1. Google Osconfig Agent: Update SUSE-SU-2025:02149-1 addresses a vulnerability (CVE-2024-45339) impacting versions of the Google Osconfig agent across various SUSE products.
2. Linux Kernel: Multiple updates have been released for different versions of the Linux Kernel (Live Patches 51, 54 for SLE 15 SP3, and others). These updates fix several vulnerabilities, including CVE-2022-49545 and CVE-2024-56601, which have CVSS scores indicating significant severity. The patches affect various SUSE products, including openSUSE Leap, SUSE Linux Enterprise Server, and SUSE Manager.
3. Mozilla Thunderbird: The update SUSE-SU-2025:02158-1 addresses a vulnerability (CVE-2025-5986) that could lead to unsolicited file downloads and potential credential leakage. This update impacts multiple versions of SUSE Linux Enterprise and openSUSE.
4. Apache Commons FileUpload: The update SUSE-SU-2025:02159-1 fixes a vulnerability (CVE-2025-48976) related to resource allocation for multipart headers, which could lead to denial of service. This update applies to several SUSE products as well.
Extensions and Recommendations:
- Installation Instructions: Users are encouraged to apply these updates promptly using recommended methods such as YaST or the zypper command line tool. Specific commands for each product version are provided in the announcements.- Additional Security Measures: In addition to applying these updates, users should consider implementing additional security measures, such as regular system audits, monitoring vulnerability disclosures, and ensuring that firewalls and intrusion detection systems are in place.
- User Awareness: Organizations using SUSE products should also train users on recognizing potential security threats, such as phishing attempts, which could exploit vulnerabilities in software applications.
By keeping systems up to date and educating users about security best practices, organizations can significantly reduce their risk of exploitation
Kernel, Thunderbird, Apache-Commons-Fileupload updates for SUSE
SUSE Linux has received several security updates, including important updates for Google-osconfig-agent, Linux Kernel, Mozilla Thunderbird, and Apache-commons-fileupload:
SUSE-SU-2025:02149-1: important: Security update for google-osconfig-agent
SUSE-SU-2025:02145-1: important: Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)
SUSE-SU-2025:02144-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP4)
SUSE-SU-2025:02146-1: important: Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)
SUSE-SU-2025:02155-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP4)
SUSE-SU-2025:02154-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)
SUSE-SU-2025:02161-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)
SUSE-SU-2025:02162-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)
SUSE-SU-2025:02158-1: important: Security update for MozillaThunderbird
SUSE-SU-2025:02156-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP5)
SUSE-SU-2025:02157-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP5)
SUSE-SU-2025:02159-1: important: Security update for apache-commons-fileuploadKernel, Thunderbird, Apache-Commons-Fileupload updates for SUSE @ Linux Compatible
