SUSE has announced several critical security updates for its software packages, including Avahi, the Linux kernel, and additional updates for Bird3, TIFF, and Expat.
1. Avahi: Two moderate security updates have been released (SUSE-SU-2025:03333-1 and SUSE-SU-2025:03331-1) to address a vulnerability (CVE-2024-52615). This vulnerability could allow DNS spoofing attacks due to the use of a constant source port for queries.
2. Linux Kernel: A significant update (SUSE-SU-2025:03344-1) has been issued to address multiple vulnerabilities, including CVE-2022-49980 and CVE-2025-21971, among others. The update includes 35 vulnerability fixes and requires a system reboot after installation.
3. Bird3: A moderate update (openSUSE-SU-2025:15572-1) has been released to fix security issues in the Bird3 package.
4. Expat: Another moderate update (openSUSE-SU-2025:15573-1) is provided to address security vulnerabilities in Expat.
5. TIFF: An update (SUSE-SU-2025:03348-1) has been released to fix four vulnerabilities, including CVE-2024-13978 and CVE-2025-9165, which could lead to memory leaks and segmentation faults.
- Installation Instructions: Users are advised to utilize SUSE's recommended methods for installation, such as using YaST or "zypper patch" commands tailored to their specific product versions.
- Affected Products: The updates impact a wide range of SUSE products including various versions of SUSE Linux Enterprise Desktop, Server, Real Time, and openSUSE Leap.
- Vulnerability Ratings: The vulnerabilities addressed have varying CVSS scores indicating their severity, with some rated above 7.0, denoting high risk.
- Importance of Updates: These updates are crucial for maintaining system integrity and security, as they address known vulnerabilities that could be exploited by malicious actors.
- Future Steps: Following these updates, users should remain vigilant for future patches and updates to ensure ongoing protection against newly discovered vulnerabilities.
In summary, these updates signify SUSE's commitment to security and user safety by addressing vulnerabilities that could pose significant risks to system integrity. Users are encouraged to apply these updates promptly
Summary of Updates:
1. Avahi: Two moderate security updates have been released (SUSE-SU-2025:03333-1 and SUSE-SU-2025:03331-1) to address a vulnerability (CVE-2024-52615). This vulnerability could allow DNS spoofing attacks due to the use of a constant source port for queries.
2. Linux Kernel: A significant update (SUSE-SU-2025:03344-1) has been issued to address multiple vulnerabilities, including CVE-2022-49980 and CVE-2025-21971, among others. The update includes 35 vulnerability fixes and requires a system reboot after installation.
3. Bird3: A moderate update (openSUSE-SU-2025:15572-1) has been released to fix security issues in the Bird3 package.
4. Expat: Another moderate update (openSUSE-SU-2025:15573-1) is provided to address security vulnerabilities in Expat.
5. TIFF: An update (SUSE-SU-2025:03348-1) has been released to fix four vulnerabilities, including CVE-2024-13978 and CVE-2025-9165, which could lead to memory leaks and segmentation faults.
Extended Details:
- Installation Instructions: Users are advised to utilize SUSE's recommended methods for installation, such as using YaST or "zypper patch" commands tailored to their specific product versions.
- Affected Products: The updates impact a wide range of SUSE products including various versions of SUSE Linux Enterprise Desktop, Server, Real Time, and openSUSE Leap.
- Vulnerability Ratings: The vulnerabilities addressed have varying CVSS scores indicating their severity, with some rated above 7.0, denoting high risk.
- Importance of Updates: These updates are crucial for maintaining system integrity and security, as they address known vulnerabilities that could be exploited by malicious actors.
- Future Steps: Following these updates, users should remain vigilant for future patches and updates to ensure ongoing protection against newly discovered vulnerabilities.
In summary, these updates signify SUSE's commitment to security and user safety by addressing vulnerabilities that could pose significant risks to system integrity. Users are encouraged to apply these updates promptly
Avahi, Bird3, Expat, Kernel, Tiff updates for SUSE
Several security updates have been announced by SUSE, including updates for Avahi and the Linux kernel. A high-priority update has also been issued to address vulnerabilities in the Linux kernel. Additionally, updates for the bird3, tiff, and expat packages have been released.
SUSE-SU-2025:03333-1: moderate: Security update for avahi
SUSE-SU-2025:03331-1: moderate: Security update for avahi
openSUSE-SU-2025:15572-1: moderate: bird3-3.1.4-1.1 on GA media
openSUSE-SU-2025:15573-1: moderate: expat-2.7.2-1.1 on GA media
SUSE-SU-2025:03344-1: important: Security update for the Linux Kernel
SUSE-SU-2025:03348-1: moderate: Security update for tiffAvahi, Bird3, Expat, Kernel, Tiff updates for SUSE @ Linux Compatible
