Security update for amazon-ssm-agent SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:0277-1 Final 1 1 2025-01-28T23:46:31Z current 2025-01-28T23:46:31Z 2025-01-28T23:46:31Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for amazon-ssm-agent This update for amazon-ssm-agent fixes the following issues: Update to version 3.3.1611.0: - CVE-2025-21613: Fixed argument injection via the URL field in github.com/go-git/go-git/v5 (bsc#1235575) Full changelog: https://github.com/aws/amazon-ssm-agent/compare/3.1.1260.0...3.3.1611.0 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP4-Manager-Proxy-4-3-BYOS-2025-277,Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2-2025-277,Image SLES15-SP4-Manager-Server-4-3-BYOS-2025-277,Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2-2025-277,Image SLES15-SP4-SAP-Hardened-BYOS-2025-277,Image SLES15-SP4-SAP-Hardened-BYOS-EC2-2025-277,Image SLES15-SP5-SAP-Hardened-BYOS-EC2-2025-277,Image SLES15-SP6-BYOS-EC2-2025-277,Image SLES15-SP6-EC2-2025-277,Image SLES15-SP6-EC2-ECS-HVM-2025-277,Image SLES15-SP6-HPC-BYOS-2025-277,Image SLES15-SP6-HPC-BYOS-EC2-2025-277,Image SLES15-SP6-HPC-EC2-2025-277,Image SLES15-SP6-Hardened-BYOS-EC2-2025-277,Image SLES15-SP6-SAP-2025-277,Image SLES15-SP6-SAP-BYOS-EC2-2025-277,Image SLES15-SP6-SAP-EC2-2025-277,Image SLES15-SP6-SAP-Hardened-BYOS-2025-277,Image SLES15-SP6-SAP-Hardened-BYOS-EC2-2025-277,Image SLES15-SP6-SAP-Hardened-EC2-2025-277,Image SLES15-SP6-SAPCAL-2025-277,Image SLES15-SP6-SAPCAL-EC2-2025-277,SUSE-2025-277,SUSE-SLE-Module-Public-Cloud-15-SP3-2025-277,SUSE-SLE-Module-Public-Cloud-15-SP4-2025-277,SUSE-SLE-Module-Public-Cloud-15-SP5-2025-277,SUSE-SLE-Module-Public-Cloud-15-SP6-2025-277,openSUSE-SLE-15.6-2025-277 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20250277-1/ Link for SUSE-SU-2025:0277-1 https://lists.suse.com/pipermail/sle-security-updates/2025-January/020232.html E-Mail link for SUSE-SU-2025:0277-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1235575 SUSE Bug 1235575 https://www.suse.com/security/cve/CVE-2025-21613/ SUSE CVE CVE-2025-21613 page Image SLES15-SP4-Manager-Proxy-4-3-BYOS Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Server-4-3-BYOS Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 Image SLES15-SP4-SAP-Hardened-BYOS Image SLES15-SP4-SAP-Hardened-BYOS-EC2 Image SLES15-SP5-SAP-Hardened-BYOS-EC2 Image SLES15-SP6-BYOS-EC2 Image SLES15-SP6-EC2 Image SLES15-SP6-EC2-ECS-HVM Image SLES15-SP6-HPC-BYOS Image SLES15-SP6-HPC-BYOS-EC2 Image SLES15-SP6-HPC-EC2 Image SLES15-SP6-Hardened-BYOS-EC2 Image SLES15-SP6-SAP Image SLES15-SP6-SAP-BYOS-EC2 Image SLES15-SP6-SAP-EC2 Image SLES15-SP6-SAP-Hardened-BYOS Image SLES15-SP6-SAP-Hardened-BYOS-EC2 Image SLES15-SP6-SAP-Hardened-EC2 Image SLES15-SP6-SAPCAL Image SLES15-SP6-SAPCAL-EC2 SUSE Linux Enterprise Module for Public Cloud 15 SP3 SUSE Linux Enterprise Module for Public Cloud 15 SP4 SUSE Linux Enterprise Module for Public Cloud 15 SP5 SUSE Linux Enterprise Module for Public Cloud 15 SP6 openSUSE Leap 15.6 amazon-ssm-agent-3.3.1611.0-150000.5.20.1 amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP4-Manager-Proxy-4-3-BYOS amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP4-SAP-Hardened-BYOS amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP4-SAP-Hardened-BYOS-EC2 amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP5-SAP-Hardened-BYOS-EC2 amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP6-BYOS-EC2 amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP6-EC2 amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP6-EC2-ECS-HVM amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP6-HPC-BYOS amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP6-HPC-BYOS-EC2 amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP6-HPC-EC2 amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP6-Hardened-BYOS-EC2 amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP6-SAP amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP6-SAP-BYOS-EC2 amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP6-SAP-EC2 amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP6-SAP-Hardened-BYOS amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP6-SAP-Hardened-BYOS-EC2 amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP6-SAP-Hardened-EC2 amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP6-SAPCAL amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of Image SLES15-SP6-SAPCAL-EC2 amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP3 amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP4 amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP5 amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP6 amazon-ssm-agent-3.3.1611.0-150000.5.20.1 as a component of openSUSE Leap 15.6 go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0. CVE-2025-21613 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP4-Manager-Proxy-4-3-BYOS:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP4-Manager-Server-4-3-BYOS:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP4-SAP-Hardened-BYOS-EC2:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP4-SAP-Hardened-BYOS:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP5-SAP-Hardened-BYOS-EC2:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP6-BYOS-EC2:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP6-EC2-ECS-HVM:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP6-EC2:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP6-HPC-BYOS-EC2:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP6-HPC-BYOS:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP6-HPC-EC2:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP6-Hardened-BYOS-EC2:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP6-SAP-BYOS-EC2:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP6-SAP-EC2:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP6-SAP-Hardened-BYOS-EC2:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP6-SAP-Hardened-BYOS:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP6-SAP-Hardened-EC2:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP6-SAP:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP6-SAPCAL-EC2:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 Image SLES15-SP6-SAPCAL:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 SUSE Linux Enterprise Module for Public Cloud 15 SP3:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 SUSE Linux Enterprise Module for Public Cloud 15 SP4:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 SUSE Linux Enterprise Module for Public Cloud 15 SP5:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 SUSE Linux Enterprise Module for Public Cloud 15 SP6:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 openSUSE Leap 15.6:amazon-ssm-agent-3.3.1611.0-150000.5.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250277-1/ https://www.suse.com/security/cve/CVE-2025-21613.html CVE-2025-21613 https://bugzilla.suse.com/1235572 SUSE Bug 1235572