SUSE-IU-2025:2020-1: Security update of sles-15-sp4-chost-byos-v20250721-arm64
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Jul 22 09:13:10 UTC 2025
SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20250721-arm64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:2020-1
Image Tags : sles-15-sp4-chost-byos-v20250721-arm64:20250721
Image Release :
Severity : important
Type : security
References : 1027519 1065729 1165294 1170891 1173139 1180814 1183663 1183682
1184350 1185010 1185551 1187939 1188441 1189788 1190336 1190358
1190428 1190768 1190786 1193173 1193629 1193629 1193629 1193629
1194111 1194765 1194869 1194869 1194904 1195823 1196261 1196444
1196516 1196894 1197158 1197174 1197227 1197246 1197302 1197331
1197472 1197661 1197926 1198017 1198019 1198021 1198240 1198577
1198660 1199657 1199853 1200045 1200571 1200807 1200809 1200810
1200824 1200825 1200871 1200872 1201193 1201218 1201323 1201381
1201610 1201855 1202672 1202711 1202712 1202771 1202774 1202778
1202781 1203360 1203617 1203699 1203769 1204171 1204171 1204549
1204569 1204619 1204705 1204720 1205282 1205796 1206006 1206048
1206049 1206051 1206073 1206132 1206188 1206258 1206344 1206649
1206886 1206887 1207034 1207157 1207158 1207186 1207593 1207640
1207878 1208542 1208995 1209262 1209290 1209292 1209547 1209556
1209684 1209788 1209798 1210050 1210337 1210382 1210449 1210627
1210647 1210763 1210767 1210959 1211263 1211465 1211547 1213012
1213013 1213034 1213094 1213096 1213167 1213291 1213946 1214290
1214713 1214715 1214915 1214991 1215304 1216049 1216091 1216091
1216146 1216147 1216150 1216151 1216223 1216223 1216228 1216229
1216230 1216231 1216232 1216233 1216241 1216388 1216522 1216813
1216827 1216834 1217070 1217287 1217339 1217761 1218069 1218201
1218282 1218324 1218470 1218562 1218644 1218812 1218814 1219007
1219031 1219241 1219454 1219639 1220262 1220382 1220382 1220718
1220724 1220946 1221202 1221309 1221326 1221601 1221645 1221757
1222021 1222044 1222296 1222453 1222590 1222650 1222878 1222896
1223191 1223330 1223384 1223524 1223600 1223824 1223958 1224105
1224700 1225189 1225272 1225336 1225451 1225462 1225611 1225742
1225742 1225974 1226586 1226666 1227127 1227216 1227233 1227355
1227378 1227487 1227807 1227832 1227999 1228020 1228114 1228265
1228324 1228337 1228434 1228466 1228466 1228466 1228483 1228489
1228516 1228553 1228574 1228575 1228576 1228634 1228647 1228661
1228708 1228718 1228743 1228776 1228779 1228780 1228801 1228866
1228959 1228966 1229014 1229028 1229042 1229106 1229292 1229345
1229400 1229407 1229452 1229454 1229454 1229456 1229476 1229500
1229503 1229506 1229507 1229508 1229509 1229510 1229512 1229516
1229522 1229526 1229528 1229531 1229533 1229535 1229536 1229537
1229540 1229544 1229554 1229555 1229555 1229556 1229557 1229565
1229566 1229568 1229581 1229596 1229598 1229603 1229604 1229608
1229611 1229612 1229613 1229614 1229617 1229619 1229620 1229622
1229623 1229624 1229625 1229626 1229628 1229629 1229630 1229631
1229633 1229635 1229636 1229637 1229638 1229639 1229641 1229642
1229643 1229645 1229657 1229662 1229664 1229685 1229707 1229745
1229792 1229806 1229808 1229822 1229947 1230015 1230078 1230092
1230145 1230220 1230227 1230229 1230245 1230267 1230267 1230272
1230294 1230316 1230331 1230333 1230366 1230371 1230398 1230413
1230429 1230434 1230442 1230454 1230507 1230516 1230600 1230620
1230625 1230697 1230697 1230715 1230767 1230771 1230795 1230894
1230903 1230906 1230911 1230912 1230972 1230984 1231016 1231016
1231043 1231060 1231073 1231185 1231191 1231193 1231195 1231197
1231200 1231203 1231229 1231293 1231328 1231348 1231375 1231375
1231396 1231423 1231472 1231502 1231610 1231646 1231661 1231673
1231775 1231775 1231775 1231776 1231776 1231776 1231795 1231829
1231833 1231838 1231846 1231847 1231861 1231883 1231885 1231887
1231888 1231890 1231892 1231893 1231895 1231896 1231897 1231929
1231936 1231937 1231938 1231939 1231940 1231941 1231942 1231958
1231960 1231961 1231962 1231972 1231976 1231979 1231987 1231988
1231991 1231992 1231995 1231996 1231997 1232001 1232005 1232006
1232007 1232024 1232024 1232025 1232026 1232033 1232035 1232036
1232037 1232038 1232039 1232067 1232069 1232070 1232071 1232097
1232108 1232119 1232120 1232123 1232133 1232136 1232145 1232150
1232163 1232165 1232170 1232172 1232174 1232187 1232224 1232229
1232234 1232234 1232237 1232241 1232260 1232262 1232281 1232282
1232286 1232304 1232312 1232383 1232395 1232418 1232424 1232432
1232436 1232436 1232458 1232519 1232528 1232533 1232542 1232579
1232622 1232624 1232649 1232860 1232905 1232907 1232919 1232919
1232928 1232999 1233070 1233070 1233112 1233117 1233214 1233282
1233293 1233307 1233307 1233393 1233420 1233453 1233456 1233463
1233468 1233479 1233479 1233490 1233491 1233499 1233555 1233557
1233557 1233558 1233561 1233606 1233608 1233609 1233610 1233612
1233613 1233614 1233615 1233616 1233617 1233625 1233626 1233642
1233642 1233726 1233773 1233819 1233977 1234025 1234068 1234089
1234128 1234154 1234254 1234255 1234273 1234281 1234282 1234282
1234289 1234293 1234383 1234452 1234452 1234464 1234563 1234690
1234708 1234749 1234752 1234798 1234846 1234853 1234853 1234884
1234887 1234891 1234891 1234896 1234921 1234931 1234958 1234960
1234963 1234963 1235004 1235035 1235054 1235054 1235056 1235061
1235061 1235073 1235073 1235100 1235134 1235217 1235220 1235224
1235230 1235246 1235249 1235430 1235433 1235441 1235451 1235466
1235480 1235481 1235507 1235521 1235528 1235584 1235598 1235606
1235636 1235645 1235664 1235695 1235723 1235751 1235759 1235764
1235814 1235818 1235920 1235969 1236033 1236136 1236151 1236282
1236316 1236317 1236384 1236403 1236406 1236407 1236460 1236481
1236560 1236588 1236590 1236596 1236619 1236628 1236661 1236675
1236677 1236705 1236757 1236758 1236760 1236761 1236779 1236820
1236842 1236878 1236939 1236974 1236983 1237002 1237006 1237008
1237009 1237010 1237011 1237012 1237013 1237014 1237025 1237028
1237029 1237040 1237044 1237137 1237139 1237172 1237230 1237294
1237316 1237335 1237363 1237367 1237370 1237418 1237521 1237530
1237587 1237693 1237718 1237721 1237722 1237723 1237724 1237725
1237726 1237727 1237728 1237729 1237734 1237735 1237736 1237737
1237738 1237739 1237740 1237742 1237743 1237745 1237746 1237748
1237751 1237752 1237753 1237755 1237759 1237761 1237763 1237766
1237767 1237768 1237774 1237775 1237778 1237779 1237780 1237782
1237783 1237784 1237785 1237786 1237787 1237788 1237789 1237795
1237797 1237798 1237807 1237808 1237810 1237812 1237813 1237814
1237815 1237817 1237818 1237821 1237823 1237824 1237826 1237827
1237829 1237831 1237835 1237836 1237837 1237839 1237840 1237845
1237846 1237865 1237868 1237872 1237875 1237877 1237890 1237892
1237903 1237904 1237916 1237918 1237922 1237925 1237926 1237929
1237931 1237932 1237933 1237937 1237939 1237940 1237941 1237942
1237946 1237949 1237951 1237952 1237954 1237955 1237957 1237958
1237959 1237960 1237961 1237963 1237965 1237966 1237967 1237968
1237969 1237970 1237971 1237973 1237975 1237976 1237978 1237979
1237981 1237983 1237984 1237986 1237987 1237990 1237996 1237997
1237998 1237999 1238000 1238003 1238006 1238007 1238010 1238011
1238012 1238013 1238014 1238016 1238017 1238018 1238019 1238021
1238022 1238024 1238030 1238032 1238033 1238036 1238037 1238041
1238043 1238046 1238047 1238071 1238077 1238079 1238080 1238089
1238090 1238091 1238092 1238096 1238097 1238099 1238103 1238105
1238106 1238108 1238110 1238111 1238112 1238113 1238115 1238116
1238120 1238123 1238125 1238126 1238127 1238131 1238134 1238135
1238138 1238139 1238140 1238142 1238144 1238146 1238147 1238149
1238150 1238155 1238156 1238157 1238158 1238162 1238166 1238167
1238168 1238169 1238170 1238171 1238172 1238175 1238176 1238177
1238180 1238181 1238183 1238184 1238228 1238229 1238231 1238234
1238235 1238236 1238238 1238239 1238241 1238242 1238243 1238244
1238246 1238247 1238248 1238249 1238253 1238255 1238256 1238257
1238260 1238262 1238263 1238264 1238266 1238267 1238268 1238269
1238270 1238271 1238272 1238274 1238275 1238276 1238277 1238278
1238279 1238281 1238282 1238283 1238284 1238286 1238287 1238288
1238289 1238292 1238293 1238295 1238298 1238301 1238302 1238306
1238307 1238308 1238309 1238311 1238313 1238315 1238326 1238327
1238328 1238331 1238333 1238334 1238336 1238337 1238338 1238339
1238343 1238345 1238372 1238373 1238374 1238376 1238377 1238381
1238382 1238383 1238386 1238387 1238388 1238389 1238390 1238391
1238392 1238393 1238394 1238395 1238396 1238397 1238400 1238410
1238411 1238413 1238415 1238416 1238417 1238418 1238419 1238420
1238423 1238428 1238429 1238430 1238431 1238432 1238433 1238434
1238435 1238436 1238437 1238440 1238441 1238442 1238443 1238444
1238445 1238446 1238447 1238453 1238454 1238458 1238459 1238462
1238463 1238465 1238467 1238469 1238471 1238512 1238533 1238536
1238538 1238539 1238540 1238543 1238545 1238546 1238556 1238557
1238599 1238600 1238601 1238602 1238605 1238612 1238615 1238617
1238618 1238619 1238621 1238623 1238625 1238626 1238630 1238631
1238632 1238633 1238635 1238636 1238638 1238639 1238640 1238641
1238642 1238643 1238645 1238646 1238647 1238650 1238653 1238654
1238655 1238662 1238663 1238664 1238666 1238668 1238705 1238707
1238710 1238712 1238718 1238719 1238721 1238722 1238727 1238729
1238747 1238750 1238787 1238789 1238792 1238799 1238804 1238805
1238808 1238809 1238811 1238814 1238815 1238816 1238817 1238818
1238819 1238821 1238823 1238825 1238830 1238834 1238835 1238836
1238838 1238865 1238867 1238868 1238869 1238870 1238871 1238878
1238889 1238892 1238893 1238896 1238897 1238898 1238899 1238902
1238911 1238916 1238919 1238925 1238930 1238933 1238936 1238937
1238938 1238939 1238943 1238945 1238948 1238949 1238950 1238951
1238952 1238954 1238956 1238957 1239001 1239004 1239012 1239016
1239035 1239036 1239040 1239041 1239051 1239060 1239061 1239070
1239071 1239073 1239076 1239109 1239115 1239126 1239185 1239197
1239197 1239322 1239452 1239454 1239465 1239543 1239602 1239618
1239663 1239680 1239749 1239763 1239765 1239809 1239866 1239909
1239948 1239968 1239968 1239969 1240009 1240132 1240133 1240150
1240177 1240188 1240195 1240195 1240205 1240207 1240208 1240210
1240212 1240213 1240218 1240220 1240227 1240229 1240231 1240242
1240245 1240247 1240250 1240254 1240256 1240264 1240266 1240272
1240275 1240276 1240278 1240279 1240280 1240281 1240282 1240283
1240284 1240286 1240288 1240290 1240292 1240293 1240297 1240304
1240308 1240309 1240317 1240318 1240322 1240343 1240343 1240529
1240553 1240648 1240747 1240802 1240835 1240869 1240897 1241012
1241020 1241045 1241078 1241112 1241189 1241280 1241371 1241421
1241433 1241453 1241463 1241525 1241526 1241541 1241551 1241640
1241648 1241678 1241830 1242114 1242147 1242150 1242151 1242154
1242157 1242158 1242164 1242165 1242169 1242215 1242218 1242219
1242222 1242226 1242227 1242228 1242229 1242230 1242231 1242232
1242237 1242239 1242241 1242244 1242245 1242248 1242261 1242264
1242265 1242270 1242276 1242279 1242280 1242281 1242282 1242284
1242285 1242289 1242294 1242300 1242305 1242312 1242320 1242338
1242352 1242353 1242355 1242357 1242358 1242361 1242365 1242366
1242369 1242370 1242371 1242372 1242377 1242378 1242380 1242382
1242385 1242387 1242389 1242391 1242392 1242394 1242398 1242399
1242402 1242403 1242409 1242411 1242415 1242416 1242421 1242422
1242426 1242428 1242440 1242443 1242449 1242452 1242453 1242454
1242455 1242456 1242458 1242464 1242467 1242469 1242473 1242478
1242481 1242484 1242489 1242493 1242497 1242527 1242542 1242544
1242545 1242547 1242548 1242549 1242550 1242551 1242558 1242570
1242580 1242586 1242589 1242596 1242597 1242685 1242686 1242688
1242689 1242695 1242716 1242733 1242734 1242735 1242736 1242739
1242743 1242744 1242745 1242746 1242747 1242749 1242752 1242753
1242756 1242759 1242762 1242765 1242767 1242778 1242779 1242790
1242791 1242842 1242844 1243047 1243117 1243133 1243226 1243226
1243254 1243284 1243313 1243317 1243450 1243488 1243505 1243649
1243660 1243737 1243767 1243772 1243833 1243887 1243901 1243919
1243997 1244035 1244079 1244105 1244304 1244503 1244509 1244554
1244557 1244590 1244644 1244700 1245274 1245309 1245310 1245311
1245314 1246112 CVE-2017-5753 CVE-2021-31879 CVE-2021-4441 CVE-2021-4453
CVE-2021-4454 CVE-2021-47202 CVE-2021-47416 CVE-2021-47534 CVE-2021-47631
CVE-2021-47632 CVE-2021-47633 CVE-2021-47635 CVE-2021-47636 CVE-2021-47637
CVE-2021-47638 CVE-2021-47639 CVE-2021-47641 CVE-2021-47642 CVE-2021-47643
CVE-2021-47644 CVE-2021-47645 CVE-2021-47646 CVE-2021-47647 CVE-2021-47648
CVE-2021-47649 CVE-2021-47650 CVE-2021-47651 CVE-2021-47652 CVE-2021-47653
CVE-2021-47654 CVE-2021-47656 CVE-2021-47657 CVE-2021-47659 CVE-2021-47671
CVE-2022-0168 CVE-2022-0995 CVE-2022-1016 CVE-2022-1048 CVE-2022-1184
CVE-2022-2977 CVE-2022-29900 CVE-2022-29901 CVE-2022-3303 CVE-2022-3435
CVE-2022-3435 CVE-2022-3564 CVE-2022-3619 CVE-2022-3640 CVE-2022-4382
CVE-2022-45934 CVE-2022-48664 CVE-2022-48868 CVE-2022-48869 CVE-2022-48870
CVE-2022-48871 CVE-2022-48872 CVE-2022-48873 CVE-2022-48875 CVE-2022-48878
CVE-2022-48879 CVE-2022-48880 CVE-2022-48890 CVE-2022-48891 CVE-2022-48896
CVE-2022-48898 CVE-2022-48899 CVE-2022-48903 CVE-2022-48904 CVE-2022-48905
CVE-2022-48907 CVE-2022-48909 CVE-2022-48911 CVE-2022-48912 CVE-2022-48913
CVE-2022-48914 CVE-2022-48915 CVE-2022-48916 CVE-2022-48917 CVE-2022-48918
CVE-2022-48919 CVE-2022-48921 CVE-2022-48923 CVE-2022-48924 CVE-2022-48925
CVE-2022-48926 CVE-2022-48927 CVE-2022-48928 CVE-2022-48929 CVE-2022-48930
CVE-2022-48931 CVE-2022-48932 CVE-2022-48934 CVE-2022-48935 CVE-2022-48937
CVE-2022-48938 CVE-2022-48941 CVE-2022-48942 CVE-2022-48943 CVE-2022-48944
CVE-2022-48945 CVE-2022-48946 CVE-2022-48947 CVE-2022-48948 CVE-2022-48949
CVE-2022-48951 CVE-2022-48953 CVE-2022-48954 CVE-2022-48955 CVE-2022-48956
CVE-2022-48959 CVE-2022-48960 CVE-2022-48961 CVE-2022-48962 CVE-2022-48967
CVE-2022-48968 CVE-2022-48969 CVE-2022-48970 CVE-2022-48971 CVE-2022-48972
CVE-2022-48973 CVE-2022-48975 CVE-2022-48977 CVE-2022-48978 CVE-2022-48981
CVE-2022-48985 CVE-2022-48987 CVE-2022-48988 CVE-2022-48991 CVE-2022-48992
CVE-2022-48994 CVE-2022-48995 CVE-2022-48997 CVE-2022-48999 CVE-2022-49000
CVE-2022-49002 CVE-2022-49003 CVE-2022-49005 CVE-2022-49006 CVE-2022-49007
CVE-2022-49010 CVE-2022-49011 CVE-2022-49012 CVE-2022-49014 CVE-2022-49015
CVE-2022-49016 CVE-2022-49019 CVE-2022-49021 CVE-2022-49022 CVE-2022-49023
CVE-2022-49024 CVE-2022-49025 CVE-2022-49026 CVE-2022-49027 CVE-2022-49028
CVE-2022-49029 CVE-2022-49031 CVE-2022-49032 CVE-2022-49035 CVE-2022-49043
CVE-2022-49044 CVE-2022-49050 CVE-2022-49051 CVE-2022-49053 CVE-2022-49054
CVE-2022-49055 CVE-2022-49058 CVE-2022-49059 CVE-2022-49060 CVE-2022-49061
CVE-2022-49063 CVE-2022-49065 CVE-2022-49066 CVE-2022-49073 CVE-2022-49074
CVE-2022-49076 CVE-2022-49078 CVE-2022-49080 CVE-2022-49082 CVE-2022-49083
CVE-2022-49084 CVE-2022-49085 CVE-2022-49086 CVE-2022-49088 CVE-2022-49089
CVE-2022-49090 CVE-2022-49091 CVE-2022-49092 CVE-2022-49093 CVE-2022-49095
CVE-2022-49096 CVE-2022-49097 CVE-2022-49098 CVE-2022-49099 CVE-2022-49100
CVE-2022-49102 CVE-2022-49103 CVE-2022-49104 CVE-2022-49105 CVE-2022-49106
CVE-2022-49107 CVE-2022-49109 CVE-2022-49110 CVE-2022-49111 CVE-2022-49112
CVE-2022-49113 CVE-2022-49114 CVE-2022-49115 CVE-2022-49116 CVE-2022-49118
CVE-2022-49119 CVE-2022-49120 CVE-2022-49121 CVE-2022-49122 CVE-2022-49126
CVE-2022-49128 CVE-2022-49129 CVE-2022-49130 CVE-2022-49131 CVE-2022-49132
CVE-2022-49135 CVE-2022-49137 CVE-2022-49139 CVE-2022-49145 CVE-2022-49147
CVE-2022-49148 CVE-2022-49151 CVE-2022-49153 CVE-2022-49154 CVE-2022-49155
CVE-2022-49156 CVE-2022-49157 CVE-2022-49158 CVE-2022-49159 CVE-2022-49160
CVE-2022-49162 CVE-2022-49163 CVE-2022-49164 CVE-2022-49165 CVE-2022-49174
CVE-2022-49175 CVE-2022-49176 CVE-2022-49177 CVE-2022-49179 CVE-2022-49180
CVE-2022-49182 CVE-2022-49185 CVE-2022-49187 CVE-2022-49188 CVE-2022-49189
CVE-2022-49193 CVE-2022-49194 CVE-2022-49196 CVE-2022-49199 CVE-2022-49200
CVE-2022-49201 CVE-2022-49206 CVE-2022-49208 CVE-2022-49212 CVE-2022-49213
CVE-2022-49214 CVE-2022-49216 CVE-2022-49217 CVE-2022-49218 CVE-2022-49221
CVE-2022-49222 CVE-2022-49224 CVE-2022-49226 CVE-2022-49227 CVE-2022-49232
CVE-2022-49235 CVE-2022-49236 CVE-2022-49239 CVE-2022-49241 CVE-2022-49242
CVE-2022-49243 CVE-2022-49244 CVE-2022-49246 CVE-2022-49247 CVE-2022-49248
CVE-2022-49249 CVE-2022-49250 CVE-2022-49251 CVE-2022-49252 CVE-2022-49253
CVE-2022-49254 CVE-2022-49256 CVE-2022-49257 CVE-2022-49258 CVE-2022-49259
CVE-2022-49260 CVE-2022-49261 CVE-2022-49262 CVE-2022-49263 CVE-2022-49264
CVE-2022-49265 CVE-2022-49266 CVE-2022-49268 CVE-2022-49269 CVE-2022-49270
CVE-2022-49271 CVE-2022-49272 CVE-2022-49273 CVE-2022-49274 CVE-2022-49275
CVE-2022-49276 CVE-2022-49277 CVE-2022-49278 CVE-2022-49279 CVE-2022-49280
CVE-2022-49281 CVE-2022-49283 CVE-2022-49285 CVE-2022-49286 CVE-2022-49287
CVE-2022-49288 CVE-2022-49290 CVE-2022-49291 CVE-2022-49292 CVE-2022-49293
CVE-2022-49294 CVE-2022-49295 CVE-2022-49297 CVE-2022-49298 CVE-2022-49299
CVE-2022-49300 CVE-2022-49301 CVE-2022-49302 CVE-2022-49304 CVE-2022-49305
CVE-2022-49307 CVE-2022-49308 CVE-2022-49309 CVE-2022-49310 CVE-2022-49311
CVE-2022-49312 CVE-2022-49313 CVE-2022-49314 CVE-2022-49315 CVE-2022-49316
CVE-2022-49319 CVE-2022-49320 CVE-2022-49321 CVE-2022-49322 CVE-2022-49323
CVE-2022-49326 CVE-2022-49327 CVE-2022-49328 CVE-2022-49331 CVE-2022-49332
CVE-2022-49335 CVE-2022-49336 CVE-2022-49337 CVE-2022-49339 CVE-2022-49341
CVE-2022-49342 CVE-2022-49343 CVE-2022-49345 CVE-2022-49346 CVE-2022-49347
CVE-2022-49348 CVE-2022-49349 CVE-2022-49350 CVE-2022-49351 CVE-2022-49352
CVE-2022-49354 CVE-2022-49356 CVE-2022-49357 CVE-2022-49367 CVE-2022-49368
CVE-2022-49370 CVE-2022-49371 CVE-2022-49373 CVE-2022-49375 CVE-2022-49376
CVE-2022-49377 CVE-2022-49378 CVE-2022-49379 CVE-2022-49381 CVE-2022-49382
CVE-2022-49384 CVE-2022-49385 CVE-2022-49386 CVE-2022-49389 CVE-2022-49392
CVE-2022-49394 CVE-2022-49396 CVE-2022-49397 CVE-2022-49398 CVE-2022-49399
CVE-2022-49400 CVE-2022-49402 CVE-2022-49404 CVE-2022-49407 CVE-2022-49409
CVE-2022-49410 CVE-2022-49411 CVE-2022-49412 CVE-2022-49413 CVE-2022-49414
CVE-2022-49416 CVE-2022-49418 CVE-2022-49421 CVE-2022-49422 CVE-2022-49424
CVE-2022-49426 CVE-2022-49427 CVE-2022-49429 CVE-2022-49430 CVE-2022-49431
CVE-2022-49432 CVE-2022-49433 CVE-2022-49434 CVE-2022-49435 CVE-2022-49437
CVE-2022-49438 CVE-2022-49440 CVE-2022-49441 CVE-2022-49442 CVE-2022-49443
CVE-2022-49444 CVE-2022-49445 CVE-2022-49447 CVE-2022-49448 CVE-2022-49449
CVE-2022-49451 CVE-2022-49453 CVE-2022-49455 CVE-2022-49459 CVE-2022-49460
CVE-2022-49462 CVE-2022-49463 CVE-2022-49465 CVE-2022-49466 CVE-2022-49467
CVE-2022-49468 CVE-2022-49472 CVE-2022-49473 CVE-2022-49474 CVE-2022-49475
CVE-2022-49477 CVE-2022-49478 CVE-2022-49480 CVE-2022-49481 CVE-2022-49482
CVE-2022-49486 CVE-2022-49487 CVE-2022-49488 CVE-2022-49489 CVE-2022-49490
CVE-2022-49491 CVE-2022-49492 CVE-2022-49493 CVE-2022-49494 CVE-2022-49495
CVE-2022-49498 CVE-2022-49501 CVE-2022-49502 CVE-2022-49503 CVE-2022-49504
CVE-2022-49505 CVE-2022-49506 CVE-2022-49507 CVE-2022-49508 CVE-2022-49509
CVE-2022-49512 CVE-2022-49514 CVE-2022-49515 CVE-2022-49517 CVE-2022-49519
CVE-2022-49520 CVE-2022-49521 CVE-2022-49522 CVE-2022-49523 CVE-2022-49524
CVE-2022-49525 CVE-2022-49526 CVE-2022-49527 CVE-2022-49532 CVE-2022-49534
CVE-2022-49535 CVE-2022-49536 CVE-2022-49537 CVE-2022-49541 CVE-2022-49542
CVE-2022-49544 CVE-2022-49545 CVE-2022-49546 CVE-2022-49549 CVE-2022-49551
CVE-2022-49555 CVE-2022-49556 CVE-2022-49559 CVE-2022-49562 CVE-2022-49563
CVE-2022-49564 CVE-2022-49566 CVE-2022-49568 CVE-2022-49569 CVE-2022-49570
CVE-2022-49579 CVE-2022-49581 CVE-2022-49583 CVE-2022-49584 CVE-2022-49591
CVE-2022-49592 CVE-2022-49603 CVE-2022-49605 CVE-2022-49606 CVE-2022-49607
CVE-2022-49609 CVE-2022-49610 CVE-2022-49611 CVE-2022-49613 CVE-2022-49615
CVE-2022-49616 CVE-2022-49617 CVE-2022-49618 CVE-2022-49621 CVE-2022-49623
CVE-2022-49625 CVE-2022-49626 CVE-2022-49627 CVE-2022-49628 CVE-2022-49631
CVE-2022-49634 CVE-2022-49640 CVE-2022-49641 CVE-2022-49642 CVE-2022-49643
CVE-2022-49644 CVE-2022-49645 CVE-2022-49646 CVE-2022-49647 CVE-2022-49648
CVE-2022-49649 CVE-2022-49650 CVE-2022-49652 CVE-2022-49653 CVE-2022-49656
CVE-2022-49657 CVE-2022-49661 CVE-2022-49663 CVE-2022-49665 CVE-2022-49667
CVE-2022-49668 CVE-2022-49670 CVE-2022-49671 CVE-2022-49672 CVE-2022-49673
CVE-2022-49674 CVE-2022-49675 CVE-2022-49676 CVE-2022-49677 CVE-2022-49678
CVE-2022-49679 CVE-2022-49680 CVE-2022-49683 CVE-2022-49685 CVE-2022-49687
CVE-2022-49688 CVE-2022-49693 CVE-2022-49695 CVE-2022-49699 CVE-2022-49700
CVE-2022-49701 CVE-2022-49703 CVE-2022-49704 CVE-2022-49705 CVE-2022-49707
CVE-2022-49708 CVE-2022-49710 CVE-2022-49711 CVE-2022-49712 CVE-2022-49713
CVE-2022-49714 CVE-2022-49715 CVE-2022-49716 CVE-2022-49719 CVE-2022-49720
CVE-2022-49721 CVE-2022-49722 CVE-2022-49723 CVE-2022-49724 CVE-2022-49725
CVE-2022-49726 CVE-2022-49729 CVE-2022-49730 CVE-2022-49731 CVE-2022-49733
CVE-2022-49739 CVE-2022-49741 CVE-2022-49746 CVE-2022-49748 CVE-2022-49751
CVE-2022-49753 CVE-2022-49755 CVE-2022-49759 CVE-2022-49767 CVE-2022-49769
CVE-2022-49770 CVE-2022-49771 CVE-2022-49772 CVE-2022-49775 CVE-2022-49776
CVE-2022-49777 CVE-2022-49779 CVE-2022-49783 CVE-2022-49787 CVE-2022-49788
CVE-2022-49789 CVE-2022-49790 CVE-2022-49792 CVE-2022-49793 CVE-2022-49794
CVE-2022-49796 CVE-2022-49797 CVE-2022-49799 CVE-2022-49800 CVE-2022-49801
CVE-2022-49802 CVE-2022-49807 CVE-2022-49809 CVE-2022-49810 CVE-2022-49812
CVE-2022-49813 CVE-2022-49818 CVE-2022-49821 CVE-2022-49822 CVE-2022-49823
CVE-2022-49824 CVE-2022-49825 CVE-2022-49826 CVE-2022-49827 CVE-2022-49830
CVE-2022-49832 CVE-2022-49834 CVE-2022-49835 CVE-2022-49836 CVE-2022-49839
CVE-2022-49841 CVE-2022-49842 CVE-2022-49845 CVE-2022-49846 CVE-2022-49850
CVE-2022-49853 CVE-2022-49858 CVE-2022-49860 CVE-2022-49861 CVE-2022-49863
CVE-2022-49864 CVE-2022-49865 CVE-2022-49868 CVE-2022-49869 CVE-2022-49870
CVE-2022-49871 CVE-2022-49874 CVE-2022-49879 CVE-2022-49880 CVE-2022-49881
CVE-2022-49885 CVE-2022-49887 CVE-2022-49888 CVE-2022-49889 CVE-2022-49890
CVE-2022-49891 CVE-2022-49892 CVE-2022-49900 CVE-2022-49905 CVE-2022-49906
CVE-2022-49908 CVE-2022-49909 CVE-2022-49910 CVE-2022-49915 CVE-2022-49916
CVE-2022-49922 CVE-2022-49923 CVE-2022-49924 CVE-2022-49925 CVE-2022-49927
CVE-2022-49928 CVE-2022-49931 CVE-2023-0179 CVE-2023-1192 CVE-2023-1652
CVE-2023-1990 CVE-2023-2162 CVE-2023-2166 CVE-2023-28327 CVE-2023-28410
CVE-2023-3567 CVE-2023-4016 CVE-2023-45142 CVE-2023-47108 CVE-2023-50782
CVE-2023-52489 CVE-2023-52572 CVE-2023-52766 CVE-2023-52800 CVE-2023-52881
CVE-2023-52893 CVE-2023-52894 CVE-2023-52896 CVE-2023-52898 CVE-2023-52900
CVE-2023-52901 CVE-2023-52905 CVE-2023-52907 CVE-2023-52911 CVE-2023-52919
CVE-2023-52922 CVE-2023-52930 CVE-2023-52933 CVE-2023-52935 CVE-2023-52939
CVE-2023-52941 CVE-2023-52973 CVE-2023-52974 CVE-2023-52975 CVE-2023-52976
CVE-2023-52979 CVE-2023-52983 CVE-2023-52984 CVE-2023-52988 CVE-2023-52989
CVE-2023-52992 CVE-2023-52993 CVE-2023-53000 CVE-2023-53005 CVE-2023-53006
CVE-2023-53007 CVE-2023-53008 CVE-2023-53010 CVE-2023-53015 CVE-2023-53016
CVE-2023-53019 CVE-2023-53023 CVE-2023-53024 CVE-2023-53025 CVE-2023-53026
CVE-2023-53028 CVE-2023-53029 CVE-2023-53030 CVE-2023-53033 CVE-2023-53035
CVE-2023-53038 CVE-2023-53039 CVE-2023-53040 CVE-2023-53041 CVE-2023-53044
CVE-2023-53045 CVE-2023-53049 CVE-2023-53051 CVE-2023-53052 CVE-2023-53054
CVE-2023-53056 CVE-2023-53058 CVE-2023-53059 CVE-2023-53060 CVE-2023-53062
CVE-2023-53064 CVE-2023-53065 CVE-2023-53066 CVE-2023-53068 CVE-2023-53075
CVE-2023-53077 CVE-2023-53078 CVE-2023-53079 CVE-2023-53081 CVE-2023-53084
CVE-2023-53087 CVE-2023-53089 CVE-2023-53090 CVE-2023-53091 CVE-2023-53092
CVE-2023-53093 CVE-2023-53096 CVE-2023-53098 CVE-2023-53099 CVE-2023-53100
CVE-2023-53101 CVE-2023-53106 CVE-2023-53108 CVE-2023-53111 CVE-2023-53114
CVE-2023-53116 CVE-2023-53118 CVE-2023-53119 CVE-2023-53123 CVE-2023-53124
CVE-2023-53125 CVE-2023-53131 CVE-2023-53134 CVE-2023-53137 CVE-2023-53139
CVE-2023-53140 CVE-2023-53142 CVE-2023-53143 CVE-2023-53145 CVE-2023-6270
CVE-2024-10041 CVE-2024-10041 CVE-2024-10524 CVE-2024-11053 CVE-2024-11168
CVE-2024-11168 CVE-2024-11187 CVE-2024-12133 CVE-2024-12243 CVE-2024-13176
CVE-2024-2201 CVE-2024-2201 CVE-2024-23337 CVE-2024-23650 CVE-2024-24790
CVE-2024-26782 CVE-2024-27043 CVE-2024-28956 CVE-2024-29018 CVE-2024-29018
CVE-2024-31143 CVE-2024-31145 CVE-2024-31146 CVE-2024-35949 CVE-2024-36350
CVE-2024-36357 CVE-2024-40635 CVE-2024-40910 CVE-2024-41009 CVE-2024-41011
CVE-2024-41062 CVE-2024-41087 CVE-2024-41087 CVE-2024-41087 CVE-2024-41092
CVE-2024-41110 CVE-2024-41110 CVE-2024-41965 CVE-2024-42077 CVE-2024-42098
CVE-2024-42126 CVE-2024-42145 CVE-2024-42229 CVE-2024-42230 CVE-2024-42232
CVE-2024-42240 CVE-2024-42271 CVE-2024-42301 CVE-2024-43790 CVE-2024-43802
CVE-2024-43853 CVE-2024-43854 CVE-2024-43861 CVE-2024-43882 CVE-2024-43883
CVE-2024-44932 CVE-2024-44938 CVE-2024-44946 CVE-2024-44947 CVE-2024-44947
CVE-2024-44964 CVE-2024-45003 CVE-2024-45013 CVE-2024-45016 CVE-2024-45021
CVE-2024-45026 CVE-2024-45306 CVE-2024-45310 CVE-2024-45337 CVE-2024-45339
CVE-2024-45339 CVE-2024-45774 CVE-2024-45775 CVE-2024-45776 CVE-2024-45777
CVE-2024-45778 CVE-2024-45779 CVE-2024-45780 CVE-2024-45781 CVE-2024-45782
CVE-2024-45783 CVE-2024-45817 CVE-2024-45818 CVE-2024-45819 CVE-2024-46674
CVE-2024-46716 CVE-2024-46774 CVE-2024-46784 CVE-2024-46813 CVE-2024-46814
CVE-2024-46815 CVE-2024-46816 CVE-2024-46817 CVE-2024-46818 CVE-2024-46849
CVE-2024-47668 CVE-2024-47674 CVE-2024-47684 CVE-2024-47706 CVE-2024-47747
CVE-2024-47748 CVE-2024-47757 CVE-2024-49860 CVE-2024-49867 CVE-2024-49925
CVE-2024-49930 CVE-2024-49936 CVE-2024-49945 CVE-2024-49960 CVE-2024-49969
CVE-2024-49974 CVE-2024-49982 CVE-2024-49991 CVE-2024-49995 CVE-2024-50017
CVE-2024-50047 CVE-2024-50089 CVE-2024-50115 CVE-2024-50115 CVE-2024-50125
CVE-2024-50127 CVE-2024-50128 CVE-2024-50154 CVE-2024-50154 CVE-2024-50199
CVE-2024-50205 CVE-2024-50208 CVE-2024-50259 CVE-2024-50264 CVE-2024-50267
CVE-2024-50274 CVE-2024-50279 CVE-2024-50290 CVE-2024-50290 CVE-2024-50301
CVE-2024-50302 CVE-2024-50602 CVE-2024-52533 CVE-2024-52616 CVE-2024-53061
CVE-2024-53063 CVE-2024-53063 CVE-2024-53064 CVE-2024-53068 CVE-2024-53095
CVE-2024-53095 CVE-2024-53104 CVE-2024-53135 CVE-2024-53142 CVE-2024-53144
CVE-2024-53146 CVE-2024-53156 CVE-2024-53166 CVE-2024-53168 CVE-2024-53173
CVE-2024-53173 CVE-2024-53177 CVE-2024-53179 CVE-2024-53206 CVE-2024-53214
CVE-2024-53239 CVE-2024-53239 CVE-2024-53240 CVE-2024-53241 CVE-2024-53241
CVE-2024-54661 CVE-2024-54680 CVE-2024-56171 CVE-2024-5642 CVE-2024-56539
CVE-2024-56539 CVE-2024-56548 CVE-2024-56548 CVE-2024-56558 CVE-2024-56570
CVE-2024-56598 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56604
CVE-2024-56605 CVE-2024-56605 CVE-2024-56619 CVE-2024-56623 CVE-2024-56631
CVE-2024-56642 CVE-2024-56645 CVE-2024-56648 CVE-2024-56650 CVE-2024-56651
CVE-2024-56658 CVE-2024-56661 CVE-2024-56664 CVE-2024-56704 CVE-2024-56737
CVE-2024-56759 CVE-2024-57791 CVE-2024-57792 CVE-2024-57798 CVE-2024-57849
CVE-2024-57893 CVE-2024-57897 CVE-2024-57948 CVE-2024-57996 CVE-2024-58014
CVE-2024-58083 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 CVE-2024-8176
CVE-2024-8805 CVE-2024-8805 CVE-2024-9287 CVE-2024-9681 CVE-2025-0167
CVE-2025-0395 CVE-2025-0495 CVE-2025-0622 CVE-2025-0624 CVE-2025-0677
CVE-2025-0678 CVE-2025-0684 CVE-2025-0685 CVE-2025-0686 CVE-2025-0689
CVE-2025-0690 CVE-2025-0725 CVE-2025-0938 CVE-2025-1118 CVE-2025-1125
CVE-2025-1215 CVE-2025-1713 CVE-2025-21690 CVE-2025-21692 CVE-2025-21693
CVE-2025-21699 CVE-2025-21714 CVE-2025-21718 CVE-2025-21726 CVE-2025-21732
CVE-2025-21753 CVE-2025-21772 CVE-2025-21780 CVE-2025-21785 CVE-2025-21791
CVE-2025-21812 CVE-2025-21839 CVE-2025-21886 CVE-2025-21888 CVE-2025-21999
CVE-2025-22004 CVE-2025-22020 CVE-2025-22045 CVE-2025-22055 CVE-2025-22056
CVE-2025-22060 CVE-2025-22097 CVE-2025-22134 CVE-2025-22868 CVE-2025-22868
CVE-2025-22868 CVE-2025-22869 CVE-2025-22872 CVE-2025-2312 CVE-2025-23138
CVE-2025-23145 CVE-2025-24014 CVE-2025-24528 CVE-2025-24928 CVE-2025-2588
CVE-2025-26465 CVE-2025-27113 CVE-2025-27363 CVE-2025-27465 CVE-2025-29087
CVE-2025-29088 CVE-2025-29768 CVE-2025-32414 CVE-2025-32415 CVE-2025-32462
CVE-2025-32728 CVE-2025-3277 CVE-2025-3360 CVE-2025-37785 CVE-2025-37789
CVE-2025-37948 CVE-2025-37963 CVE-2025-40909 CVE-2025-4373 CVE-2025-47268
CVE-2025-47273 CVE-2025-4802 CVE-2025-4877 CVE-2025-4878 CVE-2025-48964
CVE-2025-49794 CVE-2025-49796 CVE-2025-5278 CVE-2025-5318 CVE-2025-5372
CVE-2025-6018 CVE-2025-6018 CVE-2025-6020 CVE-2025-6021 CVE-2025-6170
-----------------------------------------------------------------
The container sles-15-sp4-chost-byos-v20250721-arm64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:167-1
Released: Mon Jan 24 18:16:24 2022
Summary: Recommended update for cloud-netconfig
Type: recommended
Severity: moderate
References: 1187939
This update for cloud-netconfig fixes the following issues:
- Update to version 1.6:
+ Ignore proxy when accessing metadata (bsc#1187939)
+ Print warning in case metadata is not accessible
+ Documentation update
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:658-1
Released: Wed Mar 8 10:51:10 2023
Summary: Recommended update for cloud-netconfig
Type: recommended
Severity: moderate
References: 1199853,1204549
This update for cloud-netconfig fixes the following issues:
- Update to version 1.7:
+ Overhaul policy routing setup
+ Support alias IPv4 ranges
+ Add support for NetworkManager (bsc#1204549)
+ Remove dependency on netconfig
+ Install into libexec directory
+ Clear stale ifcfg files for accelerated NICs (bsc#1199853)
+ More debug messages
+ Documentation update
- /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in
Tumbleweed, update path
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3637-1
Released: Mon Sep 18 13:02:23 2023
Summary: Recommended update for cloud-netconfig
Type: recommended
Severity: important
References: 1214715
This update for cloud-netconfig fixes the following issues:
- Update to version 1.8:
- Fix Automatic Addition of Secondary IP Addresses in Azure Using cloud-netconfig. (bsc#1214715)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:630-1
Released: Tue Feb 27 09:14:49 2024
Summary: Recommended update for cloud-netconfig
Type: recommended
Severity: moderate
References: 1218069,1219007
This update for cloud-netconfig fixes the following issues:
- Drop cloud-netconfig-nm sub package and include NM dispatcher script in main packages (bsc#1219007)
- Drop package dependency on sysconfig-netconfig
- Improve log level handling
- Support IPv6 IMDS endpoint in EC2 (bsc#1218069)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:781-1
Released: Wed Mar 6 15:05:13 2024
Summary: Recommended update for cloud-netconfig
Type: recommended
Severity: moderate
References: 1219454,1220718
This update for cloud-netconfig fixes the following issues:
- Add Provides/Obsoletes for dropped cloud-netconfig-nm
- Install dispatcher script into /etc/NetworkManager/dispatcher.d on older distributions
- Add BuildReqires: NetworkManager to avoid owning dispatcher.d parent directory
- Update to version 1.11:
+ Revert address metadata lookup in GCE to local lookup (bsc#1219454)
+ Fix hang on warning log messages
+ Check whether getting IPv4 addresses from metadata failed and abort if true
+ Only delete policy rules if they exist
+ Skip adding/removing IPv4 ranges if metdata lookup failed
+ Improve error handling and logging in Azure
+ Set SCRIPTDIR when installing netconfig wrapper
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:869-1
Released: Wed Mar 13 10:48:51 2024
Summary: Recommended update for cloud-netconfig
Type: recommended
Severity: important
References: 1221202
This update for cloud-netconfig fixes the following issues:
- Update to version 1.12 (bsc#1221202)
* If token access succeeds using IPv4 do not use the IPv6 endpoint
only use the IPv6 IMDS endpoint if IPv4 access fails.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1085-1
Released: Tue Apr 2 11:24:09 2024
Summary: Recommended update for cloud-netconfig
Type: recommended
Severity: moderate
References: 1221757
This update for cloud-netconfig fixes the following issues:
- Update to version 1.14
+ Use '-s' instead of '--no-progress-meter' for curl (bsc#1221757)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3234-1
Released: Fri Sep 13 08:49:43 2024
Summary: Recommended update for grub2
Type: recommended
Severity: important
References: 1217761,1228866
This update for grub2 fixes the following issues:
- Support powerpc net boot installation when secure boot is enabled (bsc#1217761, bsc#1228866)
- Improved check for disk device when looking for PReP partition
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3238-1
Released: Fri Sep 13 11:56:14 2024
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1229476
This update for util-linux fixes the following issue:
- Skip aarch64 decode path for rest of the architectures (bsc#1229476).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3300-1
Released: Wed Sep 18 14:27:53 2024
Summary: Recommended update for ncurses
Type: recommended
Severity: moderate
References: 1229028
This update for ncurses fixes the following issues:
- Allow the terminal description based on static fallback entries to be freed (bsc#1229028)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3330-1
Released: Thu Sep 19 09:42:12 2024
Summary: Recommended update for suseconnect-ng
Type: recommended
Severity: important
References: 1229014,1230229
This update for suseconnect-ng fixes the following issue:
- Set the filesystem root on zypper when given (bsc#1230229, bsc#1229014)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3408-1
Released: Tue Sep 24 08:39:14 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1193629,1194111,1194765,1194869,1196261,1196516,1196894,1198017,1203360,1206006,1206258,1207158,1216834,1221326,1221645,1223191,1224105,1227832,1228020,1228114,1228466,1228489,1228516,1228576,1228718,1228801,1228959,1229042,1229292,1229400,1229454,1229500,1229503,1229506,1229507,1229508,1229509,1229510,1229512,1229516,1229522,1229526,1229528,1229531,1229533,1229535,1229536,1229537,1229540,1229544,1229554,1229557,1229565,1229566,1229568,1229581,1229598,1229603,1229604,1229608,1229611,1229612,1229613,1229614,1229617,1229619,1229620,1229622,1229623,1229624,1229625,1229626,1229628,1229629,1229630,1229631,1229635,1229636,1229637,1229638,1229639,1229641,1229642,1229643,1229645,1229657,1229664,1229707,1229792,1230245,1230413,CVE-2021-4441,CVE-2022-4382,CVE-2022-48868,CVE-2022-48869,CVE-2022-48870,CVE-2022-48871,CVE-2022-48872,CVE-2022-48873,CVE-2022-48875,CVE-2022-48878,CVE-2022-48880,CVE-2022-48890,CVE-2022-48891,CVE-2022-48896,CVE-2022-48898,CVE-2022-48899,CVE-2022-48903,CVE-
2022-48904,CVE-2022-48905,CVE-2022-48907,CVE-2022-48909,CVE-2022-48912,CVE-2022-48913,CVE-2022-48914,CVE-2022-48915,CVE-2022-48916,CVE-2022-48917,CVE-2022-48918,CVE-2022-48919,CVE-2022-48921,CVE-2022-48924,CVE-2022-48925,CVE-2022-48926,CVE-2022-48927,CVE-2022-48928,CVE-2022-48929,CVE-2022-48930,CVE-2022-48931,CVE-2022-48932,CVE-2022-48934,CVE-2022-48935,CVE-2022-48937,CVE-2022-48938,CVE-2022-48941,CVE-2022-48942,CVE-2022-48943,CVE-2023-52489,CVE-2023-52893,CVE-2023-52894,CVE-2023-52896,CVE-2023-52898,CVE-2023-52900,CVE-2023-52901,CVE-2023-52905,CVE-2023-52907,CVE-2023-52911,CVE-2024-40910,CVE-2024-41009,CVE-2024-41011,CVE-2024-41062,CVE-2024-41087,CVE-2024-42077,CVE-2024-42126,CVE-2024-42230,CVE-2024-42232,CVE-2024-42271,CVE-2024-43853,CVE-2024-43861,CVE-2024-43882,CVE-2024-43883,CVE-2024-44938,CVE-2024-44947,CVE-2024-45003
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
- CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
- CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619)
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
- CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
The following non-security bugs were fixed:
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes).
- mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
- Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413).
- Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413).
- Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413).
- nvme_core: scan namespaces asynchronously (bsc#1224105).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3423-1
Released: Tue Sep 24 17:25:33 2024
Summary: Security update for xen
Type: security
Severity: important
References: 1222453,1227355,1228574,1228575,1230366,CVE-2024-2201,CVE-2024-31143,CVE-2024-31145,CVE-2024-31146,CVE-2024-45817
This update for xen fixes the following issues:
- CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453)
- CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355)
- CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574)
- CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575)
- CVE-2024-45817: Fixed a deadlock in vlapic_error (XSA-462, bsc#1230366)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3451-1
Released: Thu Sep 26 09:10:50 2024
Summary: Recommended update for pam-config
Type: recommended
Severity: moderate
References: 1227216
This update for pam-config fixes the following issues:
- Improved check for existence of modules (bsc#1227216)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3470-1
Released: Fri Sep 27 14:34:46 2024
Summary: Security update for python3
Type: security
Severity: important
References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592
This update for python3 fixes the following issues:
- CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780).
- CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233).
- CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596).
- CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)
Bug fixes:
- %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999).
- Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378).
- Remove %suse_update_desktop_file macro as it is not useful any more.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3477-1
Released: Fri Sep 27 15:22:22 2024
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1230516
This update for curl fixes the following issue:
- Make special characters in URL work with aws-sigv4 (bsc#1230516).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3485-1
Released: Fri Sep 27 19:54:13 2024
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1228647,1230267
This update for libzypp, zypper fixes the following issues:
- API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267)
- single_rpmtrans: fix installation of .src.rpms (bsc#1228647)
- Fix wrong numbers used in CommitSummary skipped/failed messages.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3487-1
Released: Fri Sep 27 19:56:02 2024
Summary: Recommended update for logrotate
Type: recommended
Severity: moderate
References:
This update for logrotate fixes the following issues:
- Backport 'ignoreduplicates' configuration flag (jsc#PED-10366)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3503-1
Released: Tue Oct 1 16:13:07 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1228661
This update for glibc fixes the following issue:
- fix memory malloc problem: Initiate tcache shutdown even
without allocations (bsc#1228661).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3527-1
Released: Fri Oct 4 15:27:07 2024
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1230145
This update for e2fsprogs fixes the following issue:
- resize2fs: Check number of group descriptors only if meta_bg is disabled
(bsc#1230145).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3530-1
Released: Fri Oct 4 15:43:33 2024
Summary: Recommended update for libpcap
Type: recommended
Severity: moderate
References: 1230894
This update for libpcap fixes the following issue:
- enable rdma support (bsc#1230894).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3547-1
Released: Tue Oct 8 16:06:05 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1216223,1223600,1223958,1225272,1227487,1228466,1229407,1229633,1229662,1229947,1230015,1230398,1230434,1230507,1230767,1231016,CVE-2022-48911,CVE-2022-48923,CVE-2022-48944,CVE-2022-48945,CVE-2024-41087,CVE-2024-42301,CVE-2024-44946,CVE-2024-45021,CVE-2024-46674,CVE-2024-46774
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633).
- CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662)
- CVE-2024-41087: Fix double free on error (bsc#1228466).
- CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
- CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
- CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507).
The following non-security bugs were fixed:
- blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600).
- blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600).
- kabi: add __nf_queue_get_refs() for kabi compliance.
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
- scsi: smartpqi: Expose SAS address for SATA drives (bsc#1223958).
- SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272 bsc#1231016).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3580-1
Released: Thu Oct 10 08:39:49 2024
Summary: Recommended update for wicked
Type: recommended
Severity: moderate
References: 1229555
This update for wicked fixes the following issue:
- compat-suse: fix dummy interfaces configuration with
`INTERFACETYPE=dummy` (bsc#1229555).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3593-1
Released: Thu Oct 10 18:43:13 2024
Summary: Recommended update for rsyslog
Type: recommended
Severity: moderate
References: 1231229
This update for rsyslog fixes the following issue:
- fix PreserveFQDN option before daemon is restarted (bsc#1231229)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3597-1
Released: Fri Oct 11 10:39:52 2024
Summary: Recommended update for bash
Type: recommended
Severity: moderate
References: 1227807
This update for bash fixes the following issues:
- Load completion file eveh if a brace expansion is in the
command line included (bsc#1227807).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3659-1
Released: Wed Oct 16 15:12:47 2024
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1188441,1210959,1214915,1219031,1220724,1221601
This update for gcc14 fixes the following issues:
This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474)
The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 13 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc14 compilers use:
- install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages.
- override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages.
For a full changelog with all new GCC14 features, check out
https://gcc.gnu.org/gcc-14/changes.html
- Add libquadmath0-devel-gcc14 sub-package to allow installing
quadmath.h and SO link without installing the fortran frontend
- Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441]
- Remove timezone Recommends from the libstdc++6 package. [bsc#1221601]
- Revert libgccjit dependency change. [bsc#1220724]
- Fix libgccjit-devel dependency, a newer shared library is OK.
- Fix libgccjit dependency, the corresponding compiler isn't required.
- Add cross-X-newlib-devel requires to newlib cross compilers.
[bsc#1219031]
- Re-enable AutoReqProv for cross packages but filter files processed
via __requires_exclude_from and __provides_exclude_from.
[bsc#1219031]
- Package m2rte.so plugin in the gcc14-m2 sub-package rather than
in gcc13-devel. [bsc#1210959]
- Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs
are linked against libstdc++6.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3727-1
Released: Fri Oct 18 15:04:09 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: important
References: 1230912,1231043
This update for libzypp fixes the following issues:
- Send unescaped colons in header values. According to the STOMP protocol, it
would be correct to escape colon here but the practice broke plugin receivers
that didn't expect this. The incompatiblity affected customers who were
running spacewalk-repo-sync and experienced issues when accessing the cloud
URL. [bsc#1231043]
- Fix hang in curl code with no network connection. [bsc#1230912]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3865-1
Released: Fri Nov 1 16:10:37 2024
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1231833
This update for gcc14 fixes the following issues:
- Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3868-1
Released: Fri Nov 1 16:15:26 2024
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1231829
This update for suse-build-key fixes the following issues:
- Also include the GPG key from the current build project to allow Staging testing without production keys,
but only in staging. (bsc#1231829)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3872-1
Released: Fri Nov 1 16:20:29 2024
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1220262,CVE-2023-50782
This update for openssl-1_1 fixes the following issues:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3879-1
Released: Fri Nov 1 17:04:25 2024
Summary: Security update for python3
Type: security
Severity: moderate
References: 1230906,1232241,CVE-2024-9287
This update for python3 fixes the following issues:
Security fixes:
- CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241)
Other fixes:
- Drop .pyc files from docdir for reproducible builds (bsc#1230906)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3890-1
Released: Mon Nov 4 10:14:19 2024
Summary: Recommended update for wget
Type: recommended
Severity: moderate
References: 1204720,1231661
This update for wget fixes the following issues:
- wget incorrectly truncates long filenames (bsc#1231661).
- wget dies writing too long filenames (bsc#1204720).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3897-1
Released: Mon Nov 4 12:08:56 2024
Summary: Recommended update for shadow
Type: recommended
Severity: moderate
References: 1228337,1230972
This update for shadow fixes the following issues:
- Add useradd warnings when requested UID is outside the default range (bsc#1230972)
- Chage -d date vs passwd -S output is off by one (bsc#1228337)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3902-1
Released: Mon Nov 4 13:15:51 2024
Summary: Recommended update for shim
Type: recommended
Severity: moderate
References: 1210382,1230316
This update for shim fixes the following issues:
- Update shim-install to apply the missing fix for openSUSE Leap (bsc#1210382)
- Update shim-install to use the 'removable' way for SL-Micro (bsc#1230316)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3926-1
Released: Wed Nov 6 11:15:25 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1232528,CVE-2024-9681
This update for curl fixes the following issues:
- CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3930-1
Released: Thu Nov 7 06:11:20 2024
Summary: Recommended update for wicked
Type: recommended
Severity: important
References: 1229555,1229745,1230911,1231060
This update for wicked fixes the following issues:
- Update to version 0.6.77
- compat-suse: use iftype in sysctl handling (bsc#1230911)
- Always generate the ipv4/ipv6 <enabled>true|false</enabled> node
- Inherit all, default and interface sysctl settings also for loopback,
except for use_tempaddr and accept_dad
- Consider only interface specific accept_redirects sysctl settings
- Adopt ifsysctl(5) manual page with wicked specific behavior
- route: fix family and destination processing (bsc#1231060)
- man: improve wicked-config(5) file description
- dhcp4: add ignore-rfc3927-1-6 wicked-config(5) option
- team: set arp link watcher interval default to 1s
- systemd: use `BindsTo=dbus.service` in favor of `Requisite=` (bsc#1229745)
- compat-suse: fix use of deprecated `INTERFACETYPE=dummy` (bsc#1229555)
- arp: don't set target broadcast hardware address
- dbus: don't memcpy empty/NULL array value
- ethtool: fix leak and free pause data in ethtool_free
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4035-1
Released: Mon Nov 18 16:22:57 2024
Summary: Security update for expat
Type: security
Severity: moderate
References: 1232579,CVE-2024-50602
This update for expat fixes the following issues:
- CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4044-1
Released: Mon Nov 25 08:28:17 2024
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issue:
- Version update to v0.389:
* Update pci, usb and vendor ids
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4046-1
Released: Mon Nov 25 09:25:58 2024
Summary: Recommended update for rsyslog
Type: recommended
Severity: moderate
References: 1230984
This update for rsyslog fixes the following issue:
- restart daemon after update at the end of the transaction (bsc#1230984)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4065-1
Released: Tue Nov 26 11:10:58 2024
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1233499
This update for crypto-policies ships the missing crypto-policies scripts to SUSE Linux Enterprise Micro,
which allows configuration of the policies. (bsc#1233499)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4078-1
Released: Wed Nov 27 13:53:14 2024
Summary: Security update for glib2
Type: security
Severity: important
References: 1233282,CVE-2024-52533
This update for glib2 fixes the following issues:
- CVE-2024-52533: Fixed a single byte buffer overflow (bsc#1233282).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4087-1
Released: Thu Nov 28 08:38:52 2024
Summary: Recommended update for google-guest-agent, google-guest-configs, google-osconfig-agent
Type: recommended
Severity: moderate
References: 1231775,1231776
This update for google-guest-agent, google-guest-configs, google-osconfig-agent fixes the following issues:
- Update to version 20241011.01 (bsc#1231775, bsc#1231776)
- Set enable regardless of previous check failed or not
- Avoid unnecessary reloads, check before overwriting configs
- network/netplan: Do generate instead of apply
- Skip SetupInterfaces if configs are already applied
- Repeated logging could be mistaken for a recurring issue, log mds mtls endpoint error only once
- Retry MDS PUT operation, reload netplan/networkctl only if configs are changed
- Log interface state after setting up network
- network: Debian 12 rollback only if default netplan is ok
- Change mtls mds defaults, update log message to assure error is harmless
- network: Restore Debian 12 netplan configuration
- network: Remove primary NIC left over configs
- Update VLAN interfaces format to match with MDS
- Fix panics in agent when setting up VLAN with netplan
- Add VLAN NIC support for NetworkManager
- Fix debian12 netplan config issue, use ptr receiver
- Introduce a configuration toggle for enabling/disabling cloud logging
- Adapt and update config key to be consistent with MDS
- Allow users to enable/disable the mds mtls via metadata key
- Make primary nic management config consistent across all network managers
- Avoid writing configuration files when they already exist on wicked
- Fix where agent panics on nil event
- Update NIC management strategy
- Only release dhclient leases for an interface if the respective dhclient is still running
- Disable OS Login without pruning off any extra suffix
- Skip root cert rotation if installed once
- Add ipv6 support to guest agent
- Update google-startup-scripts.service to enable logging
- Network subsystem remove os rules
- oslogin: Don't remove sshca watcher when oslogin is disabled
- Network manager netplan implementation
- Log current available routes on error
- Fix command monitor bugs
- windows account: Ignore 'user already belongs to group' error
- Add more error logging in snapshot handling requests, use common retry util
- All non-200 status code from MDS should raise error
- Change metadata key to enable-oslogin-certificates
- Update dhclient pid/lease file directory to abide apparmor rules
- Add require-oslogin-certificates logic to disable keys
- systemd-networkd: Support Debian 12's version
- NetworkManager: Only set secondary interfaces as up
- address manager: Make sure we check for oldMetadata
- network: Early setup network
- NetworkManager: Fix ipv6 and ipv4 mode attribute
- Network Manager: Make sure we clean up ifcfg files
- metadata script runner: Fix script download
- oslogin: Avoid adding extra empty line at the end of /etc/security/group.conf
- Dynamic vlan
- Check for nil response
- Create NetworkManager implementation
- Skip interface manager on Windows
- network: Remove ignore setup
- Create wicked network service implementation and its respective unit
- Update metadata script runner, add tests
- Refactor guest-agent to use common retry util
- Flush logs before exiting
- Implement retry util
- Refactor utils package to not dump everything unrelated into one file
- Set version on metadata script runner
- Implement cleanup of deprecated configuration directives
- Ignore DHCP offered routes only for secondary nics
- Deprecate DHClient in favor of systemd-networkd
- Generate windows and linux licenses
- Remove quintonamore from OWNERS
- Delete integration tests
- Add configuration toggle to enable/disable use of OS native certificate stores
- Avoid writing configuration files when they already exist on wicked and NetworkManager
- Get rid of deprecated dependencies in snapshot service generate code
- Configure primary nic if only set in cfg file
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4116-1
Released: Fri Nov 29 17:06:06 2024
Summary: Security update for xen
Type: security
Severity: important
References: 1232542,1232622,1232624,CVE-2024-45818,CVE-2024-45819
This update for xen fixes the following issues:
- CVE-2024-45818: Fixed deadlock in x86 HVM standard VGA handling (XSA-463) (bsc#1232622).
- CVE-2024-45819: Fixed libxl data leaks to PVH guests via ACPI tables (XSA-464) (bsc#1232624).
Bug fixes:
- Remove usage of net-tools-deprecated from supportconfig plugin (bsc#1232542).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4131-1
Released: Mon Dec 2 10:59:56 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1204171,1205796,1206188,1206344,1209290,1210449,1210627,1213034,1216223,1216813,1218562,1220382,1223384,1223524,1223824,1225189,1225336,1225611,1226666,1228743,1229345,1229452,1229454,1229456,1229556,1230429,1230442,1230454,1230600,1230620,1230715,1230903,1231016,1231073,1231191,1231193,1231195,1231197,1231200,1231203,1231293,1231375,1231502,1231673,1231861,1231883,1231885,1231887,1231888,1231890,1231892,1231893,1231895,1231896,1231897,1231929,1231936,1231937,1231938,1231939,1231940,1231941,1231942,1231958,1231960,1231961,1231962,1231972,1231976,1231979,1231987,1231988,1231991,1231992,1231995,1231996,1231997,1232001,1232005,1232006,1232007,1232025,1232026,1232033,1232035,1232036,1232037,1232038,1232039,1232067,1232069,1232070,1232071,1232097,1232108,1232119,1232120,1232123,1232133,1232136,1232145,1232150,1232163,1232165,1232170,1232172,1232174,1232224,1232229,1232237,1232260,1232262,1232281,1232282,1232286,1232304,1232383,1232395,1232418,1232424,1232432,1232436,1232519,1
233117,CVE-2021-47416,CVE-2021-47534,CVE-2022-3435,CVE-2022-45934,CVE-2022-48664,CVE-2022-48879,CVE-2022-48946,CVE-2022-48947,CVE-2022-48948,CVE-2022-48949,CVE-2022-48951,CVE-2022-48953,CVE-2022-48954,CVE-2022-48955,CVE-2022-48956,CVE-2022-48959,CVE-2022-48960,CVE-2022-48961,CVE-2022-48962,CVE-2022-48967,CVE-2022-48968,CVE-2022-48969,CVE-2022-48970,CVE-2022-48971,CVE-2022-48972,CVE-2022-48973,CVE-2022-48975,CVE-2022-48977,CVE-2022-48978,CVE-2022-48981,CVE-2022-48985,CVE-2022-48987,CVE-2022-48988,CVE-2022-48991,CVE-2022-48992,CVE-2022-48994,CVE-2022-48995,CVE-2022-48997,CVE-2022-48999,CVE-2022-49000,CVE-2022-49002,CVE-2022-49003,CVE-2022-49005,CVE-2022-49006,CVE-2022-49007,CVE-2022-49010,CVE-2022-49011,CVE-2022-49012,CVE-2022-49014,CVE-2022-49015,CVE-2022-49016,CVE-2022-49019,CVE-2022-49021,CVE-2022-49022,CVE-2022-49023,CVE-2022-49024,CVE-2022-49025,CVE-2022-49026,CVE-2022-49027,CVE-2022-49028,CVE-2022-49029,CVE-2022-49031,CVE-2022-49032,CVE-2023-2166,CVE-2023-28327,CVE-2023-52766,CV
E-2023-52800,CVE-2023-52881,CVE-2023-52919,CVE-2023-6270,CVE-2024-27043,CVE-2024-42145,CVE-2024-43854,CVE-2024-44947,CVE-2024-45013,CVE-2024-45016,CVE-2024-45026,CVE-2024-46716,CVE-2024-46813,CVE-2024-46814,CVE-2024-46815,CVE-2024-46816,CVE-2024-46817,CVE-2024-46818,CVE-2024-46849,CVE-2024-47668,CVE-2024-47674,CVE-2024-47684,CVE-2024-47706,CVE-2024-47747,CVE-2024-47748,CVE-2024-49860,CVE-2024-49867,CVE-2024-49925,CVE-2024-49930,CVE-2024-49936,CVE-2024-49945,CVE-2024-49960,CVE-2024-49969,CVE-2024-49974,CVE-2024-49982,CVE-2024-49991,CVE-2024-49995,CVE-2024-50047,CVE-2024-50208
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
- CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556).
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() (bsc#1231976).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45026: s390/dasd: fix error recovery leading to data corruption on ESE devices (bsc#1230454).
- CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (bsc#1230715).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
The following non-security bugs were fixed:
- NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
- RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (bsc#1232036).
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
- dn_route: set rt neigh to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- net: mana: Fix the extra HZ in mana_hwc_send_request (bsc#1232033).
- x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382).
- x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382).
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4138-1
Released: Mon Dec 2 13:29:57 2024
Summary: Security update for wget
Type: security
Severity: moderate
References: 1233773,CVE-2024-10524
This update for wget fixes the following issues:
- CVE-2024-10524: Fixed SSRF via shorthand HTTP URL (bsc#1233773)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4168-1
Released: Wed Dec 4 11:51:48 2024
Summary: Recommended update for vim
Type: recommended
Severity: moderate
References: 1230625,1231846
This update for vim fixes the following issues:
- Update from vim-9.1.0330 to vim-9.1.0836 (bsc#1230625, bsc#1230625)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4184-1
Released: Thu Dec 5 06:00:20 2024
Summary: Recommended update for suseconnect-ng
Type: recommended
Severity: moderate
References: 1231185,1231328
This update for suseconnect-ng fixes the following issues:
- Integrating uptime-tracker
- Honor auto-import-gpg-keys flag on migration (bsc#1231328)
- Only send labels if targetting SCC
- Skip the docker auth generation on RMT (bsc#1231185)
- Add --set-labels to register command to set labels at registration time on SCC
- Add a new function to display suse-uptime-tracker version
- Add a command to show the info being gathered
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4193-1
Released: Thu Dec 5 12:01:40 2024
Summary: Security update for python3
Type: security
Severity: low
References: 1231795,1233307,CVE-2024-11168
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307)
Other fixes:
- Remove -IVendor/ from python-config (bsc#1231795)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4201-1
Released: Thu Dec 5 14:49:22 2024
Summary: Recommended update for libsolv, libzypp, zypper
Type: recommended
Severity: moderate
References: 1225451,1233393
This update for libsolv, libzypp, zypper fixes the following issues:
- Fix replaces_installed_package using the wrong solvable id when checking the noupdate map
- Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
- Add rpm_query_idarray query function
- Support rpm's 'orderwithrequires' dependency
- BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451)
- RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451)
- The 20MB download limit must not apply to non-metadata files like package URLs provided via the CLI (bsc#1233393)
- Don't try to download missing raw metadata if cache is not writable (bsc#1225451)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4302-1
Released: Thu Dec 12 09:51:03 2024
Summary: Security update for socat
Type: security
Severity: moderate
References: 1225462,CVE-2024-54661
This update for socat fixes the following issues:
- CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory (bsc#1225462)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4338-1
Released: Tue Dec 17 08:18:46 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1230272,1231610
This update for systemd fixes the following issues:
- core/unit: increase the NameOwnerChanged/GetNameOwner timeout to the unit's start timeout (bsc#1230272)
- core/unit: add get_timeout_start_usec in UnitVTable and define it for service
- sd-bus: make bus_add_match_full accept timeout
- udev-builtin-path_id: SAS wide ports must have num_phys > 1 (bsc#1231610)
- sd-device: add helper to read a unsigned int attribute
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4346-1
Released: Tue Dec 17 09:32:22 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1218644,1220382,1221309,1222590,1229808,1230220,1231646,1232187,1232312,1232860,1232907,1232919,1232928,1233070,1233214,1233293,1233453,1233456,1233463,1233468,1233479,1233490,1233491,1233555,1233557,1233561,1233977,CVE-2023-52922,CVE-2024-26782,CVE-2024-44932,CVE-2024-44964,CVE-2024-47757,CVE-2024-50017,CVE-2024-50089,CVE-2024-50115,CVE-2024-50125,CVE-2024-50127,CVE-2024-50154,CVE-2024-50205,CVE-2024-50259,CVE-2024-50264,CVE-2024-50267,CVE-2024-50274,CVE-2024-50279,CVE-2024-50290,CVE-2024-50301,CVE-2024-50302,CVE-2024-53061,CVE-2024-53063,CVE-2024-53068
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808).
- CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220).
- CVE-2024-47757: nilfs2: fix potential oob read in nilfs_btree_check_delete() (bsc#1232187).
- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50154: tcp: Fix use-after-free of nreq in reqsk_timer_handler() (bsc#1233070).
- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
- CVE-2024-50259: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (bsc#1233214).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50267: USB: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479).
- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491).
- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
- CVE-2024-53068: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (bsc#1233561).
The following non-security bugs were fixed:
- Update config files (bsc#1218644).
- Update config files. Enabled IDPF for ARM64 (bsc#1221309)
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- mm/memory: add non-anonymous page check in the copy_present_page() (bsc#1231646).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4359-1
Released: Tue Dec 17 14:19:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4360-1
Released: Tue Dec 17 15:35:28 2024
Summary: Security update for docker
Type: security
Severity: important
References: 1217070,1228324,1228553,1229806,1230294,1230331,1230333,1231348,1232999,1233819,CVE-2023-45142,CVE-2023-47108,CVE-2024-41110
This update for docker fixes the following issues:
- Update docker-buildx to v0.19.2. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Allow a parallel docker-stable RPM to exists in repositories.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.17.1>
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)
- Mark docker-buildx as required since classic 'docker build' has been
deprecated since Docker 23.0. (bsc#1230331)
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
(bsc#1230333)
- Update to Docker 26.1.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2615>
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070 bsc#1229806
* CVE-2023-45142. bsc#1228553 bsc#1229806
- Update to Docker 26.1.4-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2614>
- Update to Docker 26.1.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2610>
- Update --add-runtime to point to correct binary path.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4363-1
Released: Tue Dec 17 16:12:41 2024
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issue:
- Version update v0.390
* Update pci and vendor ids
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2024:4377-1
Released: Thu Dec 19 07:10:53 2024
Summary: Feature update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: feature
Severity: low
References: 1232024
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Add amazon-dracut-config, google-dracut-config, microsoft-dracut-config to Public Cloud 15-SP[3-6] channels (bsc#1232024)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4386-1
Released: Thu Dec 19 15:04:16 2024
Summary: Security update for avahi
Type: security
Severity: moderate
References: 1226586,1233420,CVE-2024-52616
This update for avahi fixes the following issues:
- CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs (bsc#1233420)
Other fixes:
- no longer supply bogus services to callbacks (bsc#1226586).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4404-1
Released: Fri Dec 20 16:43:28 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1234749
This update for libzypp fixes the following issues:
- Url: queryparams without value should not have a trailing '='
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4410-1
Released: Mon Dec 23 12:19:40 2024
Summary: Recommended update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: recommended
Severity: moderate
References: 1234708
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Fix support level to L3 (bsc#1234708)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4426-1
Released: Fri Dec 27 08:46:10 2024
Summary: Recommended update for google-guest-configs
Type: recommended
Severity: moderate
References: 1231775,1231776,1233625,1233626
This update for google-guest-configs fixes the following issues:
- Update to version 20241121.00 (bsc#1233625, bsc#1233626)
- Temporarily revert google_set_multiqueue changes for release
- Remove IDPF devices from renaming rules
- gce-nic-naming: Exit 1 so that udev ignores the rule on error
- Remove Apt IPv4 only config for Debian and Ubuntu
- Add GCE intent based NIC naming tools
- google_set_multiqueue: skip set_irq if NIC is not a gvnic device
- Update to version 20241021.00 (bsc#1231775, bsc#1231776)
- Add GCE-specific config for systemd-resolved
- Update google_set_multiqueue to enable on A3Ultra family
- Update OWNERS
- Depend on jq in enterprise linux
- Always use IP from primary NIC in the networkd-dispatcher routable hook
- Call google_set_hostname on openSUSE and when the agent is configured to manage hostname and FQDN, let it
- Include systemd-networkd hook in Ubuntu packaging
- Fix the name for A3 Edge VMs
- Update is_a3_platform to include A3-edge shape
- Add systemd-networkd hostname hook
- Add hostname hook for NetworkManager without dhclient compat script
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:73-1
Released: Mon Jan 13 07:10:00 2025
Summary: Recommended update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: recommended
Severity: moderate
References: 1232024
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Add amazon-dracut-config, google-dracut-config, microsoft-dracut-config to MicroOS 5.1, 5.2 and Micro 5.3, 5.4, 5.5 channels (bsc#1232024)
- Move dracut config files to usr/lib/ dir
- Add provides and conflicts on generic name dracut-instance-change-config
- Rename config for nvme for consistency
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:76-1
Released: Mon Jan 13 10:42:05 2025
Summary: Recommended update for containerd
Type: recommended
Severity: moderate
References:
This update for containerd fixes the following issues:
containerd was updated from version 1.7.21 to 1.7.23:
- Changes in version 1.7.23:
* Highlights:
+ Added error definition aliases
+ Allow proxy plugins to have capabilities
+ Revert a previous errdefs package migration
* Container Runtime Interface (CRI):
+ Added check for CNI plugins before tearing down pod network
* Image Distribution:
+ Fixed the race condition during GC of snapshots when client retries
* Full Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.23
- Changes in version 1.7.22:
* Highlights:
+ Build and Release Toolchain
+ Updated Go (go1.22.7 and go1.23.1)
* Container Runtime Interface (CRI):
+ Added a fix for decreasing cumulative stats
* Runtime:
+ Fixed bug where init exits were being dropped
+ Update runc binary to 1.1.14
* Full Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.22
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:148-1
Released: Thu Jan 16 17:00:45 2025
Summary: Recommended update for cryptsetup
Type: recommended
Severity: moderate
References: 1234273
This update for cryptsetup fixes the following issue:
- luksFormat succeeds despite creating corrupt device (bsc#1234273).
* Add a better warning if luksFormat ends with image without any space for data.
* Print warning early if LUKS container is too small for activation.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:203-1
Released: Tue Jan 21 14:58:16 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1170891,1173139,1185010,1190358,1190428,1209798,1215304,1222878,1228466,1230697,1232436,1233070,1233642,1234281,1234282,1234846,1234853,1234891,1234921,1234960,1234963,1235004,1235035,1235054,1235056,1235061,1235073,1235220,1235224,1235246,1235507,CVE-2021-47202,CVE-2022-49035,CVE-2024-41087,CVE-2024-50154,CVE-2024-53095,CVE-2024-53142,CVE-2024-53146,CVE-2024-53156,CVE-2024-53173,CVE-2024-53179,CVE-2024-53206,CVE-2024-53214,CVE-2024-53239,CVE-2024-53240,CVE-2024-53241,CVE-2024-56539,CVE-2024-56548,CVE-2024-56570,CVE-2024-56598,CVE-2024-56604,CVE-2024-56605,CVE-2024-56619,CVE-2024-8805
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-41087: Fix double free on error (bsc#1228466).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).
- CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (bsc#1230697).
The following non-security bugs were fixed:
- Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139)
- KVM: x86: fix sending PV IPI (git-fixes).
- fixup 'rpm: support gz and zst compression methods' once more (bsc#1190428, bsc#1190358)
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge.
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642].
- supported.conf: add bsc1185010 dependency
- supported.conf: hyperv_drm (jsc#sle-19733)
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:218-1
Released: Wed Jan 22 04:33:35 2025
Summary: Optional update for augeas
Type: optional
Severity: moderate
References:
This update ships the augeas commandline tool and the augeas-lenses to SUSE Linux Enterprise Micro 5.5.
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:223-1
Released: Wed Jan 22 12:30:52 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-<version>' or
'-<version>-<release>' to the '<name>' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:276-1
Released: Tue Jan 28 21:38:15 2025
Summary: Recommended update for google-guest-configs
Type: recommended
Severity: moderate
References: 1234254,1234255,1234289,1234293
This update for google-guest-configs fixes the following issues:
- Update to version 20241205.00 (bsc#1234254, bsc#1234255)
- Avoid duplicate entries for the metadata server in /etc/hosts (bsc#1234289, bsc#1234293)
- Include components to set hostname and /etc/hosts entries (bsc#1234289, bsc#1234293)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:302-1
Released: Thu Jan 30 15:50:21 2025
Summary: Security update for google-osconfig-agent
Type: security
Severity: moderate
References: 1225974,1236406,1236407,CVE-2024-24790
This update for google-osconfig-agent fixes the following issues:
- Update to version 20250115.01 (bsc#1236406, bsc#1236407)
- CVE-2024-24790: Bump the golang compiler version to 1.22.4 (bsc#1225974)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:341-1
Released: Mon Feb 3 17:33:00 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1236460,CVE-2022-49043
This update for libxml2 fixes the following issues:
- CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:343-1
Released: Mon Feb 3 18:03:52 2025
Summary: Security update for krb5
Type: security
Severity: moderate
References: 1236619,CVE-2025-24528
This update for krb5 fixes the following issues:
- CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:349-1
Released: Tue Feb 4 09:34:30 2025
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1236136,CVE-2024-13176
This update for openssl-1_1 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:361-1
Released: Wed Feb 5 11:00:36 2025
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1216091,1229106,1232458,1234752,1235636
This update for libzypp, zypper fixes the following issues:
- Create '.keep_packages' in the package cache dir to enforce
keeping downloaded packages of all repos cached there (bsc#1232458)
- Fix missing UID checks in repomanager workflow
- Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp
- Fix 'zypper ps' when running in incus container (bsc#1229106)
Should apply to lxc and lxd containers as well
- Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091)
- lr: Show the repositories keep-packages flag (bsc#1232458)
It is shown in the details view or by using -k,--keep-packages.
In addition libyzpp supports to enforce keeping downloaded
packages of all repos within a package cache by creating a
'.keep_packages' file there
- Try to refresh update repos first to have updated GPG keys on
the fly (bsc#1234752)
An update repo may contain a prolonged GPG key for the GA repo.
Refreshing the update repo first updates a trusted key on the fly
and avoids a 'key has expired' warning being issued when
refreshing the GA repo
- Refresh: restore legacy behavior and suppress Exception
reporting as non-root (bsc#1235636)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:366-1
Released: Wed Feb 5 11:57:42 2025
Summary: Security update for wget
Type: security
Severity: moderate
References: 1185551,1230795,CVE-2021-31879
This update for wget fixes the following issues:
- CVE-2021-31879: Authorization header disclosed upon redirects to different origins. (bsc#1185551)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:370-1
Released: Wed Feb 5 16:33:28 2025
Summary: Security update for curl
Type: security
Severity: moderate
References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725
This update for curl fixes the following issues:
- CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590)
- CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:384-1
Released: Fri Feb 7 14:00:26 2025
Summary: Security update for bind
Type: security
Severity: important
References: 1236596,CVE-2024-11187
This update for bind fixes the following issues:
- CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:507-1
Released: Thu Feb 13 12:08:43 2025
Summary: Recommended update for open-iscsi
Type: recommended
Severity: moderate
References: 1206132,1207157,1235606
This update for open-iscsi fixes the following issues:
- Fix device discovery failure on systems with a large number of devices (bsc#1235606).
- Fix issue with yast restarting iscsid service without restarting the iscsid socket,
this upsets systemd and it is already fixed in upstream (bsc#1206132).
- Branched SLE-15-SP3 from Factory. No longer in sync with Tumbleweed.
- Backported upstream commit, which sets 'safe_logout' and
'startup' in iscsid.conf (bsc#1207157).
- Updated year in SPEC file
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:508-1
Released: Thu Feb 13 12:29:31 2025
Summary: Recommended update for findutils
Type: recommended
Severity: moderate
References: 1231472
This update for findutils fixes the following issue:
- fix crash when file system loop was encountered (bsc#1231472).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:548-1
Released: Fri Feb 14 11:19:24 2025
Summary: Security update for libtasn1
Type: security
Severity: important
References: 1236878,CVE-2024-12133
This update for libtasn1 fixes the following issues:
- CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes
quadratic time to complete. (bsc#1236878)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:554-1
Released: Fri Feb 14 16:10:40 2025
Summary: Security update for python3
Type: security
Severity: moderate
References: 1236705,CVE-2025-0938
This update for python3 fixes the following issues:
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:562-1
Released: Mon Feb 17 12:43:41 2025
Summary: Security update for glibc
Type: security
Severity: low
References: 1236282,CVE-2025-0395
This update for glibc fixes the following issues:
- CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:576-1
Released: Tue Feb 18 13:49:58 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1230697,1231847,1233112,1233642,1234025,1234690,1234884,1234896,1234931,1235134,1235217,1235230,1235249,1235430,1235433,1235441,1235451,1235466,1235480,1235521,1235584,1235645,1235723,1235759,1235764,1235814,1235818,1235920,1235969,1236628,CVE-2024-50199,CVE-2024-53095,CVE-2024-53104,CVE-2024-53144,CVE-2024-53166,CVE-2024-53177,CVE-2024-54680,CVE-2024-56600,CVE-2024-56601,CVE-2024-56602,CVE-2024-56623,CVE-2024-56631,CVE-2024-56642,CVE-2024-56645,CVE-2024-56648,CVE-2024-56650,CVE-2024-56658,CVE-2024-56661,CVE-2024-56664,CVE-2024-56704,CVE-2024-56759,CVE-2024-57791,CVE-2024-57792,CVE-2024-57798,CVE-2024-57849,CVE-2024-57893,CVE-2024-57897,CVE-2024-8805
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234884).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
- CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521).
- CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466).
- CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).
- CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433).
- CVE-2024-56645: can: j1939: j1939_session_new(): fix skb reference counting (bsc#1235134).
- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451).
- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).
- CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).
- CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
- CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).
- CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764).
- CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818).
- CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814).
- CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920).
- CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969).
The following non-security bugs were fixed:
- NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847).
- NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847).
- NFS: Improve heuristic for readdirplus (bsc#1231847).
- NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847).
- tipc: fix NULL deref in cleanup_bearer() (bsc#1235433).
- x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:588-1
Released: Wed Feb 19 08:30:14 2025
Summary: Security update for grub2
Type: security
Severity: important
References: 1233606,1233608,1233609,1233610,1233612,1233613,1233614,1233615,1233616,1233617,1234958,1236316,1236317,1237002,1237006,1237008,1237009,1237010,1237011,1237012,1237013,1237014,CVE-2024-45774,CVE-2024-45775,CVE-2024-45776,CVE-2024-45777,CVE-2024-45778,CVE-2024-45779,CVE-2024-45780,CVE-2024-45781,CVE-2024-45782,CVE-2024-45783,CVE-2024-56737,CVE-2025-0622,CVE-2025-0624,CVE-2025-0677,CVE-2025-0678,CVE-2025-0684,CVE-2025-0685,CVE-2025-0686,CVE-2025-0689,CVE-2025-0690,CVE-2025-1118,CVE-2025-1125
This update for grub2 fixes the following issues:
- CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617)
- CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958)
- CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615)
- CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614)
- CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616)
- CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609)
- CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610)
- CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612)
- CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613)
- CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable modules. (bsc#1233606)
- CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608)
- CVE-2025-0624: Fixed an out-of-bounds write during the network boot process. (bsc#1236316)
- CVE-2025-0622: Fixed a use-after-free when handling hooks during module unload in command/gpg . (bsc#1236317)
- CVE-2025-0690: Fixed an integer overflow that may lead to an out-of-bounds write through the read command.
(bsc#1237012)
- CVE-2025-1118: Fixed an issue where the dump command was not being blocked when grub was in lockdown mode.
(bsc#1237013)
- CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in ufs.
(bsc#1237002)
- CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in reiserfs.
(bsc#1237008)
- CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in jfs.
(bsc#1237009)
- CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in romfs.
(bsc#1237010)
- CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to arbitrary code execution. (bsc#1237011)
- CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds write in hfs. (bsc#1237014)
- CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds write in squash4. (bsc#1237006)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:605-1
Released: Thu Feb 20 15:42:48 2025
Summary: Security update for openssh
Type: security
Severity: moderate
References: 1237040,CVE-2025-26465
This update for openssh fixes the following issues:
- CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:611-1
Released: Fri Feb 21 11:36:56 2025
Summary: Security update for google-osconfig-agent
Type: security
Severity: important
References: 1236560,CVE-2024-45339
This update for google-osconfig-agent fixes the following issues:
- CVE-2024-45339: github.com/golang/glog: a privileged process' log file path can be easily predicted and used to
overwrite other sensitive files in a system. (bsc#1236560)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:678-1
Released: Mon Feb 24 11:59:54 2025
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: important
References: 1228434,1236384,1236820,1236939,1236983
This update for libzypp, zypper fixes the following issues:
- Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983)
- Drop zypp-CheckAccessDeleted in favor of 'zypper ps'
- Fix Repoverification plugin not being executed
- Refresh: Fetch the master index file before key and signature (bsc#1236820)
- Deprecate RepoReports we do not trigger
- Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939)
- New system-architecture command (bsc#1236384)
- Change versioncmp command to return exit code according to the comparison result
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:721-1
Released: Wed Feb 26 10:06:07 2025
Summary: Recommended update for open-iscsi
Type: recommended
Severity: moderate
References:
This update for open-iscsi fixes the following issues:
- Moved this patch upstream, so now it's part of the diff file
and is no longer needed here
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:724-1
Released: Wed Feb 26 14:30:20 2025
Summary: Security update for vim
Type: security
Severity: moderate
References: 1229685,1229822,1230078,1235695,1236151,1237137,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014
This update for vim fixes the following issues:
Update to version 9.1.1101:
- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).
- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).
- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).
- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode
(bsc#1235695).
- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).
- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:741-1
Released: Fri Feb 28 11:15:50 2025
Summary: Security update for procps
Type: security
Severity: important
References: 1214290,1236842,CVE-2023-4016
This update for procps fixes the following issues:
- Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid
argument has a leading space (bsc#1236842, bsc#1214290).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:748-1
Released: Fri Feb 28 17:14:02 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113
This update for libxml2 fixes the following issues:
- CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c
(bsc#1237363).
- CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370).
- CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:759-1
Released: Mon Mar 3 04:44:21 2025
Summary: Recommended update for google-guest-agent
Type: recommended
Severity: moderate
References: 1231775,1231776,1235664,1236403
This update for google-guest-agent fixes the following issues:
google-guest-agent was updated from version 20241011.01 to 20250116.00:
- Version 20250116.00 (bsc#1236403):
* Implemented support for vlan dynamic removal
* Update logging library
- Version 20241209.01 (bsc#1235664):
* Avoid changing permissions of directory if parent is `/`
* Fixed fallback from systemd-networkd to dhclient
* network: fixed nmcli check pattern
* network: force NetworkManager to connect to primary nic
* Updated metadata script runner to honor cloud logging config flag
* Updated README.md with note regarding the introduction of Agent Plugin Manager
- Version 20241018.01 (bsc#1231775, bsc#1231776):
* Implemented support for Agent Plugin Manager to manage plugins via
a systemd service file.
* documentation: Updated metadata script runner details
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:765-1
Released: Mon Mar 3 09:44:13 2025
Summary: Security update for gnutls
Type: security
Severity: moderate
References: 1236974,CVE-2024-12243
This update for gnutls fixes the following issues:
- CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:776-1
Released: Tue Mar 4 15:55:35 2025
Summary: Security update for docker
Type: security
Severity: moderate
References: 1234089,1237335,CVE-2024-29018
This update for docker fixes the following issues:
Update to Docker 27.5.1-ce (bsc#1237335):
- CVE-2024-29018: External DNS requests from 'internal' networks could lead to data exfiltration (bsc#1234089).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:830-1
Released: Tue Mar 11 09:55:10 2025
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References:
This update for timezone fixes the following issues:
- Update to 2025a:
* Paraguay adopts permanent -03 starting spring 2024
* Improve pre-1991 data for the Philippines
* Etc/Unknown is now reserved
* Improve historical data for Mexico, Mongolia, and Portugal
* System V names are now obsolescent
* The main data form now uses %z
* The code now conforms to RFC 8536 for early timestamps
* Support POSIX.1-2024, which removes asctime_r and ctime_r
* Assume POSIX.2-1992 or later for shell scripts
* SUPPORT_C89 now defaults to 1
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:835-1
Released: Tue Mar 11 11:57:43 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1208995,1220946,1224700,1225742,1232905,1232919,1234154,1234853,1234891,1234963,1235054,1235061,1235073,1236661,1236675,1236677,1236757,1236758,1236760,1236761,1237025,1237028,1237139,1237316,1237693,1238033,CVE-2022-49080,CVE-2023-1192,CVE-2023-52572,CVE-2024-35949,CVE-2024-50115,CVE-2024-50128,CVE-2024-53135,CVE-2024-53173,CVE-2024-53239,CVE-2024-56539,CVE-2024-56548,CVE-2024-56605,CVE-2024-57948,CVE-2025-21690,CVE-2025-21692,CVE-2025-21699
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).
- CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677).
- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139).
The following non-security bugs were fixed:
- idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316).
- ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).
- x86/kvm: fix is_stale_page_fault() (bsc#1236675).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:839-1
Released: Tue Mar 11 13:12:01 2025
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: important
References: 1189788,1216091,1236481,1237044
This update for libzypp, zypper fixes the following issues:
- Disable zypp.conf:download.use_deltarpm by default
Measurements show that you don't benefit from using deltarpms
unless your network connection is very slow. That's why most
distributions even stop offering deltarpms. The default remains
unchanged on SUSE-15.6 and older.
- Make sure repo variables are evaluated in the right context
(bsc#1237044)
- Introducing MediaCurl2 a alternative HTTP backend.
This patch adds MediaCurl2 as a testbed for experimenting with a
more simple way to download files. Set ZYPP_CURL2=1 in the
environment to use it.
- Filesystem usrmerge must not be done in singletrans mode
(bsc#1236481, bsc#1189788)
- Commit will amend the backend in case the transaction would
perform a filesystem usrmerge.
- Workaround bsc#1216091 on Code16.
- Annonunce --root in commands not launching a Target
(bsc#1237044)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:931-1
Released: Wed Mar 19 11:06:47 2025
Summary: Recommended update for grub2
Type: recommended
Severity: important
References: 1237865
This update for grub2 fixes the following issues:
- Fix zfs.mo not found message when booting on legacy BIOS (bsc#1237865)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:998-1
Released: Tue Mar 25 03:07:02 2025
Summary: Security update for freetype2
Type: security
Severity: important
References: 1239465,CVE-2025-27363
This update for freetype2 fixes the following issues:
- CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font
subglyph structures related to TrueType GX and variable font files (bsc#1239465).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1005-1
Released: Tue Mar 25 09:43:18 2025
Summary: Security update for google-guest-agent
Type: security
Severity: important
References: 1239197,CVE-2025-22868
This update for google-guest-agent fixes the following issues:
- CVE-2025-22868: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239197)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1006-1
Released: Tue Mar 25 09:43:55 2025
Summary: Security update for google-osconfig-agent
Type: security
Severity: important
References: 1239197,CVE-2025-22868
This update for google-osconfig-agent fixes the following issues:
- CVE-2025-22868: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239197)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1027-1
Released: Wed Mar 26 13:11:35 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1065729,1180814,1183682,1190336,1190768,1190786,1193629,1194869,1194904,1195823,1196444,1197158,1197174,1197246,1197302,1197331,1197472,1197661,1197926,1198019,1198021,1198240,1198577,1198660,1199657,1200045,1200571,1200807,1200809,1200810,1200824,1200825,1200871,1200872,1201193,1201218,1201323,1201381,1201610,1202672,1202711,1202712,1202771,1202774,1202778,1202781,1203699,1203769,1204171,1206048,1206049,1207593,1207640,1210050,1211263,1217339,1228483,1228708,1228779,1228966,1237521,1237718,1237721,1237722,1237723,1237724,1237725,1237726,1237727,1237728,1237729,1237734,1237735,1237736,1237737,1237738,1237739,1237740,1237742,1237743,1237745,1237746,1237748,1237751,1237752,1237753,1237755,1237759,1237761,1237763,1237766,1237767,1237768,1237774,1237775,1237778,1237779,1237780,1237782,1237783,1237784,1237785,1237786,1237787,1237788,1237789,1237795,1237797,1237798,1237807,1237808,1237810,1237812,1237813,1237814,1237815,1237817,1237818,1237821,1237823,1237824,1237826,1237827,1
237829,1237831,1237835,1237836,1237837,1237839,1237840,1237845,1237846,1237868,1237872,1237892,1237903,1237904,1237916,1237922,1237925,1237926,1237929,1237931,1237932,1237933,1237937,1237939,1237940,1237941,1237942,1237946,1237951,1237952,1237954,1237955,1237957,1237958,1237959,1237960,1237961,1237963,1237965,1237966,1237967,1237968,1237969,1237970,1237971,1237973,1237975,1237976,1237978,1237979,1237983,1237984,1237986,1237987,1237990,1237996,1237997,1237998,1237999,1238000,1238003,1238006,1238007,1238010,1238011,1238012,1238013,1238014,1238016,1238017,1238018,1238019,1238021,1238022,1238024,1238030,1238036,1238037,1238041,1238046,1238047,1238071,1238077,1238079,1238080,1238089,1238090,1238091,1238092,1238096,1238097,1238099,1238103,1238105,1238106,1238108,1238110,1238111,1238112,1238113,1238115,1238116,1238120,1238123,1238125,1238126,1238127,1238131,1238134,1238135,1238138,1238139,1238140,1238142,1238144,1238146,1238147,1238149,1238150,1238155,1238156,1238157,1238158,1238162,123816
6,1238167,1238168,1238169,1238170,1238171,1238172,1238175,1238176,1238177,1238180,1238181,1238183,1238184,1238228,1238229,1238231,1238234,1238235,1238236,1238238,1238239,1238241,1238242,1238243,1238244,1238246,1238247,1238248,1238249,1238253,1238255,1238256,1238257,1238260,1238262,1238263,1238264,1238266,1238267,1238268,1238269,1238270,1238271,1238272,1238274,1238275,1238276,1238277,1238278,1238279,1238281,1238282,1238283,1238284,1238286,1238287,1238288,1238289,1238292,1238293,1238295,1238298,1238301,1238302,1238306,1238307,1238308,1238309,1238311,1238313,1238326,1238327,1238328,1238331,1238333,1238334,1238336,1238337,1238338,1238339,1238343,1238345,1238372,1238373,1238374,1238376,1238377,1238381,1238382,1238383,1238386,1238387,1238388,1238389,1238390,1238391,1238392,1238393,1238394,1238395,1238396,1238397,1238400,1238410,1238411,1238413,1238415,1238416,1238417,1238418,1238419,1238420,1238423,1238428,1238429,1238430,1238431,1238432,1238433,1238434,1238435,1238436,1238437,1238440,123
8441,1238442,1238443,1238444,1238445,1238446,1238447,1238453,1238454,1238458,1238459,1238462,1238463,1238465,1238467,1238469,1238533,1238536,1238538,1238539,1238540,1238543,1238545,1238546,1238556,1238557,1238599,1238600,1238601,1238602,1238605,1238612,1238615,1238617,1238618,1238619,1238621,1238623,1238625,1238626,1238630,1238631,1238632,1238633,1238635,1238636,1238638,1238639,1238640,1238641,1238642,1238643,1238645,1238646,1238647,1238650,1238653,1238654,1238655,1238662,1238663,1238664,1238666,1238668,1238705,1238707,1238710,1238712,1238718,1238719,1238721,1238722,1238727,1238729,1238750,1238787,1238789,1238792,1238799,1238804,1238805,1238808,1238809,1238811,1238814,1238815,1238816,1238817,1238818,1238819,1238821,1238823,1238825,1238830,1238834,1238835,1238836,1238838,1238867,1238868,1238869,1238870,1238871,1238878,1238889,1238892,1238893,1238897,1238898,1238899,1238902,1238916,1238925,1238930,1238933,1238936,1238937,1238938,1238939,1238943,1238945,1238948,1238949,1238950,1238951,
1238952,1238954,1238956,1238957,1239001,1239004,1239035,1239040,1239041,1239051,1239060,1239070,1239071,1239073,1239076,1239109,1239115,CVE-2021-4453,CVE-2021-47631,CVE-2021-47632,CVE-2021-47633,CVE-2021-47635,CVE-2021-47636,CVE-2021-47637,CVE-2021-47638,CVE-2021-47639,CVE-2021-47641,CVE-2021-47642,CVE-2021-47643,CVE-2021-47644,CVE-2021-47645,CVE-2021-47646,CVE-2021-47647,CVE-2021-47648,CVE-2021-47649,CVE-2021-47650,CVE-2021-47651,CVE-2021-47652,CVE-2021-47653,CVE-2021-47654,CVE-2021-47656,CVE-2021-47657,CVE-2021-47659,CVE-2022-0168,CVE-2022-0995,CVE-2022-1048,CVE-2022-1184,CVE-2022-2977,CVE-2022-29900,CVE-2022-29901,CVE-2022-3303,CVE-2022-3435,CVE-2022-49044,CVE-2022-49050,CVE-2022-49051,CVE-2022-49054,CVE-2022-49055,CVE-2022-49058,CVE-2022-49059,CVE-2022-49060,CVE-2022-49061,CVE-2022-49063,CVE-2022-49065,CVE-2022-49066,CVE-2022-49073,CVE-2022-49074,CVE-2022-49076,CVE-2022-49078,CVE-2022-49082,CVE-2022-49083,CVE-2022-49084,CVE-2022-49085,CVE-2022-49086,CVE-2022-49088,CVE-2022-49089
,CVE-2022-49090,CVE-2022-49091,CVE-2022-49092,CVE-2022-49093,CVE-2022-49095,CVE-2022-49096,CVE-2022-49097,CVE-2022-49098,CVE-2022-49099,CVE-2022-49100,CVE-2022-49102,CVE-2022-49103,CVE-2022-49104,CVE-2022-49105,CVE-2022-49106,CVE-2022-49107,CVE-2022-49109,CVE-2022-49111,CVE-2022-49112,CVE-2022-49113,CVE-2022-49114,CVE-2022-49115,CVE-2022-49116,CVE-2022-49118,CVE-2022-49119,CVE-2022-49120,CVE-2022-49121,CVE-2022-49122,CVE-2022-49126,CVE-2022-49128,CVE-2022-49129,CVE-2022-49130,CVE-2022-49131,CVE-2022-49132,CVE-2022-49135,CVE-2022-49137,CVE-2022-49145,CVE-2022-49147,CVE-2022-49148,CVE-2022-49151,CVE-2022-49153,CVE-2022-49154,CVE-2022-49155,CVE-2022-49156,CVE-2022-49157,CVE-2022-49158,CVE-2022-49159,CVE-2022-49160,CVE-2022-49162,CVE-2022-49163,CVE-2022-49164,CVE-2022-49165,CVE-2022-49174,CVE-2022-49175,CVE-2022-49176,CVE-2022-49177,CVE-2022-49179,CVE-2022-49180,CVE-2022-49182,CVE-2022-49185,CVE-2022-49187,CVE-2022-49188,CVE-2022-49189,CVE-2022-49193,CVE-2022-49194,CVE-2022-49196,CVE-20
22-49199,CVE-2022-49200,CVE-2022-49201,CVE-2022-49206,CVE-2022-49208,CVE-2022-49212,CVE-2022-49213,CVE-2022-49214,CVE-2022-49216,CVE-2022-49217,CVE-2022-49218,CVE-2022-49221,CVE-2022-49222,CVE-2022-49224,CVE-2022-49226,CVE-2022-49227,CVE-2022-49232,CVE-2022-49235,CVE-2022-49236,CVE-2022-49239,CVE-2022-49241,CVE-2022-49242,CVE-2022-49243,CVE-2022-49244,CVE-2022-49246,CVE-2022-49247,CVE-2022-49248,CVE-2022-49249,CVE-2022-49250,CVE-2022-49251,CVE-2022-49252,CVE-2022-49253,CVE-2022-49254,CVE-2022-49256,CVE-2022-49257,CVE-2022-49258,CVE-2022-49259,CVE-2022-49260,CVE-2022-49261,CVE-2022-49262,CVE-2022-49263,CVE-2022-49264,CVE-2022-49265,CVE-2022-49266,CVE-2022-49268,CVE-2022-49269,CVE-2022-49270,CVE-2022-49271,CVE-2022-49272,CVE-2022-49273,CVE-2022-49274,CVE-2022-49275,CVE-2022-49276,CVE-2022-49277,CVE-2022-49278,CVE-2022-49279,CVE-2022-49280,CVE-2022-49281,CVE-2022-49283,CVE-2022-49285,CVE-2022-49286,CVE-2022-49287,CVE-2022-49288,CVE-2022-49290,CVE-2022-49291,CVE-2022-49292,CVE-2022-4929
4,CVE-2022-49295,CVE-2022-49297,CVE-2022-49298,CVE-2022-49299,CVE-2022-49300,CVE-2022-49301,CVE-2022-49302,CVE-2022-49304,CVE-2022-49305,CVE-2022-49307,CVE-2022-49308,CVE-2022-49309,CVE-2022-49310,CVE-2022-49311,CVE-2022-49312,CVE-2022-49313,CVE-2022-49314,CVE-2022-49315,CVE-2022-49316,CVE-2022-49319,CVE-2022-49320,CVE-2022-49321,CVE-2022-49322,CVE-2022-49323,CVE-2022-49326,CVE-2022-49327,CVE-2022-49328,CVE-2022-49331,CVE-2022-49332,CVE-2022-49335,CVE-2022-49336,CVE-2022-49337,CVE-2022-49339,CVE-2022-49341,CVE-2022-49342,CVE-2022-49343,CVE-2022-49345,CVE-2022-49346,CVE-2022-49347,CVE-2022-49348,CVE-2022-49349,CVE-2022-49350,CVE-2022-49351,CVE-2022-49352,CVE-2022-49354,CVE-2022-49356,CVE-2022-49357,CVE-2022-49367,CVE-2022-49368,CVE-2022-49370,CVE-2022-49371,CVE-2022-49373,CVE-2022-49375,CVE-2022-49376,CVE-2022-49377,CVE-2022-49378,CVE-2022-49379,CVE-2022-49381,CVE-2022-49382,CVE-2022-49384,CVE-2022-49385,CVE-2022-49386,CVE-2022-49389,CVE-2022-49392,CVE-2022-49394,CVE-2022-49396,CVE-2
022-49397,CVE-2022-49398,CVE-2022-49399,CVE-2022-49400,CVE-2022-49402,CVE-2022-49404,CVE-2022-49407,CVE-2022-49409,CVE-2022-49410,CVE-2022-49411,CVE-2022-49412,CVE-2022-49413,CVE-2022-49414,CVE-2022-49416,CVE-2022-49418,CVE-2022-49421,CVE-2022-49422,CVE-2022-49424,CVE-2022-49426,CVE-2022-49427,CVE-2022-49429,CVE-2022-49430,CVE-2022-49431,CVE-2022-49432,CVE-2022-49433,CVE-2022-49434,CVE-2022-49435,CVE-2022-49437,CVE-2022-49438,CVE-2022-49440,CVE-2022-49441,CVE-2022-49442,CVE-2022-49443,CVE-2022-49444,CVE-2022-49445,CVE-2022-49447,CVE-2022-49448,CVE-2022-49449,CVE-2022-49451,CVE-2022-49453,CVE-2022-49455,CVE-2022-49459,CVE-2022-49460,CVE-2022-49462,CVE-2022-49463,CVE-2022-49466,CVE-2022-49467,CVE-2022-49468,CVE-2022-49472,CVE-2022-49473,CVE-2022-49474,CVE-2022-49475,CVE-2022-49477,CVE-2022-49478,CVE-2022-49480,CVE-2022-49481,CVE-2022-49482,CVE-2022-49486,CVE-2022-49487,CVE-2022-49488,CVE-2022-49489,CVE-2022-49490,CVE-2022-49491,CVE-2022-49492,CVE-2022-49493,CVE-2022-49494,CVE-2022-494
95,CVE-2022-49498,CVE-2022-49501,CVE-2022-49502,CVE-2022-49503,CVE-2022-49504,CVE-2022-49505,CVE-2022-49506,CVE-2022-49507,CVE-2022-49508,CVE-2022-49509,CVE-2022-49512,CVE-2022-49514,CVE-2022-49515,CVE-2022-49517,CVE-2022-49519,CVE-2022-49520,CVE-2022-49521,CVE-2022-49522,CVE-2022-49523,CVE-2022-49524,CVE-2022-49525,CVE-2022-49526,CVE-2022-49527,CVE-2022-49532,CVE-2022-49534,CVE-2022-49535,CVE-2022-49536,CVE-2022-49537,CVE-2022-49541,CVE-2022-49542,CVE-2022-49544,CVE-2022-49545,CVE-2022-49546,CVE-2022-49549,CVE-2022-49551,CVE-2022-49555,CVE-2022-49556,CVE-2022-49559,CVE-2022-49562,CVE-2022-49563,CVE-2022-49564,CVE-2022-49566,CVE-2022-49568,CVE-2022-49569,CVE-2022-49570,CVE-2022-49579,CVE-2022-49581,CVE-2022-49583,CVE-2022-49584,CVE-2022-49591,CVE-2022-49592,CVE-2022-49603,CVE-2022-49605,CVE-2022-49606,CVE-2022-49607,CVE-2022-49609,CVE-2022-49610,CVE-2022-49611,CVE-2022-49613,CVE-2022-49615,CVE-2022-49616,CVE-2022-49617,CVE-2022-49618,CVE-2022-49621,CVE-2022-49623,CVE-2022-49625,CVE-
2022-49626,CVE-2022-49627,CVE-2022-49628,CVE-2022-49631,CVE-2022-49634,CVE-2022-49640,CVE-2022-49641,CVE-2022-49642,CVE-2022-49643,CVE-2022-49644,CVE-2022-49645,CVE-2022-49646,CVE-2022-49647,CVE-2022-49648,CVE-2022-49649,CVE-2022-49652,CVE-2022-49653,CVE-2022-49656,CVE-2022-49657,CVE-2022-49661,CVE-2022-49663,CVE-2022-49665,CVE-2022-49667,CVE-2022-49668,CVE-2022-49670,CVE-2022-49671,CVE-2022-49672,CVE-2022-49673,CVE-2022-49674,CVE-2022-49675,CVE-2022-49676,CVE-2022-49677,CVE-2022-49678,CVE-2022-49679,CVE-2022-49680,CVE-2022-49683,CVE-2022-49685,CVE-2022-49687,CVE-2022-49688,CVE-2022-49693,CVE-2022-49695,CVE-2022-49699,CVE-2022-49700,CVE-2022-49701,CVE-2022-49703,CVE-2022-49704,CVE-2022-49705,CVE-2022-49707,CVE-2022-49708,CVE-2022-49710,CVE-2022-49711,CVE-2022-49712,CVE-2022-49713,CVE-2022-49714,CVE-2022-49715,CVE-2022-49716,CVE-2022-49719,CVE-2022-49720,CVE-2022-49721,CVE-2022-49722,CVE-2022-49723,CVE-2022-49724,CVE-2022-49725,CVE-2022-49726,CVE-2022-49729,CVE-2022-49730,CVE-2022-49
731,CVE-2022-49733,CVE-2023-28410,CVE-2024-2201,CVE-2024-41092,CVE-2024-42098,CVE-2024-42229,CVE-2024-42240,CVE-2024-57996,CVE-2024-58014,CVE-2025-21718,CVE-2025-21780
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-41092: drm/i915/gt: Fix potential UAF by revoke of fence registers (bsc#1228483).
- CVE-2024-42098: crypto: ecdh - explicitly zeroize private_key (bsc#1228779).
- CVE-2024-42229: crypto: aead,cipher - zeroize key buffer after use (bsc#1228708).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109).
- CVE-2025-21718: net: rose: fix timer races against user threads (bsc#1239073).
- CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115).
The following non-security bugs were fixed:
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
- x86/bugs: Fix BHI documentation (git-fixes).
- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
- x86/bugs: Fix BHI retpoline check (git-fixes).
- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1035-1
Released: Thu Mar 27 10:34:01 2025
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1236779,1237294
This update for suse-build-key fixes the following issues:
- Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use
SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321)
- gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc
- gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc
- suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1056-1
Released: Fri Mar 28 18:06:22 2025
Summary: Security update for python3
Type: security
Severity: moderate
References: 1233307,CVE-2024-11168
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1062-1
Released: Mon Mar 31 10:45:08 2025
Summary: Security update for docker, docker-stable
Type: security
Severity: important
References: 1237367,1239185,1239322,CVE-2024-23650,CVE-2024-29018,CVE-2024-41110,CVE-2025-22868,CVE-2025-22869
This update for docker, docker-stable fixes the following issues:
- CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239185).
- CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322).
Other fixes:
- Make container-selinux requirement conditional on selinux-policy (bsc#1237367)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1130-1
Released: Thu Apr 3 15:08:55 2025
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: important
References: 1234798,1240009,1240343
This update for ca-certificates-mozilla fixes the following issues:
Update to 2.74 state of Mozilla SSL root CAs:
- Removed:
* SwissSign Silver CA - G2
- Added:
* D-TRUST BR Root CA 2 2023
* D-TRUST EV Root CA 2 2023
Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798):
- Removed:
* SecureSign RootCA11
* Security Communication RootCA3
- Added:
* TWCA CYBER Root CA
* TWCA Global Root CA G2
* SecureSign Root CA12
* SecureSign Root CA14
* SecureSign Root CA15
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1143-1
Released: Fri Apr 4 15:31:17 2025
Summary: Security update for google-guest-agent
Type: security
Severity: important
References: 1234563,1239763,1239866,CVE-2024-45337
This update for google-guest-agent fixes the following issues:
- CVE-2024-45337: golang.org/x/crypto/ssh: Fixed misuse of ServerConfig.PublicKeyCallback leading to authorization bypass (bsc#1234563).
Other fixes:
- Updated to version 20250327.01 (bsc#1239763, bsc#1239866)
* Remove error messages from gce_workload_cert_refresh and
metadata script runner (#527)
- from version 20250327.00
* Update guest-logging-go dependency (#526)
* Add 'created-by' metadata, and pass it as option to logging library (#508)
* Revert 'oslogin: Correctly handle newlines at the end of
modified files (#520)' (#523)
* Re-enable disabled services if the core plugin was enabled (#522)
* Enable guest services on package upgrade (#519)
* oslogin: Correctly handle newlines at the end of modified files (#520)
* Fix core plugin path (#518)
* Fix package build issues (#517)
* Fix dependencies ran go mod tidy -v (#515)
* Fix debian build path (#514)
* Bundle compat metadata script runner binary in package (#513)
* Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
* Update startup/shutdown services to launch compat manager (#503)
* Bundle new gce metadata script runner binary in agent package (#502)
* Revert 'Revert bundling new binaries in the package (#509)' (#511)
- from version 20250326.00
* Re-enable disabled services if the core plugin was enabled (#521)
- from version 20250324.00
* Enable guest services on package upgrade (#519)
* oslogin: Correctly handle newlines at the end of modified files (#520)
* Fix core plugin path (#518)
* Fix package build issues (#517)
* Fix dependencies ran go mod tidy -v (#515)
* Fix debian build path (#514)
* Bundle compat metadata script runner binary in package (#513)
* Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
* Update startup/shutdown services to launch compat manager (#503)
* Bundle new gce metadata script runner binary in agent package (#502)
* Revert 'Revert bundling new binaries in the package (#509)' (#511)
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- from version 20250317.00
* Revert 'Revert bundling new binaries in the package (#509)' (#511)
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- from version 20250312.00
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Update crypto library to fix CVE-2024-45337 (#499)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- from version 20250305.00
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- from version 20250304.01
* Fix typo in windows build script (#501)
- from version 20250214.01
* Include core plugin binary for all packages (#500)
- from version 20250214.00
* Update crypto library to fix CVE-2024-45337 (#499)
- from version 20250212.00
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
- from version 20250211.00
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- from version 20250207.00
* vlan: toggle vlan configuration in debian packaging (#495)
* vlan: move config out of unstable section (#494)
* Add clarification to comments regarding invalid NICs and the
`invalid` tag. (#493)
* Include interfaces in lists even if it has an invalid MAC. (#489)
* Fix windows package build failures (#491)
* vlan: don't index based on the vlan ID (#486)
* Revert PR #482 (#488)
* Remove Amy and Zach from OWNERS (#487)
* Skip interfaces in interfaceNames() instead of erroring if there is an (#482)
* Fix Debian packaging if guest agent manager is not checked out (#485)
- from version 20250204.02
* force concourse to move version forward.
- from version 20250204.01
* vlan: toggle vlan configuration in debian packaging (#495)
- from version 20250204.00
* vlan: move config out of unstable section (#494)
* Add clarification to comments regarding invalid NICs and the
`invalid` tag. (#493)
- from version 20250203.01
* Include interfaces in lists even if it has an invalid MAC. (#489)
- from version 20250203.00
* Fix windows package build failures (#491)
* vlan: don't index based on the vlan ID (#486)
* Revert PR #482 (#488)
* Remove Amy and Zach from OWNERS (#487)
* Skip interfaces in interfaceNames() instead of erroring if there is an (#482)
* Fix Debian packaging if guest agent manager is not checked out (#485)
- from version 20250122.00
* networkd(vlan): remove the interface in addition to config (#468)
* Implement support for vlan dynamic removal, update dhclient to
remove only if configured (#465)
* Update logging library (#479)
* Remove Pat from owners file. (#478)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1160-1
Released: Mon Apr 7 17:28:43 2025
Summary: Recommended update for vim
Type: recommended
Severity: moderate
References: 1235751
vim was updated to 9.1.1176.
Changes:
* wrong indent when expanding multiple lines
* inconsistent behaviour with exclusive selection and motion commands
* filetype: ABNF files are not detected
* [security]: overflow with 'nostartofline' and Ex command in tag file
* wildmenu highlighting in popup can be improved
* using global variable for get_insert()/get_lambda_name()
* wrong flags passed down to nextwild()
* mark '] wrong after copying text object
* command-line auto-completion hard with wildmenu
* diff: regression with multi-file diff blocks
* [security]: code execution with tar.vim and special crafted tar files
* $MYVIMDIR is set too late
* completion popup not cleared in cmdline
* preinsert requires bot 'menu' and 'menuone' to be set
* Ctrl-Y does not work well with 'preinsert' when completing items
* $MYVIMDIR may not always be set
* :verbose set has wrong file name with :compiler!
* command completion wrong for input()
* Mode message not cleared after :silent message
* Vim9: not able to use autoload class accross scripts
* build error on Haiku
* Patch v9.1.1151 causes problems
* too many strlen() calls in getchar.c
* :hi completion may complete to wrong value
* Unix Makefile does not support Brazilian lang for the installer
* Vim9: finding imported scripts can be further improved
* preview-window does not scroll correctly
* Vim9: wrong context being used when evaluating class member
* multi-line completion has wrong indentation for last line
* no way to create raw strings from a blob
* illegal memory access when putting a register
* Misplaced comment in readfile()
* filetype: m17ndb files are not detected
* [fifo] is not displayed when editing a fifo
* cmdline completion for :hi is too simplistic
* ins_str() is inefficient by calling STRLEN()
* Match highlighting marks a buffer region as changed
* 'suffixesadd' doesn't work with multiple items
* filetype: Guile init file not recognized
* filetype: xkb files not recognized everywhere
* Mark positions wrong after triggering multiline completion
* potential out-of-memory issue in search.c
* 'listchars' 'precedes' is not drawn on Tabs.
* missing out-of-memory test in buf_write()
* patch 9.1.1119 caused a regression with imports
* preinsert text is not cleaned up correctly
* patch 9.1.1121 used a wrong way to handle enter
* cannot loop through pum menu with multiline items
* No test for 'listchars' 'precedes' with double-width char
* popup hi groups not falling back to defaults
* too many strlen() calls in findfile.c
* Enter does not insert newline with 'noselect'
* Vim9: Not able to use an autoloaded class from another autoloaded script
* Vim9: super not supported in lambda expressions
* [security]: use-after-free in str_to_reg()
* enabling termguicolors automatically confuses users
* Inconsistencies in get_next_or_prev_match()
* Vim9: variable not found in transitive import
* cmdexpand.c hard to read
* 'smoothscroll' gets stuck with 'listchars' 'eol'
* cannot loop through completion menu with fuzzy
* Vim9: no support for protected new() method
* CI: using Ubuntu 22.04 Github runners
* if_perl: still some compile errors with Perl 5.38
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1191-1
Released: Thu Apr 10 06:57:45 2025
Summary: Recommended update for supportutils
Type: recommended
Severity: moderate
References: 1183663,1193173,1211547,1213291,1214713,1216049,1216146,1216147,1216150,1216151,1216228,1216229,1216230,1216231,1216232,1216233,1216241,1216388,1216522,1216827,1217287,1218201,1218282,1218324,1218812,1218814,1219241,1219639,1222021,1222650,1222896,1227127,1228265,1230371,1231396,1231423,1231838,1233726
This update for supportutils fixes the following issues:
- Version update 3.2.10, bugfixing.
+ Collect firewalld configuration
+ Ignore tasks/threads to prevent collecting duplicate data (bsc#1230371).
+ openldap2_5 support for SLES (bsc#1231838).
+ Added dbus_info for dbus.txt (bsc#1222650).
+ Map running PIDs to RPM package owner aiding BPF program detection (bsc#1222896, bsc#1213291, PED-8221).
+ Corrected display issues (bsc#1231396, bsc#1217287).
+ NFS takes too long, showmount times out (bsc#1231423).
+ Merged sle15 and master branches (bsc#1233726, PED-11669).
+ Extended scaling for performance (bsc#1214713).
+ Corrected SLE Micro version (bsc#1219241).
+ Check nvidida-persistenced state (bsc#1219639).
+ Corrected podman .ID error (bsc#1218812).
+ Remove duplicate non-root podman users (bsc#1218814).
+ Fixed smart disk error (bsc#1218282).
+ Fixed ipvsadm logic error (bsc#1218324).
+ Correctly detects Xen Dom0 (bsc#1218201).
+ Inhibit the conversion of port numbers to port names for network files.
+ powerpc: collect rtas_errd.log and lp_diag.log log files.
+ Get list of pam.d files.
+ Provides long listing for /etc/sssd/sssd.conf (bsc#1211547).
+ Optimize lsof usage (bsc#1183663).
+ Added mokutil commands for secureboot.
+ ipset - List entries for all sets.
+ Added nvme-stas configuration to nvme.txt (bsc#1216049).
+ Collects zypp history file (bsc#1216522).
+ Collect HA related rpm package versions in ha.txt
+ Change -x OPTION to really be exclude only
+ Fixed kernel and added user live patching (PED-4524).
+ Fixed plugins creating empty files (bsc#1216388).
+ Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173).
+ Added supportutils to current (PED-4456).
+ Changed config directory to /etc/supportutuils for all conf and header.txt (bsc#1216232).
+ Fixed supportconfig using external test command (bsc#1216150) and kdump,
analyzevmcore errors (bsc#1216146).
+ Support has been removed for scplugin.rc, use supportconfig.rc (bsc#1216241).
+ Remove check_service function from supportconfig.rc (bsc#1216231).
+ Removed older versions of SLES_VER (bsc#1216147).
+ Added timed command to fs-files.txt (bsc#1216827).
+ Cron and At are replaced with systemd.timer (bsc#1216229).
+ Offers apparmor or selinux based on configuration (bsc#1216233).
+ Filted proc access errors (bsc#1216151).
+ Remove all SuSE-release references (bsc#1216228).
+ Remove references to /etc/init.d (bsc#1216230).
+ Add capability in supportconfig to insert configs in summary.xml from command line option (bsc#1222021).
+ file sanitizing improvement request for boot (bsc#1227127).
+ Add 'read_values -s' output to supportconfig on s390x (bsc#1228265).
+ Usability enhancement for supportconfig (PED-8211).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1192-1
Released: Thu Apr 10 08:40:02 2025
Summary: Recommended update for hwinfo
Type: recommended
Severity: moderate
References: 1223330,1239663
This update for hwinfo fixes the following issues:
- Avoid reporting of spurious usb storage devices (bsc#1223330)
- Do not overdo usb device de-duplication (bsc#1239663)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1193-1
Released: Thu Apr 10 10:01:36 2025
Summary: Security update for apparmor
Type: security
Severity: moderate
References: 1234452
This update for apparmor fixes the following issue:
- Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1195-1
Released: Thu Apr 10 15:47:35 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1193629,1197227,1207034,1207186,1207878,1209262,1209547,1209788,1210647,1213167,1225742,1231375,1233479,1233557,1233558,1234464,1235528,1237029,1237530,1237875,1237877,1237890,1237918,1238911,1238919,1239016,1239036,1239061,1239126,1239452,1239454,1239968,1239969,1240133,1240195,1240205,1240207,1240208,1240210,1240212,1240213,1240218,1240220,1240227,1240229,1240231,1240242,1240245,1240247,1240250,1240254,1240256,1240264,1240266,1240272,1240275,1240276,1240278,1240279,1240280,1240281,1240282,1240283,1240284,1240286,1240288,1240290,1240292,1240293,1240297,1240304,1240308,1240309,1240317,1240318,1240322,CVE-2017-5753,CVE-2021-4454,CVE-2022-1016,CVE-2022-49053,CVE-2022-49293,CVE-2022-49465,CVE-2022-49650,CVE-2022-49739,CVE-2022-49746,CVE-2022-49748,CVE-2022-49751,CVE-2022-49753,CVE-2022-49755,CVE-2022-49759,CVE-2023-0179,CVE-2023-1652,CVE-2023-2162,CVE-2023-3567,CVE-2023-52930,CVE-2023-52933,CVE-2023-52935,CVE-2023-52939,CVE-2023-52941,CVE-2023-52973,CVE-2023-52974,CVE-2023-
52975,CVE-2023-52976,CVE-2023-52979,CVE-2023-52983,CVE-2023-52984,CVE-2023-52988,CVE-2023-52989,CVE-2023-52992,CVE-2023-52993,CVE-2023-53000,CVE-2023-53005,CVE-2023-53006,CVE-2023-53007,CVE-2023-53008,CVE-2023-53010,CVE-2023-53015,CVE-2023-53016,CVE-2023-53019,CVE-2023-53023,CVE-2023-53024,CVE-2023-53025,CVE-2023-53026,CVE-2023-53028,CVE-2023-53029,CVE-2023-53030,CVE-2023-53033,CVE-2024-50290,CVE-2024-53063,CVE-2024-53064,CVE-2024-56651,CVE-2024-58083,CVE-2025-21693,CVE-2025-21714,CVE-2025-21732,CVE-2025-21753,CVE-2025-21772,CVE-2025-21839
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918).
- CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919).
- CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207).
- CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
- CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528).
- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21714: RDMA/mlx5: Fix implicit ODP use after free (bsc#1237890).
- CVE-2025-21732: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (bsc#1237877).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
- CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911).
The following non-security bugs were fixed:
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing (bsc#1239016).
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- btrfs: defrag: do not use merged extent map for their generation check (bsc#1239968).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1239968).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1239968).
- btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969).
- btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969).
- gfs2: Fix inode height consistency check (git-fixes).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (bsc#1239126).
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (bsc#1240195).
- net: mana: Support holes in device list reply msg (bsc#1240133).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1201-1
Released: Fri Apr 11 12:15:58 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1239618,CVE-2024-8176
This update for expat fixes the following issues:
- CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused
by stack overflow by resolving use of recursion (bsc#1239618)
Other fixes:
- version update to 2.7.1 (jsc#PED-12500)
Bug fixes:
#980 #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
#976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}'
with Automake that were missing from 2.7.0 release tarballs
#983 #984 Fix printf format specifiers for 32bit Emscripten
#992 docs: Promote OpenSSF Best Practices self-certification
#978 tests/benchmark: Resolve mistaken double close
#986 Address compiler warnings
#990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
#982 CI: Start running Perl XML::Parser integration tests
#987 CI: Enforce Clang Static Analyzer clean code
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
#981 CI: Cover compilation with musl
#983 #984 CI: Cover compilation with 32bit Emscripten
#976 #977 CI: Protect against fuzzer files missing from future
release archives
- version update to 2.7.0
#935 #937 Autotools: Make generated CMake files look for
libexpat. at SO_MAJOR@.dylib on macOS
#925 Autotools: Sync CMake templates with CMake 3.29
#945 #962 #966 CMake: Drop support for CMake <3.13
#942 CMake: Small fuzzing related improvements
#921 docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
#941 docs: Document need for C++11 compiler for use from C++
#959 tests/benchmark: Fix a (harmless) TOCTTOU
#944 Windows: Fix installer target location of file xmlwf.xml
for CMake
#953 Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
#971 Address Cppcheck warnings
#969 #970 Mass-migrate links from http:// to https://
#947 #958 ..
#974 #975 Document changes since the previous release
#974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1217-1
Released: Sun Apr 13 12:16:40 2025
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: important
References: 1240343
This update for ca-certificates-mozilla fixes the following issues:
- Reenable the distrusted certs for now. as these only
distrust 'new issued' certs starting after a certain date,
while old certs should still work. (bsc#1240343)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1242-1
Released: Mon Apr 14 12:43:18 2025
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1235481,1236033
This update for aaa_base fixes the following issues:
- SP6 logrotate and rcsyslog binary (bsc#1236033)
- Update detection for systemd in rc.status
- Mountpoint for cgroup changed with cgroup2
- If a user switches the login shell respect the already set PATH
environment (bsc#1235481)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1292-1
Released: Wed Apr 16 09:49:17 2025
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References:
This update for timezone fixes the following issues:
- Version update 2025b
* New zone for Aysen Region in Chile (America/Coyhaique) which
moves from -04/-03 to -03
- Refresh patches for philippines historical data and china tzdata
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1334-1
Released: Thu Apr 17 09:03:05 2025
Summary: Security update for pam
Type: security
Severity: moderate
References: 1232234,CVE-2024-10041
This update for pam fixes the following issues:
- CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1345-1
Released: Thu Apr 17 17:14:27 2025
Summary: Security update for containerd
Type: security
Severity: moderate
References: 1239749,CVE-2024-40635
This update for containerd fixes the following issues:
- CVE-2024-40635: Fixed integer overflow in User ID handling (bsc#1239749)
Other fixes:
- Update to containerd v1.7.27.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1354-1
Released: Tue Apr 22 05:14:53 2025
Summary: Recommended update for iproute2
Type: recommended
Severity: moderate
References: 1234383
This update for iproute2 fixes the following issues:
- Avoid false cgroup warnings (bsc#1234383)
-----------------------------------------------------------------
Advisory ID: 38402
Released: Fri Apr 25 11:05:30 2025
Summary: Recommended update for freetype2
Type: recommended
Severity: important
References:
This update for freetype2 fixes the following issue:
- enable brotli support (jsc#PED-12258)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1381-1
Released: Mon Apr 28 09:37:03 2025
Summary: Security update for cifs-utils
Type: security
Severity: moderate
References: 1239680,CVE-2025-2312
This update for cifs-utils fixes the following issues:
- CVE-2025-2312: Fixed cifs.upcall making an upcall to the wrong
namespace in containerized environments while trying to get Kerberos
credentials (bsc#1239680)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1413-1
Released: Wed Apr 30 08:59:04 2025
Summary: Security update for augeas
Type: security
Severity: low
References: 1239909,CVE-2025-2588
This update for augeas fixes the following issues:
- CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1435-1
Released: Fri May 2 12:39:10 2025
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415
This update for libxml2 fixes the following issues:
- CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551)
- CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1486-1
Released: Tue May 6 12:00:21 2025
Summary: Recommended update for apparmor
Type: recommended
Severity: important
References: 1232234,1234452
This update for apparmor fixes the following issues:
- Allow pam_unix to execute unix_chkpwd with abi/3.0 (bsc#1234452, bsc#1232234)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1456-1
Released: Wed May 7 17:13:32 2025
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1241020,1241078,1241189,CVE-2025-29087,CVE-2025-29088,CVE-2025-3277
This update for sqlite3 fixes the following issues:
- CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020)
- CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078)
Other fixes:
- Updated to version 3.49.1 from Factory (jsc#SLE-16032)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1549-1
Released: Wed May 14 11:06:26 2025
Summary: Security update for apparmor
Type: security
Severity: moderate
References: 1241678,CVE-2024-10041
This update for apparmor fixes the following issues:
- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
file even if it has 000 permissions. This is needed after the CVE-2024-10041
fix in PAM. (bsc#1241678)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1576-1
Released: Mon May 19 06:48:35 2025
Summary: Security update for openssh
Type: security
Severity: moderate
References: 1228634,1232533,1241012,1241045,CVE-2025-32728
This update for openssh fixes the following issues:
- Security issues fixed:
* CVE-2025-32728: Fixed a logic error in DisableForwarding option (bsc#1241012)
- Other bugs fixed:
* Allow KEX hashes greater than 256 bits (bsc#1241045)
* Fixed hostname being left out of the audit output (bsc#1228634)
* Fixed failures with very large MOTDs (bsc#1232533)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1580-1
Released: Mon May 19 15:11:59 2025
Summary: Recommended update for librdkafka
Type: recommended
Severity: important
References: 1242842
This update for librdkafka fixes the following issues:
- Avoid endless loops under certain conditions (bsc#1242842)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1599-1
Released: Tue May 20 12:52:43 2025
Summary: Security update for glib2
Type: security
Severity: moderate
References: 1240897,CVE-2025-3360
This update for glib2 fixes the following issues:
- CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long
and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1627-1
Released: Wed May 21 12:01:48 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1201855,1230771,1238471,1238512,1238747,1238865,1239968,1240188,1240195,1240553,1240747,1240835,1241280,1241371,1241421,1241433,1241541,CVE-2021-47671,CVE-2022-49741,CVE-2024-46784,CVE-2025-21726,CVE-2025-21785,CVE-2025-21791,CVE-2025-21812,CVE-2025-21886,CVE-2025-22004,CVE-2025-22020,CVE-2025-22045,CVE-2025-22055,CVE-2025-22097
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
- CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
- CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280).
- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
- CVE-2025-22097: drm/vkms: Fix use after free and double free on init error (bsc#1241541).
The following non-security bugs were fixed:
- scsi: smartpqi: Add ctrl ready timeout module parameter (jsc#PED-1557, bsc#1201855, bsc#1240553).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1632-1
Released: Wed May 21 12:04:19 2025
Summary: Recommended update for grub2
Type: recommended
Severity: moderate
References:
This update for grub2 rebuilds the existing package with the new 4k RSA secure boot key for IBM Power and Z.
Note: the signing key of x86 / x86_64 and aarch64 architectures are unchanged.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1642-1
Released: Wed May 21 16:31:58 2025
Summary: Recommended update for libsolv, libzypp, zypper
Type: recommended
Severity: important
References: 1222044,1230267,1235598,1237172,1237587,1237949,1238315,1239809,1240529
This update for libsolv, libzypp, zypper fixes the following issues:
- build both static and dynamic libraries on new suse distros
- support the apk package and repository format (both v2 and v3)
- new dataiterator_final_{repo,solvable} functions
- Provide a symbol specific for the ruby-version
so yast does not break across updates (bsc#1235598)
- XmlReader: Fix detection of bad input streams
- rpm: Fix detection of %triggerscript starts (bsc#1222044)
- RepoindexFileReader: add more <repo> related attributes a
service may set.
- Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172)
- BuildRequires: %{libsolv_devel_package} >= 0.7.32.
- Drop usage of SHA1 hash algorithm because it will become
unavailable in FIPS mode (bsc#1240529)
- Fix zypp.conf dupAllowVendorChange to reflect the correct
default (false).
- zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809)
- Fix computation of RepStatus if Repo URLs change.
- Fix lost double slash when appending to an absolute FTP url
(bsc#1238315)
- Add a transaction package preloader
- RpmPkgSigCheck_test: Exchange the test package signingkey
- Exclude MediaCurl tests if DISABLE_MEDIABACKEND_TESTS
- Strip a mediahandler tag from baseUrl querystrings.
- Updated translations (bsc#1230267)
- Do not double encode URL strings passed on the commandline
(bsc#1237587)
- Package preloader that concurrently downloads files.
- BuildRequires: libzypp-devel >= 17.36.4.
- refresh: add --include-all-archs
- info,search: add option to search and list Enhances
(bsc#1237949)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1648-1
Released: Wed May 21 22:43:46 2025
Summary: Recommended update for kbd
Type: recommended
Severity: moderate
References: 1237230
This update for kbd fixes the following issues:
- Don't search for resources in the current directory. It can cause
unwanted side effects or even infinite loop (bsc#1237230).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1691-1
Released: Fri May 23 13:07:30 2025
Summary: Recommended update for hwinfo
Type: recommended
Severity: moderate
References: 1240648
This update for hwinfo fixes the following issues:
- Version update v21.88
- Fix network card detection on aarch64 (bsc#1240648).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1714-1
Released: Tue May 27 13:23:20 2025
Summary: Recommended update for ncurses
Type: recommended
Severity: moderate
References:
This update for ncurses fixes the following issues:
- Backport sclp terminfo description entry if for s390 sclp terminal lines
- Add a further sclp entry for qemu s390 based systems
- Make use of dumb
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1721-1
Released: Tue May 27 17:59:31 2025
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issue:
- Version update 0.394:
* Update pci, usb and vendor ids
* Fix usb.ids encoding and a couple of typos
* Fix configure to honor --prefix
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1779-1
Released: Fri May 30 15:38:55 2025
Summary: Security update for iputils
Type: security
Severity: moderate
References: 1242300,1243284,CVE-2025-47268
This update for iputils fixes the following issues:
Security fixes:
- CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300).
Other bug fixes:
- Fixed incorrect IPV4 TTL value when using SOCK_DGRAM on big endian systems (bsc#1243284).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1784-1
Released: Fri May 30 18:09:16 2025
Summary: Security update for glibc
Type: security
Severity: important
References: 1234128,1243317,CVE-2025-4802
This update for glibc fixes the following issues:
Security issues fixed:
- CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen
search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).
Other issues fixed:
- Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait`
as a consequence of a bug related to stealing of signals (bsc#1234128).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1810-1
Released: Wed Jun 4 11:28:57 2025
Summary: Security update for python3-setuptools
Type: security
Severity: important
References: 1243313,CVE-2025-47273
This update for python3-setuptools fixes the following issues:
- CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1825-1
Released: Thu Jun 5 16:38:39 2025
Summary: Recommended update for google-guest-agent
Type: recommended
Severity: moderate
References: 1243254,1243505
This update for google-guest-agent fixes the following issues:
- Update to version 20250506.01 (bsc#1243254, bsc#1243505)
- Make sure agent added connections are activated by NM
- Wrap NSS cache refresh in a goroutine
- Wicked: Only reload interfaces for which configurations are written or changed.
- Add AuthorizedKeysCompat to windows packaging
- Remove error messages from gce_workload_cert_refresh and metadata script runner
- Update guest-logging-go dependency
- Add 'created-by' metadata, and pass it as option to logging library
- Re-enable disabled services if the core plugin was enabled
- Enable guest services on package upgrade
- Fix core plugin path
- Fix package build issues
- Fix dependencies ran go mod tidy -v
- Bundle compat metadata script runner binary in package
- Bump golang.org/x/net from 0.27.0 to 0.36.0
- Update startup/shutdown services to launch compat manager
- Bundle new gce metadata script runner binary in agent package
- Revert 'Revert bundling new binaries in the package'
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1836-1
Released: Mon Jun 9 16:11:28 2025
Summary: Recommended update for cloud-netconfig
Type: recommended
Severity: important
References: 1240869
This update for cloud-netconfig fixes the following issues:
- Add support for creating IPv6 default route in GCE (bsc#1240869)
- Minor fix when looking up IPv6 default route
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2013-1
Released: Wed Jun 18 20:05:07 2025
Summary: Security update for pam
Type: security
Severity: important
References: 1243226,1244509,CVE-2025-6018,CVE-2025-6020
This update for pam fixes the following issues:
- CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226).
- CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2022-1
Released: Thu Jun 19 15:14:37 2025
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1239012,1239543,1240132,1241463,1243887,1243901,1244105
This update for libzypp, zypper fixes the following issues:
- Fix credential handling in HEAD requests (bsc#1244105)
- RepoInfo: use pathNameSetTrailingSlash
- Fix wrong userdata parameter type when running zypp with debug
verbosity (bsc#1239012)
- Do not warn about no mirrors if mirrorlist was switched on
automatically. (bsc#1243901)
- Relax permission of cached packages to 0644 & ~umask
(bsc#1243887)
- Add a note to service maintained .repo file entries
- Support using %{url} variable in a RIS service's repo section.
- Use a cookie file to validate mirrorlist cache.
This patch extends the mirrorlist code to use a cookie file to
validate the contents of the cache against the source URL, making
sure that we do not accidentially use a old cache when the
mirrorlist url was changed. For example when migrating a system
from one release to the next where the same repo alias might just
have a different URL.
- Let Service define and update gpgkey, mirrorlist and metalink.
- Preserve a mirrorlist file in the raw cache during refresh.
- Enable curl2 backend and parallel package download by
default.
Environment variables ZYPP_CURL2=<0|1> and ZYPP_PCK_PRELOAD=<0|1>
can be used to turn the features on or off.
- Make gpgKeyUrl the default source for gpg keys.
When refreshing zypp now primarily uses gpgKeyUrl information
from the repo files and only falls back to a automatically
generated key Url if a gpgKeyUrl was not specified.
- Introduce mirrors into the Media backends (bsc#1240132)
- Drop MediaMultiCurl backend.
- Throttle progress updates when preloading packages (bsc#1239543)
- Check if request is in valid state in CURL callbacks
- spec/CMake: add conditional build
'--with[out] classic_rpmtrans_as_default'.
classic_rpmtrans is the current builtin default for SUSE,
otherwise it's single_rpmtrans.
The `enable_preview_single_rpmtrans_as_default_for_zypper` switch
was removed from the spec file. Accordingly the CMake option
ENABLE_PREVIEW_SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER was removed.
- BuildRequires: libzypp-devel >= 17.37.0.
- Use libzypp improvements for preload and mirror handling.
- xmlout.rnc: Update repo-element (bsc#1241463)
Add the 'metalink' attribute and reflect that the 'url' elements
list may in fact be empty, if no baseurls are defined in the
.repo files.
- man: update --allow-unsigned-rpm description.
Explain how to achieve the same for packages provided by
repositories.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2025-1
Released: Thu Jun 19 15:17:49 2025
Summary: Recommended update for google-guest-configs
Type: recommended
Severity: important
References: 1241112
This update for google-guest-configs fixes the following issues:
- Check that %{_sysconfdir}/sysconfig/network/ifcfg-eth0 actually
exists before making any modifications to it (bsc#1241112)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2027-1
Released: Thu Jun 19 17:15:41 2025
Summary: Security update for perl
Type: security
Severity: moderate
References: 1244079,CVE-2025-40909
This update for perl fixes the following issues:
- CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2082-1
Released: Tue Jun 24 12:28:23 2025
Summary: Security update for pam-config
Type: security
Severity: important
References: 1243226,CVE-2025-6018
This update for pam-config fixes the following issues:
- CVE-2025-6018: Stop adding pam_env in AUTH stack, and be sure to put this module at the really end of the SESSION stack (bsc#1243226).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2103-1
Released: Wed Jun 25 10:26:23 2025
Summary: Recommended update for cifs-utils
Type: recommended
Severity: important
References: 1243488
This update for cifs-utils fixes the following issues:
- Add patches:
* Fix cifs.mount with krb5 auth (bsc#1243488)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2149-1
Released: Fri Jun 27 07:21:48 2025
Summary: Security update for google-osconfig-agent
Type: security
Severity: important
References: 1239948,1244304,1244503,CVE-2024-45339
This update for google-osconfig-agent fixes the following issues:
- Update to version 20250416.02 (bsc#1244304, bsc#1244503)
* defaultSleeper: tolerate 10% difference to reduce test flakiness
* Add output of some packagemanagers to the testdata
- from version 20250416.01
* Refactor OS Info package
- from version 20250416.00
* Report RPM inventory as YUM instead of empty SoftwarePackage
when neither Zypper nor YUM are installed.
- from version 20250414.00
* Update hash computation algorithm
- Update to version 20250320.00
* Bump github.com/envoyproxy/protoc-gen-validate from 1.1.0 to 1.2.1
- from version 20250318.00
* Bump go.opentelemetry.io/otel/sdk/metric from 1.32.0 to 1.35.0
- from version 20250317.02
* Bump cel.dev/expr from 0.18.0 to 0.22.0
* Bump github.com/golang/glog from 1.2.3 to 1.2.4 in the go_modules group
- from version 20250317.01
* Bump cloud.google.com/go/logging from 1.12.0 to 1.13.0
- from version 20250317.00
* Add tests for retryutil package.
- from version 20250306.00
* Update OWNERS
- from version 20250206.01
* Use separate counters for pre- and post-patch reboots.
- from version 20250206.00
* Update owners
- from version 20250203.00
* Fix the vet errors for contants in logging
- from version 20250122.00
* change available package check
- from version 20250121.00
* Fix Inventory reporting e2e tests.
- from version 20250120.00
* fix e2e tests
- Add -buildmode=pie to go build command line (bsc#1239948)
- merged upstream
- Renumber patches
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2178-1
Released: Mon Jun 30 19:53:34 2025
Summary: Security update for sudo
Type: security
Severity: important
References: 1245274,CVE-2025-32462
This update for sudo fixes the following issues:
- CVE-2025-32462: Fixed a possible local privilege escalation via the --host option (bsc#1245274).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2198-1
Released: Wed Jul 2 11:22:33 2025
Summary: Security update for runc
Type: security
Severity: low
References: 1230092,CVE-2024-45310
This update for runc fixes the following issues:
- CVE-2024-45310: Fixed unintentional creation of empty files/directories on host (bsc#1230092)
Other fixes:
- Update to runc v1.2.6.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2228-1
Released: Fri Jul 4 15:32:49 2025
Summary: Security update for vim
Type: security
Severity: moderate
References: 1228776,1239602,CVE-2024-41965,CVE-2025-29768
This update for vim fixes the following issues:
- CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss (bsc#1228776).
- CVE-2025-29768: Fixed double-free in dialog_changed() (bsc#1239602).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2235-1
Released: Mon Jul 7 14:08:03 2025
Summary: Recommended update for haveged
Type: recommended
Severity: moderate
References: 1165294,1222296
This update for haveged fixes the following issues:
- Add patch files introducing the '--once' flag (bsc#1222296, bsc#1165294)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2262-1
Released: Thu Jul 10 00:23:39 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1184350,1193629,1204569,1204619,1204705,1205282,1206051,1206073,1206649,1206886,1206887,1208542,1209292,1209556,1209684,1210337,1210763,1210767,1211465,1213012,1213013,1213094,1213096,1213946,1214991,1218470,1232649,1234887,1235100,1237981,1238032,1240177,1240802,1241525,1241526,1241640,1241648,1242147,1242150,1242151,1242154,1242157,1242158,1242164,1242165,1242169,1242215,1242218,1242219,1242222,1242226,1242227,1242228,1242229,1242230,1242231,1242232,1242237,1242239,1242241,1242244,1242245,1242248,1242261,1242264,1242265,1242270,1242276,1242279,1242280,1242281,1242282,1242284,1242285,1242289,1242294,1242305,1242312,1242320,1242338,1242352,1242353,1242355,1242357,1242358,1242361,1242365,1242366,1242369,1242370,1242371,1242372,1242377,1242378,1242380,1242382,1242385,1242387,1242389,1242391,1242392,1242394,1242398,1242399,1242402,1242403,1242409,1242411,1242415,1242416,1242421,1242422,1242426,1242428,1242440,1242443,1242449,1242452,1242453,1242454,1242455,1242456,1242458,1
242464,1242467,1242469,1242473,1242478,1242481,1242484,1242489,1242493,1242497,1242527,1242542,1242544,1242545,1242547,1242548,1242549,1242550,1242551,1242558,1242570,1242580,1242586,1242589,1242596,1242597,1242685,1242686,1242688,1242689,1242695,1242716,1242733,1242734,1242735,1242736,1242739,1242743,1242744,1242745,1242746,1242747,1242749,1242752,1242753,1242756,1242759,1242762,1242765,1242767,1242778,1242779,1242790,1242791,1243047,1243133,1243649,1243660,1243737,1243919,CVE-2022-3564,CVE-2022-3619,CVE-2022-3640,CVE-2022-49110,CVE-2022-49139,CVE-2022-49767,CVE-2022-49769,CVE-2022-49770,CVE-2022-49771,CVE-2022-49772,CVE-2022-49775,CVE-2022-49776,CVE-2022-49777,CVE-2022-49779,CVE-2022-49783,CVE-2022-49787,CVE-2022-49788,CVE-2022-49789,CVE-2022-49790,CVE-2022-49792,CVE-2022-49793,CVE-2022-49794,CVE-2022-49796,CVE-2022-49797,CVE-2022-49799,CVE-2022-49800,CVE-2022-49801,CVE-2022-49802,CVE-2022-49807,CVE-2022-49809,CVE-2022-49810,CVE-2022-49812,CVE-2022-49813,CVE-2022-49818,CVE-2022-49
821,CVE-2022-49822,CVE-2022-49823,CVE-2022-49824,CVE-2022-49825,CVE-2022-49826,CVE-2022-49827,CVE-2022-49830,CVE-2022-49832,CVE-2022-49834,CVE-2022-49835,CVE-2022-49836,CVE-2022-49839,CVE-2022-49841,CVE-2022-49842,CVE-2022-49845,CVE-2022-49846,CVE-2022-49850,CVE-2022-49853,CVE-2022-49858,CVE-2022-49860,CVE-2022-49861,CVE-2022-49863,CVE-2022-49864,CVE-2022-49865,CVE-2022-49868,CVE-2022-49869,CVE-2022-49870,CVE-2022-49871,CVE-2022-49874,CVE-2022-49879,CVE-2022-49880,CVE-2022-49881,CVE-2022-49885,CVE-2022-49887,CVE-2022-49888,CVE-2022-49889,CVE-2022-49890,CVE-2022-49891,CVE-2022-49892,CVE-2022-49900,CVE-2022-49905,CVE-2022-49906,CVE-2022-49908,CVE-2022-49909,CVE-2022-49910,CVE-2022-49915,CVE-2022-49916,CVE-2022-49922,CVE-2022-49923,CVE-2022-49924,CVE-2022-49925,CVE-2022-49927,CVE-2022-49928,CVE-2022-49931,CVE-2023-1990,CVE-2023-53035,CVE-2023-53038,CVE-2023-53039,CVE-2023-53040,CVE-2023-53041,CVE-2023-53044,CVE-2023-53045,CVE-2023-53049,CVE-2023-53051,CVE-2023-53052,CVE-2023-53054,CVE-
2023-53056,CVE-2023-53058,CVE-2023-53059,CVE-2023-53060,CVE-2023-53062,CVE-2023-53064,CVE-2023-53065,CVE-2023-53066,CVE-2023-53068,CVE-2023-53075,CVE-2023-53077,CVE-2023-53078,CVE-2023-53079,CVE-2023-53081,CVE-2023-53084,CVE-2023-53087,CVE-2023-53089,CVE-2023-53090,CVE-2023-53091,CVE-2023-53092,CVE-2023-53093,CVE-2023-53096,CVE-2023-53098,CVE-2023-53099,CVE-2023-53100,CVE-2023-53101,CVE-2023-53106,CVE-2023-53108,CVE-2023-53111,CVE-2023-53114,CVE-2023-53116,CVE-2023-53118,CVE-2023-53119,CVE-2023-53123,CVE-2023-53124,CVE-2023-53125,CVE-2023-53131,CVE-2023-53134,CVE-2023-53137,CVE-2023-53139,CVE-2023-53140,CVE-2023-53142,CVE-2023-53143,CVE-2023-53145,CVE-2024-53168,CVE-2024-56558,CVE-2025-21888,CVE-2025-21999,CVE-2025-22056,CVE-2025-22060,CVE-2025-23138,CVE-2025-23145,CVE-2025-37785,CVE-2025-37789,CVE-2025-37948,CVE-2025-37963
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
- CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
- CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
- CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
- CVE-2022-49858: octeontx2-pf: Fix SQE threshold checking (bsc#1242589).
- CVE-2023-53058: net/mlx5: E-Switch, Fix an Oops in error handling code (bsc#1242237).
- CVE-2023-53060: igb: revert rtnl_lock() that causes deadlock (bsc#1242241).
- CVE-2023-53064: iavf: Fix hang on reboot with ice (bsc#1242222).
- CVE-2023-53066: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (bsc#1242227).
- CVE-2023-53079: net/mlx5: Fix steering rules cleanup (bsc#1242765).
- CVE-2023-53114: i40e: Fix kernel crash during reboot when adapter is in recovery mode (bsc#1242398).
- CVE-2023-53134: bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1242380)
- CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887).
- CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
- CVE-2025-21888: RDMA/mlx5: Fix a WARN during dereg_mr for DM type (bsc#1240177).
- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
- CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).
- CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).
- CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).
- CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).
- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
The following non-security bugs were fixed:
- Refresh fixes for cBPF issue (bsc#1242778)
- Remove debug flavor (bsc#1243919).
- Update metadata and put them into the sorted part of the series
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778).
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778).
- arm64: insn: Add support for encoding DSB (bsc#1242778).
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778).
- arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778).
- arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778).
- hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (bsc#1243737).
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (bsc#1243737).
- hv_netvsc: Remove rmsg_pgcnt (bsc#1243737).
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (bsc#1243737).
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
- powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531).
- scsi: core: Fix unremoved procfs host directory regression (git-fixes).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2263-1
Released: Thu Jul 10 07:25:48 2025
Summary: Recommended update for google-guest-oslogin
Type: recommended
Severity: important
References: 1243997
This update for google-guest-oslogin fixes the following issues:
- Override upstream version to address upgrade problems (bsc#1243997)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2278-1
Released: Thu Jul 10 18:02:28 2025
Summary: Security update for libssh
Type: security
Severity: important
References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372
This update for libssh fixes the following issues:
- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).
- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).
- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).
- CVE-2025-5372: Fixed ssh_kdf() returns a success code on certain failures (bsc#1245314).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2289-1
Released: Fri Jul 11 13:12:28 2025
Summary: Security update for docker
Type: security
Severity: moderate
References: 1239765,1240150,1241830,1242114,1243833,1244035,CVE-2025-0495,CVE-2025-22872
This update for docker fixes the following issues:
Update to Docker 28.2.2-ce (bsc#1243833, bsc#1242114):
- CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentials
allowed to be set as attribute values in cache-to/cache-from configuration.(bsc#1239765)
- CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241830).
Other fixes:
- Update to docker-buildx v0.22.0.
- Always clear SUSEConnect suse_* secrets when starting containers (bsc#1244035).
- Disable transparent SUSEConnect support for SLE-16. (jsc#PED-12534)
- Now that the only blocker for docker-buildx support was removed for SLE-16,
enable docker-buildx for SLE-16 as well. (jsc#PED-8905)
- SUSEConnect secrets fails in SLES rootless docker containers (bsc#1240150).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2326-1
Released: Wed Jul 16 08:37:51 2025
Summary: Security update for xen
Type: security
Severity: important
References: 1027519,1234282,1238043,1238896,1243117,1244644,1246112,CVE-2024-28956,CVE-2024-36350,CVE-2024-36357,CVE-2024-53241,CVE-2025-1713,CVE-2025-27465
This update for xen fixes the following issues:
Security fixes:
- CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection (ITS) (XSA-469) (bsc#1243117)
- CVE-2024-53241: Fixed Xen hypercall page unsafe against speculative attacks (XSA-466) (bsc#1234282)
- CVE-2025-1713: Fixed deadlock potential with VT-d and legacy PCI device pass-through (XSA-467) (bsc#1238043)
- CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471)
- CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470)
Other fixes:
- Upstream bug fixes (bsc#1027519)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2355-1
Released: Thu Jul 17 15:02:29 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1244554,1244557,1244590,1244700,CVE-2025-49794,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170
This update for libxml2 fixes the following issues:
- CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554)
- CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557)
- CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700)
- CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2362-1
Released: Fri Jul 18 11:07:24 2025
Summary: Security update for coreutils
Type: security
Severity: moderate
References: 1243767,CVE-2025-5278
This update for coreutils fixes the following issues:
- CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2375-1
Released: Fri Jul 18 15:16:14 2025
Summary: Security update for glib2
Type: security
Severity: moderate
References: 1242844,CVE-2025-4373
This update for glib2 fixes the following issues:
- CVE-2025-4373: integer overflow in the `g_string_insert_unichar()` function can lead to buffer underwrite and memory
corruption (bsc#1242844).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2384-1
Released: Fri Jul 18 18:45:53 2025
Summary: Security update for jq
Type: security
Severity: moderate
References: 1243450,CVE-2024-23337
This update for jq fixes the following issues:
- CVE-2024-23337: Fixed signed integer overflow in jv.c:jvp_array_write (bsc#1243450).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2431-1
Released: Mon Jul 21 13:23:37 2025
Summary: Security update for iputils
Type: security
Severity: moderate
References: 1243772,CVE-2025-48964
This update for iputils fixes the following issues:
- CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772).
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated
- apparmor-abstractions-3.0.4-150400.5.18.1 updated
- apparmor-parser-3.0.4-150400.5.18.1 updated
- bash-sh-4.4-150400.27.3.2 updated
- bash-4.4-150400.27.3.2 updated
- bind-utils-9.16.50-150400.5.46.1 updated
- ca-certificates-mozilla-2.74-150200.41.1 updated
- cifs-utils-6.15-150400.3.15.1 updated
- cloud-netconfig-gce-1.15-150000.25.26.1 added
- containerd-ctr-1.7.27-150000.123.1 updated
- containerd-1.7.27-150000.123.1 updated
- coreutils-8.32-150400.9.9.1 updated
- crypto-policies-20210917.c9d86d1-150400.3.8.1 updated
- curl-8.0.1-150400.5.62.1 updated
- docker-28.2.2_ce-150000.227.1 updated
- findutils-4.8.0-150300.3.3.2 updated
- glibc-locale-base-2.31-150300.95.1 updated
- glibc-locale-2.31-150300.95.1 updated
- glibc-2.31-150300.95.1 updated
- google-dracut-config-0.0.4-150300.7.9.2 added
- google-guest-agent-20250506.01-150000.1.63.1 updated
- google-guest-configs-20241205.00-150400.13.22.1 updated
- google-guest-oslogin-20240311.01-150000.1.53.1 updated
- google-osconfig-agent-20250416.02-150000.1.50.1 updated
- grub2-i386-pc-2.06-150400.11.60.1 updated
- grub2-x86_64-efi-2.06-150400.11.60.1 updated
- grub2-2.06-150400.11.60.1 updated
- haveged-1.9.14-150400.3.8.1 updated
- hwdata-0.394-150000.3.77.2 updated
- hwinfo-21.88-150400.3.18.1 updated
- iproute2-5.14-150400.3.3.1 updated
- iputils-20211215-150400.3.22.1 updated
- jq-1.6-150000.3.6.1 updated
- kbd-legacy-2.4.0-150400.5.9.1 updated
- kbd-2.4.0-150400.5.9.1 updated
- kernel-default-5.14.21-150400.24.167.1 updated
- krb5-1.19.2-150400.3.15.1 updated
- libapparmor1-3.0.4-150400.5.18.1 updated
- libaugeas0-1.12.0-150400.3.8.1 updated
- libavahi-client3-0.8-150400.7.20.1 updated
- libavahi-common3-0.8-150400.7.20.1 updated
- libblkid1-2.37.2-150400.8.35.2 updated
- libcom_err2-1.46.4-150400.3.9.2 updated
- libcryptsetup12-2.4.3-150400.3.6.2 updated
- libcurl4-8.0.1-150400.5.62.1 updated
- libexpat1-2.7.1-150400.3.28.1 updated
- libfdisk1-2.37.2-150400.8.35.2 updated
- libfreetype6-2.10.4-150000.4.22.1 updated
- libgcc_s1-14.2.0+git10526-150000.1.6.1 updated
- libglib-2_0-0-2.70.5-150400.3.23.1 updated
- libgnutls30-3.7.3-150400.4.47.1 updated
- libhavege2-1.9.14-150400.3.8.1 updated
- libjq1-1.6-150000.3.6.1 updated
- libmount1-2.37.2-150400.8.35.2 updated
- libncurses6-6.1-150000.5.30.1 updated
- libopeniscsiusr0_2_0-2.1.7-150400.39.14.1 updated
- libopenssl1_1-1.1.1l-150400.7.78.1 updated
- libpcap1-1.10.1-150400.3.6.2 updated
- libprocps8-3.3.17-150000.7.42.1 updated
- libpython3_6m1_0-3.6.15-150300.10.84.1 updated
- librdkafka1-0.11.6-150000.1.11.1 updated
- libreadline7-7.0-150400.27.3.2 updated
- libsmartcols1-2.37.2-150400.8.35.2 updated
- libsolv-tools-base-0.7.32-150400.3.35.1 updated
- libsolv-tools-0.7.32-150400.3.35.1 updated
- libsqlite3-0-3.49.1-150000.3.27.1 updated
- libssh-config-0.9.8-150400.3.9.1 updated
- libssh4-0.9.8-150400.3.9.1 updated
- libstdc++6-14.2.0+git10526-150000.1.6.1 updated
- libsystemd0-249.17-150400.8.46.1 updated
- libtasn1-6-4.13-150000.4.11.1 updated
- libtasn1-4.13-150000.4.11.1 updated
- libudev1-249.17-150400.8.46.1 updated
- libuuid1-2.37.2-150400.8.35.2 updated
- libxml2-2-2.9.14-150400.5.44.1 updated
- libzypp-17.37.5-150400.3.126.1 updated
- login_defs-4.8.1-150400.10.24.1 updated
- logrotate-3.18.1-150400.3.10.1 updated
- ncurses-utils-6.1-150000.5.30.1 updated
- open-iscsi-2.1.7-150400.39.14.1 updated
- openssh-clients-8.4p1-150300.3.49.1 updated
- openssh-common-8.4p1-150300.3.49.1 updated
- openssh-server-8.4p1-150300.3.49.1 updated
- openssh-8.4p1-150300.3.49.1 updated
- openssl-1_1-1.1.1l-150400.7.78.1 updated
- pam-config-1.1-150200.3.14.1 updated
- pam-1.3.0-150000.6.83.1 updated
- perl-base-5.26.1-150300.17.20.1 updated
- perl-5.26.1-150300.17.20.1 updated
- procps-3.3.17-150000.7.42.1 updated
- python3-base-3.6.15-150300.10.84.1 updated
- python3-bind-9.16.50-150400.5.46.1 updated
- python3-setuptools-44.1.1-150400.9.12.1 updated
- python3-3.6.15-150300.10.84.1 updated
- rsyslog-module-relp-8.2306.0-150400.5.33.1 updated
- rsyslog-8.2306.0-150400.5.33.1 updated
- runc-1.2.6-150000.73.2 updated
- shadow-4.8.1-150400.10.24.1 updated
- shim-15.8-150300.4.23.1 updated
- socat-1.8.0.0-150400.14.6.1 updated
- sudo-1.9.9-150400.4.39.1 updated
- supportutils-3.2.10-150300.7.35.36.4 updated
- suse-build-key-12.0-150000.8.58.1 updated
- suseconnect-ng-1.13.0-150400.3.42.1 updated
- systemd-sysvinit-249.17-150400.8.46.1 updated
- systemd-249.17-150400.8.46.1 updated
- terminfo-base-6.1-150000.5.30.1 updated
- terminfo-6.1-150000.5.30.1 updated
- timezone-2025b-150000.75.34.2 updated
- udev-249.17-150400.8.46.1 updated
- util-linux-systemd-2.37.2-150400.8.35.2 updated
- util-linux-2.37.2-150400.8.35.2 updated
- vim-data-common-9.1.1406-150000.5.75.1 updated
- vim-9.1.1406-150000.5.75.1 updated
- wget-1.20.3-150000.3.29.1 updated
- wicked-service-0.6.77-150400.3.36.1 updated
- wicked-0.6.77-150400.3.36.1 updated
- xen-libs-4.16.7_02-150400.4.72.1 updated
- xxd-9.1.1406-150000.5.75.1 added
- zypper-1.14.90-150400.3.85.3 updated
- e2fsprogs-1.46.4-150400.3.6.2 removed
- libext2fs2-1.46.4-150400.3.6.2 removed
- libxslt1-1.1.34-150400.3.3.1 removed
- python-instance-billing-flavor-check-0.0.6-150400.1.11.7 removed
- python3-apipkg-1.4-150000.3.6.1 removed
- python3-asn1crypto-0.24.0-3.2.1 removed
- python3-certifi-2018.1.18-150000.3.3.1 removed
- python3-cffi-1.13.2-3.2.5 removed
- python3-chardet-3.0.4-150000.5.3.1 removed
- python3-cryptography-3.3.2-150400.23.1 removed
- python3-cssselect-1.0.3-150400.3.7.4 removed
- python3-idna-2.6-150000.3.3.1 removed
- python3-iniconfig-1.1.1-150000.1.11.1 removed
- python3-lxml-4.7.1-150200.3.12.1 removed
- python3-py-1.10.0-150100.5.12.1 removed
- python3-pyOpenSSL-21.0.0-150400.7.62 removed
- python3-pyasn1-0.4.2-150000.3.5.1 removed
- python3-pycparser-2.17-3.2.1 removed
- python3-requests-2.25.1-150300.3.12.2 removed
- python3-urllib3-1.25.10-150300.4.12.1 removed
More information about the sle-container-updates
mailing list