Stay Secure with the Latest Linux Advisories

security advisorymoderateSuSE

SUSE: aws-efs-utils Moderate Out-of-Bounds Threat 2025:3954-1

* bsc#1240044 * bsc#1248055 * bsc#1249851 Cross-References: . # Security update for aws-efs-utils Announcement ID: SUSE-SU-2025:3954-1 Release Date: 2025-11-05T14:06:41Z Rating: moderate References: * bsc#1240044 * bsc#1248055 * bsc#1249851 Cross-References: * CVE-2020-35881 * CVE-2025-55159 CVSS scores: * CVE-2020-35881 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2020-35881 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-55159 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-55159 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-55159 ( NVD ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 * Public Cloud Module 15-SP6 * Public Cloud Module 15-SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for aws-efs-utils fixes the following issues: Update to version 2.3.3 (bsc#1240044). Security issues fixed: * CVE-2025-55159: slab: incorrect bounds check in `get_disjoint_mut` function can lead to potential crash due to out-of-bounds access (bsc#1248055). * CVE-2020-35881: traitobject: log4rs: out-of-bounds write due to fat pointer layout assumptions (bsc#1249851). Other issues fixed: * Build and install efs-proxy binary (bsc#1240044). * Fixed in version 2.3.3: * Add environment variable support for AWS profiles and regions * Regenerate Cargo.lock with rust 1.70.0 * Update circle-ci config * Fix AWS Env Variable Test and Code Style Issue * Remove CentOS 8 and Ubuntu 16.04 fromverified Linux distribution list * Fixed in version 2.3.2: * Update version in amazon-efs-utils.spec to 2.3.1 * Fix incorrect package version * Fixed in version 2.3.1: * Fix backtrace version to resolve ubuntu and rhel build issues * Pin Cargo.lock to avoid unexpected error across images * Fixed in version 2.3.0: * Add support for pod-identity credentials in the credentials chain * Enable mounting with IPv6 when using with the 'stunnel' mount option * Fixed in version 2.2.1: * Update log4rs * Fixed in version 2.2.0 * Use region-specific domain suffixes for dns endpoints where missing * Merge PR #211 - Amend Debian control to use binary architecture * Fixed in version 2.1.0 * Add mount option for specifying region * Add new ISO regions to config file * Fixed in version 2.0.4 * Add retry logic to and increase timeout for EC2 metadata token retrieval requests * Fixed in version 2.0.3: * Upgrade py version * Replace deprecated usage of datetime * Fixed in version 2.0.2 * Check for efs-proxy PIDs when cleaning tunnel state files * Add PID to log entries * Fxied in version 2.0.1 * Disable Nagle's algorithm for efs-proxy TLS mounts to improve latencies * Fixed in version 2.0.0: * Replace stunnel, which provides TLS encryptions for mounts, with efs-proxy, a component built in-house at AWS. Efs-proxy lays the foundation for upcoming feature launches at EFS. * Fixed in version 1.36.0: * Support new mount option: crossaccount, conduct cross account mounts via ip address. Use client AZ-ID to choose mount target. * Fixed in version 1.35.2: * Revert "Add warning if using older Version" * Support MacOS Sonoma * Fixed in version 1.35.1: * Revert openssl requirement change * Revert "Update EFS Documentation: Clarify Current FIPS Compliance Status" * Update EFS Documentation: Clarify Current FIPS Compliance Status * test: Change repo urls in eol debian9 build * Check private key file size to skip generation * test: Fix pytest that failed since commit 3dd89ca * Fix should_check_efs_utils_version scope * Add warning if using old version * Add 'fsap' option as EFS-only option * Fixed in version 1.35.0: * Add parameters to allow mount fo pod impersonation feature in EFS CSI Driver * Updated the README with support of Oracle8 distribution * Readme troubleshooting section + table of contents * Add efs-utils Support for MacOS Ventura EC2 instances ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3954=1 SUSE-2025-3954=1 * Public Cloud Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2025-3954=1 * Public Cloud Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2025-3954=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * aws-efs-utils-debuginfo-2.3.3-150600.17.6.1 * aws-efs-utils-2.3.3-150600.17.6.1 * Public Cloud Module 15-SP6 (aarch64 ppc64le s390x x86_64) * aws-efs-utils-2.3.3-150600.17.6.1 * Public Cloud Module 15-SP7 (aarch64 ppc64le s390x x86_64) * aws-efs-utils-2.3.3-150600.17.6.1 ## References: * https://www.suse.com/security/cve/CVE-2020-35881.html * https://www.suse.com/security/cve/CVE-2025-55159.html * https://bugzilla.suse.com/show_bug.cgi?id=1240044 * https://bugzilla.suse.com/show_bug.cgi?id=1248055 * https://bugzilla.suse.com/show_bug.cgi?id=1249851 . This SUSE advisory details a moderate security update for aws-efs-utils addressing multiple issues and fixes. Install promptly.. aws efs utils SUSE update security exploit. . LinuxSecurity.com Team

Nov 05, 2025 SuSE