Security update for google-osconfig-agent SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:0611-1 Final 1 1 2025-02-21T10:37:12Z current 2025-02-21T10:37:12Z 2025-02-21T10:37:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for google-osconfig-agent This update for google-osconfig-agent fixes the following issues: - CVE-2024-45339: github.com/golang/glog: a privileged process' log file path can be easily predicted and used to overwrite other sensitive files in a system. (bsc#1236560) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP4-BYOS-2025-611,Image SLES15-SP4-BYOS-GCE-2025-611,Image SLES15-SP4-Hardened-BYOS-2025-611,Image SLES15-SP4-Hardened-BYOS-GCE-2025-611,Image SLES15-SP5-BYOS-GCE-2025-611,Image SLES15-SP5-GCE-2025-611,Image SLES15-SP5-Hardened-BYOS-GCE-2025-611,Image SLES15-SP6-2025-611,Image SLES15-SP6-BYOS-2025-611,Image SLES15-SP6-BYOS-GCE-2025-611,Image SLES15-SP6-CHOST-BYOS-GCE-2025-611,Image SLES15-SP6-GCE-2025-611,Image SLES15-SP6-Hardened-BYOS-2025-611,Image SLES15-SP6-Hardened-BYOS-GCE-2025-611,SUSE-2025-611,SUSE-SLE-Micro-5.5-2025-611,SUSE-SLE-Module-Public-Cloud-15-SP3-2025-611,SUSE-SLE-Module-Public-Cloud-15-SP4-2025-611,SUSE-SLE-Module-Public-Cloud-15-SP5-2025-611,SUSE-SLE-Module-Public-Cloud-15-SP6-2025-611,openSUSE-SLE-15.6-2025-611 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20250611-1/ Link for SUSE-SU-2025:0611-1 https://lists.suse.com/pipermail/sle-security-updates/2025-February/020396.html E-Mail link for SUSE-SU-2025:0611-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1236560 SUSE Bug 1236560 https://www.suse.com/security/cve/CVE-2024-45339/ SUSE CVE CVE-2024-45339 page Image SLES15-SP4-BYOS Image SLES15-SP4-BYOS-GCE Image SLES15-SP4-Hardened-BYOS Image SLES15-SP4-Hardened-BYOS-GCE Image SLES15-SP5-BYOS-GCE Image SLES15-SP5-GCE Image SLES15-SP5-Hardened-BYOS-GCE Image SLES15-SP6 Image SLES15-SP6-BYOS Image SLES15-SP6-BYOS-GCE Image SLES15-SP6-CHOST-BYOS-GCE Image SLES15-SP6-GCE Image SLES15-SP6-Hardened-BYOS Image SLES15-SP6-Hardened-BYOS-GCE SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Module for Public Cloud 15 SP3 SUSE Linux Enterprise Module for Public Cloud 15 SP4 SUSE Linux Enterprise Module for Public Cloud 15 SP5 SUSE Linux Enterprise Module for Public Cloud 15 SP6 openSUSE Leap 15.6 google-osconfig-agent-20250115.01-150000.1.44.1 google-osconfig-agent-20250115.01-150000.1.44.1 as a component of Image SLES15-SP4-BYOS google-osconfig-agent-20250115.01-150000.1.44.1 as a component of Image SLES15-SP4-BYOS-GCE google-osconfig-agent-20250115.01-150000.1.44.1 as a component of Image SLES15-SP4-Hardened-BYOS google-osconfig-agent-20250115.01-150000.1.44.1 as a component of Image SLES15-SP4-Hardened-BYOS-GCE google-osconfig-agent-20250115.01-150000.1.44.1 as a component of Image SLES15-SP5-BYOS-GCE google-osconfig-agent-20250115.01-150000.1.44.1 as a component of Image SLES15-SP5-GCE google-osconfig-agent-20250115.01-150000.1.44.1 as a component of Image SLES15-SP5-Hardened-BYOS-GCE google-osconfig-agent-20250115.01-150000.1.44.1 as a component of Image SLES15-SP6 google-osconfig-agent-20250115.01-150000.1.44.1 as a component of Image SLES15-SP6-BYOS google-osconfig-agent-20250115.01-150000.1.44.1 as a component of Image SLES15-SP6-BYOS-GCE google-osconfig-agent-20250115.01-150000.1.44.1 as a component of Image SLES15-SP6-CHOST-BYOS-GCE google-osconfig-agent-20250115.01-150000.1.44.1 as a component of Image SLES15-SP6-GCE google-osconfig-agent-20250115.01-150000.1.44.1 as a component of Image SLES15-SP6-Hardened-BYOS google-osconfig-agent-20250115.01-150000.1.44.1 as a component of Image SLES15-SP6-Hardened-BYOS-GCE google-osconfig-agent-20250115.01-150000.1.44.1 as a component of SUSE Linux Enterprise Micro 5.5 google-osconfig-agent-20250115.01-150000.1.44.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP3 google-osconfig-agent-20250115.01-150000.1.44.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP4 google-osconfig-agent-20250115.01-150000.1.44.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP5 google-osconfig-agent-20250115.01-150000.1.44.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP6 google-osconfig-agent-20250115.01-150000.1.44.1 as a component of openSUSE Leap 15.6 When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists. CVE-2024-45339 Image SLES15-SP4-BYOS-GCE:google-osconfig-agent-20250115.01-150000.1.44.1 Image SLES15-SP4-BYOS:google-osconfig-agent-20250115.01-150000.1.44.1 Image SLES15-SP4-Hardened-BYOS-GCE:google-osconfig-agent-20250115.01-150000.1.44.1 Image SLES15-SP4-Hardened-BYOS:google-osconfig-agent-20250115.01-150000.1.44.1 Image SLES15-SP5-BYOS-GCE:google-osconfig-agent-20250115.01-150000.1.44.1 Image SLES15-SP5-GCE:google-osconfig-agent-20250115.01-150000.1.44.1 Image SLES15-SP5-Hardened-BYOS-GCE:google-osconfig-agent-20250115.01-150000.1.44.1 Image SLES15-SP6-BYOS-GCE:google-osconfig-agent-20250115.01-150000.1.44.1 Image SLES15-SP6-BYOS:google-osconfig-agent-20250115.01-150000.1.44.1 Image SLES15-SP6-CHOST-BYOS-GCE:google-osconfig-agent-20250115.01-150000.1.44.1 Image SLES15-SP6-GCE:google-osconfig-agent-20250115.01-150000.1.44.1 Image SLES15-SP6-Hardened-BYOS-GCE:google-osconfig-agent-20250115.01-150000.1.44.1 Image SLES15-SP6-Hardened-BYOS:google-osconfig-agent-20250115.01-150000.1.44.1 Image SLES15-SP6:google-osconfig-agent-20250115.01-150000.1.44.1 SUSE Linux Enterprise Micro 5.5:google-osconfig-agent-20250115.01-150000.1.44.1 SUSE Linux Enterprise Module for Public Cloud 15 SP3:google-osconfig-agent-20250115.01-150000.1.44.1 SUSE Linux Enterprise Module for Public Cloud 15 SP4:google-osconfig-agent-20250115.01-150000.1.44.1 SUSE Linux Enterprise Module for Public Cloud 15 SP5:google-osconfig-agent-20250115.01-150000.1.44.1 SUSE Linux Enterprise Module for Public Cloud 15 SP6:google-osconfig-agent-20250115.01-150000.1.44.1 openSUSE Leap 15.6:google-osconfig-agent-20250115.01-150000.1.44.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250611-1/ https://www.suse.com/security/cve/CVE-2024-45339.html CVE-2024-45339 https://bugzilla.suse.com/1236541 SUSE Bug 1236541