SUSE-SU-2025:02734-1

Опубликовано: 08 авг. 2025

Источник: suse-cvrf

Описание

Security update for dpkg

This update for dpkg fixes the following issues:

CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573)

Список пакетов

Container bci/bci-init:15.6

update-alternatives-1.19.0.4-150000.4.7.1

Container bci/openjdk:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container bci/php-apache:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container bci/php-fpm:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container bci/python:3

update-alternatives-1.19.0.4-150000.4.7.1

Container bci/python:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container bci/ruby:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container bci/rust:1.87

update-alternatives-1.19.0.4-150000.4.7.1

Container bci/rust:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container bci/spack:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container containers/milvus:2.4

update-alternatives-1.19.0.4-150000.4.7.1

Container containers/ollama:0

update-alternatives-1.19.0.4-150000.4.7.1

Container containers/open-webui-pipelines:0

update-alternatives-1.19.0.4-150000.4.7.1

Container containers/open-webui:0

update-alternatives-1.19.0.4-150000.4.7.1

Container containers/pytorch:2-nvidia

update-alternatives-1.19.0.4-150000.4.7.1

Container private-registry/harbor-db:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/kiosk/firefox-esr:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/kiosk/pulseaudio:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/kiosk/xorg-client:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/kiosk/xorg:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/kubectl:1.31

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/manager/4.3/proxy-httpd:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/manager/4.3/proxy-tftpd:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/rmt-server:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/sle-micro-rancher/5.2:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/sle-micro-rancher/5.3:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/sle-micro-rancher/5.4:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/sle-micro/5.1/toolbox:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/sle-micro/5.2/toolbox:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/sle-micro/5.3/toolbox:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/sle-micro/5.4/toolbox:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/sle-micro/5.5/toolbox:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/sle-micro/5.5:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/sle-micro/base-5.5:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/sle-micro/kvm-5.5:latest

update-alternatives-1.19.0.4-150000.4.7.1

Container suse/sle-micro/rt-5.5:latest

update-alternatives-1.19.0.4-150000.4.7.1

SUSE Linux Enterprise Micro 5.1

update-alternatives-1.19.0.4-150000.4.7.1

SUSE Linux Enterprise Micro 5.2

update-alternatives-1.19.0.4-150000.4.7.1

SUSE Linux Enterprise Micro 5.3

update-alternatives-1.19.0.4-150000.4.7.1

SUSE Linux Enterprise Micro 5.4

update-alternatives-1.19.0.4-150000.4.7.1

SUSE Linux Enterprise Micro 5.5

update-alternatives-1.19.0.4-150000.4.7.1

SUSE Linux Enterprise Module for Basesystem 15 SP6

update-alternatives-1.19.0.4-150000.4.7.1

SUSE Linux Enterprise Module for Basesystem 15 SP7

update-alternatives-1.19.0.4-150000.4.7.1

SUSE Linux Enterprise Module for Development Tools 15 SP6

dpkg-1.19.0.4-150000.4.7.1

dpkg-devel-1.19.0.4-150000.4.7.1

SUSE Linux Enterprise Module for Development Tools 15 SP7

dpkg-1.19.0.4-150000.4.7.1

dpkg-devel-1.19.0.4-150000.4.7.1

openSUSE Leap 15.6

dpkg-1.19.0.4-150000.4.7.1

dpkg-devel-1.19.0.4-150000.4.7.1

dpkg-lang-1.19.0.4-150000.4.7.1

update-alternatives-1.19.0.4-150000.4.7.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-202502734-1/
Link for SUSE-SU-2025:02734-1
https://lists.suse.com/pipermail/sle-updates/2025-August/041153.html
E-Mail link for SUSE-SU-2025:02734-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1245573
SUSE Bug 1245573
https://www.suse.com/security/cve/CVE-2025-6297/
SUSE CVE CVE-2025-6297 page

Описание

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.

Затронутые продукты

Container bci/bci-init:15.6:update-alternatives-1.19.0.4-150000.4.7.1

Container bci/openjdk:latest:update-alternatives-1.19.0.4-150000.4.7.1

Container bci/php-apache:latest:update-alternatives-1.19.0.4-150000.4.7.1

Container bci/php-fpm:latest:update-alternatives-1.19.0.4-150000.4.7.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-6297.html
CVE-2025-6297
https://bugzilla.suse.com/1245573
SUSE Bug 1245573

SUSE-SU-2025:02734-1

Описание

Список пакетов

Container bci/bci-init:15.6

Container bci/openjdk:latest

Container bci/php-apache:latest

Container bci/php-fpm:latest

Container bci/python:3

Container bci/python:latest

Container bci/ruby:latest

Container bci/rust:1.87

Container bci/rust:latest

Container bci/spack:latest

Container containers/milvus:2.4

Container containers/ollama:0

Container containers/open-webui-pipelines:0

Container containers/open-webui:0

Container containers/pytorch:2-nvidia

Container private-registry/harbor-db:latest

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest

Container suse/kiosk/firefox-esr:latest

Container suse/kiosk/pulseaudio:latest

Container suse/kiosk/xorg-client:latest

Container suse/kiosk/xorg:latest

Container suse/kubectl:1.31

Container suse/manager/4.3/proxy-httpd:latest

Container suse/manager/4.3/proxy-tftpd:latest

Container suse/rmt-server:latest

Container suse/sle-micro-rancher/5.2:latest

Container suse/sle-micro-rancher/5.3:latest

Container suse/sle-micro-rancher/5.4:latest

Container suse/sle-micro/5.1/toolbox:latest

Container suse/sle-micro/5.2/toolbox:latest

Container suse/sle-micro/5.3/toolbox:latest

Container suse/sle-micro/5.4/toolbox:latest

Container suse/sle-micro/5.5/toolbox:latest

Container suse/sle-micro/5.5:latest

Container suse/sle-micro/base-5.5:latest

Container suse/sle-micro/kvm-5.5:latest

Container suse/sle-micro/rt-5.5:latest

SUSE Linux Enterprise Micro 5.1

SUSE Linux Enterprise Micro 5.2

SUSE Linux Enterprise Micro 5.3

SUSE Linux Enterprise Micro 5.4

SUSE Linux Enterprise Micro 5.5

SUSE Linux Enterprise Module for Basesystem 15 SP6

SUSE Linux Enterprise Module for Basesystem 15 SP7

SUSE Linux Enterprise Module for Development Tools 15 SP6

SUSE Linux Enterprise Module for Development Tools 15 SP7

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2025-6297

Описание

Затронутые продукты

Ссылки