-locale-base-32bit-2.31-150300.95.1

glibc-profile-2.31-150300.95.1

glibc-utils-2.31-150300.95.1

nscd-2.31-150300.95.1

SUSE Linux Enterprise Server for SAP Applications 15 SP5

glibc-2.31-150300.95.1

glibc-32bit-2.31-150300.95.1

glibc-devel-2.31-150300.95.1

glibc-devel-32bit-2.31-150300.95.1

glibc-devel-static-2.31-150300.95.1

glibc-extra-2.31-150300.95.1

glibc-i18ndata-2.31-150300.95.1

glibc-info-2.31-150300.95.1

glibc-lang-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

glibc-locale-base-32bit-2.31-150300.95.1

glibc-profile-2.31-150300.95.1

glibc-utils-2.31-150300.95.1

nscd-2.31-150300.95.1

SUSE Manager Proxy 4.3

glibc-2.31-150300.95.1

glibc-32bit-2.31-150300.95.1

glibc-devel-2.31-150300.95.1

glibc-extra-2.31-150300.95.1

glibc-i18ndata-2.31-150300.95.1

glibc-info-2.31-150300.95.1

glibc-lang-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

glibc-locale-base-32bit-2.31-150300.95.1

glibc-profile-2.31-150300.95.1

nscd-2.31-150300.95.1

SUSE Manager Server 4.3

glibc-2.31-150300.95.1

glibc-32bit-2.31-150300.95.1

glibc-devel-2.31-150300.95.1

glibc-extra-2.31-150300.95.1

glibc-i18ndata-2.31-150300.95.1

glibc-info-2.31-150300.95.1

glibc-lang-2.31-150300.95.1

glibc-locale-2.31-150300.95.1

glibc-locale-base-2.31-150300.95.1

glibc-locale-base-32bit-2.31-150300.95.1

glibc-profile-2.31-150300.95.1

nscd-2.31-150300.95.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-202501784-1/
Link for SUSE-SU-2025:01784-1
https://lists.suse.com/pipermail/sle-updates/2025-May/039476.html
E-Mail link for SUSE-SU-2025:01784-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1234128
SUSE Bug 1234128
https://bugzilla.suse.com/1243317
SUSE Bug 1243317
https://www.suse.com/security/cve/CVE-2025-4802/
SUSE CVE CVE-2025-4802 page

Описание

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

Затронутые продукты

Container suse/ltss/sle15.5/sle15:latest:glibc-2.31-150300.95.1

Container suse/sle-micro-rancher/5.2:latest:glibc-2.31-150300.95.1

Container suse/sle-micro-rancher/5.2:latest:glibc-locale-base-2.31-150300.95.1

Container suse/sle-micro-rancher/5.3:latest:glibc-2.31-150300.95.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-4802.html
CVE-2025-4802
https://bugzilla.suse.com/1243317
SUSE Bug 1243317
https://bugzilla.suse.com/1243318
SUSE Bug 1243318

SUSE-SU-2025:01784-1

Описание

Список пакетов

Container suse/ltss/sle15.5/sle15:latest

Container suse/sle-micro-rancher/5.2:latest

Container suse/sle-micro-rancher/5.3:latest

Container suse/sle-micro-rancher/5.4:latest

Container suse/sle-micro/5.1/toolbox:latest

Container suse/sle-micro/5.2/toolbox:latest

Container suse/sle-micro/5.3/toolbox:latest

Container suse/sle-micro/5.4/toolbox:latest

Container suse/sle-micro/5.5/toolbox:latest

Container suse/sle-micro/5.5:latest

Container suse/sle-micro/base-5.5:latest

Container suse/sle-micro/kvm-5.5:latest

Container suse/sle-micro/rt-5.5:latest

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

SUSE Linux Enterprise Micro 5.1

SUSE Linux Enterprise Micro 5.2

SUSE Linux Enterprise Micro 5.3

SUSE Linux Enterprise Micro 5.4

SUSE Linux Enterprise Micro 5.5

SUSE Linux Enterprise Server 15 SP3-LTSS

SUSE Linux Enterprise Server 15 SP4-LTSS

SUSE Linux Enterprise Server 15 SP5-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP3

SUSE Linux Enterprise Server for SAP Applications 15 SP4

SUSE Linux Enterprise Server for SAP Applications 15 SP5

SUSE Manager Proxy 4.3

SUSE Manager Server 4.3

Ссылки

Уязвимость: CVE-2025-4802

Описание

Затронутые продукты

Ссылки