SUSE releases critical security update for wxWidgets-3_2 addressing CVE-2024-58249 vulnerability affecting web request handling. Learn patch instructions for SUSE Linux Enterprise, openSUSE Leap, and Package Hub systems to prevent potential service disruptions
Security Advisory Overview
SUSE has released an important security update addressing CVE-2024-58249, a vulnerability affecting wxWidgets-3_2 across multiple SUSE Linux distributions. This patch resolves a crash vulnerability in wxWebRequestCURL when connections are refused, potentially impacting system stability.
Key Vulnerability Details
CVE ID: CVE-2024-58249
Severity Rating: Low (CVSS: 2.3-3.7)
Affected Component: wxWidgets GUI toolkit (web request handling)
Risk Impact: Denial of Service (system crash on connection refusal)
Affected SUSE Linux Distributions
This security update applies to the following enterprise and open-source distributions:
Enterprise Products
SUSE Linux Enterprise Desktop 15 SP6/SP7
SUSE Linux Enterprise Server 15 SP6/SP7
SUSE Linux Enterprise Real Time 15 SP6/SP7
SUSE Linux Enterprise Server for SAP Applications 15 SP6/SP7
Open Source Distributions
openSUSE Leap 15.4
openSUSE Leap 15.6
SUSE Package Hub 15 SP6/SP7
Technical Analysis of CVE-2024-58249
The vulnerability stems from improper error handling in wxWebRequestCURL, a component used for HTTP/S requests in wxWidgets applications. When a remote server refuses a connection, unhandled exceptions could cause application crashes.
CVSS v3.1 Scoring Breakdown
| Source | Base Score | Vector |
|---|---|---|
| SUSE | 3.1 | AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L |
| NVD | 3.7 | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L |
Security Implications: While rated low severity, this vulnerability could disrupt critical services relying on wxWidgets for web communications.
Patch Installation Instructions
Recommended Update Methods
YaST Online Update (GUI method)
Command Line (zypper):
sudo zypper patch
Manual Patch Commands by Distribution
| Distribution | Installation Command |
|---|---|
| SUSE Package Hub 15 SP7 | zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-1735=1 |
| openSUSE Leap 15.4 | zypper in -t patch SUSE-2025-1735=1 |
| openSUSE Leap 15.6 | zypper in -t patch openSUSE-SLE-15.6-2025-1735=1 |
Updated Package List
The security update includes patches for these core components:
Key wxWidgets Packages
GUI Libraries:
libwx_gtk[2|3]u_core
libwx_gtk[2|3]u_html
libwx_gtk[2|3]u_adv
Development Tools:
wxGTK3-3_2-devel
wxWidgets-3_2-devel
Debug Packages:
All corresponding -debuginfo packages
(Complete package list available in SUSE Security Announcement SUSE-SU-2025:01735-1)
Why This Update Matters for Enterprise Environments
While classified as low severity, this patch is particularly important for:
✔ Financial systems using wxWidgets for transaction interfaces
✔ Industrial control systems with web connectivity
✔ Healthcare applications requiring stable GUI operations
Pro Tip: Organizations using SUSE Manager can automate deployment across their infrastructure.
Frequently Asked Questions
Q: Is this vulnerability remotely exploitable?
A: Yes (Network attack vector), but requires specific conditions to trigger.
Q: What's the business impact of not applying this patch?
A: Potential service interruptions in applications using wxWebRequestCURL.
Q: Are containers affected?
A: Yes, if using vulnerable wxWidgets versions in container images.
Nenhum comentário:
Postar um comentário