Main Vulnerability Database SB2025053101

SB2025053101 - SUSE update for glibc

Published: May 31, 2025

Security Bulletin ID SB2025053101

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Untrusted search path (CVE-ID: CVE-2025-4802)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted LD_LIBRARY_PATH environment variable. A local user can use the LD_LIBRARY_PATH environment variable to point to a malicious binary and execute arbitrary code with escalated privileges.

The vulnerability affects statically linked setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2025/suse-su-202501784-1/

Vulnerable Software

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
SUSE Linux Enterprise Micro: 5.1 - 5.5
SUSE Linux Enterprise Micro for Rancher: 5.2 - 5.4
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP5
SUSE Linux Enterprise Server 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
openSUSE Leap: 15.3
glibc-devel-64bit: before 2.31-150300.95.1
glibc-utils-64bit: before 2.31-150300.95.1
glibc-locale-base-64bit: before 2.31-150300.95.1
glibc-devel-static-64bit: before 2.31-150300.95.1
glibc-locale-base-64bit-debuginfo: before 2.31-150300.95.1
glibc-profile-64bit: before 2.31-150300.95.1
glibc-64bit-debuginfo: before 2.31-150300.95.1
glibc-utils-64bit-debuginfo: before 2.31-150300.95.1
glibc-devel-64bit-debuginfo: before 2.31-150300.95.1
glibc-64bit: before 2.31-150300.95.1
glibc-locale-base-32bit: before 2.31-150300.95.1
glibc-32bit-debuginfo: before 2.31-150300.95.1
glibc-devel-static-32bit: before 2.31-150300.95.1
glibc-32bit: before 2.31-150300.95.1
glibc-devel-32bit: before 2.31-150300.95.1
glibc-utils-32bit: before 2.31-150300.95.1
glibc-locale-base-32bit-debuginfo: before 2.31-150300.95.1
glibc-devel-32bit-debuginfo: before 2.31-150300.95.1
glibc-profile-32bit: before 2.31-150300.95.1
glibc-utils-32bit-debuginfo: before 2.31-150300.95.1
glibc-info: before 2.31-150300.95.1
glibc-lang: before 2.31-150300.95.1
glibc-html: before 2.31-150300.95.1
glibc-i18ndata: before 2.31-150300.95.1
glibc-utils: before 2.31-150300.95.1
glibc-extra-debuginfo: before 2.31-150300.95.1
nscd-debuginfo: before 2.31-150300.95.1
glibc-utils-debuginfo: before 2.31-150300.95.1
nscd: before 2.31-150300.95.1
glibc-utils-src-debugsource: before 2.31-150300.95.1
glibc-extra: before 2.31-150300.95.1
glibc-profile: before 2.31-150300.95.1
glibc-debugsource: before 2.31-150300.95.1
glibc: before 2.31-150300.95.1
glibc-locale-base-debuginfo: before 2.31-150300.95.1
glibc-locale-base: before 2.31-150300.95.1
glibc-debuginfo: before 2.31-150300.95.1
glibc-devel: before 2.31-150300.95.1
glibc-locale: before 2.31-150300.95.1
glibc-devel-static: before 2.31-150300.95.1
glibc-devel-debuginfo: before 2.31-150300.95.1