FERRAMENTAS LINUX: Critical Security Update: libraw Vulnerabilities Patched (CVE-2025-43961 to CVE-2025-43964)

sábado, 17 de maio de 2025

Critical Security Update: libraw Vulnerabilities Patched (CVE-2025-43961 to CVE-2025-43964)

 

SUSE


SUSE releases a critical libraw security update fixing 4 vulnerabilities (CVE-2025-43961 to CVE-2025-43964) affecting Linux systems. Learn how to patch out-of-bounds read flaws in Fujifilm & Phase One RAW processing to prevent exploits. Apply now!

Severity: Moderate
Affected Systems: SUSE Linux Enterprise, openSUSE Leap, and related distributions

Overview of the libraw Security Patch

SUSE has released an urgent security update addressing four critical vulnerabilities in libraw, a widely used library for processing RAW image files. These flaws could lead to out-of-bounds reads, memory corruption, and potential exploitation in systems handling Fujifilm and Phase One RAW files.

Key Vulnerabilities Fixed

  1. CVE-2025-43961 (CVSS 5.1/9.1) – Fujifilm metadata parsing flaw in metadata/tiff.cpp.

  2. CVE-2025-43962 (CVSS 4.9/9.1) – Phase One tag processing error in phase_one_correct.

  3. CVE-2025-43963 (CVSS 2.9/9.1) – Buffer overflow risk in decoders/load_mfbacks.cpp.

  4. CVE-2025-43964 (CVSS 4.9/9.8) – Insufficient validation in Phase One tag handling.

Impact: These vulnerabilities could allow local privilege escalation, denial of service (DoS), or remote code execution (RCE) in worst-case scenarios.

Affected Products & Patch Instructions

Vulnerable Systems

  • SUSE Linux Enterprise Server 15 SP6

  • openSUSE Leap 15.6

  • SUSE Linux Enterprise Desktop 15 SP6

  • SUSE Package Hub 15 SP6


How to Apply the Update

Run the following commands based on your OS:

  • openSUSE Leap 15.6:

    bash
    Copy
    Download
    zypper in -t patch SUSE-2025-1572=1 openSUSE-SLE-15.6-2025-1572=1

  • SUSE Linux Enterprise Workstation Extension:

    bash
    Copy
    Download
    zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-1572=1

For other distributions, refer to the SUSE Security Advisory.

Why This Update Matters for Enterprise Security

This patch is crucial for:
✔ Photography & Media Companies (prevents corrupted RAW file exploits)

✔ Linux System Administrators (mitigates local privilege escalation risks)

✔ Developers Using libraw (ensures secure image processing)

Best Practices:

  • Apply patches immediately if handling RAW image files.

  • Monitor systems for unusual activity.

  • Consider additional security tools like SELinux or AppArmor for defense-in-depth.

FAQ: libraw Security Update

Q: Is this update critical for home users?

A: If you process RAW images on Linux, yes—delaying patches increases risk.

Q: Can these CVEs be exploited remotely?

A: Some variants (NVD scores 9.1/9.8) could allow remote exploitation.

Q: Where can I verify the fixes?

A: Check the SUSE CVE pages or NVD database.



Cezar Henrique at
Marcadores: Linux, Android, Segurança , , , ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)