SUSE Linux has issued a series of security updates for several key packages, addressing various vulnerabilities that could potentially compromise system security. The updates include:
1. Nginx: A moderate security update (SUSE-SU-2025:03243-1) has been released, addressing two vulnerabilities (CVE-2025-23419 and CVE-2025-53859) related to session resumption and SMTP authentication that could allow for unauthorized access.
2. Raptor: Another moderate update (SUSE-SU-2025:03244-1) fixes two vulnerabilities (CVE-2024-57822 and CVE-2024-57823) that could lead to heap buffer overreads and integer underflows when processing URIs.
3. Nvidia Open Driver (G06-signed): This important update (SUSE-SU-2025:03247-1) resolves five vulnerabilities, including a stack buffer overflow and race condition that could allow privilege escalation (CVE-2025-23277 to CVE-2025-23286). The update also includes a feature enhancement with the CUDA variant updated to version 580.82.07.
4. Firefox ESR: A moderate update (openSUSE-SU-2025:15555-1) has been made available, addressing seven vulnerabilities in the firefox-esr-140.3.0-1.1 package for openSUSE Tumbleweed.
5. Tkimg: This moderate update (openSUSE-SU-2025:15556-1) fixes two vulnerabilities (CVE-2025-8851 and CVE-2025-9165) in the tkimg-2.1.0-1.1 package.
For comprehensive security, it is advisable for system administrators to regularly check for updates and apply them as part of routine maintenance. Keeping systems updated not only protects against known vulnerabilities but also ensures that users benefit from the latest features and performance improvements
1. Nginx: A moderate security update (SUSE-SU-2025:03243-1) has been released, addressing two vulnerabilities (CVE-2025-23419 and CVE-2025-53859) related to session resumption and SMTP authentication that could allow for unauthorized access.
2. Raptor: Another moderate update (SUSE-SU-2025:03244-1) fixes two vulnerabilities (CVE-2024-57822 and CVE-2024-57823) that could lead to heap buffer overreads and integer underflows when processing URIs.
3. Nvidia Open Driver (G06-signed): This important update (SUSE-SU-2025:03247-1) resolves five vulnerabilities, including a stack buffer overflow and race condition that could allow privilege escalation (CVE-2025-23277 to CVE-2025-23286). The update also includes a feature enhancement with the CUDA variant updated to version 580.82.07.
4. Firefox ESR: A moderate update (openSUSE-SU-2025:15555-1) has been made available, addressing seven vulnerabilities in the firefox-esr-140.3.0-1.1 package for openSUSE Tumbleweed.
5. Tkimg: This moderate update (openSUSE-SU-2025:15556-1) fixes two vulnerabilities (CVE-2025-8851 and CVE-2025-9165) in the tkimg-2.1.0-1.1 package.
Additional Context and Recommendations:
Users of affected SUSE Linux distributions, including openSUSE Leap and SUSE Linux Enterprise, are encouraged to apply these updates promptly to mitigate risks associated with the identified vulnerabilities. The recommended methods for installation include using YaST online_update or the "zypper patch" command.For comprehensive security, it is advisable for system administrators to regularly check for updates and apply them as part of routine maintenance. Keeping systems updated not only protects against known vulnerabilities but also ensures that users benefit from the latest features and performance improvements
Nginx, Raptor, Nvidia-Open-Driver, Firefox, Tkimg updates for SUSE
Security updates have been released for SUSE Linux, which include fixes for various vulnerabilities. The affected packages are nginx, raptor, nvidia-open-driver-G06-signed, firefox-esr, and tkimg.
SUSE-SU-2025:03243-1: moderate: Security update for nginx
SUSE-SU-2025:03244-1: moderate: Security update for raptor
SUSE-SU-2025:03247-1: important: Security update for nvidia-open-driver-G06-signed
openSUSE-SU-2025:15555-1: moderate: firefox-esr-140.3.0-1.1 on GA media
openSUSE-SU-2025:15556-1: moderate: tkimg-2.1.0-1.1 on GA mediaNginx, Raptor, Nvidia-Open-Driver, Firefox, Tkimg updates for SUSE @ Linux Compatible
