SUSE has released several important security updates in September 2025 to address critical vulnerabilities in its software packages. These updates focus on key components including git, python-future, nginx, and jetty-minimal.
1. git (SUSE-SU-2025:03037-1)
- Severity: Important
- Date Released: September 1, 2025
- Issues Fixed:
- Multiple vulnerabilities identified by CVEs (CVE-2025-27613, CVE-2025-27614, CVE-2025-46835, CVE-2025-48384, CVE-2025-48385) related to arbitrary file creation and code execution.
- Affected Products: Various versions of SUSE Linux Enterprise and openSUSE.
2. python-future (SUSE-SU-2025:03038-1)
- Severity: Important
- Date Released: September 1, 2025
- Issue Fixed:
- CVE-2025-50817, which involves arbitrary code execution due to automatic imports.
- Affected Products: Includes openSUSE Leap and various SUSE Linux Enterprise versions.
3. nginx (SUSE-SU-2025:03039-1)
- Severity: Moderate
- Date Released: September 1, 2025
- Issue Fixed:
- A single security fix to drop root privileges while running logrotate.
- Affected Products: Versions of openSUSE Leap and SUSE Linux Enterprise.
4. jetty-minimal (SUSE-SU-2025:02993-2)
- Severity: Important
- Date Released: September 1, 2025
- Issue Fixed:
- CVE-2025-5115, which addresses a denial-of-service (DoS) vulnerability.
- Affected Products: openSUSE Leap 15.6.
- For git on openSUSE Leap 15.3, the command would be:
Overview of Updates:
1. git (SUSE-SU-2025:03037-1)
- Severity: Important
- Date Released: September 1, 2025
- Issues Fixed:
- Multiple vulnerabilities identified by CVEs (CVE-2025-27613, CVE-2025-27614, CVE-2025-46835, CVE-2025-48384, CVE-2025-48385) related to arbitrary file creation and code execution.
- Affected Products: Various versions of SUSE Linux Enterprise and openSUSE.
2. python-future (SUSE-SU-2025:03038-1)
- Severity: Important
- Date Released: September 1, 2025
- Issue Fixed:
- CVE-2025-50817, which involves arbitrary code execution due to automatic imports.
- Affected Products: Includes openSUSE Leap and various SUSE Linux Enterprise versions.
3. nginx (SUSE-SU-2025:03039-1)
- Severity: Moderate
- Date Released: September 1, 2025
- Issue Fixed:
- A single security fix to drop root privileges while running logrotate.
- Affected Products: Versions of openSUSE Leap and SUSE Linux Enterprise.
4. jetty-minimal (SUSE-SU-2025:02993-2)
- Severity: Important
- Date Released: September 1, 2025
- Issue Fixed:
- CVE-2025-5115, which addresses a denial-of-service (DoS) vulnerability.
- Affected Products: openSUSE Leap 15.6.
Installation Instructions:
Users are advised to install these updates using SUSE's recommended methods, such as YaST online_update or the "zypper patch" command for specific product versions. For example:- For git on openSUSE Leap 15.3, the command would be:
zypper in -t patch SUSE-2025-3037=1
Package Lists:
The updates include various packages and libraries associated with each software, such as `git-core`, `python311-future`, `nginx`, and various components of `jetty-minimal`.Conclusion:
These updates are crucial for maintaining the security and stability of SUSE systems. Users should prioritize applying these patches to safeguard against potential vulnerabilities and exploits. For further details, users can refer to the specific CVE links and bug reports provided by SUSEGut, Python-Future, Nginx, Jetty-Minimal updates for SUSE
There are new security updates available for SUSE.The updates include fixes for critical vulnerabilities in several packages: git, python-future, and jetty-minimal, which are classified as important, and nginx, which is classified as moderate.
SUSE-SU-2025:03037-1: important: Security update for git
SUSE-SU-2025:03038-1: important: Security update for python-future
SUSE-SU-2025:03039-1: moderate: Recommended update for nginx
SUSE-SU-2025:02993-2: important: Security update for jetty-minimalGut, Python-Future, Nginx, Jetty-Minimal updates for SUSE @ Linux Compatible
