Critical security update for openSUSE Leap 15.4 fixes libssh vulnerabilities (CVE-2025-4877, CVE-2025-4878, CVE-2025-5318, CVE-2025-5372). Learn how to patch with zypper/YaST to prevent remote exploits, memory corruption, and privilege escalation risks.
🔒 Urgent Security Advisory for openSUSE Users
A critical security update has been released for openSUSE Leap 15.4 addressing multiple high-risk vulnerabilities in libssh, a widely used library for secure remote server access. These flaws could allow attackers to execute arbitrary code, trigger memory corruption, or bypass security checks.
🚨 Key Vulnerabilities Fixed in This Patch
This update resolves the following CVEs (Common Vulnerabilities and Exposures):
CVE-2025-4877: A dangerous out-of-bounds write in binary-to-base64 conversion functions (bsc#1245309).
CVE-2025-4878: Uninitialized variable use in
privatekey_from_file(), potentially exposing sensitive data (bsc#1245310).CVE-2025-5318: Buffer overflow risk in SFTP server handle management (bsc#1245311).
CVE-2025-5372: Incorrect success code return in
ssh_kdf()on certain failures (bsc#1245314).
Impact: If exploited, these vulnerabilities could lead to remote code execution (RCE), privilege escalation, or data leaks.
🛡️ How to Apply the Security Patch
Recommended Update Methods
To secure your system, apply the patch immediately using:
YaST Online Update (GUI)
Command Line (zypper):
zypper in -t patch SUSE-2025-2278=1
Affected Products & Patch Commands
| Product | Patch Command |
|---|---|
| openSUSE Leap 15.4 | zypper in -t patch SUSE-2025-2278=1 |
| SUSE Linux Enterprise Micro 5.3/5.4/5.5 | zypper in -t patch SUSE-SLE-Micro-5.X-2025-2278=1 |
| SUSE Linux Enterprise Server 15 SP4/SP5 | zypper in -t patch SUSE-SLE-Product-SLES-15-SPX-LTSS-2025-2278=1 |
| SUSE Manager Server 4.3 | zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2278=1 |
(See full list in the original advisory for additional distributions.)
📦 Updated Package List
The following packages have been patched:
libssh4 (
0.9.8-150400.3.9.1)libssh-devel (
0.9.8-150400.3.9.1)libssh-config (
0.9.8-150400.3.9.1)32-bit & 64-bit variants (for x86_64, aarch64, ppc64le, s390x)
(Full package details available in the original advisory.)
🔗 References & Further Reading
CVE Details:
Bug Reports:
❓ Frequently Asked Questions (FAQ)
Q: Is this update mandatory?
A: Yes, due to the severity of these vulnerabilities, immediate patching is strongly recommended.
Q: Will applying this patch disrupt my system?
A: No, this is a security-focused update with minimal functional changes.
Q: How do I verify the patch was applied?
A: Run:
zypper patches | grep SUSE-2025-2278
Nenhum comentário:
Postar um comentário