FERRAMENTAS LINUX: Critical Security Update for iputils: CVE-2025-47268 Patched

sábado, 31 de maio de 2025

Critical Security Update for iputils: CVE-2025-47268 Patched

 

SUSE


🚨 Critical security update for SUSE Linux Enterprise Micro! Patch CVE-2025-47268 (CVSS 6.5) in iputils to fix RTT integer overflow and IPV4 TTL bugs. Learn how to secure your systems now with YaST or zypper.


Key Takeaways

✅ Moderate-risk vulnerability patched (CVE-2025-47268)

✅ Affects SUSE Linux Enterprise Micro 5.1, 5.2, and Rancher 5.2

✅ Fixes integer overflow in RTT calculation (CVSS: 6.5)

✅ Resolves IPV4 TTL bug on big-endian systems

✅ Patch now available via YaST or zypper

Security Advisory: iputils Vulnerability Explained

A newly discovered security flaw (CVE-2025-47268) in iputils—a core networking utility in SUSE Linux Enterprise Micro—has been patched. 

This moderate-severity issue could lead to undefined behavior due to an integer overflow in RTT (Round-Trip Time) calculations, potentially affecting system stability.

Affected Systems

  • SUSE Linux Enterprise Micro 5.1

  • SUSE Linux Enterprise Micro 5.2

  • SUSE Linux Enterprise Micro for Rancher 5.2

Technical Impact

  • CVSS 6.5 (NVD/SUSE 3.1) – Network-based attack vector

  • CVSS 5.1 (SUSE 4.0) – Local attack vector

  • Exploitable remotely? Yes (low complexity, no privileges required)

How to Apply the Security Patch

Recommended Update Methods

  1. YaST Online Update (GUI method)

  2. Command Line (zypper)

Patch Commands by Product

  • SUSE Linux Enterprise Micro 5.2 / Rancher 5.2:

    bash
    Copy
    Download
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1771=1

  • SUSE Linux Enterprise Micro 5.1:

    bash
    Copy
    Download
    zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-1771=1

Additional Fixes Included

✔ Bugfix: Corrects IPV4 TTL misconfiguration on big-endian systems (bsc#1243284)

Why This Update Matters for Enterprise Security

This patch is crucial for:

🔹 DevOps teams managing cloud-native SUSE deployments

🔹 Cybersecurity professionals ensuring compliance

🔹 System administrators maintaining stable Linux environments

Pro Tip: Always prioritize security updates to prevent zero-day exploits and maintain system integrity.

FAQs About the iputils Security Update

❓ Is this vulnerability actively exploited?

A:  No known exploits yet, but patching is strongly recommended.

❓ Does this affect other Linux distributions?

A: Currently, only SUSE Linux Enterprise Micro is confirmed impacted.

❓ What happens if I don’t update?

A: Risk of undefined behavior and potential denial-of-service (DoS) conditions.

Cezar Henrique at
Marcadores: Linux, Android, Segurança , , ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)