SUSE-SU-2025:0580-1

Опубликовано: 18 фев. 2025

Источник: suse-cvrf

Описание

Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues:

CVE-2024-45339: github.com/golang/glog: a privileged process' log file path can be easily predicted and used to overwrite other sensitive files in a system. (bsc#1236560)

Список пакетов

SUSE Linux Enterprise Module for Public Cloud 12

google-osconfig-agent-20250115.01-1.35.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20250580-1/
Link for SUSE-SU-2025:0580-1
https://lists.suse.com/pipermail/sle-security-updates/2025-February/020367.html
E-Mail link for SUSE-SU-2025:0580-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1236560
SUSE Bug 1236560
https://www.suse.com/security/cve/CVE-2024-45339/
SUSE CVE CVE-2024-45339 page

Описание

When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.

Затронутые продукты

SUSE Linux Enterprise Module for Public Cloud 12:google-osconfig-agent-20250115.01-1.35.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-45339.html
CVE-2024-45339
https://bugzilla.suse.com/1236541
SUSE Bug 1236541

SUSE-SU-2025:0580-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Public Cloud 12

Ссылки

Уязвимость: CVE-2024-45339

Описание

Затронутые продукты

Ссылки