FERRAMENTAS LINUX: SUSE Linux Micro 6.0 Security Update: Critical GPG2 Patch for CVE-2025-30258 (Denial of Service Fix)

sábado, 5 de julho de 2025

SUSE Linux Micro 6.0 Security Update: Critical GPG2 Patch for CVE-2025-30258 (Denial of Service Fix)

 

SUSE

SUSE Linux Micro 6.0 releases a critical security update for GPG2, addressing CVE-2025-30258, a denial-of-service (DoS) vulnerability. Learn patch instructions, CVSS scores, and affected packages to secure your system. Stay protected with SUSE’s latest fixes.

Critical Security Vulnerability Patched in SUSE Linux Micro 6.0

A newly discovered GPG2 vulnerability (CVE-2025-30258) could allow attackers to trigger a denial-of-service (DoS) attack via malicious subkeys. This high-priority security update from SUSE Linux Micro 6.0 resolves the issue, ensuring system stability and security.

🔹 Why is this update critical?

  • Fixes a regression from a previous DoS patch.

  • Prevents malicious subkey exploitation in GPG2.

  • Patches vulnerabilities tracked under bsc#1236931, bsc#1239119.

Patch Instructions & Installation Guide

To apply this security update, use one of the following SUSE-recommended methods:

✅ Recommended:

  • YaST Online Update (GUI-based patching)

  • Zypper Patch (CLI method)

💻 Manual Installation Command:

bash
zypper in -t patch SUSE-SLE-Micro-6.0-370=1

📦 Affected Packages:

  • gpg2-2.4.4-4.1

  • gpg2-debugsource-2.4.4-4.1

  • gpg2-debuginfo-2.4.4-4.1

(Supports aarch64, s390x, x86_64 architectures)

CVE-2025-30258: Vulnerability Analysis & CVSS Scores

This GPG2 flaw has been rated under CVSS v3.1 and v4.0, indicating low to moderate risk:

📊 CVSS v3.1 Scores:

  • SUSE: 2.7 (AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L)

  • NVD: 2.7 (Same vector)

📊 CVSS v4.0 Score (SUSE): 1.8
(Low impact due to local attack vector & high complexity)

🔗 Official References:

Why Should You Apply This Update Immediately?

🚨 Security Risks if Unpatched:

  • Attackers could crash GPG2 processes, disrupting encryption workflows.

  • Potential system instability in environments relying on GPG-signed packages.

🛡️ Best Practices for Linux Security:

  • Enable automatic updates for critical patches.

  • Monitor SUSE security advisories for new threats.

  • Verify GPG signatures when installing third-party software.

FAQ: SUSE Linux Micro 6.0 GPG2 Update

❓ Is this vulnerability exploitable remotely?

A: No, CVE-2025-30258 requires local access (AV:L), reducing exposure risk.

❓ Does this affect other SUSE distributions?

A: Currently, only SUSE Linux Micro 6.0 is confirmed impacted.

❓ How do I verify the patch was applied?
A: Run:

bash
rpm -q gpg2 --changelog | grep CVE-2025-30258

Cezar Henrique at
Marcadores: Linux, Android, Segurança , , , , ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)