SUSE Linux has recently released security updates aimed at enhancing system security, particularly for the packages cifs-utils and glow. These updates, designated as moderate in severity, address specific vulnerabilities identified in the respective packages.
1. CIFS-Utils Security Update
- Announcement ID: SUSE-SU-2025:1381-1
- Release Date: April 28, 2025
- Vulnerability: CVE-2025-2312, which affects cifs.upcall by misrouting calls in containerized environments seeking Kerberos credentials.
- CVSS Scores: Ranging from 5.9 to 6.5, indicating moderate risk.
- Affected Products: Includes various versions of SUSE Linux Enterprise and openSUSE, particularly versions 15.4, 15.6, and related micro and real-time installations.
- Patch Instructions: Users are encouraged to apply the updates using methods such as YaST or the zypper patch command relevant to their specific product versions.
2. Glow Package Update
- Announcement ID: openSUSE-SU-2025:15036-1
- Vulnerability: CVE-2025-22872, which affects the glow package in openSUSE Tumbleweed.
- CVSS Scores: Ranging from 6.3 to 6.5, indicating a moderate level of risk.
- Affected Products: Specifically affects the openSUSE Tumbleweed distribution.
- Package List: Includes various components of glow, such as bash and zsh completion scripts.
For users looking to install the updates, the following general commands apply for various SUSE products:
- For openSUSE Leap 15.4: `zypper in -t patch SUSE-2025-1381=1`
- For openSUSE Leap 15.6: `zypper in -t patch openSUSE-SLE-15.6-2025-1381=1`
- For SUSE Linux Enterprise Micro and Rancher versions, similar commands tailored for each version should be used.
These updates are crucial for maintaining the security integrity of SUSE Linux systems. Users are advised to promptly apply the updates to mitigate the identified vulnerabilities. Keeping systems updated not only protects against existing threats but also contributes to overall system stability and performance. For detailed information, users can refer to the provided CVE links and the SUSE security webpages for each vulnerability
Updates Overview
1. CIFS-Utils Security Update
- Announcement ID: SUSE-SU-2025:1381-1
- Release Date: April 28, 2025
- Vulnerability: CVE-2025-2312, which affects cifs.upcall by misrouting calls in containerized environments seeking Kerberos credentials.
- CVSS Scores: Ranging from 5.9 to 6.5, indicating moderate risk.
- Affected Products: Includes various versions of SUSE Linux Enterprise and openSUSE, particularly versions 15.4, 15.6, and related micro and real-time installations.
- Patch Instructions: Users are encouraged to apply the updates using methods such as YaST or the zypper patch command relevant to their specific product versions.
2. Glow Package Update
- Announcement ID: openSUSE-SU-2025:15036-1
- Vulnerability: CVE-2025-22872, which affects the glow package in openSUSE Tumbleweed.
- CVSS Scores: Ranging from 6.3 to 6.5, indicating a moderate level of risk.
- Affected Products: Specifically affects the openSUSE Tumbleweed distribution.
- Package List: Includes various components of glow, such as bash and zsh completion scripts.
Installation Instructions
For users looking to install the updates, the following general commands apply for various SUSE products:
- For openSUSE Leap 15.4: `zypper in -t patch SUSE-2025-1381=1`
- For openSUSE Leap 15.6: `zypper in -t patch openSUSE-SLE-15.6-2025-1381=1`
- For SUSE Linux Enterprise Micro and Rancher versions, similar commands tailored for each version should be used.
Conclusion
These updates are crucial for maintaining the security integrity of SUSE Linux systems. Users are advised to promptly apply the updates to mitigate the identified vulnerabilities. Keeping systems updated not only protects against existing threats but also contributes to overall system stability and performance. For detailed information, users can refer to the provided CVE links and the SUSE security webpages for each vulnerability
CIFS-Utils and Glow updates for SUSE
SUSE Linux has been updated with security enhancements, featuring moderate security updates for cifs-utils and glow:
SUSE-SU-2025:1381-1: moderate: Security update for cifs-utils
openSUSE-SU-2025:15036-1: moderate: glow-2.1.0-2.1 on GA media
