upx-5.0.0-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:14947-1 Final 1 1 2025-03-31T00:00:00Z current 2025-03-31T00:00:00Z 2025-03-31T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z upx-5.0.0-2.1 on GA media These are all security issues fixed in the upx-5.0.0-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-14947 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4FBRFLGSEHNFULMPARVADU2TACHDQM4L/ E-Mail link for openSUSE-SU-2025:14947-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-2849/ SUSE CVE CVE-2025-2849 page openSUSE Tumbleweed upx-5.0.0-2.1 upx-5.0.0-2.1 as a component of openSUSE Tumbleweed A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. It is recommended to apply a patch to fix this issue. CVE-2025-2849 openSUSE Tumbleweed:upx-5.0.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4FBRFLGSEHNFULMPARVADU2TACHDQM4L/ https://www.suse.com/security/cve/CVE-2025-2849.html CVE-2025-2849 https://bugzilla.suse.com/1240236 SUSE Bug 1240236