SUSE has released a moderate-risk security update for iputils (CVE-2025-48964) fixing an integer overflow vulnerability in ping statistics. Affected systems include SUSE Linux Enterprise 15 SP6/SP7, openSUSE Leap 15.4, and Micro/Rancher deployments. Learn patch instructions, CVSS scores, and mitigation steps.
🔍 Vulnerability Overview
A newly patched integer overflow flaw (CVE-2025-48964) in iputils could allow attackers to manipulate ping statistics via zero timestamps, potentially leading to denial-of-service (DoS) or data corruption.
Key Details:
CVSS 4.0 Score: 5.3 (Medium Severity)
CVSS 3.1 Score: 5.4 (Medium Severity)
Affected Products:
SUSE Linux Enterprise Server 15 SP6/SP7
openSUSE Leap 15.4
SUSE Linux Enterprise Micro 5.3/5.4
SUSE Real Time & SAP Applications
🛡️ Patch Instructions (Step-by-Step)
1. Recommended Update Methods
YaST Online Update (GUI)
Zypper Patch (CLI)
2. Terminal Commands for Each OS
# openSUSE Leap 15.4 zypper in -t patch SUSE-2025-2431=1 # SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-2431=1 # SUSE Linux Enterprise Server 15 SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-2431=1
(Full command list in original bulletin)
📌 Why This Update Matters
This patch addresses:
✅ CVE-2025-48964 – Exploitable via maliciously crafted ICMP packets.
✅ Bug #1243772 – Stability risks in network diagnostics.
Enterprise Impact:
DoS risks in high-availability environments.
Compliance implications for regulated industries (e.g., finance, healthcare).
🔗 Additional Resources
💬 FAQ
Q: Is this vulnerability actively exploited?
A: No known exploits yet, but patch immediately due to moderate CVSS scores.
Q: Can I verify if my system is patched?
A: Run rpm -q iputils and match the version to the updated package list.
Nenhum comentário:
Postar um comentário