FERRAMENTAS LINUX: Critical Security Update for SUSE rmt-server: Patch CVE-2025-32441 & CVE-2025-46727 Now

segunda-feira, 21 de julho de 2025

Critical Security Update for SUSE rmt-server: Patch CVE-2025-32441 & CVE-2025-46727 Now

SUSe

 SUSE releases an urgent security patch for rmt-server addressing CVE-2025-32441 (session hijacking risk) and CVE-2025-46727 (high-severity DoS vulnerability). Learn how to protect your Linux systems (openSUSE Leap 15.3, SLES, SAP, etc.) with step-by-step patch instructions and CVSS 8.7 mitigation.

Why This Update Matters

SUSE has classified this update as "important", resolving two critical vulnerabilities affecting enterprise Linux distributions, including SUSE Manager, SAP systems, and cloud modules. Unpatched systems risk denial-of-service attacks and session hijacking via exploited Rack middleware flaws.

Key Vulnerabilities Patched

  1. CVE-2025-46727 (CVSS 8.7):**

    • Unbounded-Parameter DoS in Rack:QueryParser

    • Allows remote attackers to crash services via malicious queries (NVD-rated 7.5).

    • Affected: All SUSE products using rmt-server 2.23 or earlier.

  2. CVE-2025-32441 (CVSS 4.2):**

    • Session Restoration Bug

    • Concurrent requests could revive deleted Rack sessions, enabling unauthorized access.

Step-by-Step Patch Instructions

Affected Products

  • openSUSE Leap 15.3

  • SUSE Linux Enterprise Server 15 SP3 (LTSS)

  • SUSE Manager Server 4.2

  • Full list: See original bulletin

How to Apply the Fix

  1. Recommended Method:

    bash
    zypper patch

    Or use YaST’s online_update tool.

  2. Manual Patch per Product:

    bash
    # Example: openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2429=1

    (See full command list in original advisory.)

Technical Deep Dive

CVSS 4.0 vs. 3.1 Scores

CVE IDSUSE (v4.0)NVD (v3.1)Risk Profile
CVE-2025-467278.77.5Critical (DoS)
CVE-2025-324412.34.2Medium (Session Hijack)

Why the discrepancy? CVSS 4.0’s granular metrics (e.g., AT:P for attacker priming) reflect SUSE’s stricter scoring.

Proactive Security Measures

  1. Verify Patch Installation:

    bash
    rpm -qa | grep rmt-server

    Ensure version 2.23-150300.3.54.1 is present.

  2. Monitor Logs:
    Check /var/log/rmt-server for unusual query patterns.

FAQ

Q: Is this update relevant for cloud deployments?

A: Yes, especially Public Cloud Module 15-SP3 and SAP cloud instances.

Q: Can exploits bypass firewalls?

A: CVE-2025-46727 requires no authentication (PR:N), making perimeter defenses insufficient.


Cezar Henrique at
Marcadores: Linux, Android, Segurança ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)