FERRAMENTAS LINUX: Critical Security Update: ghc-pandoc Vulnerability Patch (CVE-2024-38526)

domingo, 22 de junho de 2025

Critical Security Update: ghc-pandoc Vulnerability Patch (CVE-2024-38526)

SUSE has released an urgent security update for ghc-pandoc to patch CVE-2024-38526, a Polyfill supply chain attack affecting openSUSE Leap 15.5/15.6, SUSE Linux Enterprise, and Package Hub. Learn how to secure your systems now with official patch commands.

Security Advisory Overview

A high-priority security update has been issued for ghc-pandoc, addressing a critical vulnerability (CVE-2024-38526) with a CVSS score of 5.4. This flaw exposes systems to supply chain attacks, potentially compromising data integrity.

Affected Systems

openSUSE Leap (15.5, 15.6)
SUSE Linux Enterprise (Desktop, Server, Real Time, SAP Applications)
SUSE Package Hub (15-SP6, 15-SP7)

Threat Level: Important – Immediate patching recommended.

Patch Instructions & Mitigation Steps

How to Apply the Update

To secure your system, use one of the following methods:

Recommended Methods:

✅ YaST Online Update (GUI)

✅ Terminal Command: zypper patch

Manual Patch Commands (Per Distribution):

Distribution	Command
openSUSE Leap 15.5	`zypper in -t patch SUSE-2025-2037=1`
openSUSE Leap 15.6	`zypper in -t patch openSUSE-SLE-15.6-2025-2037=1`
SUSE Package Hub 15-SP6	`zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2037=1`
SUSE Package Hub 15-SP7	`zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2037=1`

Technical Details: CVE-2024-38526 Exploit

Vulnerability Type: Polyfill Supply Chain Attack
CVSS 3.1 Score: 5.4 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)
Impact: Allows malicious code injection via compromised dependencies.
Official References:
- SUSE Security Advisory
- Bugzilla Report (bsc#1227690)