SUSE update for glibc

Published: 2025-02-13

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2025-0395
CWE-ID	CWE-119
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	SUSE Linux Enterprise Server 12 SP5 LTSS Extended Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 SP5 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 12 Operating systems & Components / Operating system glibc-info Operating systems & Components / Operating system package or component glibc-html Operating systems & Components / Operating system package or component glibc-i18ndata Operating systems & Components / Operating system package or component glibc-locale-32bit Operating systems & Components / Operating system package or component glibc-debuginfo-32bit Operating systems & Components / Operating system package or component glibc-devel-debuginfo-32bit Operating systems & Components / Operating system package or component glibc Operating systems & Components / Operating system package or component nscd Operating systems & Components / Operating system package or component glibc-devel-debuginfo Operating systems & Components / Operating system package or component glibc-profile-32bit Operating systems & Components / Operating system package or component glibc-locale Operating systems & Components / Operating system package or component glibc-locale-debuginfo-32bit Operating systems & Components / Operating system package or component glibc-profile Operating systems & Components / Operating system package or component glibc-32bit Operating systems & Components / Operating system package or component glibc-locale-debuginfo Operating systems & Components / Operating system package or component nscd-debuginfo Operating systems & Components / Operating system package or component glibc-devel-32bit Operating systems & Components / Operating system package or component glibc-devel-static Operating systems & Components / Operating system package or component glibc-debuginfo Operating systems & Components / Operating system package or component glibc-devel Operating systems & Components / Operating system package or component glibc-debugsource Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU103687

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-0395

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when the assert() function fails. A remote attacker can trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Update the affected package glibc to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

glibc-info: before 2.22-114.40.1

glibc-html: before 2.22-114.40.1

glibc-i18ndata: before 2.22-114.40.1

glibc-locale-32bit: before 2.22-114.40.1

glibc-debuginfo-32bit: before 2.22-114.40.1

glibc-devel-debuginfo-32bit: before 2.22-114.40.1

glibc: before 2.22-114.40.1

nscd: before 2.22-114.40.1

glibc-devel-debuginfo: before 2.22-114.40.1

glibc-profile-32bit: before 2.22-114.40.1

glibc-locale: before 2.22-114.40.1

glibc-locale-debuginfo-32bit: before 2.22-114.40.1

glibc-profile: before 2.22-114.40.1

glibc-32bit: before 2.22-114.40.1

glibc-locale-debuginfo: before 2.22-114.40.1

nscd-debuginfo: before 2.22-114.40.1

glibc-devel-32bit: before 2.22-114.40.1

glibc-devel-static: before 2.22-114.40.1

glibc-debuginfo: before 2.22-114.40.1

glibc-devel: before 2.22-114.40.1

glibc-debugsource: before 2.22-114.40.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250510-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.