{"affected":[{"ecosystem_specific":{"binaries":[{"google-guest-agent":"20250327.01-150000.1.60.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.5","name":"google-guest-agent","purl":"pkg:rpm/suse/google-guest-agent&distro=SUSE%20Linux%20Enterprise%20Micro%205.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"20250327.01-150000.1.60.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"google-guest-agent":"20250327.01-150000.1.60.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Public Cloud 15 SP3","name":"google-guest-agent","purl":"pkg:rpm/suse/google-guest-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"20250327.01-150000.1.60.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"google-guest-agent":"20250327.01-150000.1.60.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Public Cloud 15 SP4","name":"google-guest-agent","purl":"pkg:rpm/suse/google-guest-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"20250327.01-150000.1.60.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"google-guest-agent":"20250327.01-150000.1.60.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Public Cloud 15 SP5","name":"google-guest-agent","purl":"pkg:rpm/suse/google-guest-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"20250327.01-150000.1.60.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"google-guest-agent":"20250327.01-150000.1.60.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Public Cloud 15 SP6","name":"google-guest-agent","purl":"pkg:rpm/suse/google-guest-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"20250327.01-150000.1.60.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"google-guest-agent":"20250327.01-150000.1.60.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"google-guest-agent","purl":"pkg:rpm/opensuse/google-guest-agent&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"20250327.01-150000.1.60.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for google-guest-agent fixes the following issues:\n\n- CVE-2024-45337: golang.org/x/crypto/ssh: Fixed misuse of ServerConfig.PublicKeyCallback leading to authorization bypass (bsc#1234563).\n\nOther fixes:\n- Updated to version 20250327.01 (bsc#1239763, bsc#1239866)\n  * Remove error messages from gce_workload_cert_refresh and\n    metadata script runner (#527)\n- from version 20250327.00\n  * Update guest-logging-go dependency (#526)\n  * Add 'created-by' metadata, and pass it as option to logging library (#508)\n  * Revert 'oslogin: Correctly handle newlines at the end of\n    modified files (#520)' (#523)\n  * Re-enable disabled services if the core plugin was enabled (#522)\n  * Enable guest services on package upgrade (#519)\n  * oslogin: Correctly handle newlines at the end of modified files (#520)\n  * Fix core plugin path (#518)\n  * Fix package build issues (#517)\n  * Fix dependencies ran go mod tidy -v (#515)\n  * Fix debian build path (#514)\n  * Bundle compat metadata script runner binary in package (#513)\n  * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)\n  * Update startup/shutdown services to launch compat manager (#503)\n  * Bundle new gce metadata script runner binary in agent package (#502)\n  * Revert 'Revert bundling new binaries in the package (#509)' (#511)\n- from version 20250326.00\n  * Re-enable disabled services if the core plugin was enabled (#521)\n- from version 20250324.00\n  * Enable guest services on package upgrade (#519)\n  * oslogin: Correctly handle newlines at the end of modified files (#520)\n  * Fix core plugin path (#518)\n  * Fix package build issues (#517)\n  * Fix dependencies ran go mod tidy -v (#515)\n  * Fix debian build path (#514)\n  * Bundle compat metadata script runner binary in package (#513)\n  * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)\n  * Update startup/shutdown services to launch compat manager (#503)\n  * Bundle new gce metadata script runner binary in agent package (#502)\n  * Revert 'Revert bundling new binaries in the package (#509)' (#511)\n  * Revert bundling new binaries in the package (#509)\n  * Fix typo in windows build script (#501)\n  * Include core plugin binary for all packages (#500)\n  * Start packaging compat manager (#498)\n  * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)\n  * scripts: introduce a wrapper to locally build deb package (#490)\n  * Introduce compat-manager systemd unit (#497)\n- from version 20250317.00\n  * Revert 'Revert bundling new binaries in the package (#509)' (#511)\n  * Revert bundling new binaries in the package (#509)\n  * Fix typo in windows build script (#501)\n  * Include core plugin binary for all packages (#500)\n  * Start packaging compat manager (#498)\n  * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)\n  * scripts: introduce a wrapper to locally build deb package (#490)\n  * Introduce compat-manager systemd unit (#497)\n- from version 20250312.00\n  * Revert bundling new binaries in the package (#509)\n  * Fix typo in windows build script (#501)\n  * Include core plugin binary for all packages (#500)\n  * Update crypto library to fix  CVE-2024-45337 (#499)\n  * Start packaging compat manager (#498)\n  * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)\n  * scripts: introduce a wrapper to locally build deb package (#490)\n  * Introduce compat-manager systemd unit (#497)\n- from version 20250305.00\n  * Revert bundling new binaries in the package (#509)\n  * Fix typo in windows build script (#501)\n  * Include core plugin binary for all packages (#500)\n  * Start packaging compat manager (#498)\n  * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)\n  * scripts: introduce a wrapper to locally build deb package (#490)\n  * Introduce compat-manager systemd unit (#497)\n- from version 20250304.01\n  * Fix typo in windows build script (#501)\n- from version 20250214.01\n  * Include core plugin binary for all packages (#500)\n- from version 20250214.00\n  * Update crypto library to fix  CVE-2024-45337 (#499)\n- from version 20250212.00\n  * Start packaging compat manager (#498)\n  * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)\n- from version 20250211.00\n  * scripts: introduce a wrapper to locally build deb package (#490)\n  * Introduce compat-manager systemd unit (#497)\n- from version 20250207.00\n  * vlan: toggle vlan configuration in debian packaging (#495)\n  * vlan: move config out of unstable section (#494)\n  * Add clarification to comments regarding invalid NICs and the\n    `invalid` tag. (#493)\n  * Include interfaces in lists even if it has an invalid MAC. (#489)\n  * Fix windows package build failures (#491)\n  * vlan: don't index based on the vlan ID (#486)\n  * Revert PR #482 (#488)\n  * Remove Amy and Zach from OWNERS (#487)\n  * Skip interfaces in interfaceNames() instead of erroring if there is an (#482)\n  * Fix Debian packaging if guest agent manager is not checked out (#485)\n- from version 20250204.02\n  * force concourse to move version forward.\n- from version 20250204.01\n  * vlan: toggle vlan configuration in debian packaging (#495)\n- from version 20250204.00\n  * vlan: move config out of unstable section (#494)\n  * Add clarification to comments regarding invalid NICs and the\n    `invalid` tag. (#493)\n- from version 20250203.01\n  * Include interfaces in lists even if it has an invalid MAC. (#489)\n- from version 20250203.00\n  * Fix windows package build failures (#491)\n  * vlan: don't index based on the vlan ID (#486)\n  * Revert PR #482 (#488)\n  * Remove Amy and Zach from OWNERS (#487)\n  * Skip interfaces in interfaceNames() instead of erroring if there is an (#482)\n  * Fix Debian packaging if guest agent manager is not checked out (#485)\n- from version 20250122.00\n  * networkd(vlan): remove the interface in addition to config (#468)\n  * Implement support for vlan dynamic removal, update dhclient to\n    remove only if configured (#465)\n  * Update logging library (#479)\n  * Remove Pat from owners file. (#478)\n","id":"SUSE-SU-2025:1143-1","modified":"2025-04-04T13:31:31Z","published":"2025-04-04T13:31:31Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20251143-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234563"},{"type":"REPORT","url":"https://bugzilla.suse.com/1239763"},{"type":"REPORT","url":"https://bugzilla.suse.com/1239866"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-45337"}],"related":["CVE-2024-45337"],"summary":"Security update for google-guest-agent","upstream":["CVE-2024-45337"]}