exploitDog

SUSE-SU-2025:3722-1

Опубликовано: 22 окт. 2025

Источник: suse-cvrf

Описание

Security update for protobuf

This update for protobuf fixes the following issues:

CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages can lead to crash due to a RecursionError (bsc#1244663).

Список пакетов

SUSE Linux Enterprise Micro 5.1

libprotobuf-lite20-3.9.2-150200.4.27.1

SUSE Linux Enterprise Micro 5.2

libprotobuf-lite20-3.9.2-150200.4.27.1

SUSE Linux Enterprise Micro 5.3

libprotobuf-lite20-3.9.2-150200.4.27.1

SUSE Linux Enterprise Micro 5.4

libprotobuf-lite20-3.9.2-150200.4.27.1

SUSE Linux Enterprise Micro 5.5

libprotobuf-lite20-3.9.2-150200.4.27.1

SUSE Linux Enterprise Module for Basesystem 15 SP6

libprotobuf20-3.9.2-150200.4.27.1

SUSE Linux Enterprise Module for Basesystem 15 SP7

libprotobuf20-3.9.2-150200.4.27.1

SUSE Linux Enterprise Module for Package Hub 15 SP6

python3-protobuf-3.9.2-150200.4.27.1

SUSE Linux Enterprise Module for Package Hub 15 SP7

python3-protobuf-3.9.2-150200.4.27.1

SUSE Linux Enterprise Module for Public Cloud 15 SP3

python3-protobuf-3.9.2-150200.4.27.1

SUSE Linux Enterprise Module for Public Cloud 15 SP4

python3-protobuf-3.9.2-150200.4.27.1

SUSE Linux Enterprise Module for Public Cloud 15 SP5

python3-protobuf-3.9.2-150200.4.27.1

SUSE Linux Enterprise Module for Public Cloud 15 SP6

python3-protobuf-3.9.2-150200.4.27.1

SUSE Linux Enterprise Module for Public Cloud 15 SP7

python3-protobuf-3.9.2-150200.4.27.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20253722-1/
Link for SUSE-SU-2025:3722-1
https://lists.suse.com/pipermail/sle-security-updates/2025-October/022970.html
E-Mail link for SUSE-SU-2025:3722-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1244663
SUSE Bug 1244663
https://www.suse.com/security/cve/CVE-2025-4565/
SUSE CVE CVE-2025-4565 page

Описание

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashing the application with a RecursionError. We recommend upgrading to version =>6.31.1 or beyond commit 17838beda2943d08b8a9d4df5b68f5f04f26d901

Затронутые продукты

SUSE Linux Enterprise Micro 5.1:libprotobuf-lite20-3.9.2-150200.4.27.1

SUSE Linux Enterprise Micro 5.2:libprotobuf-lite20-3.9.2-150200.4.27.1

SUSE Linux Enterprise Micro 5.3:libprotobuf-lite20-3.9.2-150200.4.27.1

SUSE Linux Enterprise Micro 5.4:libprotobuf-lite20-3.9.2-150200.4.27.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-4565.html
CVE-2025-4565
https://bugzilla.suse.com/1244663
SUSE Bug 1244663