Security update for azure-cli SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:0751-1 Final 1 1 2025-02-28T16:26:23Z current 2025-02-28T16:26:23Z 2025-02-28T16:26:23Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for azure-cli This update for azure-cli fixes the following issues: - CVE-2024-43591: improper neutralization of special elements could allow users to run Azure CLI commands that result in certain service management operations being performed with System level permissions in Azure Defender for Cloud (bsc#1231971). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-751,SUSE-SLE-Module-Public-Cloud-15-SP4-2025-751,SUSE-SLE-Module-Public-Cloud-15-SP5-2025-751,SUSE-SLE-Module-Public-Cloud-15-SP6-2025-751,openSUSE-SLE-15.6-2025-751 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20250751-1/ Link for SUSE-SU-2025:0751-1 https://lists.suse.com/pipermail/sle-security-updates/2025-February/020465.html E-Mail link for SUSE-SU-2025:0751-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1231971 SUSE Bug 1231971 https://www.suse.com/security/cve/CVE-2024-43591/ SUSE CVE CVE-2024-43591 page SUSE Linux Enterprise Module for Public Cloud 15 SP4 SUSE Linux Enterprise Module for Public Cloud 15 SP5 SUSE Linux Enterprise Module for Public Cloud 15 SP6 openSUSE Leap 15.6 azure-cli-2.58.0-150400.14.12.1 azure-cli-test-2.58.0-150400.14.12.1 azure-cli-2.58.0-150400.14.12.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP4 azure-cli-2.58.0-150400.14.12.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP5 azure-cli-2.58.0-150400.14.12.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP6 azure-cli-test-2.58.0-150400.14.12.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP6 azure-cli-2.58.0-150400.14.12.1 as a component of openSUSE Leap 15.6 azure-cli-test-2.58.0-150400.14.12.1 as a component of openSUSE Leap 15.6 Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability CVE-2024-43591 SUSE Linux Enterprise Module for Public Cloud 15 SP4:azure-cli-2.58.0-150400.14.12.1 SUSE Linux Enterprise Module for Public Cloud 15 SP5:azure-cli-2.58.0-150400.14.12.1 SUSE Linux Enterprise Module for Public Cloud 15 SP6:azure-cli-2.58.0-150400.14.12.1 SUSE Linux Enterprise Module for Public Cloud 15 SP6:azure-cli-test-2.58.0-150400.14.12.1 openSUSE Leap 15.6:azure-cli-2.58.0-150400.14.12.1 openSUSE Leap 15.6:azure-cli-test-2.58.0-150400.14.12.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250751-1/ https://www.suse.com/security/cve/CVE-2024-43591.html CVE-2024-43591 https://bugzilla.suse.com/1231934 SUSE Bug 1231934 https://bugzilla.suse.com/1231971 SUSE Bug 1231971