SUSE Linux has released several important security updates affecting various packages, including Go (go1.23 and go1.24), Google Guest Agent, Python's ecdsa library, GSL (GNU Scientific Library), and Firefox ESR.
The updates include:
1. go1.23: An important security update (SUSE-SU-2025:1141-1) was released to address CVE-2025-22871, which involves a vulnerability related to request smuggling through invalid chunked data. The update also includes an upgrade to version 1.23.8. Affected products include various SUSE Linux Enterprise and openSUSE versions.
2. Google Guest Agent: Another important update (SUSE-SU-2025:1143-1) addresses CVE-2024-45337, which pertains to an authorization bypass issue due to misuse of a public key callback. This update also includes enhancements and fixes to several functionalities.
3. Additional Updates:
- go1.24 (openSUSE-SU-2025:14963-1) received a moderate update addressing CVE-2025-22871.
- python311-ecdsa (openSUSE-SU-2025:14965-1) and gsl (openSUSE-SU-2025:14964-1) also received moderate updates addressing vulnerabilities.
- firefox-esr (openSUSE-SU-2025:14961-1) has been updated to fix five vulnerabilities, enhancing security for users of the browser.
For each of the updates, users are advised to use recommended installation methods like YaST or the command-line tool "zypper patch" to install the updates specific to their product versions.
- CVE-2024-45337: Affects Google Guest Agent, related to authorization bypass.
- CVE-2022-0778: Involves the Python ecdsa library.
- CVE-2020-353570: Pertains to GSL.
- Multiple vulnerabilities addressed in Firefox ESR.
The updates include:
1. go1.23: An important security update (SUSE-SU-2025:1141-1) was released to address CVE-2025-22871, which involves a vulnerability related to request smuggling through invalid chunked data. The update also includes an upgrade to version 1.23.8. Affected products include various SUSE Linux Enterprise and openSUSE versions.
2. Google Guest Agent: Another important update (SUSE-SU-2025:1143-1) addresses CVE-2024-45337, which pertains to an authorization bypass issue due to misuse of a public key callback. This update also includes enhancements and fixes to several functionalities.
3. Additional Updates:
- go1.24 (openSUSE-SU-2025:14963-1) received a moderate update addressing CVE-2025-22871.
- python311-ecdsa (openSUSE-SU-2025:14965-1) and gsl (openSUSE-SU-2025:14964-1) also received moderate updates addressing vulnerabilities.
- firefox-esr (openSUSE-SU-2025:14961-1) has been updated to fix five vulnerabilities, enhancing security for users of the browser.
For each of the updates, users are advised to use recommended installation methods like YaST or the command-line tool "zypper patch" to install the updates specific to their product versions.
Summary of Key Vulnerabilities and Updates:
- CVE-2025-22871: Affects go1.23 and go1.24, related to request smuggling.- CVE-2024-45337: Affects Google Guest Agent, related to authorization bypass.
- CVE-2022-0778: Involves the Python ecdsa library.
- CVE-2020-353570: Pertains to GSL.
- Multiple vulnerabilities addressed in Firefox ESR.
Installation and References:
Detailed installation instructions and package lists for each update have been provided. Users can refer to the SUSE security website for additional details on the vulnerabilities and the updates.Recommendations:
SUSE recommends updating affected systems promptly to mitigate potential security risks. Regularly checking for updates and applying them is crucial for maintaining system security and integrityGo, Google Guest Agent, Python, GSL, Firefox updates for SUSE
SUSE Linux has announced the release of multiple security updates, which include go1.23, google-guest-agent, python311-ecdsa, gsl, go1.23, and firefox-esr:
SUSE-SU-2025:1141-1: important: Security update for go1.23
SUSE-SU-2025:1143-1: important: Security update for google-guest-agent
openSUSE-SU-2025:14963-1: moderate: go1.24-1.24.2-1.1 on GA media
openSUSE-SU-2025:14965-1: moderate: python311-ecdsa-0.19.1-1.1 on GA media
openSUSE-SU-2025:14964-1: moderate: gsl-2.8-4.1 on GA media
openSUSE-SU-2025:14962-1: moderate: go1.23-1.23.8-1.1 on GA media
openSUSE-SU-2025:14961-1: moderate: firefox-esr-128.9.0-1.1 on GA mediaGo, Google Guest Agent, Python, GSL, Firefox updates for SUSE @ Linux Compatible
