FERRAMENTAS LINUX: Critical Security Update for Python-Maturin: Patch CVE-2025-3416 & CVE-2025-4574 Now

terça-feira, 20 de maio de 2025

Critical Security Update for Python-Maturin: Patch CVE-2025-3416 & CVE-2025-4574 Now

 

SUSE

Critical security update for python-maturin fixes CVE-2025-3416 (OpenSSL use-after-free) and CVE-2025-4574 (Crossbeam double-free). Patch now to prevent memory corruption & RCE risks in openSUSE Leap 15.6. Learn mitigation steps & compliance impact.


Security Rating: Moderate
Affected Products: openSUSE Leap 15.6

A newly released security update for python-maturin addresses two critical vulnerabilities that could expose systems to memory corruption and privilege escalation risks. If you're using openSUSE Leap 15.6, immediate patching is strongly recommended to mitigate these threats.

Vulnerabilities Fixed in This Update

1. CVE-2025-3416: OpenSSL Use-After-Free Vulnerability

  • CVSS Score: 6.3 (SUSE 4.0) / 3.7 (NVD 3.1)

  • Impact: A use-after-free flaw in Md::fetch and Cipher::fetch when improper properties are passed, potentially leading to arbitrary code execution.

  • Exploitability: Network-based, low attack complexity, no user interaction required.

2. CVE-2025-4574: Crossbeam-Channel Double-Free Memory Corruption

  • CVSS Score: 6.3 (SUSE 4.0) / 6.5 (NVD 3.1)

  • Impact: A double-free vulnerability in Channel::drop could cause memory corruption, enabling denial-of-service (DoS) or remote code execution (RCE).

  • Exploitability: Remote attackers could exploit this via crafted inputs.

How to Apply the Security Patch

To secure your system, apply the update using one of these methods:

✅ Recommended:

  • Use YaST Online Update

  • Run:

    bash
    Copy
    Download
    zypper in -t patch SUSE-2025-1591=1 openSUSE-SLE-15.6-2025-1591=1


✅ Affected Package:

  • python311-maturin-1.4.0-150600.3.6.1 (aarch64, ppc64le, s390x, x86_64, i586)

Why This Update Matters for Enterprise Security

  • Prevents Memory Corruption Attacks – Critical for systems handling sensitive data.

  • Mitigates RCE Risks – Reduces exposure to remote exploitation.

  • Compliance-Ready – Helps maintain CIS Benchmark and NIST SP 800-53 compliance.

Additional References

🔗 SUSE CVE-2025-3416 Advisory
🔗 SUSE CVE-2025-4574 Advisory
🔗 Bugzilla #1242631
🔗 Bugzilla #1243177

FAQ: Python-Maturin Security Update (CVE-2025-3416 & CVE-2025-4574)

1. Is this update mandatory?

A:  Yes, if you're using openSUSE Leap 15.6 with python-maturin, applying this patch is critical to prevent memory corruption and potential remote code execution (RCE).

2. How do I check if I’m affected?

A: Run:

bash
Copy
Download
zypper info python311-maturin

If your version is below 1.4.0-150600.3.6.1, you need the update.

3. Can these vulnerabilities be exploited remotely?

A:
  • CVE-2025-3416: Yes (network-exploitable, low complexity).

  • CVE-2025-4574: Yes (could lead to DoS or RCE).

4. What’s the worst-case scenario if I don’t patch?

A:  Attackers could:

  • Crash your system (DoS).

  • Execute arbitrary code (RCE) if combined with other exploits.

  • Corrupt sensitive data in memory.

5. Are containers/cloud deployments affected?

A: Yes, if they use the vulnerable python-maturin version. Update base images and redeploy.

6. Where can I report issues with this update?

A: File a bug via SUSE Bugzilla referencing bsc#1242631 or bsc#1243177.


Cezar Henrique at
Marcadores: Linux, Android, Segurança ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)