SUSE Linux has announced two moderate security updates for its system: one for the Python web framework "python-starlette" and another for the web server "nginx."
- CVEs Addressed: CVE-2025-54121
- CVSS Scores:
- 6.9 (SUSE)
- 5.3 (NVD)
- Affected Product: openSUSE Leap 15.6
- Description: This update resolves a vulnerability that could lead to a denial of service (DoS) by improperly parsing multi-part forms with large files.
- Patch Instructions: Users can apply the update via YaST online_update or by using the command:
- Affected Product: openSUSE Leap 15.3
- Description: This update enhances security by dropping root privileges during the log rotation process.
- Patch Instructions: Users can apply the update via YaST or with the command:
For both updates, users are encouraged to apply the patches promptly to ensure their systems remain secure and stable. The updates reflect SUSE's commitment to maintaining the security integrity of its software offerings and addressing vulnerabilities in a timely manner.
Python-Starlette Update (SUSE-SU-2025:02544-1)
- Release Date: July 29, 2025- CVEs Addressed: CVE-2025-54121
- CVSS Scores:
- 6.9 (SUSE)
- 5.3 (NVD)
- Affected Product: openSUSE Leap 15.6
- Description: This update resolves a vulnerability that could lead to a denial of service (DoS) by improperly parsing multi-part forms with large files.
- Patch Instructions: Users can apply the update via YaST online_update or by using the command:
zypper in -t patch SUSE-2025-2544=1 openSUSE-SLE-15.6-2025-2544=1- Package List: Includes python311-starlette version 0.35.1.
Nginx Update (SUSE-SU-2025:02542-1)
- Release Date: July 29, 2025- Affected Product: openSUSE Leap 15.3
- Description: This update enhances security by dropping root privileges during the log rotation process.
- Patch Instructions: Users can apply the update via YaST or with the command:
zypper in -t patch SUSE-2025-2542=1- Package List: Includes nginx version 1.19.8 and related packages.
For both updates, users are encouraged to apply the patches promptly to ensure their systems remain secure and stable. The updates reflect SUSE's commitment to maintaining the security integrity of its software offerings and addressing vulnerabilities in a timely manner.
Additional Information
Users looking for more details on the vulnerabilities and updates can visit the SUSE security webpage or the respective bug tracking references. Regular updates like these are crucial for maintaining the overall health and security of systems running on SUSE Linux, especially in production environments where security is paramount. Moreover, users should consider implementing a routine schedule for checking and applying updates to mitigate potential risks associated with unpatched vulnerabilitiesPython-Starlette and Nginx updates for SUSE
SUSE Linux has received two security updates: SUSE-SU-2025:02544-1, a moderate update for python-starlette, and SUSE-SU-2025:02542-1, a moderate update for nginx:
SUSE-SU-2025:02544-1: moderate: Security update for python-starlette
SUSE-SU-2025:02542-1: moderate: Security update for nginxPython-Starlette and Nginx updates for SUSE @ Linux Compatible
