SUSE Linux has rolled out security updates for several key components, including Docker, Umoci, Go 1.24, and Go 1.23. Here’s a summary of the updates:
1. Docker Security Update (SUSE-SU-2025:02289-1):
- Release Date: July 11, 2025
- Severity: Moderate
- Vulnerabilities Addressed: Two vulnerabilities, CVE-2025-0495 and CVE-2025-22872, affecting credential leakage and incorrect tag interpretation in the Docker environment.
- Changes: Update to Docker version 28.2.2-ce, clear SUSEConnect secrets during container startup, and enhancements in Docker Buildx support.
- Affected Products: Various SUSE Linux Enterprise versions and openSUSE Leap 15.6.
2. Umoci Security Update (SUSE-SU-2025:02282-1):
- Release Date: July 11, 2025
- Severity: Moderate
- Vulnerability Addressed: CVE-2021-41190, concerning media-type interpretation in OCI image-spec, with no direct impact on Umoci's functionality.
- Update: Upgrade to Umoci version 0.5.0 with enhanced media-type embedding and verification.
- Affected Products: Includes multiple versions of SUSE Linux Enterprise and related products.
3. Go 1.24 Security Update (SUSE-SU-2025:02295-1):
- Release Date: July 11, 2025
- Severity: Important
- Vulnerability Addressed: CVE-2025-4674, which could lead to command execution in untrusted VCS repositories.
- Update: Upgrade to Go version 1.24.5.
- Affected Products: Covers various SUSE Linux Enterprise modules, including Development Tools Module and openSUSE Leap 15.6.
4. Go 1.23 Security Update (SUSE-SU-2025:02296-1):
- Release Date: July 11, 2025
- Severity: Important
- Vulnerability Addressed: Similar to Go 1.24, CVE-2025-4674.
- Update: Upgrade to Go version 1.23.11.
- Affected Products: As with Go 1.24, this update impacts various SUSE Linux Enterprise products.
Installation Instructions: Users are encouraged to apply these updates using the recommended installation methods such as YaST online_update or "zypper patch." Specific commands for different products are provided for ease of installation.
Future Considerations: It is crucial for users to regularly check for updates from SUSE to ensure their systems remain secure. Continuous vigilance against newly discovered vulnerabilities is essential in maintaining the integrity and security of software environments.
In addition, users and system administrators should consider implementing monitoring strategies to promptly address potential security threats stemming from vulnerabilities in third-party software components, ensuring a robust security posture
1. Docker Security Update (SUSE-SU-2025:02289-1):
- Release Date: July 11, 2025
- Severity: Moderate
- Vulnerabilities Addressed: Two vulnerabilities, CVE-2025-0495 and CVE-2025-22872, affecting credential leakage and incorrect tag interpretation in the Docker environment.
- Changes: Update to Docker version 28.2.2-ce, clear SUSEConnect secrets during container startup, and enhancements in Docker Buildx support.
- Affected Products: Various SUSE Linux Enterprise versions and openSUSE Leap 15.6.
2. Umoci Security Update (SUSE-SU-2025:02282-1):
- Release Date: July 11, 2025
- Severity: Moderate
- Vulnerability Addressed: CVE-2021-41190, concerning media-type interpretation in OCI image-spec, with no direct impact on Umoci's functionality.
- Update: Upgrade to Umoci version 0.5.0 with enhanced media-type embedding and verification.
- Affected Products: Includes multiple versions of SUSE Linux Enterprise and related products.
3. Go 1.24 Security Update (SUSE-SU-2025:02295-1):
- Release Date: July 11, 2025
- Severity: Important
- Vulnerability Addressed: CVE-2025-4674, which could lead to command execution in untrusted VCS repositories.
- Update: Upgrade to Go version 1.24.5.
- Affected Products: Covers various SUSE Linux Enterprise modules, including Development Tools Module and openSUSE Leap 15.6.
4. Go 1.23 Security Update (SUSE-SU-2025:02296-1):
- Release Date: July 11, 2025
- Severity: Important
- Vulnerability Addressed: Similar to Go 1.24, CVE-2025-4674.
- Update: Upgrade to Go version 1.23.11.
- Affected Products: As with Go 1.24, this update impacts various SUSE Linux Enterprise products.
Installation Instructions: Users are encouraged to apply these updates using the recommended installation methods such as YaST online_update or "zypper patch." Specific commands for different products are provided for ease of installation.
Future Considerations: It is crucial for users to regularly check for updates from SUSE to ensure their systems remain secure. Continuous vigilance against newly discovered vulnerabilities is essential in maintaining the integrity and security of software environments.
In addition, users and system administrators should consider implementing monitoring strategies to promptly address potential security threats stemming from vulnerabilities in third-party software components, ensuring a robust security posture
Docker, Umoci, Go updates for SUSE
SUSE Linux is currently implementing security updates for docker, umoci, go1.24, and go1.23:
SUSE-SU-2025:02289-1: moderate: Security update for docker
SUSE-SU-2025:02282-1: moderate: Security update for umoci
SUSE-SU-2025:02295-1: important: Security update for go1.24
SUSE-SU-2025:02296-1: important: Security update for go1.23