Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE Linux: 2025:1143-1 important: google-guest-agent authorization bypass

suse
Calendar Grey April 4, 2025
Dist Suse Esm H88
A recent update targets a critical vulnerability in google-guest-agent, resolving an authorization bypass flaw. The fix can be applied immediately.
* bsc#1234563 * bsc#1239763 * bsc#1239866 Cross-References:

Summary

## This update for google-guest-agent fixes the following issues: * CVE-2024-45337: golang.org/x/crypto/ssh: Fixed misuse of ServerConfig.PublicKeyCallback leading to authorization bypass (bsc#1234563). Other fixes: \- Updated to version 20250327.01 (bsc#1239763, bsc#1239866) * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) \- from version 20250327.00 * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle

Topics%20covered

Topics Covered

security advisory patch important SUSE Linux authorization bypass google-guest-agent

References

* bsc#1234563

* bsc#1239763

* bsc#1239866

Cross-

* CVE-2024-45337

CVSS scores:

* CVE-2024-45337 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-45337 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* openSUSE Leap 15.6

* Public Cloud Module 15-SP3

* Public Cloud Module 15-SP4

* Public Cloud Module 15-SP5

* Public Cloud Module 15-SP6

* SUSE Linux Enterprise High Performance Computing 15 SP3

* SUSE Linux Enterprise High Performance Computing 15 SP4

* SUSE Linux Enterprise High Performance Computing 15 SP5

* SUSE Linux Enterprise Micro 5.5

* SUSE Linux Enterprise Server 15 SP3

* SUSE Linux Enterprise Server 15 SP4

* SUSE Linux Enterprise Server 15 SP5

* SUSE Linux Enterprise Server 15 SP6

* SUSE Linux Enterprise Server for SAP Applications 15 SP3

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:1143-1
Release Date: 2025-04-04T13:31:36Z
Rating: important

Topics%20covered

Topics Covered

security advisory patch important SUSE Linux authorization bypass google-guest-agent

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here