FERRAMENTAS LINUX: Critical Security Update: freetype2 Vulnerability Patched (CVE-2025-23022)

sábado, 10 de maio de 2025

Critical Security Update: freetype2 Vulnerability Patched (CVE-2025-23022)

 

SUSE

SUSE has released a critical freetype2 security update (CVE-2025-23022) patching a signed integer overflow flaw. Learn how to protect your Linux Enterprise Server 12 SP5 systems, review CVSS 6.9 impacts, and apply fixes via YaST or zypper. Essential for SAP & LTSS environments.


SUSE Releases Moderate-Risk Patch for Linux Enterprise Systems

Published: May 9, 2025
Last Updated: May 11, 2025
Security Rating: Moderate (CVSS: 6.9)

Overview of the freetype2 Security Update

SUSE has issued a critical security patch addressing CVE-2025-23022, a signed integer overflow vulnerability in freetype2’s cf2_doFlex function (cff/cf2intrp.c). This flaw, tracked under bsc#1235670, affects multiple SUSE Linux Enterprise Server distributions, potentially leading to denial-of-service (DoS) attacks or arbitrary code execution in high-privilege environments.

Affected Systems

  • SUSE Linux Enterprise Server 12 SP5

  • SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security

  • SUSE Linux Enterprise Server for SAP Applications 12 SP5

Vulnerability Severity & Impact

SourceCVSS v4.0CVSS v3.1Risk Level
SUSE6.9 (AV:L)6.2 (AV:L)Moderate-High
NVD-4.0-6.2Moderate

Key Risks:
✔ Local Privilege Escalation (if exploited)
✔ System Crashes (DoS impact)
✔ Potential Memory Corruption

How to Apply the Patch

SUSE recommends immediate installation via:

  • YaST Online Update

  • Command Line:

    bash
    Copy
    Download
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1528=1

Updated Packages

  • freetype2-devel-2.6.3-7.24.1

  • libfreetype6-32bit-2.6.3-7.24.1

  • libfreetype6-debuginfo-2.6.3-7.24.1 (Debug symbols)

  • freetype2-debugsource-2.6.3-7.24.1

Why This Update Matters for Enterprises

Freetype2 is a core font rendering library used across Linux systems. Unpatched vulnerabilities can compromise:

  • Server Stability (DoS risks)

  • Compliance (e.g., GDPR, HIPAA if systems process sensitive data)

  • Long-Term Support (LTSS) Environments (delayed patches increase exposure)

Pro Tip: For SAP applications, prioritize patching to avoid downtime costs (averaging $5,600/minute for critical systems, per IBM’s 2024 report).

Additional Resources

🔗 SUSE CVE-2025-23022 Advisory
🔗 Bugzilla Report (bsc#1235670)

Cezar Henrique at
Marcadores: Linux, Android, Segurança ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)