Security update for google-osconfig-agent SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:0580-1 Final 1 1 2025-02-18T14:52:43Z current 2025-02-18T14:52:43Z 2025-02-18T14:52:43Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for google-osconfig-agent This update for google-osconfig-agent fixes the following issues: - CVE-2024-45339: github.com/golang/glog: a privileged process' log file path can be easily predicted and used to overwrite other sensitive files in a system. (bsc#1236560) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-580,SUSE-SLE-Module-Public-Cloud-12-2025-580 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20250580-1/ Link for SUSE-SU-2025:0580-1 https://lists.suse.com/pipermail/sle-security-updates/2025-February/020367.html E-Mail link for SUSE-SU-2025:0580-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1236560 SUSE Bug 1236560 https://www.suse.com/security/cve/CVE-2024-45339/ SUSE CVE CVE-2024-45339 page SUSE Linux Enterprise Module for Public Cloud 12 google-osconfig-agent-20250115.01-1.35.1 google-osconfig-agent-20250115.01-1.35.1 as a component of SUSE Linux Enterprise Module for Public Cloud 12 When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists. CVE-2024-45339 SUSE Linux Enterprise Module for Public Cloud 12:google-osconfig-agent-20250115.01-1.35.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250580-1/ https://www.suse.com/security/cve/CVE-2024-45339.html CVE-2024-45339 https://bugzilla.suse.com/1236541 SUSE Bug 1236541