This update for google-guest-agent fixes the following issues:
Update to version 20250506.01 (bsc#1243254, bsc#1243505).
Security issues fixed:
- CVE-2024-45337: golang.org/x/crypto/ssh: misuse of the ServerConfig.PublicKeyCallback callback can lead to
authorization bypass in applications (bsc#1234563).
- CVE-2023-45288: golang.org/x/net/http2: no limit set for number of HTTP/2 CONTINUATION frames that can be read for an
HTTP/2 request can lead to excessive CPU consumption and a DoS (bsc#1236533).
Other updates and bugfixes:
- Version 20250506.01:
* Make sure agent added connections are activated by NM (#534)
- Version 20250506.00:
* Wrap NSS cache refresh in a goroutine (#533)
- Version 20250502.01:
* Wicked: Only reload interfaces for which configurations are written or changed. (#524)
- Version 20250502.00:
* Add AuthorizedKeysCompat to windows packaging (#530)
* Remove error messages from gce_workload_cert_refresh and metadata script runner (#527)
* Update...
Read the Full Advisory- openSUSE Leap 16.0:
google-guest-agent-20250506.01-160000.1.1
* bsc#1234563
* bsc#1236533
* bsc#1239763
* bsc#1239866
* bsc#1243254
* bsc#1243505
References:
* https://www.suse.com/security/cve/CVE-2023-45288.html
* https://www.suse.com/security/cve/CVE-2024-45337.html
Get the latest Linux and open source security news straight to your inbox.