SUSE Linux has released a series of security updates for several software packages, including Corosync, Upx, Atop, and LibModSecurity. These updates address critical and moderate vulnerabilities that could affect users of SUSE and openSUSE distributions.
1. Corosync:
- An urgent security update (SUSE-SU-2025:1084-1) has been issued for Corosync, which addresses a critical vulnerability (CVE-2025-30472) classified with a CVSS score of 9.0. This vulnerability involves a stack buffer overflow in the 'orf_token_endian_convert' function. The affected products include various versions of openSUSE Leap and SUSE Linux Enterprise across its High Availability and High Performance Computing Extensions. Users are encouraged to apply the patch using YaST or the `zypper` command.
2. Upx:
- A moderate security update (openSUSE-SU-2025:14947-1) has been released for Upx (upx-5.0.0-2.1), fixing a vulnerability (CVE-2025-2849) in the openSUSE Tumbleweed distribution.
3. Atop:
- Another moderate update (openSUSE-SU-2025:14945-1) has been issued for Atop (atop-2.11.1-1.1), addressing a vulnerability (CVE-2025-31160) also affecting openSUSE Tumbleweed.
4. LibModSecurity:
- The LibModSecurity library has received a moderate update (openSUSE-SU-2025:14946-1) to version 3.0.14-1.1, which resolves a vulnerability (CVE-2025-27110) in the Tumbleweed release.
Each update provides detailed instructions for installation and includes references for further information on the vulnerabilities fixed. Users are urged to apply these updates promptly to mitigate potential security risks.
Extension:
In addition to the immediate need for users to update their systems, it is crucial to establish routine security practices. This includes regularly monitoring for updates from software vendors and subscribing to security mailing lists. Furthermore, organizations should consider implementing automated patch management systems to ensure that vulnerabilities are addressed swiftly, reducing the risk of exploitation. For enterprises relying on SUSE Linux, establishing a comprehensive security policy that includes vulnerability assessments and incident response plans can further enhance their security posture
1. Corosync:
- An urgent security update (SUSE-SU-2025:1084-1) has been issued for Corosync, which addresses a critical vulnerability (CVE-2025-30472) classified with a CVSS score of 9.0. This vulnerability involves a stack buffer overflow in the 'orf_token_endian_convert' function. The affected products include various versions of openSUSE Leap and SUSE Linux Enterprise across its High Availability and High Performance Computing Extensions. Users are encouraged to apply the patch using YaST or the `zypper` command.
2. Upx:
- A moderate security update (openSUSE-SU-2025:14947-1) has been released for Upx (upx-5.0.0-2.1), fixing a vulnerability (CVE-2025-2849) in the openSUSE Tumbleweed distribution.
3. Atop:
- Another moderate update (openSUSE-SU-2025:14945-1) has been issued for Atop (atop-2.11.1-1.1), addressing a vulnerability (CVE-2025-31160) also affecting openSUSE Tumbleweed.
4. LibModSecurity:
- The LibModSecurity library has received a moderate update (openSUSE-SU-2025:14946-1) to version 3.0.14-1.1, which resolves a vulnerability (CVE-2025-27110) in the Tumbleweed release.
Each update provides detailed instructions for installation and includes references for further information on the vulnerabilities fixed. Users are urged to apply these updates promptly to mitigate potential security risks.
Extension:
In addition to the immediate need for users to update their systems, it is crucial to establish routine security practices. This includes regularly monitoring for updates from software vendors and subscribing to security mailing lists. Furthermore, organizations should consider implementing automated patch management systems to ensure that vulnerabilities are addressed swiftly, reducing the risk of exploitation. For enterprises relying on SUSE Linux, establishing a comprehensive security policy that includes vulnerability assessments and incident response plans can further enhance their security posture
Corosync, Upx, Atop, LibModSecurity updates for SUSE
SUSE Linux has issued security updates for Corosync, Upx, Atop, and LibModSecurity:
SUSE-SU-2025:1084-1: critical: Security update for corosync
openSUSE-SU-2025:14947-1: moderate: upx-5.0.0-2.1 on GA media
openSUSE-SU-2025:14945-1: moderate: atop-2.11.1-1.1 on GA media
openSUSE-SU-2025:14946-1: moderate: libmodsecurity3-3.0.14-1.1 on GA mediaCorosync, Upx, Atop, LibModSecurity updates for SUSE @ Linux Compatible
