Security update for tgt SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02740-1 Final 1 1 2025-08-08T09:11:54Z current 2025-08-08T09:11:54Z 2025-08-08T09:11:54Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for tgt This update for tgt fixes the following issues: - CVE-2024-45751: Fixed CHAP authentication bypass in user-space Linux target framework (bsc#1230360) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-2740,SUSE-SLE-Module-Basesystem-15-SP6-2025-2740,SUSE-SLE-Module-Basesystem-15-SP7-2025-2740,openSUSE-SLE-15.6-2025-2740 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502740-1/ Link for SUSE-SU-2025:02740-1 https://lists.suse.com/pipermail/sle-updates/2025-August/041147.html E-Mail link for SUSE-SU-2025:02740-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1230360 SUSE Bug 1230360 https://www.suse.com/security/cve/CVE-2024-45751/ SUSE CVE CVE-2024-45751 page SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 openSUSE Leap 15.6 tgt-1.0.85-150600.10.3.1 tgt-1.0.85-150600.10.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 tgt-1.0.85-150600.10.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 tgt-1.0.85-150600.10.3.1 as a component of openSUSE Leap 15.6 tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical. CVE-2024-45751 SUSE Linux Enterprise Module for Basesystem 15 SP6:tgt-1.0.85-150600.10.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:tgt-1.0.85-150600.10.3.1 openSUSE Leap 15.6:tgt-1.0.85-150600.10.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502740-1/ https://www.suse.com/security/cve/CVE-2024-45751.html CVE-2024-45751 https://bugzilla.suse.com/1230360 SUSE Bug 1230360