|
|
Subscribe / Log in / New account

SUSE alert SUSE-SU-2025:20746-1 (google-osconfig-agent)

From:  SLE-SECURITY-UPDATES <null@suse.de>
To:  sle-security-updates@lists.suse.com
Subject:  SUSE-SU-2025:20746-1: moderate: Security update for google-osconfig-agent
Date:  Fri, 26 Sep 2025 16:36:35 -0000
Message-ID:  <175890459552.25554.1762795827432467667@smelt2.prg2.suse.org>

# Security update for google-osconfig-agent Announcement ID: SUSE-SU-2025:20746-1 Release Date: 2025-09-12T09:03:29Z Rating: moderate References: * bsc#1212418 * bsc#1212759 * bsc#1239948 * bsc#1244304 * bsc#1244503 Cross-References: * CVE-2024-45339 CVSS scores: * CVE-2024-45339 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-45339 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-45339 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability and has four fixes can now be installed. ## Description: This update for google-osconfig-agent fixes the following issues: Update to version 20250416.02 (bsc#1244304, bsc#1244503) * defaultSleeper: tolerate 10% difference to reduce test flakiness (#810) * Add output of some packagemanagers to the testdata (#808) >From version 20250416.01: * Refactor OS Info package (#809) >From version 20250416.00: * Report RPM inventory as YUM instead of empty SoftwarePackage when neither Zypper nor YUM are installed. (#805) >From version 20250414.00: * Update hash computation algorithm (#799) Update to version 20250320.00: * Bump github.com/envoyproxy/protoc-gen-validate from 1.1.0 to 1.2.1 (#797) * Bump go.opentelemetry.io/otel/sdk/metric from 1.32.0 to 1.35.0 (#793) * Bump cel.dev/expr from 0.18.0 to 0.22.0 (#792) * Bump github.com/golang/glog from 1.2.3 to 1.2.4 in the go_modules group (#785) * Bump cloud.google.com/go/logging from 1.12.0 to 1.13.0 (#774) * Add tests for retryutil package. (#795) * Update OWNERS (#794) * Use separate counters for pre- and post-patch reboots. (#788) * Update owners (#789) * Fix the vet errors for contants in logging (#786) * change available package check (#783) * Fix Inventory reporting e2e tests. (#782) * fix e2e tests (#781) * Add -buildmode=pie to go build command line (bsc#1239948) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-262=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * google-osconfig-agent-20250416.02-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-45339.html * https://bugzilla.suse.com/show_bug.cgi?id=1212418 * https://bugzilla.suse.com/show_bug.cgi?id=1212759 * https://bugzilla.suse.com/show_bug.cgi?id=1239948 * https://bugzilla.suse.com/show_bug.cgi?id=1244304 * https://bugzilla.suse.com/show_bug.cgi?id=1244503


Attachment: None (type=text/html)

(HTML attachment elided)


to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds