SUSE-IU-2025:3420-1: Security update of sles-15-sp4-chost-byos-v20251022-arm64
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sat Oct 25 07:03:39 UTC 2025
SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20251022-arm64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:3420-1
Image Tags : sles-15-sp4-chost-byos-v20251022-arm64:20251022
Image Release :
Severity : critical
Type : security
References : 1065729 1065729 1156395 1164051 1193629 1193629 1194869 1194869
1198410 1199356 1199487 1201160 1201956 1202094 1202095 1202564
1202700 1202716 1202823 1202860 1203063 1203197 1203332 1203361
1204228 1205128 1205220 1205514 1206051 1206456 1206468 1206664
1206878 1206880 1206883 1206884 1207158 1207361 1207621 1207624
1207625 1207628 1207629 1207631 1207638 1207645 1207651 1208607
1209287 1209291 1210584 1211226 1211960 1212051 1212603 1213015
1213016 1213040 1213041 1213061 1213090 1213099 1213104 1213666
1213747 1214953 1214967 1215150 1215696 1215911 1216976 1217790
1218184 1218234 1218459 1218470 1220185 1220186 1221107 1221829
1222634 1223675 1224095 1224597 1225468 1225820 1226514 1226552
1228659 1229334 1230262 1230267 1230267 1230649 1230827 1230932
1231293 1232234 1232504 1232526 1233012 1233012 1233012 1233012
1233012 1233421 1233551 1233880 1234156 1234381 1234454 1234863
1234896 1234959 1235637 1235873 1236104 1236104 1236333 1236333
1236821 1236822 1237143 1237159 1237312 1237313 1237442 1237595
1238160 1238160 1238303 1238491 1238526 1238570 1238876 1239566
1239644 1239938 1239986 1240185 1240785 1240788 1240799 1240950
1241038 1241219 1241353 1241549 1242221 1242414 1242414 1242417
1242504 1242573 1242596 1242780 1242782 1242846 1242924 1242960
1243001 1243273 1243279 1243330 1243457 1243539 1243543 1243627
1243832 1243935 1243991 1243992 1244032 1244042 1244050 1244056
1244059 1244060 1244061 1244114 1244116 1244179 1244234 1244241
1244277 1244309 1244309 1244337 1244337 1244401 1244553 1244705
1244710 1244732 1244732 1244764 1244765 1244767 1244770 1244771
1244773 1244774 1244776 1244779 1244780 1244781 1244782 1244783
1244784 1244786 1244787 1244788 1244790 1244793 1244794 1244796
1244797 1244798 1244800 1244802 1244804 1244807 1244808 1244811
1244813 1244814 1244815 1244816 1244819 1244820 1244823 1244824
1244824 1244825 1244830 1244831 1244832 1244834 1244836 1244838
1244839 1244840 1244841 1244842 1244843 1244845 1244846 1244848
1244849 1244851 1244853 1244854 1244856 1244860 1244861 1244866
1244867 1244868 1244869 1244870 1244871 1244872 1244873 1244875
1244876 1244878 1244879 1244881 1244883 1244884 1244886 1244887
1244890 1244895 1244899 1244900 1244901 1244902 1244903 1244908
1244911 1244915 1244936 1244941 1244942 1244943 1244944 1244945
1244948 1244949 1244950 1244956 1244958 1244959 1244965 1244966
1244967 1244968 1244969 1244970 1244974 1244976 1244977 1244978
1244979 1244983 1244984 1244985 1244986 1244991 1244992 1244993
1245006 1245007 1245009 1245011 1245012 1245018 1245019 1245024
1245028 1245031 1245032 1245033 1245038 1245039 1245041 1245047
1245051 1245057 1245058 1245060 1245062 1245064 1245069 1245072
1245073 1245088 1245089 1245092 1245093 1245098 1245103 1245110
1245117 1245118 1245119 1245121 1245122 1245125 1245129 1245131
1245133 1245134 1245135 1245136 1245138 1245139 1245140 1245142
1245146 1245147 1245149 1245152 1245154 1245180 1245183 1245189
1245191 1245195 1245197 1245217 1245220 1245220 1245223 1245265
1245348 1245352 1245431 1245431 1245452 1245455 1245496 1245498
1245499 1245506 1245573 1245666 1245672 1245711 1245936 1245950
1245956 1245970 1245985 1245986 1246000 1246029 1246037 1246038
1246045 1246073 1246149 1246186 1246197 1246197 1246221 1246232
1246233 1246267 1246296 1246299 1246431 1246466 1246473 1246533
1246597 1246602 1246604 1246697 1246776 1246781 1246835 1246879
1246911 1246912 1246968 1247028 1247054 1247143 1247172 1247239
1247249 1247288 1247314 1247317 1247347 1247348 1247349 1247374
1247437 1247518 1247690 1247819 1247938 1247939 1247976 1248108
1248223 1248255 1248297 1248306 1248312 1248338 1248399 1248511
1248614 1248621 1248628 1248639 1248748 1248847 1249049 1249126
1249128 1249158 1249186 1249191 1249191 1249195 1249200 1249220
1249266 1249315 1249324 1249346 1249348 1249348 1249367 1249367
1249374 1249516 1249538 1249548 1249584 1249604 1249608 1249638
1249639 1249641 1249642 1249650 1249651 1249658 1249661 1249664
1249667 1249669 1249677 1249681 1249683 1249685 1249687 1249691
1249695 1249699 1249700 1249701 1249705 1249706 1249707 1249709
1249712 1249713 1249715 1249716 1249718 1249722 1249727 1249730
1249733 1249734 1249739 1249740 1249741 1249742 1249743 1249745
1249746 1249747 1249749 1249750 1249751 1249753 1249758 1249762
1249767 1249777 1249781 1249784 1249791 1249799 1249808 1249810
1249820 1249825 1249827 1249836 1249840 1249844 1249846 1249853
1249858 1249860 1249864 1249865 1249866 1249867 1249868 1249872
1249877 1249880 1249882 1249885 1249890 1249892 1249908 1249910
1249911 1249914 1249917 1249918 1249920 1249923 1249924 1249925
1249927 1249928 1249930 1249933 1249934 1249936 1249938 1249939
1249944 1249947 1249949 1249950 1249954 1249958 1249979 1249981
1249991 1249997 1250002 1250006 1250007 1250009 1250010 1250011
1250014 1250015 1250023 1250024 1250026 1250039 1250041 1250043
1250044 1250047 1250049 1250052 1250055 1250058 1250060 1250062
1250065 1250066 1250070 1250071 1250072 1250077 1250080 1250081
1250083 1250105 1250106 1250107 1250108 1250114 1250118 1250121
1250127 1250128 1250131 1250132 1250137 1250138 1250140 1250145
1250151 1250153 1250156 1250159 1250161 1250168 1250178 1250180
1250181 1250182 1250183 1250184 1250187 1250191 1250197 1250198
1250200 1250209 1250211 1250232 1250237 1250245 1250247 1250250
1250257 1250264 1250269 1250277 1250287 1250293 1250301 1250303
1250309 1250311 1250313 1250315 1250316 1250322 1250323 1250324
1250325 1250328 1250331 1250343 1250358 1250362 1250363 1250370
1250374 1250391 1250392 1250393 1250394 1250395 1250406 1250412
1250418 1250425 1250428 1250453 1250454 1250457 1250459 1250522
1250759 1250761 1250762 1250763 1250767 1250768 1250774 1250781
1250784 1250786 1250787 1250790 1250791 1250792 1250797 1250799
1250807 1250810 1250811 1250818 1250819 1250822 1250823 1250824
1250825 1250830 1250831 1250839 1250841 1250842 1250843 1250846
1250847 1250848 1250850 1250851 1250853 1250856 1250863 1250864
1250866 1250867 1250868 1250872 1250874 1250875 1250877 1250879
1250883 1250887 1250888 1250889 1250890 1250891 1250905 1250915
1250917 1250923 1250927 1250928 1250948 1250949 1250953 1250955
1250963 1250964 1250965 1251279 1251280 831629 CVE-2016-9840
CVE-2021-47557 CVE-2021-47595 CVE-2022-1679 CVE-2022-2585 CVE-2022-2586
CVE-2022-2602 CVE-2022-2905 CVE-2022-2978 CVE-2022-36280 CVE-2022-3903
CVE-2022-4095 CVE-2022-43945 CVE-2022-4662 CVE-2022-49138 CVE-2022-49138
CVE-2022-49770 CVE-2022-49934 CVE-2022-49936 CVE-2022-49937 CVE-2022-49938
CVE-2022-49940 CVE-2022-49942 CVE-2022-49945 CVE-2022-49946 CVE-2022-49948
CVE-2022-49950 CVE-2022-49952 CVE-2022-49954 CVE-2022-49956 CVE-2022-49957
CVE-2022-49958 CVE-2022-49960 CVE-2022-49964 CVE-2022-49966 CVE-2022-49968
CVE-2022-49969 CVE-2022-49977 CVE-2022-49978 CVE-2022-49980 CVE-2022-49981
CVE-2022-49982 CVE-2022-49983 CVE-2022-49984 CVE-2022-49985 CVE-2022-49986
CVE-2022-49987 CVE-2022-49989 CVE-2022-49990 CVE-2022-49993 CVE-2022-49995
CVE-2022-49999 CVE-2022-50005 CVE-2022-50006 CVE-2022-50008 CVE-2022-50010
CVE-2022-50011 CVE-2022-50012 CVE-2022-50019 CVE-2022-50020 CVE-2022-50021
CVE-2022-50022 CVE-2022-50023 CVE-2022-50024 CVE-2022-50026 CVE-2022-50027
CVE-2022-50028 CVE-2022-50029 CVE-2022-50030 CVE-2022-50031 CVE-2022-50032
CVE-2022-50033 CVE-2022-50034 CVE-2022-50036 CVE-2022-50038 CVE-2022-50039
CVE-2022-50040 CVE-2022-50045 CVE-2022-50046 CVE-2022-50047 CVE-2022-50051
CVE-2022-50053 CVE-2022-50055 CVE-2022-50059 CVE-2022-50060 CVE-2022-50061
CVE-2022-50062 CVE-2022-50065 CVE-2022-50066 CVE-2022-50067 CVE-2022-50068
CVE-2022-50072 CVE-2022-50073 CVE-2022-50074 CVE-2022-50076 CVE-2022-50077
CVE-2022-50079 CVE-2022-50083 CVE-2022-50084 CVE-2022-50085 CVE-2022-50087
CVE-2022-50092 CVE-2022-50093 CVE-2022-50094 CVE-2022-50095 CVE-2022-50097
CVE-2022-50098 CVE-2022-50099 CVE-2022-50100 CVE-2022-50101 CVE-2022-50102
CVE-2022-50103 CVE-2022-50104 CVE-2022-50108 CVE-2022-50109 CVE-2022-50110
CVE-2022-50111 CVE-2022-50112 CVE-2022-50116 CVE-2022-50116 CVE-2022-50118
CVE-2022-50120 CVE-2022-50121 CVE-2022-50124 CVE-2022-50125 CVE-2022-50126
CVE-2022-50127 CVE-2022-50129 CVE-2022-50131 CVE-2022-50132 CVE-2022-50134
CVE-2022-50136 CVE-2022-50137 CVE-2022-50138 CVE-2022-50139 CVE-2022-50140
CVE-2022-50141 CVE-2022-50142 CVE-2022-50143 CVE-2022-50145 CVE-2022-50146
CVE-2022-50149 CVE-2022-50151 CVE-2022-50152 CVE-2022-50153 CVE-2022-50154
CVE-2022-50155 CVE-2022-50156 CVE-2022-50157 CVE-2022-50158 CVE-2022-50160
CVE-2022-50161 CVE-2022-50162 CVE-2022-50164 CVE-2022-50165 CVE-2022-50169
CVE-2022-50171 CVE-2022-50172 CVE-2022-50173 CVE-2022-50175 CVE-2022-50176
CVE-2022-50178 CVE-2022-50179 CVE-2022-50181 CVE-2022-50185 CVE-2022-50187
CVE-2022-50190 CVE-2022-50191 CVE-2022-50192 CVE-2022-50194 CVE-2022-50196
CVE-2022-50197 CVE-2022-50198 CVE-2022-50199 CVE-2022-50200 CVE-2022-50201
CVE-2022-50202 CVE-2022-50203 CVE-2022-50204 CVE-2022-50206 CVE-2022-50207
CVE-2022-50208 CVE-2022-50209 CVE-2022-50211 CVE-2022-50212 CVE-2022-50213
CVE-2022-50215 CVE-2022-50218 CVE-2022-50220 CVE-2022-50222 CVE-2022-50226
CVE-2022-50228 CVE-2022-50229 CVE-2022-50231 CVE-2022-50233 CVE-2022-50234
CVE-2022-50235 CVE-2022-50239 CVE-2022-50241 CVE-2022-50246 CVE-2022-50247
CVE-2022-50248 CVE-2022-50249 CVE-2022-50250 CVE-2022-50251 CVE-2022-50252
CVE-2022-50255 CVE-2022-50257 CVE-2022-50258 CVE-2022-50260 CVE-2022-50261
CVE-2022-50264 CVE-2022-50266 CVE-2022-50267 CVE-2022-50268 CVE-2022-50269
CVE-2022-50271 CVE-2022-50272 CVE-2022-50275 CVE-2022-50276 CVE-2022-50277
CVE-2022-50278 CVE-2022-50279 CVE-2022-50282 CVE-2022-50286 CVE-2022-50289
CVE-2022-50294 CVE-2022-50297 CVE-2022-50298 CVE-2022-50299 CVE-2022-50301
CVE-2022-50308 CVE-2022-50309 CVE-2022-50312 CVE-2022-50317 CVE-2022-50318
CVE-2022-50320 CVE-2022-50321 CVE-2022-50324 CVE-2022-50328 CVE-2022-50329
CVE-2022-50330 CVE-2022-50331 CVE-2022-50333 CVE-2022-50340 CVE-2022-50342
CVE-2022-50344 CVE-2022-50346 CVE-2022-50347 CVE-2022-50348 CVE-2022-50349
CVE-2022-50351 CVE-2022-50353 CVE-2022-50355 CVE-2022-50358 CVE-2022-50359
CVE-2022-50362 CVE-2022-50364 CVE-2022-50367 CVE-2022-50368 CVE-2022-50369
CVE-2022-50370 CVE-2022-50372 CVE-2022-50373 CVE-2022-50374 CVE-2022-50375
CVE-2022-50376 CVE-2022-50379 CVE-2022-50381 CVE-2022-50385 CVE-2022-50386
CVE-2022-50388 CVE-2022-50389 CVE-2022-50391 CVE-2022-50392 CVE-2022-50394
CVE-2022-50395 CVE-2022-50399 CVE-2022-50401 CVE-2022-50402 CVE-2022-50404
CVE-2022-50408 CVE-2022-50409 CVE-2022-50410 CVE-2022-50411 CVE-2022-50414
CVE-2022-50417 CVE-2022-50419 CVE-2022-50422 CVE-2022-50423 CVE-2022-50425
CVE-2022-50427 CVE-2022-50428 CVE-2022-50429 CVE-2022-50430 CVE-2022-50431
CVE-2022-50432 CVE-2022-50434 CVE-2022-50435 CVE-2022-50436 CVE-2022-50437
CVE-2022-50439 CVE-2022-50440 CVE-2022-50443 CVE-2022-50444 CVE-2022-50449
CVE-2022-50453 CVE-2022-50454 CVE-2022-50456 CVE-2022-50458 CVE-2022-50459
CVE-2022-50460 CVE-2022-50465 CVE-2022-50466 CVE-2022-50467 CVE-2022-50468
CVE-2022-50469 CVE-2023-1380 CVE-2023-28328 CVE-2023-3111 CVE-2023-31248
CVE-2023-3772 CVE-2023-39197 CVE-2023-42753 CVE-2023-52923 CVE-2023-52923
CVE-2023-52924 CVE-2023-52925 CVE-2023-52927 CVE-2023-53048 CVE-2023-53076
CVE-2023-53097 CVE-2023-53117 CVE-2023-53147 CVE-2023-53149 CVE-2023-53150
CVE-2023-53151 CVE-2023-53153 CVE-2023-53165 CVE-2023-53167 CVE-2023-53171
CVE-2023-53174 CVE-2023-53176 CVE-2023-53178 CVE-2023-53179 CVE-2023-53182
CVE-2023-53185 CVE-2023-53196 CVE-2023-53197 CVE-2023-53199 CVE-2023-53201
CVE-2023-53205 CVE-2023-53213 CVE-2023-53216 CVE-2023-53219 CVE-2023-53222
CVE-2023-53223 CVE-2023-53226 CVE-2023-53229 CVE-2023-53230 CVE-2023-53234
CVE-2023-53238 CVE-2023-53239 CVE-2023-53241 CVE-2023-53242 CVE-2023-53244
CVE-2023-53245 CVE-2023-53246 CVE-2023-53249 CVE-2023-53250 CVE-2023-53251
CVE-2023-53255 CVE-2023-53259 CVE-2023-53265 CVE-2023-53268 CVE-2023-53270
CVE-2023-53272 CVE-2023-53273 CVE-2023-53275 CVE-2023-53276 CVE-2023-53277
CVE-2023-53280 CVE-2023-53281 CVE-2023-53282 CVE-2023-53286 CVE-2023-53288
CVE-2023-53295 CVE-2023-53297 CVE-2023-53298 CVE-2023-53299 CVE-2023-53302
CVE-2023-53304 CVE-2023-53305 CVE-2023-53307 CVE-2023-53309 CVE-2023-53311
CVE-2023-53313 CVE-2023-53314 CVE-2023-53315 CVE-2023-53316 CVE-2023-53317
CVE-2023-53321 CVE-2023-53322 CVE-2023-53324 CVE-2023-53326 CVE-2023-53330
CVE-2023-53331 CVE-2023-53333 CVE-2023-53334 CVE-2023-53335 CVE-2023-53337
CVE-2023-53344 CVE-2023-53349 CVE-2023-53352 CVE-2023-53356 CVE-2023-53359
CVE-2023-53368 CVE-2023-53373 CVE-2023-53375 CVE-2023-53377 CVE-2023-53379
CVE-2023-53380 CVE-2023-53381 CVE-2023-53384 CVE-2023-53386 CVE-2023-53388
CVE-2023-53390 CVE-2023-53393 CVE-2023-53395 CVE-2023-53396 CVE-2023-53400
CVE-2023-53404 CVE-2023-53405 CVE-2023-53406 CVE-2023-53409 CVE-2023-53413
CVE-2023-53414 CVE-2023-53415 CVE-2023-53416 CVE-2023-53422 CVE-2023-53427
CVE-2023-53431 CVE-2023-53435 CVE-2023-53436 CVE-2023-53437 CVE-2023-53438
CVE-2023-53440 CVE-2023-53443 CVE-2023-53446 CVE-2023-53449 CVE-2023-53451
CVE-2023-53452 CVE-2023-53453 CVE-2023-53454 CVE-2023-53457 CVE-2023-53458
CVE-2023-53463 CVE-2023-53464 CVE-2023-53465 CVE-2023-53468 CVE-2023-53471
CVE-2023-53472 CVE-2023-53473 CVE-2023-53474 CVE-2023-53475 CVE-2023-53476
CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53492 CVE-2023-53494
CVE-2023-53496 CVE-2023-53498 CVE-2023-53499 CVE-2023-53505 CVE-2023-53506
CVE-2023-53509 CVE-2023-53512 CVE-2023-53513 CVE-2023-53515 CVE-2023-53518
CVE-2023-53519 CVE-2023-53521 CVE-2023-53524 CVE-2023-53525 CVE-2023-53526
CVE-2023-53530 CVE-2024-10041 CVE-2024-12718 CVE-2024-2236 CVE-2024-26583
CVE-2024-26584 CVE-2024-26643 CVE-2024-26808 CVE-2024-26924 CVE-2024-26935
CVE-2024-27397 CVE-2024-35840 CVE-2024-36978 CVE-2024-42265 CVE-2024-46800
CVE-2024-47175 CVE-2024-52615 CVE-2024-53057 CVE-2024-53125 CVE-2024-53141
CVE-2024-53164 CVE-2024-53177 CVE-2024-56738 CVE-2024-56770 CVE-2024-57947
CVE-2024-57947 CVE-2024-57999 CVE-2024-58239 CVE-2024-58240 CVE-2025-10148
CVE-2025-10148 CVE-2025-10230 CVE-2025-21700 CVE-2025-21702 CVE-2025-21703
CVE-2025-21756 CVE-2025-21881 CVE-2025-21971 CVE-2025-23141 CVE-2025-23145
CVE-2025-23155 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-3576
CVE-2025-37738 CVE-2025-37752 CVE-2025-37797 CVE-2025-37798 CVE-2025-37798
CVE-2025-37823 CVE-2025-37885 CVE-2025-37890 CVE-2025-37932 CVE-2025-37953
CVE-2025-37958 CVE-2025-37997 CVE-2025-38000 CVE-2025-38001 CVE-2025-38014
CVE-2025-38014 CVE-2025-38079 CVE-2025-38083 CVE-2025-38084 CVE-2025-38085
CVE-2025-38088 CVE-2025-38111 CVE-2025-38120 CVE-2025-38177 CVE-2025-38180
CVE-2025-38181 CVE-2025-38184 CVE-2025-38200 CVE-2025-38206 CVE-2025-38212
CVE-2025-38213 CVE-2025-38257 CVE-2025-38323 CVE-2025-38350 CVE-2025-38352
CVE-2025-38380 CVE-2025-38460 CVE-2025-38468 CVE-2025-38470 CVE-2025-38476
CVE-2025-38477 CVE-2025-38488 CVE-2025-38494 CVE-2025-38495 CVE-2025-38497
CVE-2025-38498 CVE-2025-38499 CVE-2025-38546 CVE-2025-38553 CVE-2025-38555
CVE-2025-38560 CVE-2025-38563 CVE-2025-38572 CVE-2025-38608 CVE-2025-38617
CVE-2025-38618 CVE-2025-38644 CVE-2025-38659 CVE-2025-38664 CVE-2025-38678
CVE-2025-38685 CVE-2025-38706 CVE-2025-38713 CVE-2025-38734 CVE-2025-39691
CVE-2025-39703 CVE-2025-39726 CVE-2025-39746 CVE-2025-39751 CVE-2025-39790
CVE-2025-39797 CVE-2025-39823 CVE-2025-39824 CVE-2025-39860 CVE-2025-39869
CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517
CVE-2025-4598 CVE-2025-48060 CVE-2025-53905 CVE-2025-53906 CVE-2025-55157
CVE-2025-55158 CVE-2025-58060 CVE-2025-58364 CVE-2025-59375 CVE-2025-6069
CVE-2025-6297 CVE-2025-6395 CVE-2025-6965 CVE-2025-7425 CVE-2025-8194
CVE-2025-9086 CVE-2025-9086 CVE-2025-9230 CVE-2025-9640
-----------------------------------------------------------------
The container sles-15-sp4-chost-byos-v20251022-arm64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2464-1
Released: Tue Jul 22 13:40:15 2025
Summary: Security update for libgcrypt
Type: security
Severity: moderate
References: 1221107,CVE-2024-2236
This update for libgcrypt fixes the following issues:
- CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2519-1
Released: Fri Jul 25 10:51:53 2025
Summary: Recommended update for samba
Type: recommended
Severity: moderate
References: 1233880,1246431
This update for samba fixes the following issues:
- Windows security hardening locks out schannel'ed netlogon dc
calls like netr_DsRGetDCName (bsc#1246431).
- Update shipped /etc/samba/smb.conf to point to smb.conf
man page (bsc#1233880).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2537-1
Released: Mon Jul 28 17:08:58 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1065729,1156395,1193629,1194869,1198410,1199356,1199487,1201160,1201956,1202094,1202095,1202564,1202716,1202823,1202860,1203197,1203361,1205220,1205514,1206664,1206878,1206880,1207361,1207638,1211226,1212051,1213090,1218184,1218234,1218470,1222634,1223675,1224095,1224597,1225468,1225820,1226514,1226552,1228659,1230827,1231293,1232504,1233551,1234156,1234381,1234454,1235637,1236333,1236821,1236822,1237159,1237312,1237313,1238303,1238526,1238570,1238876,1239986,1240785,1241038,1242221,1242414,1242417,1242504,1242596,1242782,1242924,1243001,1243330,1243543,1243627,1243832,1244114,1244179,1244234,1244241,1244277,1244309,1244337,1244732,1244764,1244765,1244767,1244770,1244771,1244773,1244774,1244776,1244779,1244780,1244781,1244782,1244783,1244784,1244786,1244787,1244788,1244790,1244793,1244794,1244796,1244797,1244798,1244800,1244802,1244804,1244807,1244808,1244811,1244813,1244814,1244815,1244816,1244819,1244820,1244823,1244824,1244825,1244830,1244831,1244832,1244834,1244836,1
244838,1244839,1244840,1244841,1244842,1244843,1244845,1244846,1244848,1244849,1244851,1244853,1244854,1244856,1244860,1244861,1244866,1244867,1244868,1244869,1244870,1244871,1244872,1244873,1244875,1244876,1244878,1244879,1244881,1244883,1244884,1244886,1244887,1244890,1244895,1244899,1244900,1244901,1244902,1244903,1244908,1244911,1244915,1244936,1244941,1244942,1244943,1244944,1244945,1244948,1244949,1244950,1244956,1244958,1244959,1244965,1244966,1244967,1244968,1244969,1244970,1244974,1244976,1244977,1244978,1244979,1244983,1244984,1244985,1244986,1244991,1244992,1244993,1245006,1245007,1245009,1245011,1245012,1245018,1245019,1245024,1245028,1245031,1245032,1245033,1245038,1245039,1245041,1245047,1245051,1245057,1245058,1245060,1245062,1245064,1245069,1245072,1245073,1245088,1245089,1245092,1245093,1245098,1245103,1245117,1245118,1245119,1245121,1245122,1245125,1245129,1245131,1245133,1245134,1245135,1245136,1245138,1245139,1245140,1245142,1245146,1245147,1245149,1245152,124515
4,1245180,1245183,1245189,1245191,1245195,1245197,1245265,1245348,1245431,1245455,CVE-2021-47557,CVE-2021-47595,CVE-2022-1679,CVE-2022-2585,CVE-2022-2586,CVE-2022-2905,CVE-2022-3903,CVE-2022-4095,CVE-2022-4662,CVE-2022-49934,CVE-2022-49936,CVE-2022-49937,CVE-2022-49938,CVE-2022-49940,CVE-2022-49942,CVE-2022-49945,CVE-2022-49946,CVE-2022-49948,CVE-2022-49950,CVE-2022-49952,CVE-2022-49954,CVE-2022-49956,CVE-2022-49957,CVE-2022-49958,CVE-2022-49960,CVE-2022-49964,CVE-2022-49966,CVE-2022-49968,CVE-2022-49969,CVE-2022-49977,CVE-2022-49978,CVE-2022-49981,CVE-2022-49982,CVE-2022-49983,CVE-2022-49984,CVE-2022-49985,CVE-2022-49986,CVE-2022-49987,CVE-2022-49989,CVE-2022-49990,CVE-2022-49993,CVE-2022-49995,CVE-2022-49999,CVE-2022-50005,CVE-2022-50006,CVE-2022-50008,CVE-2022-50010,CVE-2022-50011,CVE-2022-50012,CVE-2022-50019,CVE-2022-50020,CVE-2022-50021,CVE-2022-50022,CVE-2022-50023,CVE-2022-50024,CVE-2022-50026,CVE-2022-50027,CVE-2022-50028,CVE-2022-50029,CVE-2022-50030,CVE-2022-50031,CVE-202
2-50032,CVE-2022-50033,CVE-2022-50034,CVE-2022-50036,CVE-2022-50038,CVE-2022-50039,CVE-2022-50040,CVE-2022-50045,CVE-2022-50046,CVE-2022-50047,CVE-2022-50051,CVE-2022-50053,CVE-2022-50055,CVE-2022-50059,CVE-2022-50060,CVE-2022-50061,CVE-2022-50062,CVE-2022-50065,CVE-2022-50066,CVE-2022-50067,CVE-2022-50068,CVE-2022-50072,CVE-2022-50073,CVE-2022-50074,CVE-2022-50076,CVE-2022-50077,CVE-2022-50079,CVE-2022-50083,CVE-2022-50084,CVE-2022-50085,CVE-2022-50087,CVE-2022-50092,CVE-2022-50093,CVE-2022-50094,CVE-2022-50095,CVE-2022-50097,CVE-2022-50098,CVE-2022-50099,CVE-2022-50100,CVE-2022-50101,CVE-2022-50102,CVE-2022-50103,CVE-2022-50104,CVE-2022-50108,CVE-2022-50109,CVE-2022-50110,CVE-2022-50111,CVE-2022-50112,CVE-2022-50116,CVE-2022-50118,CVE-2022-50120,CVE-2022-50121,CVE-2022-50124,CVE-2022-50125,CVE-2022-50126,CVE-2022-50127,CVE-2022-50129,CVE-2022-50131,CVE-2022-50132,CVE-2022-50134,CVE-2022-50136,CVE-2022-50137,CVE-2022-50138,CVE-2022-50139,CVE-2022-50140,CVE-2022-50141,CVE-2022-50142
,CVE-2022-50143,CVE-2022-50145,CVE-2022-50146,CVE-2022-50149,CVE-2022-50151,CVE-2022-50152,CVE-2022-50153,CVE-2022-50154,CVE-2022-50155,CVE-2022-50156,CVE-2022-50157,CVE-2022-50158,CVE-2022-50160,CVE-2022-50161,CVE-2022-50162,CVE-2022-50164,CVE-2022-50165,CVE-2022-50169,CVE-2022-50171,CVE-2022-50172,CVE-2022-50173,CVE-2022-50175,CVE-2022-50176,CVE-2022-50178,CVE-2022-50179,CVE-2022-50181,CVE-2022-50185,CVE-2022-50187,CVE-2022-50190,CVE-2022-50191,CVE-2022-50192,CVE-2022-50194,CVE-2022-50196,CVE-2022-50197,CVE-2022-50198,CVE-2022-50199,CVE-2022-50200,CVE-2022-50201,CVE-2022-50202,CVE-2022-50203,CVE-2022-50204,CVE-2022-50206,CVE-2022-50207,CVE-2022-50208,CVE-2022-50209,CVE-2022-50211,CVE-2022-50212,CVE-2022-50213,CVE-2022-50215,CVE-2022-50218,CVE-2022-50220,CVE-2022-50222,CVE-2022-50226,CVE-2022-50228,CVE-2022-50229,CVE-2022-50231,CVE-2023-3111,CVE-2023-52924,CVE-2023-52925,CVE-2023-53048,CVE-2023-53076,CVE-2023-53097,CVE-2024-26808,CVE-2024-26924,CVE-2024-26935,CVE-2024-27397,CVE-202
4-35840,CVE-2024-36978,CVE-2024-46800,CVE-2024-53057,CVE-2024-53125,CVE-2024-53141,CVE-2024-56770,CVE-2024-57947,CVE-2024-57999,CVE-2025-21700,CVE-2025-21702,CVE-2025-21703,CVE-2025-21756,CVE-2025-23141,CVE-2025-23145,CVE-2025-37752,CVE-2025-37797,CVE-2025-37798,CVE-2025-37823,CVE-2025-37890,CVE-2025-37932,CVE-2025-37953,CVE-2025-37997,CVE-2025-38000,CVE-2025-38001,CVE-2025-38014,CVE-2025-38083
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47557: net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1207361 bsc#1225468).
- CVE-2021-47595: net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1207361 bsc#1226552).
- CVE-2023-52924: netfilter: nf_tables: do not skip expired elements during walk (bsc#1236821).
- CVE-2023-52925: netfilter: nf_tables: do not fail inserts if duplicate has expired (bsc#1236822).
- CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21756: vsock: Orphan socket after transport release (bsc#1238876).
- CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
- CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330).
- CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832).
- CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
- CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234).
- CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183).
The following non-security bugs were fixed:
- Fix conditional for selecting gcc-13 Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- Fix reference in 'net_sched: sch_sfq: use a temporary work area for validating configuration' (bsc#1242504)
- MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build')
- MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild')
- MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed.
- Require zstd in kernel-default-devel when module compression is zstd To use ksym-provides tool modules need to be uncompressed. Without zstd at least kernel-default-base does not have provides. Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.
- bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)')
- check-for-config-changes: Fix flag name typo
- doc/README.SUSE: Point to the updated version of LKMPG
- hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).
- kernel-binary: Support livepatch_rt with merged RT branch
- kernel-obs-qa: Use srchash for dependency as well
- kernel-source: Also replace bin/env
- kernel-source: Also update the search to match bin/env Fixes: dc2037cd8f94 ('kernel-source: Also replace bin/env'
- kernel-source: Remove log.sh from sources
- mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431).
- mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431).
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504)
- packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251).
- packaging: Turn gcc version into config.sh variable Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790).
- powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790).
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN Both spellings are actually used
- rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE
- rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang.
- rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML This option is dynamically enabled to build-test different configurations. This makes run_oldconfig.sh complain sporadically for arm64.
- rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038).
- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) sle_version was obsoleted for SLE16. It has to be combined with suse_version check.
- rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038).
- rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454)
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/package-descriptions: Add rt and rt_debug descriptions
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- rpm: Stop using is_kotd_qa macro
- scsi: storvsc: Do not report the host packet status as the hv status (git-fixes).
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
- wifi: cfg80211: Add my certificate (bsc#1243001).
- wifi: cfg80211: fix certs build to not depend on file order (bsc#1243001).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2539-1
Released: Tue Jul 29 09:03:00 2025
Summary: Recommended update for google-dracut-config
Type: recommended
Severity: moderate
References: 1245352
This update for google-dracut-config fixes the following issues:
- Add sed and find to requirements (bsc#1245352)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2543-1
Released: Tue Jul 29 11:09:01 2025
Summary: Recommended update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3
Type: recommended
Severity: moderate
References: 1233012
This update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 fixes the following issues:
- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2556-1
Released: Wed Jul 30 21:04:22 2025
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1246697
This update for openssl-1_1 fixes the following issues:
- FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test
instead of NID_secp256k1. [bsc#1246697]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2559-1
Released: Wed Jul 30 22:15:25 2025
Summary: Recommended update for libsolv
Type: recommended
Severity: moderate
References: 1230267,1243279,1243457,1244042,1244710,1245220,1245452,1245496,1245672
This update for libsolv fixes the following issues:
- Allow easy migration from SLE Micro 5.5 + SUMA to SL Micro 6.1 + MLM
(bsc#1243457).
- implement color filtering when adding update targets.
- support orderwithrequires dependencies in susedata.xml
- Fix SEGV in MediaDISK handler (bsc#1245452).
- Fix evaluation of libproxy results (bsc#1244710).
- Enhancements regarding mirror handling during repo refresh. Adapt to libzypp
API changes (bsc#1230267).
- Explicitly selecting DownloadAsNeeded also selects the
classic_rpmtrans backend.
- Enhancements with mirror handling during repo refresh, needs zypper 1.14.91.
- Fix autotestcase when ZYPP_FULLLOG=1 (bsc#1244042).
There was no testcase written for the very first solver run.
- zypper does not allow distinctions between install and upgrade in
%postinstall (bsc#1243279).
- Ignore DeltaRpm download errors, in case of a failure the full rpm is
downloaded (bsc#1245672).
- Improve fix for incorrect filesize handling and download data exceeded errors
on HTTP responses (bsc#1245220).
- sh: Reset solver options after command (bsc#1245496).
- Implement color filtering when adding update targets.
- Support orderwithrequires dependencies in susedata.xml.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2573-1
Released: Thu Jul 31 11:15:06 2025
Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six
Type: recommended
Severity: moderate
References: 1233012
This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues:
- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2574-1
Released: Thu Jul 31 11:19:37 2025
Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools
Type: recommended
Severity: moderate
References: 1233012
This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues:
- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2536-1
Released: Thu Jul 31 16:44:39 2025
Summary: Security update for boost
Type: security
Severity: important
References: 1245936,CVE-2016-9840
This update for boost fixes the following issues:
- CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2589-1
Released: Fri Aug 1 15:05:54 2025
Summary: Security update for gnutls
Type: security
Severity: important
References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395
This update for gnutls fixes the following issues:
- CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299)
- CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232)
- CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233)
- CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2620-1
Released: Mon Aug 4 09:42:43 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1246296,CVE-2025-7425
This update for libxml2 fixes the following issues:
- CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2661-1
Released: Mon Aug 4 13:15:46 2025
Summary: Recommended update for google-guest-oslogin
Type: recommended
Severity: important
References: 1243992
This update for google-guest-oslogin fixes the following issues:
- Stop retrying bad requests causing timeouts during container startup (bsc#1243992)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2672-1
Released: Mon Aug 4 15:06:13 2025
Summary: Security update for sqlite3
Type: security
Severity: important
References: 1246597,CVE-2025-6965
This update for sqlite3 fixes the following issues:
- Update to version 3.50.2
- CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2675-1
Released: Mon Aug 4 15:53:48 2025
Summary: Security update for systemd
Type: security
Severity: moderate
References: 1243935,CVE-2025-4598
This update for systemd fixes the following issues:
- CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2712-1
Released: Wed Aug 6 11:21:38 2025
Summary: Recommended update for hwinfo
Type: recommended
Severity: moderate
References: 1245950
This update for hwinfo fixes the following issues:
- Fix usb network card detection (bsc#1245950)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2727-1
Released: Thu Aug 7 11:02:04 2025
Summary: Security update for grub2
Type: security
Severity: moderate
References: 1234959,CVE-2024-56738
This update for grub2 fixes the following issues:
- CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2734-1
Released: Fri Aug 8 10:05:10 2025
Summary: Security update for dpkg
Type: security
Severity: moderate
References: 1245573,CVE-2025-6297
This update for dpkg fixes the following issues:
- CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2761-1
Released: Tue Aug 12 14:17:29 2025
Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa
Type: recommended
Severity: moderate
References: 1233012
This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues:
- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2776-1
Released: Wed Aug 13 08:10:36 2025
Summary: Recommended update for systemd-rpm-macros
Type: recommended
Severity: moderate
References: 1237143
This update for systemd-rpm-macros fixes the following issues:
- Introduce %udev_trigger_with_reload() for packages that need to trigger events
in theirs scriplets. The new macro automatically triggers a reload of the udev
rule files as this step is often overlooked by packages (bsc#1237143).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2778-1
Released: Wed Aug 13 08:45:57 2025
Summary: Security update for python3
Type: security
Severity: important
References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194
This update for python3 fixes the following issues:
- CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273).
- CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056)
- CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059)
- CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060)
- CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061)
- CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032)
- CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705)
- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249)
Other fixes:
- Limit buffer size for IPv6 address parsing (bsc#1244401).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2780-1
Released: Wed Aug 13 10:28:27 2025
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050
This update for gcc14 fixes the following issues:
Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799
- Fixed libqt6webengine build.
- Fix build on s390x [bsc#1241549]
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Allow GCC executables to be built PIE. [bsc#1239938]
- Backport -msplit-patch-nops required for user-space livepatching on powerpc.
- Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566]
- Disable profiling during build when %want_reproducible_builds is set [bsc#1238491]
- Fixes reported ICE in [bsc#1237442]
- Add larchintrin.h, lasxintrin.h and lsxintrin.h
headers to gccXY main package in %files section
- libstdc++6 fix for parsing tzdata 2024b [gcc#116657]
- Fix ICE with LTO building openvino on aarch64 [bsc#1230262]
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2838-1
Released: Mon Aug 18 10:56:16 2025
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1245223
This update for suse-build-key fixes the following issue:
- adjust SLES16 signing key UID (name,email) with official names (bsc#1245223).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2849-1
Released: Mon Aug 18 17:56:40 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1206051,1221829,1229334,1234863,1236104,1236333,1238160,1239644,1240185,1240799,1242414,1242780,1244309,1245217,1245431,1245506,1245711,1245986,1246000,1246029,1246037,1246045,1246073,1246186,1246781,1247314,1247347,1247348,1247349,1247437,CVE-2022-49138,CVE-2022-49770,CVE-2023-52923,CVE-2023-52927,CVE-2023-53117,CVE-2024-26643,CVE-2024-42265,CVE-2024-53164,CVE-2024-57947,CVE-2025-21881,CVE-2025-21971,CVE-2025-37798,CVE-2025-38079,CVE-2025-38088,CVE-2025-38120,CVE-2025-38177,CVE-2025-38181,CVE-2025-38200,CVE-2025-38206,CVE-2025-38212,CVE-2025-38213,CVE-2025-38257,CVE-2025-38350,CVE-2025-38468,CVE-2025-38477,CVE-2025-38494,CVE-2025-38495,CVE-2025-38497
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104).
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217).
- CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037).
- CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
- CVE-2025-38477: net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (bsc#1247314).
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
The following non-security bugs were fixed:
- Revert 'hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).'
- Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race'
- Revert 'mm/hugetlb: unshare page tables during VMA split, not before'
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2915-1
Released: Tue Aug 19 14:56:35 2025
Summary: Security update for jq
Type: security
Severity: moderate
References: 1244116,CVE-2025-48060
This update for jq fixes the following issues:
- CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2927-1
Released: Wed Aug 20 11:47:47 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1246776
This update for permissions fixes the following issues:
Update to version 20201225:
* nvidia-modprobe: SLE-15-SP4 backport of setuid root permissions (bsc#1246776)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2952-1
Released: Thu Aug 21 14:56:24 2025
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: important
References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690
This update for libzypp, zypper fixes the following issues:
- Fix evaluation of libproxy results (bsc#1247690)
- Replace URL variables inside mirrorlist/metalink files
- Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054)
- During installation indicate the backend being used (bsc#1246038)
If some package actually needs to know, it should test for
ZYPP_CLASSIC_RPMTRANS being set in the environment.
Otherwise the transaction is driven by librpm.
- Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459)
- Verbose log libproxy results if PX_DEBUG=1 is set.
- BuildRequires: cmake >= 3.17.
- Allow explicit request to probe an added repo's URL (bsc#1246466)
- Fix tests with -DISABLE_MEDIABACKEND_TESTS=1
- Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149)
- Add regression test for (bsc#1245220) and some other filesize related tests.
- Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466)
- Accept 'show' as alias for 'info' (bsc#1245985)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2970-1
Released: Mon Aug 25 10:27:57 2025
Summary: Security update for pam
Type: security
Severity: moderate
References: 1232234,1246221,CVE-2024-10041
This update for pam fixes the following issues:
- Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3065-1
Released: Thu Sep 4 08:36:30 2025
Summary: Recommended update for systemd-presets-branding-SLE
Type: recommended
Severity: moderate
References: 1244553,1246835
This update for systemd-presets-branding-SLE fixes the following issues:
- enable sysstat_collect.timer and sysstat_summary.timer
(bsc#1244553, bsc#1246835).
- modified default SLE presets
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3085-1
Released: Fri Sep 5 11:03:27 2025
Summary: Recommended update for suse-module-tools
Type: recommended
Severity: important
References: 1240950
This update for suse-module-tools fixes the following issues:
- Version update 15.4.20
- Add blacklist entry for reiserfs (jsc#PED-6167).
- Add more modules to file system blacklist (jsc#PED-6167).
- Add hfsplus to file system blacklist (bsc#1240950, jsc#PED-12632).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3240-1
Released: Tue Sep 16 21:56:57 2025
Summary: Security update for vim
Type: security
Severity: moderate
References: 1246602,1246604,1247938,1247939,CVE-2025-53905,CVE-2025-53906,CVE-2025-55157,CVE-2025-55158
This update for vim fixes the following issues:
Update to version 9.1.1629.
- CVE-2025-53905: Fixed a path traversal issue in tar.vim plugin that may allow for file overwriting when opening
specially crafted tar files (bsc#1246604).
- CVE-2025-53906: Fixed a path traversal issue in zip.vim plugin that may allow for file overwriting when opening
specially crafted zip files (bsc#1246602).
- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938).
- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3261-1
Released: Thu Sep 18 06:35:19 2025
Summary: Security update for cups
Type: security
Severity: important
References: 1230932,1246533,1249049,1249128,CVE-2024-47175,CVE-2025-58060,CVE-2025-58364
This update for cups fixes the following issues:
- CVE-2024-47175: no validation of IPP attributes in `ppdCreatePPDFromIPP2` when writing to a temporary PPD file allows
for the injection of attacker-controlled data to the resulting PPD (bsc#1230932).
- CVE-2025-58060: no password check when `AuthType` is set to anything but `Basic` and a request is made with an
`Authorization: Basic` header (bsc#1249049).
- CVE-2025-58364: unsafe deserialization and validation of printer attributes leads to NULL pointer dereference
(bsc#1249128).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3267-1
Released: Thu Sep 18 13:05:51 2025
Summary: Security update for curl
Type: security
Severity: important
References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3268-1
Released: Thu Sep 18 13:08:10 2025
Summary: Security update for curl
Type: security
Severity: important
References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3288-1
Released: Mon Sep 22 12:13:27 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1235873
This update for permissions fixes the following issues:
- permissions: remove unnecessary static dirs and devices (bsc#1235873)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3302-1
Released: Tue Sep 23 11:09:49 2025
Summary: Recommended update for dracut
Type: recommended
Severity: moderate
References: 1247819
This update for dracut fixes the following issues:
- fix (dracut-util): crash if CMDLINE ends with quotation mark (bsc#1247819)
- fix (rngd): adjust license to match the license of the whole project
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3314-1
Released: Tue Sep 23 20:34:40 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1234896,1244824,1245970,1246473,1246911,1247143,1247374,1247518,1247976,1248223,1248297,1248306,1248312,1248338,1248511,1248614,1248621,1248748,CVE-2022-50116,CVE-2024-53177,CVE-2024-58239,CVE-2025-38180,CVE-2025-38323,CVE-2025-38352,CVE-2025-38460,CVE-2025-38498,CVE-2025-38499,CVE-2025-38546,CVE-2025-38555,CVE-2025-38560,CVE-2025-38563,CVE-2025-38608,CVE-2025-38617,CVE-2025-38618,CVE-2025-38644
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297).
- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
The following non-security bugs were fixed:
- NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
- Disable N_GSM (jsc#PED-8240).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3331-1
Released: Wed Sep 24 08:54:17 2025
Summary: Security update for avahi
Type: security
Severity: moderate
References: 1233421,CVE-2024-52615
This update for avahi fixes the following issues:
- CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing
attacks (bsc#1233421).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3371-1
Released: Fri Sep 26 13:41:03 2025
Summary: Recommended update for sysconfig
Type: recommended
Severity: important
References: 1237595
This update for sysconfig fixes the following issues:
- Update to version 0.85.10
- codespell run for all repository files and changes file
- spec: define permissions for ghost file attrs to avoid
rpm --restore resets them to 0 (bsc#1237595).
- spec: fix name-repeated-in-summary rpmlint warning
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3433-1
Released: Tue Sep 30 15:52:31 2025
Summary: Recommended update for bind
Type: recommended
Severity: important
References: 1230649
This update for bind fixes the following issues:
- ensure file descriptors 0-2 are in use before using libuv (bsc#1230649)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3437-1
Released: Tue Sep 30 16:36:42 2025
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1250232,CVE-2025-9230
This update for openssl-1_1 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3594-1
Released: Mon Oct 13 15:35:27 2025
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: important
References: 1230267,1246912,1250343
This update for libzypp, zypper fixes the following issues:
- runposttrans: strip root prefix from tmppath (bsc#1250343)
- fixup! Make ld.so ignore the subarch packages during install (bsc#1246912)
- Make ld.so ignore the subarch packages during install (bsc#1246912)
- Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines.
- Changes to support building against restructured libzypp in stack build (bsc#1230267)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3618-1
Released: Thu Oct 16 09:37:00 2025
Summary: Security update for samba
Type: security
Severity: critical
References: 1251279,1251280,CVE-2025-10230,CVE-2025-9640
This update for samba fixes the following issues:
- CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279).
- CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3624-1
Released: Thu Oct 16 21:59:19 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1249584,CVE-2025-59375
This update for expat fixes the following issues:
- CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations
by submitting crafted XML input (bsc#1249584).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3628-1
Released: Fri Oct 17 13:34:30 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1065729,1164051,1193629,1194869,1202700,1203063,1203332,1204228,1205128,1206456,1206468,1206883,1206884,1207158,1207621,1207624,1207625,1207628,1207629,1207631,1207645,1207651,1208607,1209287,1209291,1210584,1211960,1212603,1213015,1213016,1213040,1213041,1213061,1213099,1213104,1213666,1213747,1214953,1214967,1215150,1215696,1215911,1216976,1217790,1220185,1220186,1236104,1238160,1241353,1242573,1242846,1242960,1243539,1244337,1244732,1245110,1245498,1245499,1245666,1245956,1246879,1246968,1247028,1247172,1247239,1247288,1247317,1248108,1248255,1248399,1248628,1248639,1248847,1249126,1249158,1249186,1249195,1249200,1249220,1249266,1249315,1249324,1249346,1249374,1249516,1249538,1249548,1249604,1249608,1249638,1249639,1249641,1249642,1249650,1249651,1249658,1249661,1249664,1249667,1249669,1249677,1249681,1249683,1249685,1249687,1249691,1249695,1249699,1249700,1249701,1249705,1249706,1249707,1249709,1249712,1249713,1249715,1249716,1249718,1249722,1249727,1249730,1249733,1
249734,1249739,1249740,1249741,1249742,1249743,1249745,1249746,1249747,1249749,1249750,1249751,1249753,1249758,1249762,1249767,1249777,1249781,1249784,1249791,1249799,1249808,1249810,1249820,1249825,1249827,1249836,1249840,1249844,1249846,1249853,1249858,1249860,1249864,1249865,1249866,1249867,1249868,1249872,1249877,1249880,1249882,1249885,1249890,1249892,1249908,1249910,1249911,1249914,1249917,1249918,1249920,1249923,1249924,1249925,1249927,1249928,1249930,1249933,1249934,1249936,1249938,1249939,1249944,1249947,1249949,1249950,1249954,1249958,1249979,1249981,1249991,1249997,1250002,1250006,1250007,1250009,1250010,1250011,1250014,1250015,1250023,1250024,1250026,1250039,1250041,1250043,1250044,1250047,1250049,1250052,1250055,1250058,1250060,1250062,1250065,1250066,1250070,1250071,1250072,1250077,1250080,1250081,1250083,1250105,1250106,1250107,1250108,1250114,1250118,1250121,1250127,1250128,1250131,1250132,1250137,1250138,1250140,1250145,1250151,1250153,1250156,1250159,1250161,125016
8,1250178,1250180,1250181,1250182,1250183,1250184,1250187,1250191,1250197,1250198,1250200,1250209,1250211,1250237,1250245,1250247,1250250,1250257,1250264,1250269,1250277,1250287,1250293,1250301,1250303,1250309,1250311,1250313,1250315,1250316,1250322,1250323,1250324,1250325,1250328,1250331,1250358,1250362,1250363,1250370,1250374,1250391,1250392,1250393,1250394,1250395,1250406,1250412,1250418,1250425,1250428,1250453,1250454,1250457,1250459,1250522,1250759,1250761,1250762,1250763,1250767,1250768,1250774,1250781,1250784,1250786,1250787,1250790,1250791,1250792,1250797,1250799,1250807,1250810,1250811,1250818,1250819,1250822,1250823,1250824,1250825,1250830,1250831,1250839,1250841,1250842,1250843,1250846,1250847,1250848,1250850,1250851,1250853,1250856,1250863,1250864,1250866,1250867,1250868,1250872,1250874,1250875,1250877,1250879,1250883,1250887,1250888,1250889,1250890,1250891,1250905,1250915,1250917,1250923,1250927,1250928,1250948,1250949,1250953,1250955,1250963,1250964,1250965,CVE-2022-26
02,CVE-2022-2978,CVE-2022-36280,CVE-2022-43945,CVE-2022-49138,CVE-2022-49980,CVE-2022-50233,CVE-2022-50234,CVE-2022-50235,CVE-2022-50239,CVE-2022-50241,CVE-2022-50246,CVE-2022-50247,CVE-2022-50248,CVE-2022-50249,CVE-2022-50250,CVE-2022-50251,CVE-2022-50252,CVE-2022-50255,CVE-2022-50257,CVE-2022-50258,CVE-2022-50260,CVE-2022-50261,CVE-2022-50264,CVE-2022-50266,CVE-2022-50267,CVE-2022-50268,CVE-2022-50269,CVE-2022-50271,CVE-2022-50272,CVE-2022-50275,CVE-2022-50276,CVE-2022-50277,CVE-2022-50278,CVE-2022-50279,CVE-2022-50282,CVE-2022-50286,CVE-2022-50289,CVE-2022-50294,CVE-2022-50297,CVE-2022-50298,CVE-2022-50299,CVE-2022-50301,CVE-2022-50308,CVE-2022-50309,CVE-2022-50312,CVE-2022-50317,CVE-2022-50318,CVE-2022-50320,CVE-2022-50321,CVE-2022-50324,CVE-2022-50328,CVE-2022-50329,CVE-2022-50330,CVE-2022-50331,CVE-2022-50333,CVE-2022-50340,CVE-2022-50342,CVE-2022-50344,CVE-2022-50346,CVE-2022-50347,CVE-2022-50348,CVE-2022-50349,CVE-2022-50351,CVE-2022-50353,CVE-2022-50355,CVE-2022-50358,CVE-2
022-50359,CVE-2022-50362,CVE-2022-50364,CVE-2022-50367,CVE-2022-50368,CVE-2022-50369,CVE-2022-50370,CVE-2022-50372,CVE-2022-50373,CVE-2022-50374,CVE-2022-50375,CVE-2022-50376,CVE-2022-50379,CVE-2022-50381,CVE-2022-50385,CVE-2022-50386,CVE-2022-50388,CVE-2022-50389,CVE-2022-50391,CVE-2022-50392,CVE-2022-50394,CVE-2022-50395,CVE-2022-50399,CVE-2022-50401,CVE-2022-50402,CVE-2022-50404,CVE-2022-50408,CVE-2022-50409,CVE-2022-50410,CVE-2022-50411,CVE-2022-50414,CVE-2022-50417,CVE-2022-50419,CVE-2022-50422,CVE-2022-50423,CVE-2022-50425,CVE-2022-50427,CVE-2022-50428,CVE-2022-50429,CVE-2022-50430,CVE-2022-50431,CVE-2022-50432,CVE-2022-50434,CVE-2022-50435,CVE-2022-50436,CVE-2022-50437,CVE-2022-50439,CVE-2022-50440,CVE-2022-50443,CVE-2022-50444,CVE-2022-50449,CVE-2022-50453,CVE-2022-50454,CVE-2022-50456,CVE-2022-50458,CVE-2022-50459,CVE-2022-50460,CVE-2022-50465,CVE-2022-50466,CVE-2022-50467,CVE-2022-50468,CVE-2022-50469,CVE-2023-1380,CVE-2023-28328,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197
,CVE-2023-42753,CVE-2023-52923,CVE-2023-53147,CVE-2023-53149,CVE-2023-53150,CVE-2023-53151,CVE-2023-53153,CVE-2023-53165,CVE-2023-53167,CVE-2023-53171,CVE-2023-53174,CVE-2023-53176,CVE-2023-53178,CVE-2023-53179,CVE-2023-53182,CVE-2023-53185,CVE-2023-53196,CVE-2023-53197,CVE-2023-53199,CVE-2023-53201,CVE-2023-53205,CVE-2023-53213,CVE-2023-53216,CVE-2023-53219,CVE-2023-53222,CVE-2023-53223,CVE-2023-53226,CVE-2023-53229,CVE-2023-53230,CVE-2023-53234,CVE-2023-53238,CVE-2023-53239,CVE-2023-53241,CVE-2023-53242,CVE-2023-53244,CVE-2023-53245,CVE-2023-53246,CVE-2023-53249,CVE-2023-53250,CVE-2023-53251,CVE-2023-53255,CVE-2023-53259,CVE-2023-53265,CVE-2023-53268,CVE-2023-53270,CVE-2023-53272,CVE-2023-53273,CVE-2023-53275,CVE-2023-53276,CVE-2023-53277,CVE-2023-53280,CVE-2023-53281,CVE-2023-53282,CVE-2023-53286,CVE-2023-53288,CVE-2023-53295,CVE-2023-53297,CVE-2023-53298,CVE-2023-53299,CVE-2023-53302,CVE-2023-53304,CVE-2023-53305,CVE-2023-53307,CVE-2023-53309,CVE-2023-53311,CVE-2023-53313,CVE-20
23-53314,CVE-2023-53315,CVE-2023-53316,CVE-2023-53317,CVE-2023-53321,CVE-2023-53322,CVE-2023-53324,CVE-2023-53326,CVE-2023-53330,CVE-2023-53331,CVE-2023-53333,CVE-2023-53334,CVE-2023-53335,CVE-2023-53337,CVE-2023-53344,CVE-2023-53349,CVE-2023-53352,CVE-2023-53356,CVE-2023-53359,CVE-2023-53368,CVE-2023-53373,CVE-2023-53375,CVE-2023-53377,CVE-2023-53379,CVE-2023-53380,CVE-2023-53381,CVE-2023-53384,CVE-2023-53386,CVE-2023-53388,CVE-2023-53390,CVE-2023-53393,CVE-2023-53395,CVE-2023-53396,CVE-2023-53400,CVE-2023-53404,CVE-2023-53405,CVE-2023-53406,CVE-2023-53409,CVE-2023-53413,CVE-2023-53414,CVE-2023-53415,CVE-2023-53416,CVE-2023-53422,CVE-2023-53427,CVE-2023-53431,CVE-2023-53435,CVE-2023-53436,CVE-2023-53437,CVE-2023-53438,CVE-2023-53440,CVE-2023-53443,CVE-2023-53446,CVE-2023-53449,CVE-2023-53451,CVE-2023-53452,CVE-2023-53453,CVE-2023-53454,CVE-2023-53457,CVE-2023-53458,CVE-2023-53463,CVE-2023-53464,CVE-2023-53465,CVE-2023-53468,CVE-2023-53471,CVE-2023-53472,CVE-2023-53473,CVE-2023-5347
4,CVE-2023-53475,CVE-2023-53476,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53492,CVE-2023-53494,CVE-2023-53496,CVE-2023-53498,CVE-2023-53499,CVE-2023-53505,CVE-2023-53506,CVE-2023-53509,CVE-2023-53512,CVE-2023-53513,CVE-2023-53515,CVE-2023-53518,CVE-2023-53519,CVE-2023-53521,CVE-2023-53524,CVE-2023-53525,CVE-2023-53526,CVE-2023-53530,CVE-2024-26583,CVE-2024-26584,CVE-2024-58240,CVE-2025-23155,CVE-2025-37738,CVE-2025-37885,CVE-2025-37958,CVE-2025-38014,CVE-2025-38084,CVE-2025-38085,CVE-2025-38111,CVE-2025-38184,CVE-2025-38380,CVE-2025-38470,CVE-2025-38476,CVE-2025-38488,CVE-2025-38553,CVE-2025-38572,CVE-2025-38659,CVE-2025-38664,CVE-2025-38678,CVE-2025-38685,CVE-2025-38706,CVE-2025-38713,CVE-2025-38734,CVE-2025-39691,CVE-2025-39703,CVE-2025-39726,CVE-2025-39746,CVE-2025-39751,CVE-2025-39790,CVE-2025-39797,CVE-2025-39823,CVE-2025-39824,CVE-2025-39860,CVE-2025-39869
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110).
- CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968).
- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846).
- CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392).
- CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827).
- CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313).
- CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180).
- CVE-2025-23155: net: stmmac: Fix accessing freed irq affinity_hint (bsc#1242573).
- CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539).
- CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732).
- CVE-2025-38084: mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245498).
- CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245499).
- CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1245666).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38380: i2c/designware: Fix an initialization issue (bsc#1247028).
- CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288).
- CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38659: gfs2: No more self recovery (bsc#1248639).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126).
- CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220).
- CVE-2025-38706: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (bsc#1249195).
- CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200).
- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).
- CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374).
- CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315).
- CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266).
- CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516).
- CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538).
- CVE-2025-39790: bus: mhi: host: Detect events pointing to unexpected TREs (bsc#1249548).
- CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
- CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007).
- CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247).
- CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406).
The following non-security bugs were fixed:
- Limit patch filenames to 100 characters (bsc#1249604).
- Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108).
- README.BRANCH: Add Lidong Zhong as a SLE15-SP4-LTSS co-maintainer.
- Revert backported patches for bsc#1238160 because the CVSS less than 7.0
- Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps.
- btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1249158).
- build_bug.h: Add KABI assert (bsc#1249186).
- kabi/severities: ignore kABI for atheros helper modules The symbols are used only internally by atheros drivers.
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- net/sched: ets: use old 'nbands' while purging unused classes (git-fixes).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879).
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337).
- rpm: Configure KABI checkingness macro (bsc#1249186).
- rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186).
- rpm: Link arch-symbols script from scripts directory.
- rpm: Link guards script from scripts directory.
- use uniform permission checks for all mount propagation changes (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3729-1
Released: Wed Oct 22 15:19:26 2025
Summary: Security update for krb5
Type: security
Severity: moderate
References: 1241219,CVE-2025-3576
This update for krb5 fixes the following issues:
- CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using
RC4-HMAC-MD5 (bsc#1241219).
Krb5 as very old protocol supported quite a number of ciphers
that are not longer up to current cryptographic standards.
To avoid problems with those, SUSE has by default now disabled
those alorithms.
The following algorithms have been removed from valid krb5 enctypes:
- des3-cbc-sha1
- arcfour-hmac-md5
To reenable those algorithms, you can use allow options in krb5.conf:
[libdefaults]
allow_des3 = true
allow_rc4 = true
to reenable them.
The following package changes have been done:
- bind-utils-9.16.50-150400.5.49.1 updated
- boost-license1_66_0-1.66.0-150200.12.7.1 updated
- cups-config-2.2.7-150000.3.72.1 updated
- curl-8.14.1-150400.5.69.1 updated
- dracut-055+suse.361.g448229ea-150400.3.40.1 updated
- google-dracut-config-0.0.4-150300.7.12.1 updated
- google-guest-oslogin-20240311.01-150000.1.56.1 updated
- grub2-i386-pc-2.06-150400.11.63.1 updated
- grub2-x86_64-efi-2.06-150400.11.63.1 updated
- grub2-2.06-150400.11.63.1 updated
- hwinfo-21.89-150400.3.21.1 updated
- jq-1.6-150000.3.9.1 updated
- kernel-default-5.14.21-150400.24.179.1 updated
- krb5-1.19.2-150400.3.18.1 updated
- libavahi-client3-0.8-150400.7.23.1 updated
- libavahi-common3-0.8-150400.7.23.1 updated
- libboost_system1_66_0-1.66.0-150200.12.7.1 updated
- libboost_thread1_66_0-1.66.0-150200.12.7.1 updated
- libbrotlicommon1-1.0.7-150200.3.5.1 updated
- libbrotlidec1-1.0.7-150200.3.5.1 updated
- libcups2-2.2.7-150000.3.72.1 updated
- libcurl4-8.14.1-150400.5.69.1 updated
- libexpat1-2.7.1-150400.3.31.1 updated
- libgcc_s1-14.3.0+git11799-150000.1.11.1 updated
- libgcrypt20-1.9.4-150400.6.11.1 updated
- libgnutls30-3.7.3-150400.4.50.1 updated
- libjq1-1.6-150000.3.9.1 updated
- libopenssl1_1-1.1.1l-150400.7.84.1 updated
- libpython3_6m1_0-3.6.15-150300.10.97.1 updated
- libsolv-tools-base-0.7.34-150400.3.41.1 updated
- libsolv-tools-0.7.34-150400.3.41.1 updated
- libsqlite3-0-3.50.2-150000.3.33.1 updated
- libstdc++6-14.3.0+git11799-150000.1.11.1 updated
- libsystemd0-249.17-150400.8.49.2 updated
- libudev1-249.17-150400.8.49.2 updated
- libxml2-2-2.9.14-150400.5.47.1 updated
- libzypp-17.37.18-150400.3.148.1 updated
- openssl-1_1-1.1.1l-150400.7.84.1 updated
- pam-1.3.0-150000.6.86.1 updated
- permissions-20201225-150400.5.22.1 updated
- python3-appdirs-1.4.3-150000.3.3.1 updated
- python3-base-3.6.15-150300.10.97.1 updated
- python3-bind-9.16.50-150400.5.49.1 updated
- python3-packaging-21.3-150200.3.6.1 updated
- python3-ply-3.10-150000.3.8.1 updated
- python3-pyparsing-2.4.7-150300.3.3.1 updated
- python3-setuptools-44.1.1-150400.9.15.1 updated
- python3-six-1.14.0-150200.15.1 updated
- python3-3.6.15-150300.10.97.2 updated
- samba-client-libs-4.15.13+git.736.b791be993ba-150400.3.40.1 updated
- suse-build-key-12.0-150000.8.61.2 updated
- suse-module-tools-15.4.20-150400.3.20.3 updated
- sysconfig-netconfig-0.85.10-150200.15.1 updated
- sysconfig-0.85.10-150200.15.1 updated
- systemd-presets-branding-SLE-15.1-150100.20.17.2 updated
- systemd-rpm-macros-16-150000.7.42.1 updated
- systemd-sysvinit-249.17-150400.8.49.2 updated
- systemd-249.17-150400.8.49.2 updated
- udev-249.17-150400.8.49.2 updated
- update-alternatives-1.19.0.4-150000.4.7.1 updated
- vim-data-common-9.1.1629-150000.5.78.1 updated
- vim-9.1.1629-150000.5.78.1 updated
- zypper-1.14.94-150400.3.101.1 updated
- catatonit-0.2.0-150300.10.8.1 removed
- docker-28.2.2_ce-150000.227.1 removed
- iptables-1.8.7-1.1 removed
- libip6tc2-1.8.7-1.1 removed
- libnftnl11-1.2.0-150400.1.6 removed
- libprocps8-3.3.17-150000.7.42.1 removed
- procps-3.3.17-150000.7.42.1 removed
- xtables-plugins-1.8.7-1.1 removed
- xxd-9.1.1406-150000.5.75.1 removed
More information about the sle-container-updates
mailing list