Security update for doomsday SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:0117-1 Final 1 1 2025-04-09T06:48:33Z current 2025-04-09T06:48:33Z 2025-04-09T06:48:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for doomsday This update for doomsday fixes the following issues: - CVE-2025-2592: Use system assimp library to fix a heap-based buffer overflow (boo#1239917) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2025-117 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/S3ZMAN5677TB6D5IC67FGAVTSCVBDT3B/ E-Mail link for openSUSE-SU-2025:0117-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1239917 SUSE Bug 1239917 https://www.suse.com/security/cve/CVE-2025-2592/ SUSE CVE CVE-2025-2592 page SUSE Package Hub 15 SP6 openSUSE Leap 15.6 doomsday-2.3.1-bp156.4.3.1 doomsday-2.3.1-bp156.4.3.1 as a component of SUSE Package Hub 15 SP6 doomsday-2.3.1-bp156.4.3.1 as a component of openSUSE Leap 15.6 A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2690e354da0c681db000cfd892a55226788f2743. It is recommended to apply a patch to fix this issue. CVE-2025-2592 SUSE Package Hub 15 SP6:doomsday-2.3.1-bp156.4.3.1 openSUSE Leap 15.6:doomsday-2.3.1-bp156.4.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/S3ZMAN5677TB6D5IC67FGAVTSCVBDT3B/ https://www.suse.com/security/cve/CVE-2025-2592.html CVE-2025-2592 https://bugzilla.suse.com/1239914 SUSE Bug 1239914