FERRAMENTAS LINUX: Critical OpenSSH Security Update: Patch CVE-2025-32728 Now

segunda-feira, 19 de maio de 2025

Critical OpenSSH Security Update: Patch CVE-2025-32728 Now

Critical OpenSSH update fixes CVE-2025-32728 security flaw in SUSE Linux, openSUSE, and enterprise systems. Learn patch instructions, CVSS scores, and risks for unpatched SSH servers. Essential for sysadmins and DevOps teams.

*(SUSE Linux Advisory SUSE-SU-2025:1576-1)*

Last Updated: May 19, 2025
Severity: Moderate (CVSS: 5.1)
Affected Systems: SUSE Linux Enterprise, openSUSE Leap, MicroOS, SAP HANA, and more

Why This Update Matters

A newly discovered vulnerability in OpenSSH (CVE-2025-32728) could expose systems to security risks if left unpatched. This update also includes three additional bug fixes to enhance stability and auditing. Enterprises relying on SSH for secure remote access should prioritize this patch to prevent potential exploitation.

Key Security Fixes & Improvements

✅ CVE-2025-32728 – Logic flaw in DisableForwarding option (bsc#1241012)

✅ Extended KEX Support – Now allows hashes beyond 256 bits (bsc#1241045)

✅ Improved Audit Logging – Hostnames now correctly recorded (bsc#1228634)

✅ Large MOTD Fix – Resolves failures with oversized login banners (bsc#1232533)

Affected Products & Patch Instructions

This update impacts multiple SUSE distributions, including:

SUSE Linux Enterprise Server (15 SP3-SP5, LTSS, SAP)
SUSE Manager (Proxy, Retail Branch, Server 4.3)
openSUSE Leap 15.3
SUSE MicroOS & Rancher deployments

How to Apply the Update

For most systems, run:

zypper in -t patch SUSE-2025-1576=1

Understanding the Risks

OpenSSH is a critical component for secure remote administration, making this update essential for:
🔒 IT Security Teams – Prevent unauthorized access via forwarding misconfigurations
📈 Enterprise Linux Admins – Ensure compliance with security best practices
☁️ Cloud Infrastructure Managers – Mitigate risks in auto-scaled environments

CVSS Breakdown: