Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE Linux Micro 6.0: 2025:20332-1 critical: glibc Local Root Exploit Fix

suse
Calendar Grey May 29, 2025
Dist Suse Esm H88
Important patch for glibc tackles local privilege escalation vulnerabilities and other concerns in SUSE Linux Micro 6.0. Discover additional details here.
* bsc#1234128 * bsc#1239883 * bsc#1243317 Cross-References:

Summary

## This update for glibc fixes the following issues: * CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. (elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static) (bsc#1243317) * pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) * Mark functions in libc_nonshared.a as hidden (bsc#1239883) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-328=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * glibc-locale-2.38-9.1 * glibc-2.38-9.1 * glibc-locale-base-debuginfo-2.38-9.1 * glibc-locale-base-2.38-9.1

Topics%20covered

Topics Covered

security advisory local root exploit critical patch glibc SUSE Linux Micro

References

* bsc#1234128

* bsc#1239883

* bsc#1243317

Cross-

* CVE-2025-4802

CVSS scores:

* CVE-2025-4802 ( SUSE ): 9.4

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

* CVE-2025-4802 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-4802 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* SUSE Linux Micro 6.0

An update that solves one vulnerability and has two fixes can now be installed.

##

* https://www.suse.com/security/cve/CVE-2025-4802.html

* https://bugzilla.suse.com/show_bug.cgi?id=1234128

* https://bugzilla.suse.com/show_bug.cgi?id=1239883

* https://bugzilla.suse.com/show_bug.cgi?id=1243317

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:20332-1
Release Date: May 21, 2025, 11:06 a.m.
Rating: critical

Topics%20covered

Topics Covered

security advisory local root exploit critical patch glibc SUSE Linux Micro

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here