The recent updates for SUSE include important security patches for two applications: 7zip and Firebird. The update openSUSE-SU-2025:0339-1 for 7zip upgrades the software to version 25.01 and addresses two vulnerabilities. Notably, it enhances the handling of symbolic links, improving security during file extraction from archives. The update also introduces several performance optimizations, including increased compression speeds and better support for various archive formats. Two specific vulnerabilities, CVE-2025-53816 and CVE-2025-53817, have been fixed, with CVSS scores indicating moderate severity.
In contrast, the update SUSE-SU-2025:03095-1 for Firebird tackles a critical vulnerability, CVE-2017-11509, which could permit authenticated remote code execution through improperly defined external functions. This vulnerability has been rated as important due to its potential impact on system security.
Patch Installation Instructions:
Users can apply these updates using recommended methods such as YaST online_update or through the command line with `zypper patch`. Specifically, for openSUSE Leap 15.6, the command is:
- For 7zip: `zypper in -t patch openSUSE-2025-339=1`
- For Firebird: `zypper in -t patch openSUSE-SLE-15.6-2025-3095=1`
Affected Products:
Both updates affect openSUSE Leap 15.6 and various versions of SUSE Linux Enterprise products.
Summary:
The updates for 7zip and Firebird are crucial for maintaining security and performance on SUSE systems. Regularly applying these patches not only addresses current vulnerabilities but also enhances the overall functionality of the software. It is highly recommended that users ensure their systems are up-to-date to protect against potential security threats.
In the future, users should remain vigilant for further updates and security advisories from SUSE to safeguard their systems effectively. Keeping software updated is a critical practice in maintaining cybersecurity, particularly for applications that handle sensitive data or perform critical functions
In contrast, the update SUSE-SU-2025:03095-1 for Firebird tackles a critical vulnerability, CVE-2017-11509, which could permit authenticated remote code execution through improperly defined external functions. This vulnerability has been rated as important due to its potential impact on system security.
Patch Installation Instructions:
Users can apply these updates using recommended methods such as YaST online_update or through the command line with `zypper patch`. Specifically, for openSUSE Leap 15.6, the command is:
- For 7zip: `zypper in -t patch openSUSE-2025-339=1`
- For Firebird: `zypper in -t patch openSUSE-SLE-15.6-2025-3095=1`
Affected Products:
Both updates affect openSUSE Leap 15.6 and various versions of SUSE Linux Enterprise products.
Summary:
The updates for 7zip and Firebird are crucial for maintaining security and performance on SUSE systems. Regularly applying these patches not only addresses current vulnerabilities but also enhances the overall functionality of the software. It is highly recommended that users ensure their systems are up-to-date to protect against potential security threats.
In the future, users should remain vigilant for further updates and security advisories from SUSE to safeguard their systems effectively. Keeping software updated is a critical practice in maintaining cybersecurity, particularly for applications that handle sensitive data or perform critical functions
7zip and Firebird updates for SUSE
The openSUSE-SU-2025:0339-1 update fixes two vulnerabilities and an errata for 7zip, which is now at version 25.01. This update improves handling of symbolic links and bypasses default security checks when creating them, among other changes. In contrast, the SUSE-SU-2025:03095-1 update addresses a single vulnerability in Firebird, specifically CVE-2017-11509, which allowed authenticated remote code execution via external functions.
openSUSE-SU-2025:0339-1: moderate: Security update for 7zip
SUSE-SU-2025:03095-1: important: Security update for firebird
