SUSE has released a series of important security updates for various packages in its Linux distributions, including the Linux Kernel and ProFTPD. These updates address numerous vulnerabilities, categorized by severity:
1. Important Updates:
- Linux Kernel: A significant security update (SUSE-SU-2025:02969-1) was issued to fix multiple vulnerabilities, improving system stability and security.
- ProFTPD: Another critical update (openSUSE-SU-2025:0315-1) addresses vulnerabilities that could lead to unauthorized access or denial of service.
2. Moderate Updates:
- PAM (Pluggable Authentication Modules): The update (SUSE-SU-2025:02970-1) aims to improve performance issues associated with a previous fix for CVE-2024-10041.
- FFmpeg: An update (SUSE-SU-2025:02972-1) was released to resolve two vulnerabilities, including a potential NULL pointer dereference and an integer overflow.
3. Low Updates:
- CMake3: The update (SUSE-SU-2025:02975-1) fixes an assertion failure due to improper validation related to CVE-2025-9301.
- openSUSE Leap 15.6
- SUSE Linux Enterprise Server 15 SP6/SP7
- SUSE Linux Enterprise Micro versions 5.1 to 5.5
- SUSE Linux Enterprise High Performance Computing 15 SP4
- CVE-2024-10041 (PAM)
- CVE-2024-36618 (FFmpeg)
- CVE-2025-9301 (CMake3)
- Various CVEs related to the Linux Kernel and ProFTPD.
For ongoing security, users should stay informed about future updates and security advisories from SUSE
1. Important Updates:
- Linux Kernel: A significant security update (SUSE-SU-2025:02969-1) was issued to fix multiple vulnerabilities, improving system stability and security.
- ProFTPD: Another critical update (openSUSE-SU-2025:0315-1) addresses vulnerabilities that could lead to unauthorized access or denial of service.
2. Moderate Updates:
- PAM (Pluggable Authentication Modules): The update (SUSE-SU-2025:02970-1) aims to improve performance issues associated with a previous fix for CVE-2024-10041.
- FFmpeg: An update (SUSE-SU-2025:02972-1) was released to resolve two vulnerabilities, including a potential NULL pointer dereference and an integer overflow.
3. Low Updates:
- CMake3: The update (SUSE-SU-2025:02975-1) fixes an assertion failure due to improper validation related to CVE-2025-9301.
Affected Products:
The updates affect several SUSE products, including:- openSUSE Leap 15.6
- SUSE Linux Enterprise Server 15 SP6/SP7
- SUSE Linux Enterprise Micro versions 5.1 to 5.5
- SUSE Linux Enterprise High Performance Computing 15 SP4
Patch Instructions:
Users are encouraged to apply these updates using the recommended installation methods like YaST online_update or via the command line using `zypper patch`. Specific commands are provided for different versions and modules.Summary of Vulnerabilities:
The security updates address a wide range of vulnerabilities tracked by CVE identifiers, including issues that could lead to unauthorized access, performance degradation, and system instability. Specific vulnerabilities include:- CVE-2024-10041 (PAM)
- CVE-2024-36618 (FFmpeg)
- CVE-2025-9301 (CMake3)
- Various CVEs related to the Linux Kernel and ProFTPD.
Recommendations:
It is recommended that system administrators review the updates pertinent to their installations and apply patches promptly to ensure security and stability. Additionally, users should ensure their systems are rebooted after applying kernel updates to activate the changes fully.For ongoing security, users should stay informed about future updates and security advisories from SUSE
Kernel, ProFTPD, PAM, cmake3, FFMpeg updates for SUSE
Security updates have been released for several SUSE Linux packages, including the Linux Kernel and proftpd. The updates address various vulnerabilities and are categorized as important (kernel, proftpd), moderate (pam, ffmpeg-4), or low (cmake3):
SUSE-SU-2025:02969-1: important: Security update for the Linux Kernel
openSUSE-SU-2025:0315-1: important: Security update for proftpd
SUSE-SU-2025:02970-1: moderate: Security update for pam
SUSE-SU-2025:02975-1: low: Security update for cmake3
SUSE-SU-2025:02972-1: moderate: Security update for ffmpeg-4Kernel, ProFTPD, PAM, cmake3, FFMpeg updates for SUSE @ Linux Compatible
