SUSE Linux has released several security updates addressing vulnerabilities in audiofile, rustup, and nbdkit. These updates include:
1. Audiofile Update (SUSE-SU-2025:1559-1): A moderate security update addressing two vulnerabilities:
- CVE-2019-13147: Resolves a NULL pointer dereference in the ulaw2linear_buf function, which could potentially lead to a denial of service (DoS).
- CVE-2022-24599: Addresses an issue with unverified user input when processing audio files that could lead to an information leak.
Affected products include various versions of SUSE Linux Enterprise and openSUSE Leap. Users are encouraged to install the update using the YaST online_update tool or the `zypper patch` command.
2. Rustup Update (SUSE-SU-2025:1560-1): A low-severity update that fixes a vulnerability (CVE-2025-3416) related to a use-after-free issue in the rust-openssl crate, which could lead to potential security risks. This update specifically affects openSUSE Leap 15.4.
3. Nbdkit Update (openSUSE-SU-2025:15088-1): This moderate security update addresses two vulnerabilities (CVE-2025-47711 and CVE-2025-47712) in the nbdkit package, which is part of the openSUSE Tumbleweed distribution. The update resolves various security issues that could affect the functionality and security of the software.
Users of the affected products are advised to apply these updates promptly to mitigate potential security risks. The updates can be installed using standard package management commands, ensuring that systems remain secure and up-to-date.
For further information on each vulnerability and the specifics of the updates, users can refer to the provided CVE references and patches available on the SUSE security website
1. Audiofile Update (SUSE-SU-2025:1559-1): A moderate security update addressing two vulnerabilities:
- CVE-2019-13147: Resolves a NULL pointer dereference in the ulaw2linear_buf function, which could potentially lead to a denial of service (DoS).
- CVE-2022-24599: Addresses an issue with unverified user input when processing audio files that could lead to an information leak.
Affected products include various versions of SUSE Linux Enterprise and openSUSE Leap. Users are encouraged to install the update using the YaST online_update tool or the `zypper patch` command.
2. Rustup Update (SUSE-SU-2025:1560-1): A low-severity update that fixes a vulnerability (CVE-2025-3416) related to a use-after-free issue in the rust-openssl crate, which could lead to potential security risks. This update specifically affects openSUSE Leap 15.4.
3. Nbdkit Update (openSUSE-SU-2025:15088-1): This moderate security update addresses two vulnerabilities (CVE-2025-47711 and CVE-2025-47712) in the nbdkit package, which is part of the openSUSE Tumbleweed distribution. The update resolves various security issues that could affect the functionality and security of the software.
Users of the affected products are advised to apply these updates promptly to mitigate potential security risks. The updates can be installed using standard package management commands, ensuring that systems remain secure and up-to-date.
For further information on each vulnerability and the specifics of the updates, users can refer to the provided CVE references and patches available on the SUSE security website
Audiofile, Rustup, and Nbdkit updates for SUSE
SUSE Linux has been updated with security updates for audiofile, rustup, and nbdkit:
SUSE-SU-2025:1559-1: moderate: Security update for audiofile
SUSE-SU-2025:1560-1: low: Security update for rustup
openSUSE-SU-2025:15088-1: moderate: nbdkit-1.42.3-1.1 on GA mediaAudiofile, Rustup, and Nbdkit updates for SUSE @ Linux Compatible
