SUSE-IU-2025:3419-1: Security update of suse-sles-15-sp4-chost-byos-v20251022-hvm-ssd-x86_64
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sat Oct 25 07:03:14 UTC 2025
SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20251022-hvm-ssd-x86_64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:3419-1
Image Tags : suse-sles-15-sp4-chost-byos-v20251022-hvm-ssd-x86_64:20251022
Image Release :
Severity : critical
Type : security
References : 1065729 1065729 1156395 1164051 1193629 1193629 1194869 1194869
1198410 1199356 1199487 1201160 1201956 1202094 1202095 1202564
1202700 1202716 1202823 1202860 1203063 1203197 1203332 1203361
1204228 1205128 1205220 1205514 1206051 1206456 1206468 1206664
1206878 1206880 1206883 1206884 1207158 1207361 1207621 1207624
1207625 1207628 1207629 1207631 1207638 1207645 1207651 1208607
1209287 1209291 1210584 1211226 1211960 1212051 1212603 1213015
1213016 1213040 1213041 1213061 1213090 1213099 1213104 1213666
1213747 1214953 1214967 1215150 1215696 1215911 1216976 1217790
1218184 1218234 1218459 1218470 1220185 1220186 1221107 1221829
1222634 1223675 1224095 1224597 1225468 1225820 1226514 1226552
1228659 1229334 1230262 1230267 1230267 1230649 1230827 1230932
1231293 1232234 1232504 1232526 1233012 1233012 1233012 1233012
1233012 1233012 1233421 1233551 1233880 1234156 1234381 1234454
1234863 1234896 1234959 1235637 1235873 1236104 1236104 1236333
1236333 1236821 1236822 1237143 1237159 1237312 1237313 1237442
1237595 1238160 1238160 1238303 1238491 1238526 1238570 1238876
1239566 1239644 1239938 1239986 1240185 1240785 1240788 1240799
1240950 1241038 1241219 1241353 1241549 1242221 1242414 1242414
1242417 1242504 1242573 1242596 1242780 1242782 1242846 1242924
1242960 1243001 1243273 1243279 1243330 1243457 1243539 1243543
1243581 1243627 1243832 1243935 1243991 1244032 1244042 1244050
1244056 1244059 1244060 1244061 1244114 1244116 1244179 1244234
1244241 1244277 1244309 1244309 1244337 1244337 1244401 1244553
1244705 1244710 1244732 1244732 1244764 1244765 1244767 1244770
1244771 1244773 1244774 1244776 1244779 1244780 1244781 1244782
1244783 1244784 1244786 1244787 1244788 1244790 1244793 1244794
1244796 1244797 1244798 1244800 1244802 1244804 1244807 1244808
1244811 1244813 1244814 1244815 1244816 1244819 1244820 1244823
1244824 1244824 1244825 1244830 1244831 1244832 1244834 1244836
1244838 1244839 1244840 1244841 1244842 1244843 1244845 1244846
1244848 1244849 1244851 1244853 1244854 1244856 1244860 1244861
1244866 1244867 1244868 1244869 1244870 1244871 1244872 1244873
1244875 1244876 1244878 1244879 1244881 1244883 1244884 1244886
1244887 1244890 1244895 1244899 1244900 1244901 1244902 1244903
1244908 1244911 1244915 1244925 1244936 1244941 1244942 1244943
1244944 1244945 1244948 1244949 1244950 1244956 1244958 1244959
1244965 1244966 1244967 1244968 1244969 1244970 1244974 1244976
1244977 1244978 1244979 1244983 1244984 1244985 1244986 1244991
1244992 1244993 1245006 1245007 1245009 1245011 1245012 1245018
1245019 1245024 1245028 1245031 1245032 1245033 1245038 1245039
1245041 1245047 1245051 1245057 1245058 1245060 1245062 1245064
1245069 1245072 1245073 1245088 1245089 1245092 1245093 1245098
1245103 1245110 1245117 1245118 1245119 1245121 1245122 1245125
1245129 1245131 1245133 1245134 1245135 1245136 1245138 1245139
1245140 1245142 1245146 1245147 1245149 1245152 1245154 1245180
1245183 1245189 1245191 1245195 1245197 1245217 1245220 1245220
1245223 1245265 1245348 1245431 1245431 1245452 1245455 1245496
1245498 1245499 1245506 1245573 1245666 1245672 1245711 1245936
1245950 1245956 1245970 1245985 1245986 1246000 1246029 1246037
1246038 1246045 1246073 1246149 1246186 1246197 1246197 1246221
1246232 1246233 1246267 1246296 1246299 1246431 1246466 1246473
1246533 1246570 1246597 1246602 1246604 1246608 1246697 1246776
1246781 1246835 1246879 1246911 1246912 1246968 1247028 1247054
1247143 1247172 1247239 1247249 1247288 1247314 1247317 1247347
1247348 1247349 1247374 1247437 1247518 1247690 1247819 1247938
1247939 1247976 1248108 1248223 1248255 1248297 1248306 1248312
1248338 1248399 1248410 1248511 1248614 1248621 1248628 1248639
1248687 1248748 1248847 1249049 1249126 1249128 1249158 1249186
1249191 1249191 1249195 1249200 1249220 1249266 1249315 1249324
1249346 1249348 1249348 1249367 1249367 1249374 1249516 1249538
1249548 1249584 1249604 1249608 1249638 1249639 1249641 1249642
1249650 1249651 1249658 1249661 1249664 1249667 1249669 1249677
1249681 1249683 1249685 1249687 1249691 1249695 1249699 1249700
1249701 1249705 1249706 1249707 1249709 1249712 1249713 1249715
1249716 1249718 1249722 1249727 1249730 1249733 1249734 1249739
1249740 1249741 1249742 1249743 1249745 1249746 1249747 1249749
1249750 1249751 1249753 1249758 1249762 1249767 1249777 1249781
1249784 1249791 1249799 1249808 1249810 1249820 1249825 1249827
1249836 1249840 1249844 1249846 1249853 1249858 1249860 1249864
1249865 1249866 1249867 1249868 1249872 1249877 1249880 1249882
1249885 1249890 1249892 1249908 1249910 1249911 1249914 1249917
1249918 1249920 1249923 1249924 1249925 1249927 1249928 1249930
1249933 1249934 1249936 1249938 1249939 1249944 1249947 1249949
1249950 1249954 1249958 1249979 1249981 1249991 1249997 1250002
1250006 1250007 1250009 1250010 1250011 1250014 1250015 1250023
1250024 1250026 1250039 1250041 1250043 1250044 1250047 1250049
1250052 1250055 1250058 1250060 1250062 1250065 1250066 1250070
1250071 1250072 1250077 1250080 1250081 1250083 1250105 1250106
1250107 1250108 1250114 1250118 1250121 1250127 1250128 1250131
1250132 1250137 1250138 1250140 1250145 1250151 1250153 1250156
1250159 1250161 1250168 1250178 1250180 1250181 1250182 1250183
1250184 1250187 1250191 1250197 1250198 1250200 1250209 1250211
1250232 1250237 1250245 1250247 1250250 1250257 1250264 1250269
1250277 1250287 1250293 1250301 1250303 1250309 1250311 1250313
1250315 1250316 1250322 1250323 1250324 1250325 1250328 1250331
1250343 1250358 1250362 1250363 1250370 1250374 1250391 1250392
1250393 1250394 1250395 1250406 1250412 1250418 1250425 1250428
1250453 1250454 1250457 1250459 1250522 1250759 1250761 1250762
1250763 1250767 1250768 1250774 1250781 1250784 1250786 1250787
1250790 1250791 1250792 1250797 1250799 1250807 1250810 1250811
1250818 1250819 1250822 1250823 1250824 1250825 1250830 1250831
1250839 1250841 1250842 1250843 1250846 1250847 1250848 1250850
1250851 1250853 1250856 1250863 1250864 1250866 1250867 1250868
1250872 1250874 1250875 1250877 1250879 1250883 1250887 1250888
1250889 1250890 1250891 1250905 1250915 1250917 1250923 1250927
1250928 1250948 1250949 1250953 1250955 1250963 1250964 1250965
1251279 1251280 142461 831629 CVE-2016-9840 CVE-2021-47557 CVE-2021-47595
CVE-2022-1679 CVE-2022-2585 CVE-2022-2586 CVE-2022-2602 CVE-2022-2905
CVE-2022-2978 CVE-2022-36280 CVE-2022-3903 CVE-2022-4095 CVE-2022-43945
CVE-2022-4662 CVE-2022-49138 CVE-2022-49138 CVE-2022-49770 CVE-2022-49934
CVE-2022-49936 CVE-2022-49937 CVE-2022-49938 CVE-2022-49940 CVE-2022-49942
CVE-2022-49945 CVE-2022-49946 CVE-2022-49948 CVE-2022-49950 CVE-2022-49952
CVE-2022-49954 CVE-2022-49956 CVE-2022-49957 CVE-2022-49958 CVE-2022-49960
CVE-2022-49964 CVE-2022-49966 CVE-2022-49968 CVE-2022-49969 CVE-2022-49977
CVE-2022-49978 CVE-2022-49980 CVE-2022-49981 CVE-2022-49982 CVE-2022-49983
CVE-2022-49984 CVE-2022-49985 CVE-2022-49986 CVE-2022-49987 CVE-2022-49989
CVE-2022-49990 CVE-2022-49993 CVE-2022-49995 CVE-2022-49999 CVE-2022-50005
CVE-2022-50006 CVE-2022-50008 CVE-2022-50010 CVE-2022-50011 CVE-2022-50012
CVE-2022-50019 CVE-2022-50020 CVE-2022-50021 CVE-2022-50022 CVE-2022-50023
CVE-2022-50024 CVE-2022-50026 CVE-2022-50027 CVE-2022-50028 CVE-2022-50029
CVE-2022-50030 CVE-2022-50031 CVE-2022-50032 CVE-2022-50033 CVE-2022-50034
CVE-2022-50036 CVE-2022-50038 CVE-2022-50039 CVE-2022-50040 CVE-2022-50045
CVE-2022-50046 CVE-2022-50047 CVE-2022-50051 CVE-2022-50053 CVE-2022-50055
CVE-2022-50059 CVE-2022-50060 CVE-2022-50061 CVE-2022-50062 CVE-2022-50065
CVE-2022-50066 CVE-2022-50067 CVE-2022-50068 CVE-2022-50072 CVE-2022-50073
CVE-2022-50074 CVE-2022-50076 CVE-2022-50077 CVE-2022-50079 CVE-2022-50083
CVE-2022-50084 CVE-2022-50085 CVE-2022-50087 CVE-2022-50092 CVE-2022-50093
CVE-2022-50094 CVE-2022-50095 CVE-2022-50097 CVE-2022-50098 CVE-2022-50099
CVE-2022-50100 CVE-2022-50101 CVE-2022-50102 CVE-2022-50103 CVE-2022-50104
CVE-2022-50108 CVE-2022-50109 CVE-2022-50110 CVE-2022-50111 CVE-2022-50112
CVE-2022-50116 CVE-2022-50116 CVE-2022-50118 CVE-2022-50120 CVE-2022-50121
CVE-2022-50124 CVE-2022-50125 CVE-2022-50126 CVE-2022-50127 CVE-2022-50129
CVE-2022-50131 CVE-2022-50132 CVE-2022-50134 CVE-2022-50136 CVE-2022-50137
CVE-2022-50138 CVE-2022-50139 CVE-2022-50140 CVE-2022-50141 CVE-2022-50142
CVE-2022-50143 CVE-2022-50145 CVE-2022-50146 CVE-2022-50149 CVE-2022-50151
CVE-2022-50152 CVE-2022-50153 CVE-2022-50154 CVE-2022-50155 CVE-2022-50156
CVE-2022-50157 CVE-2022-50158 CVE-2022-50160 CVE-2022-50161 CVE-2022-50162
CVE-2022-50164 CVE-2022-50165 CVE-2022-50169 CVE-2022-50171 CVE-2022-50172
CVE-2022-50173 CVE-2022-50175 CVE-2022-50176 CVE-2022-50178 CVE-2022-50179
CVE-2022-50181 CVE-2022-50185 CVE-2022-50187 CVE-2022-50190 CVE-2022-50191
CVE-2022-50192 CVE-2022-50194 CVE-2022-50196 CVE-2022-50197 CVE-2022-50198
CVE-2022-50199 CVE-2022-50200 CVE-2022-50201 CVE-2022-50202 CVE-2022-50203
CVE-2022-50204 CVE-2022-50206 CVE-2022-50207 CVE-2022-50208 CVE-2022-50209
CVE-2022-50211 CVE-2022-50212 CVE-2022-50213 CVE-2022-50215 CVE-2022-50218
CVE-2022-50220 CVE-2022-50222 CVE-2022-50226 CVE-2022-50228 CVE-2022-50229
CVE-2022-50231 CVE-2022-50233 CVE-2022-50234 CVE-2022-50235 CVE-2022-50239
CVE-2022-50241 CVE-2022-50246 CVE-2022-50247 CVE-2022-50248 CVE-2022-50249
CVE-2022-50250 CVE-2022-50251 CVE-2022-50252 CVE-2022-50255 CVE-2022-50257
CVE-2022-50258 CVE-2022-50260 CVE-2022-50261 CVE-2022-50264 CVE-2022-50266
CVE-2022-50267 CVE-2022-50268 CVE-2022-50269 CVE-2022-50271 CVE-2022-50272
CVE-2022-50275 CVE-2022-50276 CVE-2022-50277 CVE-2022-50278 CVE-2022-50279
CVE-2022-50282 CVE-2022-50286 CVE-2022-50289 CVE-2022-50294 CVE-2022-50297
CVE-2022-50298 CVE-2022-50299 CVE-2022-50301 CVE-2022-50308 CVE-2022-50309
CVE-2022-50312 CVE-2022-50317 CVE-2022-50318 CVE-2022-50320 CVE-2022-50321
CVE-2022-50324 CVE-2022-50328 CVE-2022-50329 CVE-2022-50330 CVE-2022-50331
CVE-2022-50333 CVE-2022-50340 CVE-2022-50342 CVE-2022-50344 CVE-2022-50346
CVE-2022-50347 CVE-2022-50348 CVE-2022-50349 CVE-2022-50351 CVE-2022-50353
CVE-2022-50355 CVE-2022-50358 CVE-2022-50359 CVE-2022-50362 CVE-2022-50364
CVE-2022-50367 CVE-2022-50368 CVE-2022-50369 CVE-2022-50370 CVE-2022-50372
CVE-2022-50373 CVE-2022-50374 CVE-2022-50375 CVE-2022-50376 CVE-2022-50379
CVE-2022-50381 CVE-2022-50385 CVE-2022-50386 CVE-2022-50388 CVE-2022-50389
CVE-2022-50391 CVE-2022-50392 CVE-2022-50394 CVE-2022-50395 CVE-2022-50399
CVE-2022-50401 CVE-2022-50402 CVE-2022-50404 CVE-2022-50408 CVE-2022-50409
CVE-2022-50410 CVE-2022-50411 CVE-2022-50414 CVE-2022-50417 CVE-2022-50419
CVE-2022-50422 CVE-2022-50423 CVE-2022-50425 CVE-2022-50427 CVE-2022-50428
CVE-2022-50429 CVE-2022-50430 CVE-2022-50431 CVE-2022-50432 CVE-2022-50434
CVE-2022-50435 CVE-2022-50436 CVE-2022-50437 CVE-2022-50439 CVE-2022-50440
CVE-2022-50443 CVE-2022-50444 CVE-2022-50449 CVE-2022-50453 CVE-2022-50454
CVE-2022-50456 CVE-2022-50458 CVE-2022-50459 CVE-2022-50460 CVE-2022-50465
CVE-2022-50466 CVE-2022-50467 CVE-2022-50468 CVE-2022-50469 CVE-2023-1380
CVE-2023-28328 CVE-2023-3111 CVE-2023-31248 CVE-2023-3772 CVE-2023-39197
CVE-2023-42753 CVE-2023-52923 CVE-2023-52923 CVE-2023-52924 CVE-2023-52925
CVE-2023-52927 CVE-2023-53048 CVE-2023-53076 CVE-2023-53097 CVE-2023-53117
CVE-2023-53147 CVE-2023-53149 CVE-2023-53150 CVE-2023-53151 CVE-2023-53153
CVE-2023-53165 CVE-2023-53167 CVE-2023-53171 CVE-2023-53174 CVE-2023-53176
CVE-2023-53178 CVE-2023-53179 CVE-2023-53182 CVE-2023-53185 CVE-2023-53196
CVE-2023-53197 CVE-2023-53199 CVE-2023-53201 CVE-2023-53205 CVE-2023-53213
CVE-2023-53216 CVE-2023-53219 CVE-2023-53222 CVE-2023-53223 CVE-2023-53226
CVE-2023-53229 CVE-2023-53230 CVE-2023-53234 CVE-2023-53238 CVE-2023-53239
CVE-2023-53241 CVE-2023-53242 CVE-2023-53244 CVE-2023-53245 CVE-2023-53246
CVE-2023-53249 CVE-2023-53250 CVE-2023-53251 CVE-2023-53255 CVE-2023-53259
CVE-2023-53265 CVE-2023-53268 CVE-2023-53270 CVE-2023-53272 CVE-2023-53273
CVE-2023-53275 CVE-2023-53276 CVE-2023-53277 CVE-2023-53280 CVE-2023-53281
CVE-2023-53282 CVE-2023-53286 CVE-2023-53288 CVE-2023-53295 CVE-2023-53297
CVE-2023-53298 CVE-2023-53299 CVE-2023-53302 CVE-2023-53304 CVE-2023-53305
CVE-2023-53307 CVE-2023-53309 CVE-2023-53311 CVE-2023-53313 CVE-2023-53314
CVE-2023-53315 CVE-2023-53316 CVE-2023-53317 CVE-2023-53321 CVE-2023-53322
CVE-2023-53324 CVE-2023-53326 CVE-2023-53330 CVE-2023-53331 CVE-2023-53333
CVE-2023-53334 CVE-2023-53335 CVE-2023-53337 CVE-2023-53344 CVE-2023-53349
CVE-2023-53352 CVE-2023-53356 CVE-2023-53359 CVE-2023-53368 CVE-2023-53373
CVE-2023-53375 CVE-2023-53377 CVE-2023-53379 CVE-2023-53380 CVE-2023-53381
CVE-2023-53384 CVE-2023-53386 CVE-2023-53388 CVE-2023-53390 CVE-2023-53393
CVE-2023-53395 CVE-2023-53396 CVE-2023-53400 CVE-2023-53404 CVE-2023-53405
CVE-2023-53406 CVE-2023-53409 CVE-2023-53413 CVE-2023-53414 CVE-2023-53415
CVE-2023-53416 CVE-2023-53422 CVE-2023-53427 CVE-2023-53431 CVE-2023-53435
CVE-2023-53436 CVE-2023-53437 CVE-2023-53438 CVE-2023-53440 CVE-2023-53443
CVE-2023-53446 CVE-2023-53449 CVE-2023-53451 CVE-2023-53452 CVE-2023-53453
CVE-2023-53454 CVE-2023-53457 CVE-2023-53458 CVE-2023-53463 CVE-2023-53464
CVE-2023-53465 CVE-2023-53468 CVE-2023-53471 CVE-2023-53472 CVE-2023-53473
CVE-2023-53474 CVE-2023-53475 CVE-2023-53476 CVE-2023-53485 CVE-2023-53487
CVE-2023-53488 CVE-2023-53492 CVE-2023-53494 CVE-2023-53496 CVE-2023-53498
CVE-2023-53499 CVE-2023-53505 CVE-2023-53506 CVE-2023-53509 CVE-2023-53512
CVE-2023-53513 CVE-2023-53515 CVE-2023-53518 CVE-2023-53519 CVE-2023-53521
CVE-2023-53524 CVE-2023-53525 CVE-2023-53526 CVE-2023-53530 CVE-2024-10041
CVE-2024-12718 CVE-2024-2236 CVE-2024-26583 CVE-2024-26584 CVE-2024-26643
CVE-2024-26808 CVE-2024-26924 CVE-2024-26935 CVE-2024-27397 CVE-2024-35840
CVE-2024-36978 CVE-2024-42265 CVE-2024-46800 CVE-2024-47175 CVE-2024-52615
CVE-2024-53057 CVE-2024-53125 CVE-2024-53141 CVE-2024-53164 CVE-2024-53177
CVE-2024-56738 CVE-2024-56770 CVE-2024-57947 CVE-2024-57947 CVE-2024-57999
CVE-2024-58239 CVE-2024-58240 CVE-2025-10148 CVE-2025-10148 CVE-2025-10230
CVE-2025-21700 CVE-2025-21702 CVE-2025-21703 CVE-2025-21756 CVE-2025-21881
CVE-2025-21971 CVE-2025-23141 CVE-2025-23145 CVE-2025-23155 CVE-2025-32988
CVE-2025-32989 CVE-2025-32990 CVE-2025-3576 CVE-2025-37738 CVE-2025-37752
CVE-2025-37797 CVE-2025-37798 CVE-2025-37798 CVE-2025-37823 CVE-2025-37885
CVE-2025-37890 CVE-2025-37932 CVE-2025-37953 CVE-2025-37958 CVE-2025-37997
CVE-2025-38000 CVE-2025-38001 CVE-2025-38014 CVE-2025-38014 CVE-2025-38079
CVE-2025-38083 CVE-2025-38084 CVE-2025-38085 CVE-2025-38088 CVE-2025-38111
CVE-2025-38120 CVE-2025-38177 CVE-2025-38180 CVE-2025-38181 CVE-2025-38184
CVE-2025-38200 CVE-2025-38206 CVE-2025-38212 CVE-2025-38213 CVE-2025-38257
CVE-2025-38323 CVE-2025-38350 CVE-2025-38352 CVE-2025-38380 CVE-2025-38460
CVE-2025-38468 CVE-2025-38470 CVE-2025-38476 CVE-2025-38477 CVE-2025-38488
CVE-2025-38494 CVE-2025-38495 CVE-2025-38497 CVE-2025-38498 CVE-2025-38499
CVE-2025-38546 CVE-2025-38553 CVE-2025-38555 CVE-2025-38560 CVE-2025-38563
CVE-2025-38572 CVE-2025-38608 CVE-2025-38617 CVE-2025-38618 CVE-2025-38644
CVE-2025-38659 CVE-2025-38664 CVE-2025-38678 CVE-2025-38685 CVE-2025-38706
CVE-2025-38713 CVE-2025-38734 CVE-2025-39691 CVE-2025-39703 CVE-2025-39726
CVE-2025-39746 CVE-2025-39751 CVE-2025-39790 CVE-2025-39797 CVE-2025-39823
CVE-2025-39824 CVE-2025-39860 CVE-2025-39869 CVE-2025-4138 CVE-2025-4330
CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-4598 CVE-2025-46836
CVE-2025-48060 CVE-2025-50181 CVE-2025-53905 CVE-2025-53906 CVE-2025-55157
CVE-2025-55158 CVE-2025-58060 CVE-2025-58364 CVE-2025-59375 CVE-2025-6069
CVE-2025-6297 CVE-2025-6395 CVE-2025-6965 CVE-2025-7425 CVE-2025-8194
CVE-2025-9086 CVE-2025-9086 CVE-2025-9230 CVE-2025-9640
-----------------------------------------------------------------
The container suse-sles-15-sp4-chost-byos-v20251022-hvm-ssd-x86_64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2464-1
Released: Tue Jul 22 13:40:15 2025
Summary: Security update for libgcrypt
Type: security
Severity: moderate
References: 1221107,CVE-2024-2236
This update for libgcrypt fixes the following issues:
- CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2519-1
Released: Fri Jul 25 10:51:53 2025
Summary: Recommended update for samba
Type: recommended
Severity: moderate
References: 1233880,1246431
This update for samba fixes the following issues:
- Windows security hardening locks out schannel'ed netlogon dc
calls like netr_DsRGetDCName (bsc#1246431).
- Update shipped /etc/samba/smb.conf to point to smb.conf
man page (bsc#1233880).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2537-1
Released: Mon Jul 28 17:08:58 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1065729,1156395,1193629,1194869,1198410,1199356,1199487,1201160,1201956,1202094,1202095,1202564,1202716,1202823,1202860,1203197,1203361,1205220,1205514,1206664,1206878,1206880,1207361,1207638,1211226,1212051,1213090,1218184,1218234,1218470,1222634,1223675,1224095,1224597,1225468,1225820,1226514,1226552,1228659,1230827,1231293,1232504,1233551,1234156,1234381,1234454,1235637,1236333,1236821,1236822,1237159,1237312,1237313,1238303,1238526,1238570,1238876,1239986,1240785,1241038,1242221,1242414,1242417,1242504,1242596,1242782,1242924,1243001,1243330,1243543,1243627,1243832,1244114,1244179,1244234,1244241,1244277,1244309,1244337,1244732,1244764,1244765,1244767,1244770,1244771,1244773,1244774,1244776,1244779,1244780,1244781,1244782,1244783,1244784,1244786,1244787,1244788,1244790,1244793,1244794,1244796,1244797,1244798,1244800,1244802,1244804,1244807,1244808,1244811,1244813,1244814,1244815,1244816,1244819,1244820,1244823,1244824,1244825,1244830,1244831,1244832,1244834,1244836,1
244838,1244839,1244840,1244841,1244842,1244843,1244845,1244846,1244848,1244849,1244851,1244853,1244854,1244856,1244860,1244861,1244866,1244867,1244868,1244869,1244870,1244871,1244872,1244873,1244875,1244876,1244878,1244879,1244881,1244883,1244884,1244886,1244887,1244890,1244895,1244899,1244900,1244901,1244902,1244903,1244908,1244911,1244915,1244936,1244941,1244942,1244943,1244944,1244945,1244948,1244949,1244950,1244956,1244958,1244959,1244965,1244966,1244967,1244968,1244969,1244970,1244974,1244976,1244977,1244978,1244979,1244983,1244984,1244985,1244986,1244991,1244992,1244993,1245006,1245007,1245009,1245011,1245012,1245018,1245019,1245024,1245028,1245031,1245032,1245033,1245038,1245039,1245041,1245047,1245051,1245057,1245058,1245060,1245062,1245064,1245069,1245072,1245073,1245088,1245089,1245092,1245093,1245098,1245103,1245117,1245118,1245119,1245121,1245122,1245125,1245129,1245131,1245133,1245134,1245135,1245136,1245138,1245139,1245140,1245142,1245146,1245147,1245149,1245152,124515
4,1245180,1245183,1245189,1245191,1245195,1245197,1245265,1245348,1245431,1245455,CVE-2021-47557,CVE-2021-47595,CVE-2022-1679,CVE-2022-2585,CVE-2022-2586,CVE-2022-2905,CVE-2022-3903,CVE-2022-4095,CVE-2022-4662,CVE-2022-49934,CVE-2022-49936,CVE-2022-49937,CVE-2022-49938,CVE-2022-49940,CVE-2022-49942,CVE-2022-49945,CVE-2022-49946,CVE-2022-49948,CVE-2022-49950,CVE-2022-49952,CVE-2022-49954,CVE-2022-49956,CVE-2022-49957,CVE-2022-49958,CVE-2022-49960,CVE-2022-49964,CVE-2022-49966,CVE-2022-49968,CVE-2022-49969,CVE-2022-49977,CVE-2022-49978,CVE-2022-49981,CVE-2022-49982,CVE-2022-49983,CVE-2022-49984,CVE-2022-49985,CVE-2022-49986,CVE-2022-49987,CVE-2022-49989,CVE-2022-49990,CVE-2022-49993,CVE-2022-49995,CVE-2022-49999,CVE-2022-50005,CVE-2022-50006,CVE-2022-50008,CVE-2022-50010,CVE-2022-50011,CVE-2022-50012,CVE-2022-50019,CVE-2022-50020,CVE-2022-50021,CVE-2022-50022,CVE-2022-50023,CVE-2022-50024,CVE-2022-50026,CVE-2022-50027,CVE-2022-50028,CVE-2022-50029,CVE-2022-50030,CVE-2022-50031,CVE-202
2-50032,CVE-2022-50033,CVE-2022-50034,CVE-2022-50036,CVE-2022-50038,CVE-2022-50039,CVE-2022-50040,CVE-2022-50045,CVE-2022-50046,CVE-2022-50047,CVE-2022-50051,CVE-2022-50053,CVE-2022-50055,CVE-2022-50059,CVE-2022-50060,CVE-2022-50061,CVE-2022-50062,CVE-2022-50065,CVE-2022-50066,CVE-2022-50067,CVE-2022-50068,CVE-2022-50072,CVE-2022-50073,CVE-2022-50074,CVE-2022-50076,CVE-2022-50077,CVE-2022-50079,CVE-2022-50083,CVE-2022-50084,CVE-2022-50085,CVE-2022-50087,CVE-2022-50092,CVE-2022-50093,CVE-2022-50094,CVE-2022-50095,CVE-2022-50097,CVE-2022-50098,CVE-2022-50099,CVE-2022-50100,CVE-2022-50101,CVE-2022-50102,CVE-2022-50103,CVE-2022-50104,CVE-2022-50108,CVE-2022-50109,CVE-2022-50110,CVE-2022-50111,CVE-2022-50112,CVE-2022-50116,CVE-2022-50118,CVE-2022-50120,CVE-2022-50121,CVE-2022-50124,CVE-2022-50125,CVE-2022-50126,CVE-2022-50127,CVE-2022-50129,CVE-2022-50131,CVE-2022-50132,CVE-2022-50134,CVE-2022-50136,CVE-2022-50137,CVE-2022-50138,CVE-2022-50139,CVE-2022-50140,CVE-2022-50141,CVE-2022-50142
,CVE-2022-50143,CVE-2022-50145,CVE-2022-50146,CVE-2022-50149,CVE-2022-50151,CVE-2022-50152,CVE-2022-50153,CVE-2022-50154,CVE-2022-50155,CVE-2022-50156,CVE-2022-50157,CVE-2022-50158,CVE-2022-50160,CVE-2022-50161,CVE-2022-50162,CVE-2022-50164,CVE-2022-50165,CVE-2022-50169,CVE-2022-50171,CVE-2022-50172,CVE-2022-50173,CVE-2022-50175,CVE-2022-50176,CVE-2022-50178,CVE-2022-50179,CVE-2022-50181,CVE-2022-50185,CVE-2022-50187,CVE-2022-50190,CVE-2022-50191,CVE-2022-50192,CVE-2022-50194,CVE-2022-50196,CVE-2022-50197,CVE-2022-50198,CVE-2022-50199,CVE-2022-50200,CVE-2022-50201,CVE-2022-50202,CVE-2022-50203,CVE-2022-50204,CVE-2022-50206,CVE-2022-50207,CVE-2022-50208,CVE-2022-50209,CVE-2022-50211,CVE-2022-50212,CVE-2022-50213,CVE-2022-50215,CVE-2022-50218,CVE-2022-50220,CVE-2022-50222,CVE-2022-50226,CVE-2022-50228,CVE-2022-50229,CVE-2022-50231,CVE-2023-3111,CVE-2023-52924,CVE-2023-52925,CVE-2023-53048,CVE-2023-53076,CVE-2023-53097,CVE-2024-26808,CVE-2024-26924,CVE-2024-26935,CVE-2024-27397,CVE-202
4-35840,CVE-2024-36978,CVE-2024-46800,CVE-2024-53057,CVE-2024-53125,CVE-2024-53141,CVE-2024-56770,CVE-2024-57947,CVE-2024-57999,CVE-2025-21700,CVE-2025-21702,CVE-2025-21703,CVE-2025-21756,CVE-2025-23141,CVE-2025-23145,CVE-2025-37752,CVE-2025-37797,CVE-2025-37798,CVE-2025-37823,CVE-2025-37890,CVE-2025-37932,CVE-2025-37953,CVE-2025-37997,CVE-2025-38000,CVE-2025-38001,CVE-2025-38014,CVE-2025-38083
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47557: net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1207361 bsc#1225468).
- CVE-2021-47595: net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1207361 bsc#1226552).
- CVE-2023-52924: netfilter: nf_tables: do not skip expired elements during walk (bsc#1236821).
- CVE-2023-52925: netfilter: nf_tables: do not fail inserts if duplicate has expired (bsc#1236822).
- CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21756: vsock: Orphan socket after transport release (bsc#1238876).
- CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
- CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330).
- CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832).
- CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
- CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234).
- CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183).
The following non-security bugs were fixed:
- Fix conditional for selecting gcc-13 Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- Fix reference in 'net_sched: sch_sfq: use a temporary work area for validating configuration' (bsc#1242504)
- MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build')
- MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild')
- MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed.
- Require zstd in kernel-default-devel when module compression is zstd To use ksym-provides tool modules need to be uncompressed. Without zstd at least kernel-default-base does not have provides. Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.
- bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)')
- check-for-config-changes: Fix flag name typo
- doc/README.SUSE: Point to the updated version of LKMPG
- hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).
- kernel-binary: Support livepatch_rt with merged RT branch
- kernel-obs-qa: Use srchash for dependency as well
- kernel-source: Also replace bin/env
- kernel-source: Also update the search to match bin/env Fixes: dc2037cd8f94 ('kernel-source: Also replace bin/env'
- kernel-source: Remove log.sh from sources
- mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431).
- mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431).
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504)
- packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251).
- packaging: Turn gcc version into config.sh variable Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790).
- powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790).
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN Both spellings are actually used
- rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE
- rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang.
- rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML This option is dynamically enabled to build-test different configurations. This makes run_oldconfig.sh complain sporadically for arm64.
- rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038).
- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) sle_version was obsoleted for SLE16. It has to be combined with suse_version check.
- rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038).
- rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454)
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/package-descriptions: Add rt and rt_debug descriptions
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- rpm: Stop using is_kotd_qa macro
- scsi: storvsc: Do not report the host packet status as the hv status (git-fixes).
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
- wifi: cfg80211: Add my certificate (bsc#1243001).
- wifi: cfg80211: fix certs build to not depend on file order (bsc#1243001).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2543-1
Released: Tue Jul 29 11:09:01 2025
Summary: Recommended update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3
Type: recommended
Severity: moderate
References: 1233012
This update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 fixes the following issues:
- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2556-1
Released: Wed Jul 30 21:04:22 2025
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1246697
This update for openssl-1_1 fixes the following issues:
- FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test
instead of NID_secp256k1. [bsc#1246697]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2559-1
Released: Wed Jul 30 22:15:25 2025
Summary: Recommended update for libsolv
Type: recommended
Severity: moderate
References: 1230267,1243279,1243457,1244042,1244710,1245220,1245452,1245496,1245672
This update for libsolv fixes the following issues:
- Allow easy migration from SLE Micro 5.5 + SUMA to SL Micro 6.1 + MLM
(bsc#1243457).
- implement color filtering when adding update targets.
- support orderwithrequires dependencies in susedata.xml
- Fix SEGV in MediaDISK handler (bsc#1245452).
- Fix evaluation of libproxy results (bsc#1244710).
- Enhancements regarding mirror handling during repo refresh. Adapt to libzypp
API changes (bsc#1230267).
- Explicitly selecting DownloadAsNeeded also selects the
classic_rpmtrans backend.
- Enhancements with mirror handling during repo refresh, needs zypper 1.14.91.
- Fix autotestcase when ZYPP_FULLLOG=1 (bsc#1244042).
There was no testcase written for the very first solver run.
- zypper does not allow distinctions between install and upgrade in
%postinstall (bsc#1243279).
- Ignore DeltaRpm download errors, in case of a failure the full rpm is
downloaded (bsc#1245672).
- Improve fix for incorrect filesize handling and download data exceeded errors
on HTTP responses (bsc#1245220).
- sh: Reset solver options after command (bsc#1245496).
- Implement color filtering when adding update targets.
- Support orderwithrequires dependencies in susedata.xml.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2572-1
Released: Thu Jul 31 11:11:10 2025
Summary: Recommended update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp
Type: recommended
Severity: moderate
References: 1233012
This update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp fixes the following issues:
- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2573-1
Released: Thu Jul 31 11:15:06 2025
Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six
Type: recommended
Severity: moderate
References: 1233012
This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues:
- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2574-1
Released: Thu Jul 31 11:19:37 2025
Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools
Type: recommended
Severity: moderate
References: 1233012
This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues:
- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2536-1
Released: Thu Jul 31 16:44:39 2025
Summary: Security update for boost
Type: security
Severity: important
References: 1245936,CVE-2016-9840
This update for boost fixes the following issues:
- CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2589-1
Released: Fri Aug 1 15:05:54 2025
Summary: Security update for gnutls
Type: security
Severity: important
References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395
This update for gnutls fixes the following issues:
- CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299)
- CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232)
- CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233)
- CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2620-1
Released: Mon Aug 4 09:42:43 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1246296,CVE-2025-7425
This update for libxml2 fixes the following issues:
- CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2672-1
Released: Mon Aug 4 15:06:13 2025
Summary: Security update for sqlite3
Type: security
Severity: important
References: 1246597,CVE-2025-6965
This update for sqlite3 fixes the following issues:
- Update to version 3.50.2
- CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2675-1
Released: Mon Aug 4 15:53:48 2025
Summary: Security update for systemd
Type: security
Severity: moderate
References: 1243935,CVE-2025-4598
This update for systemd fixes the following issues:
- CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2712-1
Released: Wed Aug 6 11:21:38 2025
Summary: Recommended update for hwinfo
Type: recommended
Severity: moderate
References: 1245950
This update for hwinfo fixes the following issues:
- Fix usb network card detection (bsc#1245950)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2727-1
Released: Thu Aug 7 11:02:04 2025
Summary: Security update for grub2
Type: security
Severity: moderate
References: 1234959,CVE-2024-56738
This update for grub2 fixes the following issues:
- CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2734-1
Released: Fri Aug 8 10:05:10 2025
Summary: Security update for dpkg
Type: security
Severity: moderate
References: 1245573,CVE-2025-6297
This update for dpkg fixes the following issues:
- CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2761-1
Released: Tue Aug 12 14:17:29 2025
Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa
Type: recommended
Severity: moderate
References: 1233012
This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues:
- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:2763-1
Released: Tue Aug 12 14:45:40 2025
Summary: Optional update for libyaml
Type: optional
Severity: moderate
References: 1246570
This update for libyaml ships the missing libyaml-0-2 library package to
SUSE MicroOS 5.1 and 5.2.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2776-1
Released: Wed Aug 13 08:10:36 2025
Summary: Recommended update for systemd-rpm-macros
Type: recommended
Severity: moderate
References: 1237143
This update for systemd-rpm-macros fixes the following issues:
- Introduce %udev_trigger_with_reload() for packages that need to trigger events
in theirs scriplets. The new macro automatically triggers a reload of the udev
rule files as this step is often overlooked by packages (bsc#1237143).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2778-1
Released: Wed Aug 13 08:45:57 2025
Summary: Security update for python3
Type: security
Severity: important
References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194
This update for python3 fixes the following issues:
- CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273).
- CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056)
- CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059)
- CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060)
- CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061)
- CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032)
- CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705)
- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249)
Other fixes:
- Limit buffer size for IPv6 address parsing (bsc#1244401).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2780-1
Released: Wed Aug 13 10:28:27 2025
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050
This update for gcc14 fixes the following issues:
Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799
- Fixed libqt6webengine build.
- Fix build on s390x [bsc#1241549]
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Allow GCC executables to be built PIE. [bsc#1239938]
- Backport -msplit-patch-nops required for user-space livepatching on powerpc.
- Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566]
- Disable profiling during build when %want_reproducible_builds is set [bsc#1238491]
- Fixes reported ICE in [bsc#1237442]
- Add larchintrin.h, lasxintrin.h and lsxintrin.h
headers to gccXY main package in %files section
- libstdc++6 fix for parsing tzdata 2024b [gcc#116657]
- Fix ICE with LTO building openvino on aarch64 [bsc#1230262]
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2838-1
Released: Mon Aug 18 10:56:16 2025
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1245223
This update for suse-build-key fixes the following issue:
- adjust SLES16 signing key UID (name,email) with official names (bsc#1245223).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2849-1
Released: Mon Aug 18 17:56:40 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1206051,1221829,1229334,1234863,1236104,1236333,1238160,1239644,1240185,1240799,1242414,1242780,1244309,1245217,1245431,1245506,1245711,1245986,1246000,1246029,1246037,1246045,1246073,1246186,1246781,1247314,1247347,1247348,1247349,1247437,CVE-2022-49138,CVE-2022-49770,CVE-2023-52923,CVE-2023-52927,CVE-2023-53117,CVE-2024-26643,CVE-2024-42265,CVE-2024-53164,CVE-2024-57947,CVE-2025-21881,CVE-2025-21971,CVE-2025-37798,CVE-2025-38079,CVE-2025-38088,CVE-2025-38120,CVE-2025-38177,CVE-2025-38181,CVE-2025-38200,CVE-2025-38206,CVE-2025-38212,CVE-2025-38213,CVE-2025-38257,CVE-2025-38350,CVE-2025-38468,CVE-2025-38477,CVE-2025-38494,CVE-2025-38495,CVE-2025-38497
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104).
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217).
- CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037).
- CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
- CVE-2025-38477: net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (bsc#1247314).
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
The following non-security bugs were fixed:
- Revert 'hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).'
- Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race'
- Revert 'mm/hugetlb: unshare page tables during VMA split, not before'
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2915-1
Released: Tue Aug 19 14:56:35 2025
Summary: Security update for jq
Type: security
Severity: moderate
References: 1244116,CVE-2025-48060
This update for jq fixes the following issues:
- CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2927-1
Released: Wed Aug 20 11:47:47 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1246776
This update for permissions fixes the following issues:
Update to version 20201225:
* nvidia-modprobe: SLE-15-SP4 backport of setuid root permissions (bsc#1246776)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2952-1
Released: Thu Aug 21 14:56:24 2025
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: important
References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690
This update for libzypp, zypper fixes the following issues:
- Fix evaluation of libproxy results (bsc#1247690)
- Replace URL variables inside mirrorlist/metalink files
- Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054)
- During installation indicate the backend being used (bsc#1246038)
If some package actually needs to know, it should test for
ZYPP_CLASSIC_RPMTRANS being set in the environment.
Otherwise the transaction is driven by librpm.
- Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459)
- Verbose log libproxy results if PX_DEBUG=1 is set.
- BuildRequires: cmake >= 3.17.
- Allow explicit request to probe an added repo's URL (bsc#1246466)
- Fix tests with -DISABLE_MEDIABACKEND_TESTS=1
- Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149)
- Add regression test for (bsc#1245220) and some other filesize related tests.
- Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466)
- Accept 'show' as alias for 'info' (bsc#1245985)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2970-1
Released: Mon Aug 25 10:27:57 2025
Summary: Security update for pam
Type: security
Severity: moderate
References: 1232234,1246221,CVE-2024-10041
This update for pam fixes the following issues:
- Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2985-1
Released: Mon Aug 25 15:55:03 2025
Summary: Security update for python-urllib3
Type: security
Severity: moderate
References: 1244925,CVE-2025-50181
This update for python-urllib3 fixes the following issues:
- CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3065-1
Released: Thu Sep 4 08:36:30 2025
Summary: Recommended update for systemd-presets-branding-SLE
Type: recommended
Severity: moderate
References: 1244553,1246835
This update for systemd-presets-branding-SLE fixes the following issues:
- enable sysstat_collect.timer and sysstat_summary.timer
(bsc#1244553, bsc#1246835).
- modified default SLE presets
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3085-1
Released: Fri Sep 5 11:03:27 2025
Summary: Recommended update for suse-module-tools
Type: recommended
Severity: important
References: 1240950
This update for suse-module-tools fixes the following issues:
- Version update 15.4.20
- Add blacklist entry for reiserfs (jsc#PED-6167).
- Add more modules to file system blacklist (jsc#PED-6167).
- Add hfsplus to file system blacklist (bsc#1240950, jsc#PED-12632).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3240-1
Released: Tue Sep 16 21:56:57 2025
Summary: Security update for vim
Type: security
Severity: moderate
References: 1246602,1246604,1247938,1247939,CVE-2025-53905,CVE-2025-53906,CVE-2025-55157,CVE-2025-55158
This update for vim fixes the following issues:
Update to version 9.1.1629.
- CVE-2025-53905: Fixed a path traversal issue in tar.vim plugin that may allow for file overwriting when opening
specially crafted tar files (bsc#1246604).
- CVE-2025-53906: Fixed a path traversal issue in zip.vim plugin that may allow for file overwriting when opening
specially crafted zip files (bsc#1246602).
- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938).
- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3260-1
Released: Thu Sep 18 02:09:31 2025
Summary: Security update for net-tools
Type: security
Severity: moderate
References: 1243581,1246608,1248410,1248687,142461,CVE-2025-46836
This update for net-tools fixes the following issues:
Security issues fixed:
- CVE-2025-46836: missing bounds check in `get_name` may lead to a stack buffer overflow (bsc#1243581).
- Avoid unsafe use of `memcpy` in `ifconfig` (bsc#1248687).
- Prevent overflow in `ax25` and `netrom` (bsc#1248687).
- Fix stack buffer overflow in `parse_hex` (bsc#1248687).
- Fix stack buffer overflow in `proc_gen_fmt` (bsc#1248687).
Other issues fixed:
- Allow use of long interface names after CVE-2025-46836 fix, even if they are not accepted by the kernel (bsc#1248410).
- Fix netrom support.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3261-1
Released: Thu Sep 18 06:35:19 2025
Summary: Security update for cups
Type: security
Severity: important
References: 1230932,1246533,1249049,1249128,CVE-2024-47175,CVE-2025-58060,CVE-2025-58364
This update for cups fixes the following issues:
- CVE-2024-47175: no validation of IPP attributes in `ppdCreatePPDFromIPP2` when writing to a temporary PPD file allows
for the injection of attacker-controlled data to the resulting PPD (bsc#1230932).
- CVE-2025-58060: no password check when `AuthType` is set to anything but `Basic` and a request is made with an
`Authorization: Basic` header (bsc#1249049).
- CVE-2025-58364: unsafe deserialization and validation of printer attributes leads to NULL pointer dereference
(bsc#1249128).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3267-1
Released: Thu Sep 18 13:05:51 2025
Summary: Security update for curl
Type: security
Severity: important
References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3268-1
Released: Thu Sep 18 13:08:10 2025
Summary: Security update for curl
Type: security
Severity: important
References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3288-1
Released: Mon Sep 22 12:13:27 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1235873
This update for permissions fixes the following issues:
- permissions: remove unnecessary static dirs and devices (bsc#1235873)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3302-1
Released: Tue Sep 23 11:09:49 2025
Summary: Recommended update for dracut
Type: recommended
Severity: moderate
References: 1247819
This update for dracut fixes the following issues:
- fix (dracut-util): crash if CMDLINE ends with quotation mark (bsc#1247819)
- fix (rngd): adjust license to match the license of the whole project
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3314-1
Released: Tue Sep 23 20:34:40 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1234896,1244824,1245970,1246473,1246911,1247143,1247374,1247518,1247976,1248223,1248297,1248306,1248312,1248338,1248511,1248614,1248621,1248748,CVE-2022-50116,CVE-2024-53177,CVE-2024-58239,CVE-2025-38180,CVE-2025-38323,CVE-2025-38352,CVE-2025-38460,CVE-2025-38498,CVE-2025-38499,CVE-2025-38546,CVE-2025-38555,CVE-2025-38560,CVE-2025-38563,CVE-2025-38608,CVE-2025-38617,CVE-2025-38618,CVE-2025-38644
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297).
- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
The following non-security bugs were fixed:
- NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
- Disable N_GSM (jsc#PED-8240).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3331-1
Released: Wed Sep 24 08:54:17 2025
Summary: Security update for avahi
Type: security
Severity: moderate
References: 1233421,CVE-2024-52615
This update for avahi fixes the following issues:
- CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing
attacks (bsc#1233421).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3371-1
Released: Fri Sep 26 13:41:03 2025
Summary: Recommended update for sysconfig
Type: recommended
Severity: important
References: 1237595
This update for sysconfig fixes the following issues:
- Update to version 0.85.10
- codespell run for all repository files and changes file
- spec: define permissions for ghost file attrs to avoid
rpm --restore resets them to 0 (bsc#1237595).
- spec: fix name-repeated-in-summary rpmlint warning
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3433-1
Released: Tue Sep 30 15:52:31 2025
Summary: Recommended update for bind
Type: recommended
Severity: important
References: 1230649
This update for bind fixes the following issues:
- ensure file descriptors 0-2 are in use before using libuv (bsc#1230649)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3437-1
Released: Tue Sep 30 16:36:42 2025
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1250232,CVE-2025-9230
This update for openssl-1_1 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3594-1
Released: Mon Oct 13 15:35:27 2025
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: important
References: 1230267,1246912,1250343
This update for libzypp, zypper fixes the following issues:
- runposttrans: strip root prefix from tmppath (bsc#1250343)
- fixup! Make ld.so ignore the subarch packages during install (bsc#1246912)
- Make ld.so ignore the subarch packages during install (bsc#1246912)
- Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines.
- Changes to support building against restructured libzypp in stack build (bsc#1230267)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3618-1
Released: Thu Oct 16 09:37:00 2025
Summary: Security update for samba
Type: security
Severity: critical
References: 1251279,1251280,CVE-2025-10230,CVE-2025-9640
This update for samba fixes the following issues:
- CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279).
- CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3624-1
Released: Thu Oct 16 21:59:19 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1249584,CVE-2025-59375
This update for expat fixes the following issues:
- CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations
by submitting crafted XML input (bsc#1249584).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3628-1
Released: Fri Oct 17 13:34:30 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1065729,1164051,1193629,1194869,1202700,1203063,1203332,1204228,1205128,1206456,1206468,1206883,1206884,1207158,1207621,1207624,1207625,1207628,1207629,1207631,1207645,1207651,1208607,1209287,1209291,1210584,1211960,1212603,1213015,1213016,1213040,1213041,1213061,1213099,1213104,1213666,1213747,1214953,1214967,1215150,1215696,1215911,1216976,1217790,1220185,1220186,1236104,1238160,1241353,1242573,1242846,1242960,1243539,1244337,1244732,1245110,1245498,1245499,1245666,1245956,1246879,1246968,1247028,1247172,1247239,1247288,1247317,1248108,1248255,1248399,1248628,1248639,1248847,1249126,1249158,1249186,1249195,1249200,1249220,1249266,1249315,1249324,1249346,1249374,1249516,1249538,1249548,1249604,1249608,1249638,1249639,1249641,1249642,1249650,1249651,1249658,1249661,1249664,1249667,1249669,1249677,1249681,1249683,1249685,1249687,1249691,1249695,1249699,1249700,1249701,1249705,1249706,1249707,1249709,1249712,1249713,1249715,1249716,1249718,1249722,1249727,1249730,1249733,1
249734,1249739,1249740,1249741,1249742,1249743,1249745,1249746,1249747,1249749,1249750,1249751,1249753,1249758,1249762,1249767,1249777,1249781,1249784,1249791,1249799,1249808,1249810,1249820,1249825,1249827,1249836,1249840,1249844,1249846,1249853,1249858,1249860,1249864,1249865,1249866,1249867,1249868,1249872,1249877,1249880,1249882,1249885,1249890,1249892,1249908,1249910,1249911,1249914,1249917,1249918,1249920,1249923,1249924,1249925,1249927,1249928,1249930,1249933,1249934,1249936,1249938,1249939,1249944,1249947,1249949,1249950,1249954,1249958,1249979,1249981,1249991,1249997,1250002,1250006,1250007,1250009,1250010,1250011,1250014,1250015,1250023,1250024,1250026,1250039,1250041,1250043,1250044,1250047,1250049,1250052,1250055,1250058,1250060,1250062,1250065,1250066,1250070,1250071,1250072,1250077,1250080,1250081,1250083,1250105,1250106,1250107,1250108,1250114,1250118,1250121,1250127,1250128,1250131,1250132,1250137,1250138,1250140,1250145,1250151,1250153,1250156,1250159,1250161,125016
8,1250178,1250180,1250181,1250182,1250183,1250184,1250187,1250191,1250197,1250198,1250200,1250209,1250211,1250237,1250245,1250247,1250250,1250257,1250264,1250269,1250277,1250287,1250293,1250301,1250303,1250309,1250311,1250313,1250315,1250316,1250322,1250323,1250324,1250325,1250328,1250331,1250358,1250362,1250363,1250370,1250374,1250391,1250392,1250393,1250394,1250395,1250406,1250412,1250418,1250425,1250428,1250453,1250454,1250457,1250459,1250522,1250759,1250761,1250762,1250763,1250767,1250768,1250774,1250781,1250784,1250786,1250787,1250790,1250791,1250792,1250797,1250799,1250807,1250810,1250811,1250818,1250819,1250822,1250823,1250824,1250825,1250830,1250831,1250839,1250841,1250842,1250843,1250846,1250847,1250848,1250850,1250851,1250853,1250856,1250863,1250864,1250866,1250867,1250868,1250872,1250874,1250875,1250877,1250879,1250883,1250887,1250888,1250889,1250890,1250891,1250905,1250915,1250917,1250923,1250927,1250928,1250948,1250949,1250953,1250955,1250963,1250964,1250965,CVE-2022-26
02,CVE-2022-2978,CVE-2022-36280,CVE-2022-43945,CVE-2022-49138,CVE-2022-49980,CVE-2022-50233,CVE-2022-50234,CVE-2022-50235,CVE-2022-50239,CVE-2022-50241,CVE-2022-50246,CVE-2022-50247,CVE-2022-50248,CVE-2022-50249,CVE-2022-50250,CVE-2022-50251,CVE-2022-50252,CVE-2022-50255,CVE-2022-50257,CVE-2022-50258,CVE-2022-50260,CVE-2022-50261,CVE-2022-50264,CVE-2022-50266,CVE-2022-50267,CVE-2022-50268,CVE-2022-50269,CVE-2022-50271,CVE-2022-50272,CVE-2022-50275,CVE-2022-50276,CVE-2022-50277,CVE-2022-50278,CVE-2022-50279,CVE-2022-50282,CVE-2022-50286,CVE-2022-50289,CVE-2022-50294,CVE-2022-50297,CVE-2022-50298,CVE-2022-50299,CVE-2022-50301,CVE-2022-50308,CVE-2022-50309,CVE-2022-50312,CVE-2022-50317,CVE-2022-50318,CVE-2022-50320,CVE-2022-50321,CVE-2022-50324,CVE-2022-50328,CVE-2022-50329,CVE-2022-50330,CVE-2022-50331,CVE-2022-50333,CVE-2022-50340,CVE-2022-50342,CVE-2022-50344,CVE-2022-50346,CVE-2022-50347,CVE-2022-50348,CVE-2022-50349,CVE-2022-50351,CVE-2022-50353,CVE-2022-50355,CVE-2022-50358,CVE-2
022-50359,CVE-2022-50362,CVE-2022-50364,CVE-2022-50367,CVE-2022-50368,CVE-2022-50369,CVE-2022-50370,CVE-2022-50372,CVE-2022-50373,CVE-2022-50374,CVE-2022-50375,CVE-2022-50376,CVE-2022-50379,CVE-2022-50381,CVE-2022-50385,CVE-2022-50386,CVE-2022-50388,CVE-2022-50389,CVE-2022-50391,CVE-2022-50392,CVE-2022-50394,CVE-2022-50395,CVE-2022-50399,CVE-2022-50401,CVE-2022-50402,CVE-2022-50404,CVE-2022-50408,CVE-2022-50409,CVE-2022-50410,CVE-2022-50411,CVE-2022-50414,CVE-2022-50417,CVE-2022-50419,CVE-2022-50422,CVE-2022-50423,CVE-2022-50425,CVE-2022-50427,CVE-2022-50428,CVE-2022-50429,CVE-2022-50430,CVE-2022-50431,CVE-2022-50432,CVE-2022-50434,CVE-2022-50435,CVE-2022-50436,CVE-2022-50437,CVE-2022-50439,CVE-2022-50440,CVE-2022-50443,CVE-2022-50444,CVE-2022-50449,CVE-2022-50453,CVE-2022-50454,CVE-2022-50456,CVE-2022-50458,CVE-2022-50459,CVE-2022-50460,CVE-2022-50465,CVE-2022-50466,CVE-2022-50467,CVE-2022-50468,CVE-2022-50469,CVE-2023-1380,CVE-2023-28328,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197
,CVE-2023-42753,CVE-2023-52923,CVE-2023-53147,CVE-2023-53149,CVE-2023-53150,CVE-2023-53151,CVE-2023-53153,CVE-2023-53165,CVE-2023-53167,CVE-2023-53171,CVE-2023-53174,CVE-2023-53176,CVE-2023-53178,CVE-2023-53179,CVE-2023-53182,CVE-2023-53185,CVE-2023-53196,CVE-2023-53197,CVE-2023-53199,CVE-2023-53201,CVE-2023-53205,CVE-2023-53213,CVE-2023-53216,CVE-2023-53219,CVE-2023-53222,CVE-2023-53223,CVE-2023-53226,CVE-2023-53229,CVE-2023-53230,CVE-2023-53234,CVE-2023-53238,CVE-2023-53239,CVE-2023-53241,CVE-2023-53242,CVE-2023-53244,CVE-2023-53245,CVE-2023-53246,CVE-2023-53249,CVE-2023-53250,CVE-2023-53251,CVE-2023-53255,CVE-2023-53259,CVE-2023-53265,CVE-2023-53268,CVE-2023-53270,CVE-2023-53272,CVE-2023-53273,CVE-2023-53275,CVE-2023-53276,CVE-2023-53277,CVE-2023-53280,CVE-2023-53281,CVE-2023-53282,CVE-2023-53286,CVE-2023-53288,CVE-2023-53295,CVE-2023-53297,CVE-2023-53298,CVE-2023-53299,CVE-2023-53302,CVE-2023-53304,CVE-2023-53305,CVE-2023-53307,CVE-2023-53309,CVE-2023-53311,CVE-2023-53313,CVE-20
23-53314,CVE-2023-53315,CVE-2023-53316,CVE-2023-53317,CVE-2023-53321,CVE-2023-53322,CVE-2023-53324,CVE-2023-53326,CVE-2023-53330,CVE-2023-53331,CVE-2023-53333,CVE-2023-53334,CVE-2023-53335,CVE-2023-53337,CVE-2023-53344,CVE-2023-53349,CVE-2023-53352,CVE-2023-53356,CVE-2023-53359,CVE-2023-53368,CVE-2023-53373,CVE-2023-53375,CVE-2023-53377,CVE-2023-53379,CVE-2023-53380,CVE-2023-53381,CVE-2023-53384,CVE-2023-53386,CVE-2023-53388,CVE-2023-53390,CVE-2023-53393,CVE-2023-53395,CVE-2023-53396,CVE-2023-53400,CVE-2023-53404,CVE-2023-53405,CVE-2023-53406,CVE-2023-53409,CVE-2023-53413,CVE-2023-53414,CVE-2023-53415,CVE-2023-53416,CVE-2023-53422,CVE-2023-53427,CVE-2023-53431,CVE-2023-53435,CVE-2023-53436,CVE-2023-53437,CVE-2023-53438,CVE-2023-53440,CVE-2023-53443,CVE-2023-53446,CVE-2023-53449,CVE-2023-53451,CVE-2023-53452,CVE-2023-53453,CVE-2023-53454,CVE-2023-53457,CVE-2023-53458,CVE-2023-53463,CVE-2023-53464,CVE-2023-53465,CVE-2023-53468,CVE-2023-53471,CVE-2023-53472,CVE-2023-53473,CVE-2023-5347
4,CVE-2023-53475,CVE-2023-53476,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53492,CVE-2023-53494,CVE-2023-53496,CVE-2023-53498,CVE-2023-53499,CVE-2023-53505,CVE-2023-53506,CVE-2023-53509,CVE-2023-53512,CVE-2023-53513,CVE-2023-53515,CVE-2023-53518,CVE-2023-53519,CVE-2023-53521,CVE-2023-53524,CVE-2023-53525,CVE-2023-53526,CVE-2023-53530,CVE-2024-26583,CVE-2024-26584,CVE-2024-58240,CVE-2025-23155,CVE-2025-37738,CVE-2025-37885,CVE-2025-37958,CVE-2025-38014,CVE-2025-38084,CVE-2025-38085,CVE-2025-38111,CVE-2025-38184,CVE-2025-38380,CVE-2025-38470,CVE-2025-38476,CVE-2025-38488,CVE-2025-38553,CVE-2025-38572,CVE-2025-38659,CVE-2025-38664,CVE-2025-38678,CVE-2025-38685,CVE-2025-38706,CVE-2025-38713,CVE-2025-38734,CVE-2025-39691,CVE-2025-39703,CVE-2025-39726,CVE-2025-39746,CVE-2025-39751,CVE-2025-39790,CVE-2025-39797,CVE-2025-39823,CVE-2025-39824,CVE-2025-39860,CVE-2025-39869
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110).
- CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968).
- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846).
- CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392).
- CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827).
- CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313).
- CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180).
- CVE-2025-23155: net: stmmac: Fix accessing freed irq affinity_hint (bsc#1242573).
- CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539).
- CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732).
- CVE-2025-38084: mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245498).
- CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245499).
- CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1245666).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38380: i2c/designware: Fix an initialization issue (bsc#1247028).
- CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288).
- CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38659: gfs2: No more self recovery (bsc#1248639).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126).
- CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220).
- CVE-2025-38706: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (bsc#1249195).
- CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200).
- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).
- CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374).
- CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315).
- CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266).
- CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516).
- CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538).
- CVE-2025-39790: bus: mhi: host: Detect events pointing to unexpected TREs (bsc#1249548).
- CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
- CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007).
- CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247).
- CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406).
The following non-security bugs were fixed:
- Limit patch filenames to 100 characters (bsc#1249604).
- Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108).
- README.BRANCH: Add Lidong Zhong as a SLE15-SP4-LTSS co-maintainer.
- Revert backported patches for bsc#1238160 because the CVSS less than 7.0
- Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps.
- btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1249158).
- build_bug.h: Add KABI assert (bsc#1249186).
- kabi/severities: ignore kABI for atheros helper modules The symbols are used only internally by atheros drivers.
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- net/sched: ets: use old 'nbands' while purging unused classes (git-fixes).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879).
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337).
- rpm: Configure KABI checkingness macro (bsc#1249186).
- rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186).
- rpm: Link arch-symbols script from scripts directory.
- rpm: Link guards script from scripts directory.
- use uniform permission checks for all mount propagation changes (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3729-1
Released: Wed Oct 22 15:19:26 2025
Summary: Security update for krb5
Type: security
Severity: moderate
References: 1241219,CVE-2025-3576
This update for krb5 fixes the following issues:
- CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using
RC4-HMAC-MD5 (bsc#1241219).
Krb5 as very old protocol supported quite a number of ciphers
that are not longer up to current cryptographic standards.
To avoid problems with those, SUSE has by default now disabled
those alorithms.
The following algorithms have been removed from valid krb5 enctypes:
- des3-cbc-sha1
- arcfour-hmac-md5
To reenable those algorithms, you can use allow options in krb5.conf:
[libdefaults]
allow_des3 = true
allow_rc4 = true
to reenable them.
The following package changes have been done:
- bind-utils-9.16.50-150400.5.49.1 updated
- boost-license1_66_0-1.66.0-150200.12.7.1 updated
- cups-config-2.2.7-150000.3.72.1 updated
- curl-8.14.1-150400.5.69.1 updated
- dracut-055+suse.361.g448229ea-150400.3.40.1 updated
- grub2-i386-pc-2.06-150400.11.63.1 updated
- grub2-x86_64-efi-2.06-150400.11.63.1 updated
- grub2-x86_64-xen-2.06-150400.11.63.1 updated
- grub2-2.06-150400.11.63.1 updated
- hwinfo-21.89-150400.3.21.1 updated
- jq-1.6-150000.3.9.1 updated
- kernel-default-5.14.21-150400.24.179.1 updated
- krb5-1.19.2-150400.3.18.1 updated
- libavahi-client3-0.8-150400.7.23.1 updated
- libavahi-common3-0.8-150400.7.23.1 updated
- libboost_system1_66_0-1.66.0-150200.12.7.1 updated
- libboost_thread1_66_0-1.66.0-150200.12.7.1 updated
- libbrotlicommon1-1.0.7-150200.3.5.1 updated
- libbrotlidec1-1.0.7-150200.3.5.1 updated
- libcups2-2.2.7-150000.3.72.1 updated
- libcurl4-8.14.1-150400.5.69.1 updated
- libexpat1-2.7.1-150400.3.31.1 updated
- libgcc_s1-14.3.0+git11799-150000.1.11.1 updated
- libgcrypt20-1.9.4-150400.6.11.1 updated
- libgnutls30-3.7.3-150400.4.50.1 updated
- libjq1-1.6-150000.3.9.1 updated
- libopenssl1_1-1.1.1l-150400.7.84.1 updated
- libpython3_6m1_0-3.6.15-150300.10.97.1 updated
- libsolv-tools-base-0.7.34-150400.3.41.1 updated
- libsolv-tools-0.7.34-150400.3.41.1 updated
- libsqlite3-0-3.50.2-150000.3.33.1 updated
- libstdc++6-14.3.0+git11799-150000.1.11.1 updated
- libsystemd0-249.17-150400.8.49.2 updated
- libudev1-249.17-150400.8.49.2 updated
- libxml2-2-2.9.14-150400.5.47.1 updated
- libyaml-0-2-0.1.7-150000.3.4.1 updated
- libzypp-17.37.18-150400.3.148.1 updated
- net-tools-2.0+git20170221.479bb4a-150000.5.13.1 updated
- openssl-1_1-1.1.1l-150400.7.84.1 updated
- pam-1.3.0-150000.6.86.1 updated
- permissions-20201225-150400.5.22.1 updated
- python3-PyYAML-5.4.1-150300.3.6.1 updated
- python3-apipkg-1.4-150000.3.8.1 updated
- python3-appdirs-1.4.3-150000.3.3.1 updated
- python3-asn1crypto-0.24.0-150000.3.5.1 updated
- python3-attrs-19.3.0-150200.3.9.1 updated
- python3-base-3.6.15-150300.10.97.1 updated
- python3-bind-9.16.50-150400.5.49.1 updated
- python3-certifi-2018.1.18-150000.3.6.1 updated
- python3-cffi-1.13.2-150200.3.5.1 updated
- python3-chardet-3.0.4-150000.5.6.1 updated
- python3-cryptography-3.3.2-150400.26.1 updated
- python3-idna-2.6-150000.3.6.1 updated
- python3-importlib-metadata-1.5.0-150100.3.8.1 updated
- python3-iniconfig-1.1.1-150000.1.13.1 updated
- python3-more-itertools-8.10.0-150400.10.1 updated
- python3-packaging-21.3-150200.3.6.1 updated
- python3-ply-3.10-150000.3.8.1 updated
- python3-pyOpenSSL-21.0.0-150400.10.1 updated
- python3-pyasn1-0.4.2-150000.3.8.1 updated
- python3-pycparser-2.17-150000.3.5.1 updated
- python3-pyparsing-2.4.7-150300.3.3.1 updated
- python3-pytz-2022.1-150300.3.9.1 updated
- python3-py-1.10.0-150100.5.15.1 updated
- python3-requests-2.25.1-150300.3.18.1 updated
- python3-setuptools-44.1.1-150400.9.15.1 updated
- python3-six-1.14.0-150200.15.1 updated
- python3-urllib3-1.25.10-150300.4.18.1 updated
- python3-zipp-0.6.0-150100.3.8.1 updated
- python3-3.6.15-150300.10.97.2 updated
- samba-client-libs-4.15.13+git.736.b791be993ba-150400.3.40.1 updated
- suse-build-key-12.0-150000.8.61.2 updated
- suse-module-tools-15.4.20-150400.3.20.3 updated
- sysconfig-netconfig-0.85.10-150200.15.1 updated
- sysconfig-0.85.10-150200.15.1 updated
- systemd-presets-branding-SLE-15.1-150100.20.17.2 updated
- systemd-rpm-macros-16-150000.7.42.1 updated
- systemd-sysvinit-249.17-150400.8.49.2 updated
- systemd-249.17-150400.8.49.2 updated
- udev-249.17-150400.8.49.2 updated
- update-alternatives-1.19.0.4-150000.4.7.1 updated
- vim-data-common-9.1.1629-150000.5.78.1 updated
- vim-9.1.1629-150000.5.78.1 updated
- zypper-1.14.94-150400.3.101.1 updated
- catatonit-0.2.0-150300.10.8.1 removed
- docker-28.2.2_ce-150000.227.1 removed
- iptables-1.8.7-1.1 removed
- libip6tc2-1.8.7-1.1 removed
- libnftnl11-1.2.0-150400.1.6 removed
- xtables-plugins-1.8.7-1.1 removed
- xxd-9.1.1406-150000.5.75.1 removed
More information about the sle-container-updates
mailing list