SUSE Linux has released critical security updates for two packages: `transfig` and `go`. The updates, announced on June 9, 2025, address several vulnerabilities and provide improved security features for users of various SUSE products.
- Affected Products: Includes openSUSE Leap 15.6 and several SUSE Linux Enterprise products.
- Vulnerabilities Addressed: Seven vulnerabilities have been fixed, including issues causing floating point exceptions, segmentation faults, and heap buffer overflows in the `fig2dev` function.
- CVEs: Key vulnerabilities include CVE-2025-31162, CVE-2025-31163, CVE-2025-31164, and others with CVSS scores ranging from 4.7 to 6.6.
- Installation Instructions: Users can apply the updates using YaST or the `zypper` command line tool.
- Affected Products: Various versions of SUSE Linux Enterprise, openSUSE Leap 15.6, and Development Tools.
- Vulnerabilities Addressed: The updates for `go1.24` and `go1.23` fix four and two vulnerabilities respectively, including issues with sensitive headers not being cleared in cross-origin redirects and inconsistent file handling on different operating systems.
- CVEs: Notable vulnerabilities include CVE-2025-0913 and CVE-2025-4673, with CVSS scores as high as 8.9.
- Installation Instructions: Similar to the `transfig` update, users can utilize YaST or `zypper` to apply the patches.
In summary, SUSE's proactive approach in addressing these security vulnerabilities helps ensure the safety and reliability of its software products for users across various platforms and environments. Users should regularly check for updates and apply them to keep their systems secure
Transfig Security Update (SUSE-SU-2025:01835-1)
- Severity: Moderate- Affected Products: Includes openSUSE Leap 15.6 and several SUSE Linux Enterprise products.
- Vulnerabilities Addressed: Seven vulnerabilities have been fixed, including issues causing floating point exceptions, segmentation faults, and heap buffer overflows in the `fig2dev` function.
- CVEs: Key vulnerabilities include CVE-2025-31162, CVE-2025-31163, CVE-2025-31164, and others with CVSS scores ranging from 4.7 to 6.6.
- Installation Instructions: Users can apply the updates using YaST or the `zypper` command line tool.
Go Security Updates (SUSE-SU-2025:01846-1 and SUSE-SU-2025:01848-1)
- Severity: Important- Affected Products: Various versions of SUSE Linux Enterprise, openSUSE Leap 15.6, and Development Tools.
- Vulnerabilities Addressed: The updates for `go1.24` and `go1.23` fix four and two vulnerabilities respectively, including issues with sensitive headers not being cleared in cross-origin redirects and inconsistent file handling on different operating systems.
- CVEs: Notable vulnerabilities include CVE-2025-0913 and CVE-2025-4673, with CVSS scores as high as 8.9.
- Installation Instructions: Similar to the `transfig` update, users can utilize YaST or `zypper` to apply the patches.
Importance of Updates
These updates are critical for maintaining system security and integrity, as they close known vulnerabilities that could be exploited by malicious actors. Users are encouraged to apply the updates promptly to protect their systems.Further Information
For detailed information on each CVE and the specific updates, users can refer to the provided SUSE security links and bug reports listed in the announcements.In summary, SUSE's proactive approach in addressing these security vulnerabilities helps ensure the safety and reliability of its software products for users across various platforms and environments. Users should regularly check for updates and apply them to keep their systems secure
Transfig and Go updates for SUSE
SUSE Linux has received security updates for transfig and go:
SUSE-SU-2025:01835-1: moderate: Security update for transfig
SUSE-SU-2025:01846-1: important: Security update for go1.24
SUSE-SU-2025:01848-1: important: Security update for go1.23
