Security update for augeas SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:1413-1 Final 1 1 2025-04-30T06:59:12Z current 2025-04-30T06:59:12Z 2025-04-30T06:59:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for augeas This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/ltss/sle15.4/bci-base:latest-2025-1413,Container suse/ltss/sle15.5/sle15:latest-2025-1413,Container suse/manager/4.3/proxy-httpd:latest-2025-1413,Container suse/manager/4.3/proxy-salt-broker:latest-2025-1413,Container suse/sle-micro-rancher/5.3:latest-2025-1413,Container suse/sle-micro-rancher/5.4:latest-2025-1413,Container suse/sle-micro/5.3/toolbox:latest-2025-1413,Container suse/sle-micro/5.4/toolbox:latest-2025-1413,Container suse/sle-micro/5.5/toolbox:latest-2025-1413,Container suse/sle-micro/base-5.5:latest-2025-1413,SUSE-2025-1413,SUSE-SLE-Micro-5.3-2025-1413,SUSE-SLE-Micro-5.4-2025-1413,SUSE-SLE-Micro-5.5-2025-1413 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20251413-1/ Link for SUSE-SU-2025:1413-1 https://lists.suse.com/pipermail/sle-updates/2025-April/039110.html E-Mail link for SUSE-SU-2025:1413-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1239909 SUSE Bug 1239909 https://www.suse.com/security/cve/CVE-2025-2588/ SUSE CVE CVE-2025-2588 page Container suse/ltss/sle15.4/bci-base:latest Container suse/ltss/sle15.5/sle15:latest Container suse/manager/4.3/proxy-httpd:latest Container suse/manager/4.3/proxy-salt-broker:latest Container suse/sle-micro-rancher/5.3:latest Container suse/sle-micro-rancher/5.4:latest Container suse/sle-micro/5.3/toolbox:latest Container suse/sle-micro/5.4/toolbox:latest Container suse/sle-micro/5.5/toolbox:latest Container suse/sle-micro/base-5.5:latest SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 libaugeas0-1.12.0-150400.3.8.1 augeas-1.12.0-150400.3.8.1 augeas-devel-1.12.0-150400.3.8.1 augeas-devel-32bit-1.12.0-150400.3.8.1 augeas-devel-64bit-1.12.0-150400.3.8.1 augeas-lense-tests-1.12.0-150400.3.8.1 augeas-lenses-1.12.0-150400.3.8.1 libaugeas0-32bit-1.12.0-150400.3.8.1 libaugeas0-64bit-1.12.0-150400.3.8.1 libaugeas0-1.12.0-150400.3.8.1 as a component of Container suse/ltss/sle15.4/bci-base:latest libaugeas0-1.12.0-150400.3.8.1 as a component of Container suse/ltss/sle15.5/sle15:latest libaugeas0-1.12.0-150400.3.8.1 as a component of Container suse/manager/4.3/proxy-httpd:latest libaugeas0-1.12.0-150400.3.8.1 as a component of Container suse/manager/4.3/proxy-salt-broker:latest libaugeas0-1.12.0-150400.3.8.1 as a component of Container suse/sle-micro-rancher/5.3:latest libaugeas0-1.12.0-150400.3.8.1 as a component of Container suse/sle-micro-rancher/5.4:latest libaugeas0-1.12.0-150400.3.8.1 as a component of Container suse/sle-micro/5.3/toolbox:latest libaugeas0-1.12.0-150400.3.8.1 as a component of Container suse/sle-micro/5.4/toolbox:latest libaugeas0-1.12.0-150400.3.8.1 as a component of Container suse/sle-micro/5.5/toolbox:latest libaugeas0-1.12.0-150400.3.8.1 as a component of Container suse/sle-micro/base-5.5:latest augeas-1.12.0-150400.3.8.1 as a component of SUSE Linux Enterprise Micro 5.3 augeas-lenses-1.12.0-150400.3.8.1 as a component of SUSE Linux Enterprise Micro 5.3 libaugeas0-1.12.0-150400.3.8.1 as a component of SUSE Linux Enterprise Micro 5.3 augeas-1.12.0-150400.3.8.1 as a component of SUSE Linux Enterprise Micro 5.4 augeas-lenses-1.12.0-150400.3.8.1 as a component of SUSE Linux Enterprise Micro 5.4 libaugeas0-1.12.0-150400.3.8.1 as a component of SUSE Linux Enterprise Micro 5.4 augeas-1.12.0-150400.3.8.1 as a component of SUSE Linux Enterprise Micro 5.5 augeas-lenses-1.12.0-150400.3.8.1 as a component of SUSE Linux Enterprise Micro 5.5 libaugeas0-1.12.0-150400.3.8.1 as a component of SUSE Linux Enterprise Micro 5.5 A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. CVE-2025-2588 Container suse/ltss/sle15.4/bci-base:latest:libaugeas0-1.12.0-150400.3.8.1 Container suse/ltss/sle15.5/sle15:latest:libaugeas0-1.12.0-150400.3.8.1 Container suse/manager/4.3/proxy-httpd:latest:libaugeas0-1.12.0-150400.3.8.1 Container suse/manager/4.3/proxy-salt-broker:latest:libaugeas0-1.12.0-150400.3.8.1 Container suse/sle-micro-rancher/5.3:latest:libaugeas0-1.12.0-150400.3.8.1 Container suse/sle-micro-rancher/5.4:latest:libaugeas0-1.12.0-150400.3.8.1 Container suse/sle-micro/5.3/toolbox:latest:libaugeas0-1.12.0-150400.3.8.1 Container suse/sle-micro/5.4/toolbox:latest:libaugeas0-1.12.0-150400.3.8.1 Container suse/sle-micro/5.5/toolbox:latest:libaugeas0-1.12.0-150400.3.8.1 Container suse/sle-micro/base-5.5:latest:libaugeas0-1.12.0-150400.3.8.1 SUSE Linux Enterprise Micro 5.3:augeas-1.12.0-150400.3.8.1 SUSE Linux Enterprise Micro 5.3:augeas-lenses-1.12.0-150400.3.8.1 SUSE Linux Enterprise Micro 5.3:libaugeas0-1.12.0-150400.3.8.1 SUSE Linux Enterprise Micro 5.4:augeas-1.12.0-150400.3.8.1 SUSE Linux Enterprise Micro 5.4:augeas-lenses-1.12.0-150400.3.8.1 SUSE Linux Enterprise Micro 5.4:libaugeas0-1.12.0-150400.3.8.1 SUSE Linux Enterprise Micro 5.5:augeas-1.12.0-150400.3.8.1 SUSE Linux Enterprise Micro 5.5:augeas-lenses-1.12.0-150400.3.8.1 SUSE Linux Enterprise Micro 5.5:libaugeas0-1.12.0-150400.3.8.1 low 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251413-1/ https://www.suse.com/security/cve/CVE-2025-2588.html CVE-2025-2588 https://bugzilla.suse.com/1239909 SUSE Bug 1239909