FERRAMENTAS LINUX: Critical ImageMagick Security Update for SUSE Linux: Patch CVE-2025-43965 & CVE-2025-46393 Now

quarta-feira, 7 de maio de 2025

Critical ImageMagick Security Update for SUSE Linux: Patch CVE-2025-43965 & CVE-2025-46393 Now

 

SUSE

Urgent SUSE Linux security update patches ImageMagick vulnerabilities CVE-2025-43965 & CVE-2025-46393 (CVSS 5.9). Learn how to protect your systems from MIFF image exploits with step-by-step patching instructions for openSUSE Leap 15.4 and SUSE Enterprise.

SUSE has released an urgent security update for ImageMagick, addressing two critical vulnerabilities (CVE-2025-43965 and CVE-2025-46393) affecting MIFF image processing. These flaws could lead to arbitrary channel rendering and improper depth handling, posing risks to systems running openSUSE Leap 15.4SUSE Linux Enterprise Server 15 SP6, and related modules.

Key Security Risks Patched

✅ CVE-2025-43965 (CVSS 5.9):

  • Vulnerability: Mishandling of image depth after SetQuantumFormat in MIFF processing.

  • Impact: Potential memory corruption or malicious code execution in high-security environments.

✅ CVE-2025-46393 (CVSS 5.9):

  • Vulnerability: Incorrect packet_size handling in multispectral MIFF images.

  • Impact: Unauthorized channel manipulation, risking data integrity breaches.

Affected Systems:

  • SUSE Linux Enterprise Desktop 15 SP6

  • SUSE Linux Enterprise Server 15 SP6

  • openSUSE Leap 15.4 (x86_64, aarch64, ppc64le, s390x)

  • Desktop Applications Module 15-SP6

How to Apply the Patch

Recommended Installation Methods

  1. YaST Online Update (GUI)

  2. Command Line (zypper):

    bash
    Copy
    Download
    # For openSUSE Leap 15.4:
zypper in -t patch SUSE-2025-1464=1

# For Desktop Applications Module 15-SP6:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-1464=1

Critical Note: Delaying this update increases cybersecurity risks, especially for enterprises handling sensitive imaging data.

Why This Update Matters for Enterprises

  • Higher CVE Scores (5.9 CVSSv4): These vulnerabilities affect system integrity and are exploitable locally.


  • Compliance Risks: Unpatched systems may violate GDPR, HIPAA, or NIST standards.


  • Performance Impact: Malformed MIFF files can cause unexpected crashes in automated workflows.

Best Practices for Linux Admins:

 Automate patches via SUSE Manager or Ansible.

 Audit systems for outdated ImageMagick versions.

 Monitor logs for anomalous MIFF file processing.

Additional Resources

🔗 SUSE Security Advisory
🔗 NVD Entry for CVE-2025-46393

FAQ

Q: Is this update relevant for cloud deployments?

A: Yes. Cloud instances using SUSE Linux or openSUSE must patch to avoid container escape risks.

Q: Are third-party tools like PerlMagick affected?

A: Yes. Debug packages (perl-PerlMagick-debuginfo) are included in this update.

Q: What’s the worst-case scenario if unpatched?

A: Attackers could manipulate image metadata to bypass security checks or trigger denial-of-service.

Cezar Henrique at
Marcadores: Linux, Android, Segurança ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)