FERRAMENTAS LINUX: Critical Security Update: libraw Vulnerabilities Patched in Latest SUSE Linux Update

sábado, 17 de maio de 2025

Critical Security Update: libraw Vulnerabilities Patched in Latest SUSE Linux Update

 

SUSE


SUSE releases critical security update for libraw fixing 4 vulnerabilities (CVE-2025-43961 to CVE-2025-43964) affecting Linux distributions. Learn about the CVSS 9.8 risks, patch instructions, and enterprise security implications for your systems.

High-Severity libraw Vulnerabilities Addressed

SUSE has released an urgent security update (SUSE-SU-2025:1572-1) addressing four critical vulnerabilities in libraw, the popular RAW image processing library. These flaws affect multiple enterprise Linux distributions including SUSE Linux Enterprise Server 15 SP6 and openSUSE Leap 15.6.

Vulnerability Breakdown

Critical CVSS 9.8 Risk (CVE-2025-43964):

  • Remote code execution vulnerability via tag 0x412 processing

  • Affects all network-exposed systems processing RAW images

  • NVD-rated 9.8 CVSS:3.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Additional Security Risks:

  1. CVE-2025-43961 (CVSS 5.1/9.1): Fujifilm metadata parser OOB read

  2. CVE-2025-43962 (CVSS 4.9/9.1): Phase One correction buffer overflow

  3. CVE-2025-43963 (CVSS 2.9/9.1): Memory access violation in load_mfbacks

Affected Products & Enterprise Impact

This security update impacts:

  • SUSE Linux Enterprise Server/Desktop 15 SP6

  • SUSE Real Time and SAP Solutions

  • openSUSE Leap 15.6

  • Workstation Extension and Package Hub

Security teams should prioritize patching as these vulnerabilities could enable:
✓ Remote code execution (network-accessible systems)
✓ Local privilege escalation
✓ Denial-of-service attacks

Patch Instructions & Package Updates

Recommended update methods:

bash
Copy
Download
# openSUSE Leap 15.6:
zypper in -t patch SUSE-2025-1572=1 openSUSE-SLE-15.6-2025-1572=1

# Enterprise systems:
zypper in -t patch [product-specific-package-name]

Updated packages include:

  • libraw23 (v0.21.1-150600.3.5.1)

  • Development tools and debug packages

  • 32-bit/64-bit architecture support

Security Advisory Details

Each vulnerability stems from insufficient bounds checking when processing:

  • Fujifilm 0xf00c metadata tags

  • Phase One 0x412 correction values

  • MFBacks image data

References:
SUSE Security Portal | NVD Database

Frequently Asked Questions

Q: How urgent is this update?

A: Critical for systems processing untrusted RAW images - immediate patching recommended for internet-facing systems.

Q: Which enterprises are most at risk?

A: Media companies, forensic investigators, and any workflow involving RAW image processing.

Q: Are there workarounds if patching isn't immediate?
A: Restrict RAW file processing to isolated systems until patched.

Cezar Henrique at
Marcadores: Linux, Android, Segurança

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)