Security update for tgt SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02591-1 Final 1 1 2025-08-01T14:08:41Z current 2025-08-01T14:08:41Z 2025-08-01T14:08:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for tgt This update for tgt fixes the following issues: - CVE-2024-45751: Fixed CHAP authentication bypass in user-space Linux target framework (bsc#1230360) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-2591 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502591-1/ Link for SUSE-SU-2025:02591-1 https://lists.suse.com/pipermail/sle-updates/2025-August/041005.html E-Mail link for SUSE-SU-2025:02591-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1230360 SUSE Bug 1230360 https://www.suse.com/security/cve/CVE-2024-45751/ SUSE CVE CVE-2024-45751 page tgt-1.0.85-150400.3.6.1 tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical. CVE-2024-45751 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502591-1/ https://www.suse.com/security/cve/CVE-2024-45751.html CVE-2024-45751 https://bugzilla.suse.com/1230360 SUSE Bug 1230360