SUSE Linux has recently rolled out updates that address various security vulnerabilities in key software packages, including Expat, pgAdmin4, Liblzma5, and FontForge. The updates include:
1. FontForge: This moderate security update (SUSE-SU-2025:1199-1) fixes a command injection vulnerability (CVE-2017-17521), which was found in the help function of the software. The update is applicable to multiple SUSE products such as Desktop Applications Module 15-SP6 and openSUSE Leap 15.6.
2. Expat: A more critical update (SUSE-SU-2025:1201-1) addresses a denial of service vulnerability (CVE-2024-8176) that could occur due to a stack overflow caused by chaining a large number of entities. This update is considered important and impacts a wide range of products, including SUSE Linux Enterprise and openSUSE versions.
3. pgAdmin4 and Liblzma5: Both have received moderate updates as well, ensuring improved security but with less critical vulnerabilities compared to the updates for FontForge and Expat.
- Expat: Important security update addressing CVE-2024-8176.
- pgAdmin4 and Liblzma5: Moderate updates for enhanced security.
For further details on each vulnerability and the updates, users are directed to the respective references provided in the announcements
1. FontForge: This moderate security update (SUSE-SU-2025:1199-1) fixes a command injection vulnerability (CVE-2017-17521), which was found in the help function of the software. The update is applicable to multiple SUSE products such as Desktop Applications Module 15-SP6 and openSUSE Leap 15.6.
2. Expat: A more critical update (SUSE-SU-2025:1201-1) addresses a denial of service vulnerability (CVE-2024-8176) that could occur due to a stack overflow caused by chaining a large number of entities. This update is considered important and impacts a wide range of products, including SUSE Linux Enterprise and openSUSE versions.
3. pgAdmin4 and Liblzma5: Both have received moderate updates as well, ensuring improved security but with less critical vulnerabilities compared to the updates for FontForge and Expat.
Summary of Updates:
- FontForge: Moderate security update addressing CVE-2017-17521.- Expat: Important security update addressing CVE-2024-8176.
- pgAdmin4 and Liblzma5: Moderate updates for enhanced security.
Patch Installation:
Users are encouraged to apply these updates using recommended methods such as YaST online_update or "zypper patch." Specific commands for installation have been detailed for various distributions.Future Considerations:
As software vulnerabilities continue to evolve, it is crucial for users and administrators to stay updated with the latest patches and security measures. Regularly monitoring official announcements from SUSE and implementing updates promptly can help mitigate risks associated with security vulnerabilities. Additionally, exploring best practices for software security can further enhance system protection and integrity.For further details on each vulnerability and the updates, users are directed to the respective references provided in the announcements
Expat, pgAdmin4, Liblzma5, FontForge updates for SUSE
SUSE Linux has been updated with several security enhancements, including updates for Expat, pgAdmin4, Liblzma5, and FontForge:
SUSE-SU-2025:1199-1: moderate: Security update for fontforge
SUSE-SU-2025:1201-1: important: Security update for expat
openSUSE-SU-2025:14983-1: moderate: pgadmin4-9.2-1.1 on GA media
openSUSE-SU-2025:14984-1: moderate: liblzma5-32bit-5.8.1-1.1 on GA media
openSUSE-SU-2025:14981-1: moderate: fontforge-20230101-6.1 on GA mediaExpat, pgAdmin4, Liblzma5, FontForge updates for SUSE @ Linux Compatible
