Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2025:1094-1 important: Denial of Service & proxy bypass in warewulf4

suse
Calendar Grey April 2, 2025
Dist Suse Esm H88
SUSE enhances warewulf4 by rolling out critical security updates that address vulnerabilities linked to Denial of Service and proxy circumvention.
* bsc#1226654 * bsc#1238611 * bsc#1239322 Cross-References:

Summary

## This update for warewulf4 fixes the following issues: warewulf4 was updated from version 4.5.8 to 4.6.0: * Security issues fixed for version 4.6.0: * CVE-2025-22869: Fixed Denial of Service vulnerability in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322) * CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238611) * User visible changes: * Default values `nodes.conf`: * The default values for `kernel command line`, `init parameters` and `root` are now set in the `default` profile and this profileshould be included in every profile. During the installation of an update an upgrade is done to `nodes.conf` which updates the database accordingly. * Overlay split up:

Topics%20covered

Topics Covered

security advisory Denial of Service SUSE proxy bypass HPC Module warewulf4

References

* bsc#1226654

* bsc#1238611

* bsc#1239322

Cross-

* CVE-2025-22869

* CVE-2025-22870

CVSS scores:

* CVE-2025-22869 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-22870 ( SUSE ): 4.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2025-22870 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

* CVE-2025-22870 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Affected Products:

* HPC Module 15-SP6

* openSUSE Leap 15.5

* openSUSE Leap 15.6

* SUSE Linux Enterprise High Performance Computing 15 SP5

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:1094-1
Release Date: 2025-04-02T03:37:41Z
Rating: important

Topics%20covered

Topics Covered

security advisory Denial of Service SUSE proxy bypass HPC Module warewulf4

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here