Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2025:1142-1 important: google-guest-agent unauthorized access fix

suse
Calendar Grey April 4, 2025
Dist Suse Esm H88
Patch release for google-guest-agent addressing critical vulnerabilities impacting Public Cloud Module among other components.
* bsc#1234563 * bsc#1239763 * bsc#1239866 Cross-References:

Summary

## This update for google-guest-agent fixes the following issues: * CVE-2024-45337: golang.org/x/crypto/ssh: Fixed misuse of ServerConfig.PublicKeyCallback leading to authorization bypass (bsc#1234563). Other fixes: \- Updated to version 20250327.01 (bsc#1239763, bsc#1239866) * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) \- from version 20250327.00 * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle

Topics%20covered

Topics Covered

security advisory patch important authorization bypass public cloud module google-guest-agent

References

* bsc#1234563

* bsc#1239763

* bsc#1239866

Cross-

* CVE-2024-45337

CVSS scores:

* CVE-2024-45337 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-45337 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* Public Cloud Module 12

* SUSE Linux Enterprise High Performance Computing 12 SP2

* SUSE Linux Enterprise High Performance Computing 12 SP3

* SUSE Linux Enterprise High Performance Computing 12 SP4

* SUSE Linux Enterprise High Performance Computing 12 SP5

* SUSE Linux Enterprise Server 12

* SUSE Linux Enterprise Server 12 SP1

* SUSE Linux Enterprise Server 12 SP2

* SUSE Linux Enterprise Server 12 SP3

* SUSE Linux Enterprise Server 12 SP4

* SUSE Linux Enterprise Server 12 SP5

* SUSE Linux Enterprise Server for SAP Applications 12

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:1142-1
Release Date: 2025-04-04T13:30:47Z
Rating: important

Topics%20covered

Topics Covered

security advisory patch important authorization bypass public cloud module google-guest-agent

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here