SUSE alert openSUSE-SU-2025:0323-1 (v2ray-core)
| From: | opensuse-security@opensuse.org | |
| To: | security-announce@lists.opensuse.org | |
| Subject: | openSUSE-SU-2025:0323-1: important: Security update for v2ray-core | |
| Date: | Tue, 26 Aug 2025 15:06:21 +0200 | |
| Message-ID: | <20250826130621.3D7FAFF46@maintenance.suse.de> | |
| Archive-link: | Article |
openSUSE Security Update: Security update for v2ray-core ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0323-1 Rating: important References: #1222488 #1235164 #1243946 Cross-References: CVE-2024-22189 CVE-2025-297850 CVSS scores: CVE-2024-22189 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for v2ray-core fixes the following issues: - Update version to 5.33.0 * bump github.com/quic-go/quic-go from 0.51.0 to 0.52.0(boo#1243946 and CVE-2025-297850) * Update other vendor source - Update version to 5.31.0 * Add Dns Proxy Response TTL Control * Fix call newError Base with a nil value error * Update vendor (boo#1235164) - Update version to 5.29.3 * Enable restricted mode load for http protocol client * Correctly implement QUIC sniffer when handling multiple initial packets * Fix unreleased cache buffer in QUIC sniffing * A temporary testing fix for the buffer corruption issue * QUIC Sniffer Restructure - Update version to 5.22.0 * Add packetEncoding for Hysteria * Add ECH Client Support * Add support for parsing some shadowsocks links * Add Mekya Transport * Fix bugs - Update version to 5.18.0 * Add timeout for http request roundtripper * Fix ss2022 auth reader size overflow * Add pie build mode to all binary builds * Support "services" root config in cfgv4 * packet_encoding for config v4 * add MPTCP support * Add (Experimental) Meyka Building Blocks to request Transport * Add timeout for http request roundtripper * Hysteria2: Add Hysteria2 Protocol * Add AllowInsecureIfPinnedPeerCertificate option to tls security * Add tls certChainHash command * add support for socket activation * Add pprof flag for debugging * Fix bugs - Update version to 5.16.1 * Add Keep-Alive to removed headers - Update version to 5.15.1 * feat: RandomStrategy AliveOnly * Improve container image tags and timestamp * Add delay_auth_write to Socks5 Client Advanced Config * Add MaxMin TLS version support in TLS Setting * feat: RandomStrategy AliveOnly * Improve container image tags and timestamp * Fixed an encrypted traffic's malleable vulnerability that allow integrity corruption by an attacker with a privileged network position to silently drop segments of traffic from an encrypted traffic stream. * Update documents * Fix bugs - Update vendor, fix CVE-2024-22189 boo#1222488 - Update version to 5.12.1 * Shadowsocks2022 Client Support * Apply DomainStrategy to outbound target * Add DomainStrategy to JSONv5 outbound * Add sniffing for TUN * Add HTTPUpgrade transport * It is a reduced version of WebSocket Transport that can pass many reverse proxies and CDNs without running a WebSocket protocol stack * TUN Support * Add uTLS support for h2 transport * Fix bugs Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2025-323=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): v2ray-core-5.33.0-bp157.2.3.1 - openSUSE Backports SLE-15-SP7 (noarch): golang-github-v2fly-v2ray-core-5.33.0-bp157.2.3.1 References: https://www.suse.com/security/cve/CVE-2024-22189.html https://www.suse.com/security/cve/CVE-2025-297850.html https://bugzilla.suse.com/1222488 https://bugzilla.suse.com/1235164 https://bugzilla.suse.com/1243946