Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2025:0580-2 critical: google-osconfig-agent file access issue

suse
Calendar Grey February 18, 2025
Dist Suse Esm H88
Keep informed about SUSE's recent security update for google-osconfig-agent that tackles critical vulnerabilities.
* bsc#1236560 Cross-References: * CVE-2024-45339

Summary

## This update for google-osconfig-agent fixes the following issues: * CVE-2024-45339: github.com/golang/glog: a privileged process' log file path can be easily predicted and used to overwrite other sensitive files in a system. (bsc#1236560) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2025-580=1 ## Package List: * Public Cloud Module 12 (aarch64 ppc64le s390x x86_64) * google-osconfig-agent-20250115.01-1.35.1

Topics%20covered

Topics Covered

security advisory update access control threat patch important SUSE suse system overwrite google-osconfig-agent CVE-2024-45339

References

* bsc#1236560

Cross-

* CVE-2024-45339

CVSS scores:

* CVE-2024-45339 ( SUSE ): 6.9

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2024-45339 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

* CVE-2024-45339 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* Public Cloud Module 12

* SUSE Linux Enterprise High Performance Computing 12 SP2

* SUSE Linux Enterprise High Performance Computing 12 SP3

* SUSE Linux Enterprise High Performance Computing 12 SP4

* SUSE Linux Enterprise High Performance Computing 12 SP5

* SUSE Linux Enterprise Server 12

* SUSE Linux Enterprise Server 12 SP1

* SUSE Linux Enterprise Server 12 SP2

* SUSE Linux Enterprise Server 12 SP3

* SUSE Linux Enterprise Server 12 SP4

* SUSE Linux Enterprise Server 12 SP5

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:0580-1
Release Date: 2025-02-18T14:52:44Z
Rating: important

Topics%20covered

Topics Covered

security advisory update access control threat patch important SUSE suse system overwrite google-osconfig-agent CVE-2024-45339

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here