FERRAMENTAS LINUX: Critical Security Update: openSUSE Patches Python3-setuptools Vulnerability (CVE-2025-47273)

quarta-feira, 4 de junho de 2025

Critical Security Update: openSUSE Patches Python3-setuptools Vulnerability (CVE-2025-47273)

openSUSE releases critical patch for python3-setuptools (CVE-2025-47273) fixing arbitrary file write risks. Learn how to secure SUSE Linux Enterprise, openSUSE Leap, and HPC systems now with step-by-step update instructions.

Overview: High-Risk Arbitrary File Write Flaw Fixed

openSUSE has released an important security update for python3-setuptools addressing CVE-2025-47273, a severe path traversal vulnerability that could allow attackers to execute arbitrary file writes on affected systems. This flaw, tracked under bsc#1243313, impacts multiple SUSE Linux Enterprise and openSUSE Leap distributions.

Why This Update Matters

Critical Severity: Exploiting this flaw could lead to unauthorized system modifications or malware deployment.

Widespread Impact: Affects SUSE Linux Enterprise Server, SAP Applications, HPC, and openSUSE Leap deployments.

Enterprise Risk: Systems running SUSE Manager, Micro for Rancher, and Retail Branch Servers are vulnerable if unpatched.

Patch Instructions: How to Secure Your System

To mitigate this vulnerability, apply the latest updates using one of the following methods:

Recommended Update Methods

✔ YaST Online Update (GUI)
✔ Command Line (zypper)

Specific Patch Commands by Product

Product	Patch Command
SUSE Linux Enterprise Server 15 SP4/SP5	`zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1810=1`
openSUSE Leap 15.6	`zypper in -t patch openSUSE-SLE-15.6-2025-1810=1`
SUSE Manager Server 4.3	`zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1810=1`
Full list of affected products	See official SUSE advisory (hypothetical link)