Urgent Libraw security update for SUSE Linux (CVE-2025-43961 to 43964). Fixes critical flaws (CVSS 9.8) in RAW image processing. Learn patch instructions, affected packages, and mitigation steps.
Published: June 6, 2025
Severity: Moderate
Affected Systems: SUSE Linux Enterprise 15 SP7, Workstation Extension, Package Hub, and more
Key Security Risks Addressed
A newly released SUSE security update (SUSE-SU-2025:01572-1) resolves four critical vulnerabilities in Libraw, a widely used library for RAW image processing. These flaws could lead to out-of-bounds reads, memory corruption, and potential exploitation in enterprise environments.
Vulnerabilities Fixed (CVE Details)
CVE-2025-43961 (CVSS 5.1/9.1) – Fujifilm metadata parsing flaw
CVE-2025-43962 (CVSS 4.9/9.1) – Phase One image correction exploit
CVE-2025-43963 (CVSS 2.9/9.1) – Buffer overflow in MFbacks decoder
CVE-2025-43964 (CVSS 4.9/9.8) – Insufficient validation in Phase One processing
🔴 Why This Matters for Enterprises:
High-risk vulnerabilities (some rated CVSS 9.8) could allow remote code execution (RCE) or denial-of-service (DoS) attacks.
Affects SUSE Linux Enterprise Server, Desktop, and SAP environments—critical for IT security teams.
How to Apply the Patch
Recommended Update Methods
✔ YaST Online Update (GUI)
✔ Command Line (zypper):
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-1572=1
(See full package list below for other modules)
Affected Packages
| Module | Package | Architecture |
|---|---|---|
| Desktop Apps | libraw23, libraw-debugsource | x86_64, aarch64 |
| Package Hub | libraw-tools, libraw-devel | ppc64le, s390x |
| Workstation Ext. | libraw-devel-static | x86_64 |
Security Best Practices
✅ Immediate Action Required: Patch systems to prevent exploitation.
✅ Monitor Logs: Check for unusual activity in image processing workflows.
✅ Verify Dependencies: Ensure third-party apps using Libraw are updated.
📌 Additional References:
Nenhum comentário:
Postar um comentário