FERRAMENTAS LINUX: Critical AppArmor Security Update for openSUSE 15.4: CVE-2024-10041 Patch Guide

quarta-feira, 14 de maio de 2025

Critical AppArmor Security Update for openSUSE 15.4: CVE-2024-10041 Patch Guide

 

SUSE


Urgent openSUSE 15.4 AppArmor security update fixes CVE-2024-10041, a PAM vulnerability risking shadow file exposure. Learn how to patch SUSE Linux Enterprise, HPC, and cloud systems now to prevent privilege escalation attacks."


Overview: Why This Update Matters

The latest openSUSE 15.4 advisory (2025:1549-1) addresses a moderate-risk security vulnerability in AppArmor, a Linux kernel security module. This patch resolves a critical permissions bypass issue (CVE-2024-10041) related to PAM (Pluggable Authentication Modules).

Key Fix:

  • Grants dac_read_search capability to unix_chkpwd, allowing it to read shadow files even with 000 permissions.

  • Prevents potential privilege escalation risks in enterprise environments.

🔒 Why Update Immediately?
This patch is essential for system administratorsDevOps teams, and cybersecurity professionals managing:

  • Enterprise Linux servers

  • Cloud infrastructure

  • High-performance computing (HPC) clusters

Step-by-Step Patch Installation Guide

Method 1: Recommended SUSE Update Tools

  1. YaST Online Update (GUI)

  2. Zypper Patch (CLI)

Method 2: Manual Patch Commands

Run the appropriate command for your distribution:

For openSUSE Leap 15.4:

bash
Copy
Download
zypper in -t patch SUSE-2025-1549=1

For SUSE Linux Enterprise (SLE) Systems:

bash
Copy
Download
# SLE Micro 5.3  
zypper in -t patch SUSE-SLE-Micro-5.3-2025-1549=1  

# SLE Server 15 SP4 LTSS  
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1549=1

(Full command list for all supported distros available in the SUSE Security Portal.)

Affected Packages & Enterprise Impact

Critical Packages Patched:

  • apparmor-parser (v3.0.4)

  • pam_apparmor (v3.0.4)

  • libapparmor1 (v3.0.4)

  • apache2-mod_apparmor (for web server security)

📌 Enterprise Systems at Risk:

  • SUSE Manager Server/Proxy (v4.3)

  • SAP Applications on SLE 15 SP4

  • High-Performance Computing (HPC) Clusters

Security Implications & Best Practices

CVE-2024-10041 Explained

This vulnerability could allow unauthorized access to shadow files, compromising user credential security. The patch enforces stricter capability-based permissions.

✅ Recommended Actions:

  1. Apply the patch immediately if using PAM-based authentication.

  2. Audit user permissions on /etc/shadow.

  3. Monitor logs for suspicious access attempts.

🔗 Official References:

FAQ: AppArmor Security Update

❓ Is this update mandatory for desktop users?
→ Yes, if your system uses PAM for authentication (most Linux systems do).

❓ Does this affect Docker/Kubernetes deployments?
→ Potentially, if running containerized workloads with PAM integration.

❓ How to verify the patch was applied?
→ Run:

bash
Copy
Download
rpm -q --changelog apparmor-parser | grep CVE-2024-10041



Cezar Henrique at
Marcadores: Linux, Android, Segurança , ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)