SUSE-CU-2025:7780-1: Security update of suse/manager/5.0/x86_64/server
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Oct 30 14:15:58 UTC 2025
SUSE Container Update Advisory: suse/manager/5.0/x86_64/server
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:7780-1
Container Tags : suse/manager/5.0/x86_64/server:5.0.5.1 , suse/manager/5.0/x86_64/server:5.0.5.1.7.33.2 , suse/manager/5.0/x86_64/server:latest
Container Release : 7.33.2
Severity : critical
Type : security
References : 1218459 1227577 1228260 1230262 1230267 1230267 1230649 1231150
1231157 1232234 1232526 1233012 1233012 1233012 1233012 1233012
1233012 1233421 1234959 1236589 1237143 1237442 1237595 1238491
1239566 1239938 1240058 1240788 1240954 1241219 1241549 1243005
1243273 1243279 1243397 1243457 1243486 1243706 1243895 1243933
1243991 1244032 1244042 1244050 1244056 1244059 1244060 1244061
1244183 1244183 1244183 1244270 1244272 1244273 1244279 1244336
1244401 1244553 1244705 1244710 1244925 1245220 1245220 1245452
1245496 1245573 1245672 1245743 1245936 1245985 1246038 1246081
1246100 1246113 1246149 1246157 1246169 1246197 1246197 1246221
1246231 1246232 1246233 1246237 1246267 1246277 1246296 1246299
1246302 1246303 1246305 1246306 1246307 1246318 1246388 1246389
1246397 1246421 1246439 1246466 1246477 1246570 1246575 1246584
1246595 1246597 1246598 1246602 1246604 1246697 1246835 1246873
1246912 1246965 1246974 1247054 1247144 1247148 1247249 1247690
1247938 1247939 1247991 1248085 1248119 1248119 1248120 1248120
1248122 1248122 1248174 1248252 1248252 1248660 1249088 1249116
1249134 1249191 1249191 1249348 1249348 1249367 1249367 1249375
1249584 1250232 1250232 1250343 1250911 1251263 1251279 1251280
37681 831629 CVE-2016-9840 CVE-2024-10041 CVE-2024-12718 CVE-2024-42516
CVE-2024-43204 CVE-2024-47252 CVE-2024-52615 CVE-2024-56738 CVE-2024-6874
CVE-2025-0665 CVE-2025-10148 CVE-2025-10148 CVE-2025-10230 CVE-2025-23048
CVE-2025-30749 CVE-2025-30754 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990
CVE-2025-3576 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516
CVE-2025-4517 CVE-2025-48924 CVE-2025-48989 CVE-2025-49125 CVE-2025-4947
CVE-2025-49630 CVE-2025-49812 CVE-2025-50059 CVE-2025-50106 CVE-2025-50181
CVE-2025-5025 CVE-2025-52434 CVE-2025-52520 CVE-2025-53020 CVE-2025-53192
CVE-2025-53192 CVE-2025-53506 CVE-2025-53880 CVE-2025-53883 CVE-2025-53905
CVE-2025-53906 CVE-2025-5399 CVE-2025-55157 CVE-2025-55158 CVE-2025-55163
CVE-2025-58056 CVE-2025-58057 CVE-2025-5914 CVE-2025-5915 CVE-2025-5916
CVE-2025-5917 CVE-2025-5918 CVE-2025-59375 CVE-2025-6069 CVE-2025-6297
CVE-2025-6395 CVE-2025-6965 CVE-2025-7425 CVE-2025-7962 CVE-2025-8058
CVE-2025-8114 CVE-2025-8194 CVE-2025-8277 CVE-2025-8713 CVE-2025-8713
CVE-2025-8714 CVE-2025-8714 CVE-2025-8715 CVE-2025-8715 CVE-2025-9086
CVE-2025-9086 CVE-2025-9187 CVE-2025-9230 CVE-2025-9230 CVE-2025-9640
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/server was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2543-1
Released: Tue Jul 29 11:09:01 2025
Summary: Recommended update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3
Type: recommended
Severity: moderate
References: 1233012
This update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 fixes the following issues:
- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2558-1
Released: Wed Jul 30 22:14:27 2025
Summary: Recommended update for libsolv
Type: recommended
Severity: moderate
References: 1230267,1243279,1243457,1243486,1244042,1244710,1245220,1245452,1245496,1245672
This update for libsolv fixes the following issues:
- Allow easy migration from SLE Micro 5.5 + SUMA to SL Micro 6.1+MLM
(bsc#1243457).
- implement color filtering when adding update targets.
- support orderwithrequires dependencies in susedata.xml.
- Fix SEGV in MediaDISK handler (bsc#1245452).
- Fix evaluation of libproxy results (bsc#1244710).
- Enhancements regarding mirror handling during repo refresh. Adapt to libzypp
API changes (bsc#1230267).
- Explicitly selecting DownloadAsNeeded also selects the
classic_rpmtrans backend.
- Enhancements with mirror handling during repo refresh, needs zypper 1.14.91.
- Fix autotestcase when ZYPP_FULLLOG=1 (bsc#1244042)
There was no testcase written for the very first solver run.
- zypper does not allow distinctions between install and upgrade in
%postinstall (bsc#1243279).
- Ignore DeltaRpm download errors, in case of a failure the full rpm is
downloaded (bsc#1245672).
- Improve fix for incorrect filesize handling and download data exceeded errors
on HTTP responses (bsc#1245220).
- sh: Reset solver options after command (bsc#1245496).
- BuildRequires: Now %{libsolv_devel_package} greater or equal to 0.7.34
is required (bsc#1243486).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2566-1
Released: Thu Jul 31 09:18:44 2025
Summary: Security update for libarchive
Type: security
Severity: moderate
References: 1244270,1244272,1244273,1244279,1244336,CVE-2025-5914,CVE-2025-5915,CVE-2025-5916,CVE-2025-5917,CVE-2025-5918
This update for libarchive fixes the following issues:
- CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272)
- CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273)
- CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270)
- CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336)
- CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2572-1
Released: Thu Jul 31 11:11:10 2025
Summary: Recommended update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp
Type: recommended
Severity: moderate
References: 1233012
This update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp fixes the following issues:
- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2573-1
Released: Thu Jul 31 11:15:06 2025
Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six
Type: recommended
Severity: moderate
References: 1233012
This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues:
- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2574-1
Released: Thu Jul 31 11:19:37 2025
Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools
Type: recommended
Severity: moderate
References: 1233012
This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues:
- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2580-1
Released: Thu Jul 31 13:53:43 2025
Summary: Recommended update for firewalld
Type: recommended
Severity: moderate
References: 1246100
This update for firewalld fixes the following issues:
- Do not recommend python311-firewalld (bsc#1246100)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2536-1
Released: Thu Jul 31 16:44:39 2025
Summary: Security update for boost
Type: security
Severity: important
References: 1245936,CVE-2016-9840
This update for boost fixes the following issues:
- CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2585-1
Released: Fri Aug 1 09:22:26 2025
Summary: Recommended update for fence-agents
Type: recommended
Severity: moderate
References:
This update for fence-agents fixes the following issues:
- Activate checks
- Adding new fence agent for Nutanix AHV (jsc#PED-13087)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2595-1
Released: Fri Aug 1 17:13:59 2025
Summary: Security update for gnutls
Type: security
Severity: important
References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395
This update for gnutls fixes the following issues:
- CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299)
- CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232)
- CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233)
- CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2667-1
Released: Mon Aug 4 14:37:23 2025
Summary: Security update for java-17-openjdk
Type: security
Severity: important
References: 1246575,1246584,1246595,1246598,CVE-2025-30749,CVE-2025-30754,CVE-2025-50059,CVE-2025-50106
This update for java-17-openjdk fixes the following issues:
Upgrade to upstream tag jdk-17.0.16+8 (July 2025 CPU):
- CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595)
- CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (bsc#1246598)
- CVE-2025-50059: Improve HTTP client header handling (bsc#1246575)
- CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584)
Changelog:
+ JDK-4850101: Setting mnemonic to VK_F4 underlines the letter
S in a button.
+ JDK-5074006: Swing JOptionPane shows </html> tag as a string
after newline
+ JDK-6956385: URLConnection.getLastModified() leaks file
handles for jar:file and file: URLs
+ JDK-8024624: [TEST_BUG] [macosx] CTRL+RIGHT(LEFT) doesn't
move selection on next cell in JTable on Aqua L&F
+ JDK-8042134: JOptionPane bungles HTML messages
+ JDK-8051591: Test
javax/swing/JTabbedPane/8007563/Test8007563.java fails
+ JDK-8077371: Binary files in JAXP test should be removed
+ JDK-8183348: Better cleanup for
jdk/test/sun/security/pkcs12/P12SecretKey.java
+ JDK-8196465:
javax/swing/JComboBox/8182031/ComboPopupTest.java fails on
Linux
+ JDK-8202100: Merge vm/share/InMemoryJavaCompiler w/
jdk/test/lib/compiler/InMemoryJavaCompiler
+ JDK-8211400: nsk.share.gc.Memory::getArrayLength returns
wrong value
+ JDK-8218474: JComboBox display issue with GTKLookAndFeel
+ JDK-8224267: JOptionPane message string with 5000+ newlines
produces StackOverflowError
+ JDK-8249831: Test sun/security/mscapi/nonUniqueAliases/
/NonUniqueAliases.java is marked with @ignore
+ JDK-8251505: Use of types in compiler shared code should be
consistent.
+ JDK-8253440: serviceability/sa/TestJhsdbJstackLineNumbers.java
failed with 'Didn't find enough line numbers'
+ JDK-8254786: java/net/httpclient/CancelRequestTest.java
failing intermittently
+ JDK-8256211: assert fired in
java/net/httpclient/DependentPromiseActionsTest (infrequent)
+ JDK-8258483: [TESTBUG] gtest
CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is
too small
+ JDK-8269516: AArch64: Assembler cleanups
+ JDK-8271419: Refactor test code for modifying CDS archive
contents
+ JDK-8276995: Bug in jdk.jfr.event.gc.collection.TestSystemGC
+ JDK-8277983: Remove unused fields from
sun.net.www.protocol.jar.JarURLConnection
+ JDK-8279884: Use better file for cygwin source permission
check
+ JDK-8279894: javax/swing/JInternalFrame/8020708/bug8020708.java
timeouts on Windows 11
+ JDK-8280468: Crashes in getConfigColormap,
getConfigVisualId, XVisualIDFromVisual on Linux
+ JDK-8280820: Clean up bug8033699 and bug8075609.java tests:
regtesthelpers aren't used
+ JDK-8280991: [XWayland] No displayChanged event after
setDisplayMode call
+ JDK-8281511: java/net/ipv6tests/UdpTest.java fails with
checkTime failed
+ JDK-8282863: java/awt/FullScreen/FullscreenWindowProps/
/FullscreenWindowProps.java fails on Windows 10 with HiDPI
screen
+ JDK-8286204: [Accessibility,macOS,VoiceOver] VoiceOver reads
the spinner value 10 as 1 when user iterates to 10 for the
first time on macOS
+ JDK-8286789: Test forceEarlyReturn002.java timed out
+ JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit
access thread fields from native
+ JDK-8286925: Move JSON parser used in JFR tests to test
library
+ JDK-8287352: DockerTestUtils::execute shows incorrect
elapsed time
+ JDK-8287801: Fix test-bugs related to stress flags
+ JDK-8288707: javax/swing/JToolBar/4529206/bug4529206.java:
setFloating does not work correctly
+ JDK-8290162: Reset recursion counter missed in fix of
JDK-8224267
+ JDK-8292064: Convert java/lang/management/MemoryMXBean shell
tests to java version
+ JDK-8293503: gc/metaspace/TestMetaspacePerfCounters.java
#Epsilon-64 failed assertGreaterThanOrEqual:
expected MMM >= NNN
+ JDK-8294038: Remove 'Classpath' exception from javax/swing
tests
+ JDK-8294155: Exception thrown before awaitAndCheck hangs
PassFailJFrame
+ JDK-8295470: Update openjdk.java.net => openjdk.org URLs in
test code
+ JDK-8295670: Remove duplication in
java/util/Formatter/Basic*.java
+ JDK-8295804:
javax/swing/JFileChooser/JFileChooserSetLocationTest.java
failed with 'setLocation() is not working properly'
+ JDK-8296072: CertAttrSet::encode and DerEncoder::derEncode
should write into DerOutputStream
+ JDK-8296167: test/langtools/tools/jdeps/jdkinternals/
/ShowReplacement.java failing after JDK-8296072
+ JDK-8296920: Regression Test DialogOrient.java fails on MacOS
+ JDK-8297173: usageTicks and totalTicks should be volatile to
ensure that different threads get the latest ticks
+ JDK-8297242: Use-after-free during library unloading on Linux
+ JDK-8298061: vmTestbase/nsk/sysdict/vm/stress/btree/btree012/
/btree012.java failed with 'fatal error: refcount has gone to
zero'
+ JDK-8298147: Clang warns about pointless comparisons
+ JDK-8298248: Limit sscanf output width in cgroup file parsers
+ JDK-8298709: Fix typos in src/java.desktop/ and various test
classes of client component
+ JDK-8298730: Refactor subsystem_file_line_contents and add
docs and tests
+ JDK-8300645: Handle julong values in logging of
GET_CONTAINER_INFO macros
+ JDK-8300658: memory_and_swap_limit() reporting wrong values
on systems with swapaccount=0
+ JDK-8302226: failure_handler native.core should wait for
coredump to finish
+ JDK-8303549: [AIX] TestNativeStack.java is failing with exit
value 1
+ JDK-8303770: Remove Baltimore root certificate expiring in
May 2025
+ JDK-8305010: Test vmTestbase/nsk/jvmti/scenarios/sampling/
/SP05/sp05t003/TestDescription.java timed out: thread not
suspended
+ JDK-8305578: X11GraphicsDevice.pGetBounds() is slow in
remote X11 sessions
+ JDK-8306997: C2: 'malformed control flow' assert due to
missing safepoint on backedge with a switch
+ JDK-8307318: Test
serviceability/sa/ClhsdbCDSJstackPrintAll.java failed:
ArrayIndexOutOfBoundsException
+ JDK-8308875: java/awt/Toolkit/GetScreenInsetsCustomGC/
/GetScreenInsetsCustomGC.java failed with 'Cannot invoke
'sun.awt.X11GraphicsDevice.getInsets()' because 'device' is
null'
+ JDK-8309841: Jarsigner should print a warning if an entry is
removed
+ JDK-8310525: DynamicLauncher for JDP test needs to try
harder to find a free port
+ JDK-8312246: NPE when HSDB visits bad oop
+ JDK-8314120: Add tests for FileDescriptor.sync
+ JDK-8314236: Overflow in Collections.rotate
+ JDK-8314246: javax/swing/JToolBar/4529206/bug4529206.java
fails intermittently on Linux
+ JDK-8314320: Mark runtime/CommandLine/ tests as flagless
+ JDK-8314828: Mark 3 jcmd command-line options test as
vm.flagless
+ JDK-8315484: java/awt/dnd/RejectDragDropActionTest.java
timed out
+ JDK-8315669: Open source several Swing PopupMenu related
tests
+ JDK-8315721: CloseRace.java#id0 fails transiently on libgraal
+ JDK-8315742: Open source several Swing Scroll related tests
+ JDK-8315871: Opensource five more Swing regression tests
+ JDK-8315876: Open source several Swing CSS related tests
+ JDK-8315951: Open source several Swing HTMLEditorKit related
tests
+ JDK-8315981: Opensource five more random Swing tests
+ JDK-8316061: Open source several Swing RootPane and Slider
related tests
+ JDK-8316156: ByteArrayInputStream.transferTo causes
MaxDirectMemorySize overflow
+ JDK-8316228: jcmd tests are broken by 8314828
+ JDK-8316324: Opensource five miscellaneous Swing tests
+ JDK-8316388: Opensource five Swing component related
regression tests
+ JDK-8316451: 6 java/lang/instrument/PremainClass tests
ignore VM flags
+ JDK-8316452: java/lang/instrument/modules/
/AppendToClassPathModuleTest.java ignores VM flags
+ JDK-8316460: 4 javax/management tests ignore VM flags
+ JDK-8316497: ColorConvertOp - typo for non-ICC conversions
needs one-line fix
+ JDK-8316629: j.text.DateFormatSymbols setZoneStrings()
exception is unhelpful
+ JDK-8318700: MacOS Zero cannot run gtests due to wrong JVM
path
+ JDK-8318915: Enhance checks in BigDecimal.toPlainString()
+ JDK-8318962: Update ProcessTools javadoc with suggestions in
8315097
+ JDK-8319572: Test jdk/incubator/vector/LoadJsvmlTest.java
ignores VM flags
+ JDK-8319578: Few java/lang/instrument ignore test.java.opts
and accept test.vm.opts only
+ JDK-8319690: [AArch64] C2 compilation hits
offset_ok_for_immed: assert 'c2 compiler bug'
+ JDK-8320682: [AArch64] C1 compilation fails with 'Field too
big for insn'
+ JDK-8320687: sun.jvmstat.monitor.MonitoredHost
.getMonitoredHost() throws unexpected exceptions when invoked
concurrently
+ JDK-8321204: C2: assert(false) failed: node should be in
igvn hash table
+ JDK-8321479: java -D-D crashes
+ JDK-8321509: False positive in get_trampoline fast path
causes crash
+ JDK-8321713: Harmonize executeTestJvm with
create[Limited]TestJavaProcessBuilder
+ JDK-8321718: ProcessTools.executeProcess calls waitFor
before logging
+ JDK-8321931: memory_swap_current_in_bytes reports 0 as
'unlimited'
+ JDK-8325435: [macos] Menu or JPopupMenu not closed when main
window is resized
+ JDK-8325680: Uninitialised memory in deleteGSSCB of
GSSLibStub.c:179
+ JDK-8325682: Rename nsk_strace.h
+ JDK-8326389: [test] improve assertEquals failure output
+ JDK-8328301: Convert Applet test
ManualHTMLDataFlavorTest.java to main program
+ JDK-8328482: Convert and Open source few manual applet test
to main based
+ JDK-8328484: Convert and Opensource few JFileChooser applet
test to main
+ JDK-8328648: Remove applet usage from JFileChooser tests
bug4150029
+ JDK-8328670: Automate and open source few closed manual
applet test
+ JDK-8328673: Convert closed text/html/CSS manual applet test
to main
+ JDK-8329261: G1: interpreter post-barrier x86 code asserts
index size of wrong buffer
+ JDK-8330534: Update nsk/jdwp tests to use driver instead of
othervm
+ JDK-8330598: java/net/httpclient/Http1ChunkedTest.java fails
with java.util.MissingFormatArgumentException: Format
specifier '%s'
+ JDK-8331735: UpcallLinker::on_exit races with GC when
copying frame anchor
+ JDK-8333117: Remove support of remote and manual debuggee
launchers
+ JDK-8333680: com/sun/tools/attach/BasicTests.java fails with
'SocketException: Permission denied: connect'
+ JDK-8334560: [PPC64]: postalloc_expand_java_dynamic_call_sched
does not copy all fields
+ JDK-8334644: Automate
javax/print/attribute/PageRangesException.java
+ JDK-8334780: Crash: assert(h_array_list.not_null()) failed:
invariant
+ JDK-8334895: OpenJDK fails to configure on linux aarch64
when CDS is disabled after JDK-8331942
+ JDK-8335662: [AArch64] C1: guarantee(val < (1ULL << nbits))
failed: Field too big for insn
+ JDK-8335684: Test ThreadCpuTime.java should pause like
ThreadCpuTimeArray.java
+ JDK-8335836: serviceability/jvmti/StartPhase/AllowedFunctions/
/AllowedFunctions.java fails with unexpected exit code: 112
+ JDK-8336587: failure_handler lldb command times out on
macosx-aarch64 core file
+ JDK-8337221: CompileFramework: test library to conveniently
compile java and jasm sources for fuzzing
+ JDK-8337299: vmTestbase/nsk/jdb/stop_at/stop_at002/
/stop_at002.java failure goes undetected
+ JDK-8338154: Fix -Wzero-as-null-pointer-constant warnings in
gtest framework
+ JDK-8339148: Make os::Linux::active_processor_count() public
+ JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm
gtest fails on ppc64 based platforms
+ JDK-8339639: Opensource few AWT PopupMenu tests
+ JDK-8339678: Update runtime/condy tests to be executed with
VM flags
+ JDK-8339727: Open source several AWT focus tests - series 1
+ JDK-8339794: Open source closed choice tests #1
+ JDK-8339810: Clean up the code in sun.tools.jar.Main to
properly close resources and use ZipFile during extract
+ JDK-8339836: Open source several AWT Mouse tests - Batch 1
+ JDK-8339842: Open source several AWT focus tests - series 2
+ JDK-8339895: Open source several AWT focus tests - series 3
+ JDK-8339906: Open source several AWT focus tests - series 4
+ JDK-8339935: Open source several AWT focus tests - series 5
+ JDK-8339982: Open source several AWT Mouse tests - Batch 2
+ JDK-8339984: Open source AWT MenuItem related tests
+ JDK-8339995: Open source several AWT focus tests - series 6
+ JDK-8340077: Open source few Checkbox tests - Set2
+ JDK-8340084: Open source AWT Frame related tests
+ JDK-8340143: Open source several Java2D rendering loop tests.
+ JDK-8340164: Open source few Component tests - Set1
+ JDK-8340173: Open source some Component/Panel/EventQueue
tests - Set2
+ JDK-8340176: Replace usage of -noclassgc with -Xnoclassgc in
test/jdk/java/lang/management/MemoryMXBean/LowMemoryTest2.java
+ JDK-8340193: Open source several AWT Dialog tests - Batch 1
+ JDK-8340228: Open source couple more miscellaneous AWT tests
+ JDK-8340271: Open source several AWT Robot tests
+ JDK-8340279: Open source several AWT Dialog tests - Batch 2
+ JDK-8340332: Open source mixed AWT tests - Set3
+ JDK-8340366: Open source several AWT Dialog tests - Batch 3
+ JDK-8340367: Opensource few AWT image tests
+ JDK-8340393: Open source closed choice tests #2
+ JDK-8340407: Open source a few more Component related tests
+ JDK-8340417: Open source some MenuBar tests - Set1
+ JDK-8340432: Open source some MenuBar tests - Set2
+ JDK-8340433: Open source closed choice tests #3
+ JDK-8340437: Open source few more AWT Frame related tests
+ JDK-8340458: Open source additional Component tests (part 2)
+ JDK-8340555: Open source DnD tests - Set4
+ JDK-8340560: Open Source several AWT/2D font and rendering
tests
+ JDK-8340605: Open source several AWT PopupMenu tests
+ JDK-8340621: Open source several AWT List tests
+ JDK-8340625: Open source additional Component tests (part 3)
+ JDK-8340639: Open source few more AWT List tests
+ JDK-8340713: Open source DnD tests - Set5
+ JDK-8340784: Remove PassFailJFrame constructor with
screenshots
+ JDK-8340790: Open source several AWT Dialog tests - Batch 4
+ JDK-8340809: Open source few more AWT PopupMenu tests
+ JDK-8340874: Open source some of the AWT Geometry/Button
tests
+ JDK-8340907: Open source closed frame tests # 2
+ JDK-8340966: Open source few Checkbox and Cursor tests - Set1
+ JDK-8340967: Open source few Cursor tests - Set2
+ JDK-8340978: Open source few DnD tests - Set6
+ JDK-8340985: Open source some Desktop related tests
+ JDK-8341000: Open source some of the AWT Window tests
+ JDK-8341004: Open source AWT FileDialog related tests
+ JDK-8341072: Open source several AWT Canvas and Rectangle
related tests
+ JDK-8341128: open source some 2d graphics tests
+ JDK-8341148: Open source several Choice related tests
+ JDK-8341162: Open source some of the AWT window test
+ JDK-8341170: Open source several Choice related tests (part
2)
+ JDK-8341177: Opensource few List and a Window test
+ JDK-8341191: Open source few more AWT FileDialog tests
+ JDK-8341239: Open source closed frame tests # 3
+ JDK-8341257: Open source few DND tests - Set1
+ JDK-8341258: Open source few various AWT tests - Set1
+ JDK-8341278: Open source few TrayIcon tests - Set7
+ JDK-8341298: Open source more AWT window tests
+ JDK-8341373: Open source closed frame tests # 4
+ JDK-8341378: Open source few TrayIcon tests - Set8
+ JDK-8341447: Open source closed frame tests # 5
+ JDK-8341535: sun/awt/font/TestDevTransform.java fails with
RuntimeException: Different rendering
+ JDK-8341637: java/net/Socket/UdpSocket.java fails with
'java.net.BindException: Address already in use'
(macos-aarch64)
+ JDK-8341972: java/awt/dnd/DnDRemoveFocusOwnerCrashTest.java
timed out after JDK-8341257
+ JDK-8342376: More reliable OOM handling in
ExceptionDuringDumpAtObjectsInitPhase test
+ JDK-8342524: Use latch in AbstractButton/bug6298940.java
instead of delay
+ JDK-8342633: javax/management/security/
/HashedPasswordFileTest.java creates tmp file in src dir
+ JDK-8343037: Missing @since tag on JColorChooser.showDialog
overload
+ JDK-8343103: Enable debug logging for vmTestbase/nsk/jvmti/
/scenarios/sampling/SP05/sp05t003/TestDescription.java
+ JDK-8343124: Tests fails with
java.lang.IllegalAccessException: class
com.sun.javatest.regtest.agent.MainWrapper$MainTask cannot
access
+ JDK-8343170: java/awt/Cursor/JPanelCursorTest/
/JPanelCursorTest.java does not show the default cursor
+ JDK-8343205: CompileBroker::possibly_add_compiler_threads
excessively polls available memory
+ JDK-8343529: serviceability/sa/ClhsdbWhere.java fails
AssertionFailure: Corrupted constant pool
+ JDK-8343891: Test javax/swing/JTabbedPane/
/TestJTabbedPaneBackgroundColor.java failed
+ JDK-8343936: Adjust timeout in test
javax/management/monitor/DerivedGaugeMonitorTest.java
+ JDK-8344316: security/auth/callback/TextCallbackHandler/
/Password.java make runnable with JTReg and add the UI
+ JDK-8344361: Restore null return for invalid services from
legacy providers
+ JDK-8345133: Test sun/security/tools/jarsigner/
/TsacertOptionTest.java failed: Warning found in stdout
+ JDK-8345134: Test sun/security/tools/jarsigner/
/ConciseJarsigner.java failed: unable to find valid
certification path to requested target
+ JDK-8345357: test/jdk/javax/swing/JRadioButton/8033699/
/bug8033699.java fails in ubuntu22.04
+ JDK-8345447: test/jdk/javax/swing/JToolBar/4529206/
/bug4529206.java fails in ubuntu22.04
+ JDK-8345547: test/jdk/javax/swing/text/DefaultEditorKit/
/4278839/bug4278839.java fails in ubuntu22.04
+ JDK-8345598: Upgrade NSS binaries for interop tests
+ JDK-8345625: Better HTTP connections
+ JDK-8345728: [Accessibility,macOS,Screen Magnifier]:
JCheckbox unchecked state does not magnify but works for
checked tate
+ JDK-8345838: Remove the
appcds/javaldr/AnonVmClassesDuringDump.java test
+ JDK-8346049: jdk/test/lib/security/timestamp/TsaServer.java
warnings
+ JDK-8346581: JRadioButton/ButtonGroupFocusTest.java fails in
CI on Linux
+ JDK-8347000: Bug in
com/sun/net/httpserver/bugs/B6361557.java test
+ JDK-8347019: Test javax/swing/JRadioButton/8033699/
/bug8033699.java still fails: Focus is not on Radio Button
Single as Expected
+ JDK-8347083: Incomplete logging in
nsk/jvmti/ResourceExhausted/resexhausted00* tests
+ JDK-8347126: gc/stress/TestStressG1Uncommit.java gets
OOM-killed
+ JDK-8347267: [macOS]: UnixOperatingSystem.c:67:40: runtime
error: division by zero
+ JDK-8347286: (fs) Remove some extensions from
java/nio/file/Files/probeContentType/Basic.java
+ JDK-8347576: Error output in libjsound has non matching
format strings
+ JDK-8347629: Test FailOverDirectExecutionControlTest.java
fails with -Xcomp
+ JDK-8347911: Limit the length of inflated text chunks
+ JDK-8347995: Race condition in jdk/java/net/httpclient/
/offline/FixedResponseHttpClient.java
+ JDK-8348107: test/jdk/java/net/httpclient/
/HttpsTunnelAuthTest.java fails intermittently
+ JDK-8348110: Update LCMS to 2.17
+ JDK-8348299: Update List/ItemEventTest/ItemEventTest.java
+ JDK-8348596: Update FreeType to 2.13.3
+ JDK-8348597: Update HarfBuzz to 10.4.0
+ JDK-8348598: Update Libpng to 1.6.47
+ JDK-8348600: Update PipeWire to 1.3.81
+ JDK-8348865: JButton/bug4796987.java never runs because
Windows XP is unavailable
+ JDK-8348936: [Accessibility,macOS,VoiceOver] VoiceOver
doesn't announce untick on toggling the checkbox with 'space'
key on macOS
+ JDK-8348989: Better Glyph drawing
+ JDK-8349039: Adjust exception No type named <ThreadType> in
database
+ JDK-8349111: Enhance Swing supports
+ JDK-8349200: [JMH] time.format.ZonedDateTimeFormatterBenchmark
fails
+ JDK-8349348: Refactor ClassLoaderDeadlock.sh and Deadlock.sh
to run fully in java
+ JDK-8349492: Update sun/security/pkcs12/
/KeytoolOpensslInteropTest.java to use a recent Openssl
version
+ JDK-8349501: Relocate supporting classes in
security/testlibrary to test/lib/jdk tree
+ JDK-8349594: Enhance TLS protocol support
+ JDK-8349751: AIX build failure after upgrade pipewire to
1.3.81
+ JDK-8349974: [JMH,17u] MaskQueryOperationsBenchmark fails
java.lang.NoClassDefFoundError
+ JDK-8350211: CTW: Attempt to preload all classes in constant
pool
+ JDK-8350224: Test javax/swing/JComboBox/
/TestComboBoxComponentRendering.java fails in ubuntu 23.x and
later
+ JDK-8350260: Improve HTML instruction formatting in
PassFailJFrame
+ JDK-8350383: Test: add more test case for string compare (UL
case)
+ JDK-8350386: Test TestCodeCacheFull.java fails with option
-XX:-UseCodeCacheFlushing
+ JDK-8350412: [21u] AArch64: Ambiguous frame layout leads to
incorrect traces in JFR
+ JDK-8350498: Remove two Camerfirma root CA certificates
+ JDK-8350540: [17u,11u] B8312065.java fails Network is
unreachable
+ JDK-8350546: Several java/net/InetAddress tests fails
UnknownHostException
+ JDK-8350616: Skip ValidateHazardPtrsClosure in non-debug
builds
+ JDK-8350651: Bump update version for OpenJDK: jdk-17.0.16
+ JDK-8350924: javax/swing/JMenu/4213634/bug4213634.java fails
+ JDK-8350991: Improve HTTP client header handling
+ JDK-8351086: (fc) Make
java/nio/channels/FileChannel/BlockDeviceSize.java test manual
+ JDK-8352076: [21u] Problem list tests that fail in 21 and
would be fixed by 8309622
+ JDK-8352109: java/awt/Desktop/MailTest.java fails in
platforms where Action.MAIL is not supported
+ JDK-8352302: Test
sun/security/tools/jarsigner/TimestampCheck.java is failing
+ JDK-8352649: [17u] guarantee(is_result_safe ||
is_in_asgct()) failed inside AsyncGetCallTrace
+ JDK-8352676: Opensource JMenu tests - series1
+ JDK-8352680: Opensource few misc swing tests
+ JDK-8352684: Opensource JInternalFrame tests - series1
+ JDK-8352706: httpclient HeadTest does not run on HTTP2
+ JDK-8352716: (tz) Update Timezone Data to 2025b
+ JDK-8352908: Open source several swing tests batch1
+ JDK-8352942: jdk/jfr/startupargs/TestMemoryOptions.java
fails with 32-bit build
+ JDK-8353070: Clean up and open source couple AWT Graphics
related tests (Part 1)
+ JDK-8353138: Screen capture for test
TaskbarPositionTest.java, failure case
+ JDK-8353320: Open source more Swing text tests
+ JDK-8353446: Open source several AWT Menu tests - Batch 2
+ JDK-8353475: Open source two Swing DefaultCaret tests
+ JDK-8353685: Open some JComboBox bugs 4
+ JDK-8353709: Debug symbols bundle should contain full debug
files when building --with-external-symbols-in-bundles=public
+ JDK-8353714: [17u] Backport of 8347740 incomplete
+ JDK-8353942: Open source Swing Tests - Set 5
+ JDK-8354554: Open source several clipboard tests batch1
+ JDK-8356053: Test java/awt/Toolkit/Headless/
/HeadlessToolkit.java fails by timeout
+ JDK-8356096: ISO 4217 Amendment 179 Update
+ JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS
+ JDK-8357105: C2: compilation fails with 'assert(false)
failed: empty program detected during loop optimization'
+ JDK-8357193: [VS 2022 17.14] Warning C5287 in debugInit.c:
enum type mismatch during build
+ JDK-8359170: Add 2 TLS and 2 CS Sectigo roots
+ JDK-8360147: Better Glyph drawing redux
+ JDK-8361674: [17u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.16
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2672-1
Released: Mon Aug 4 15:06:13 2025
Summary: Security update for sqlite3
Type: security
Severity: important
References: 1246597,CVE-2025-6965
This update for sqlite3 fixes the following issues:
- Update to version 3.50.2
- CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2684-1
Released: Mon Aug 4 17:07:20 2025
Summary: Security update for apache2
Type: security
Severity: important
References: 1246169,1246302,1246303,1246305,1246306,1246307,1246477,CVE-2024-42516,CVE-2024-43204,CVE-2024-47252,CVE-2025-23048,CVE-2025-49630,CVE-2025-49812,CVE-2025-53020
This update for apache2 fixes the following issues:
- CVE-2024-42516: Fixed HTTP response splitting. (bsc#1246477)
- CVE-2024-43204: Fixed a SSRF when mod_proxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. (bsc#1246305)
- CVE-2024-47252: Fixed insufficient escaping of user-supplied data in mod_ssl allows an untrusted SSL/TLS client to insert escape characters into log file. (bsc#1246303)
- CVE-2025-23048: Fixed access control bypass by trusted clients through TLS 1.3 session resumption in some mod_ssl configurations. (bsc#1246302)
- CVE-2025-49630: Fixed denial of service can be triggered by untrusted clients causing an assertion in mod_proxy_http2. (bsc#1246307)
- CVE-2025-49812: Fixed Opossum Attack Application Layer Desynchronization using Opportunistic TLS. (bsc#1246169)
- CVE-2025-53020: Fixed HTTP/2 denial of service due to late release of memory after effective lifetime. (bsc#1246306)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2714-1
Released: Wed Aug 6 11:36:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References:
This update for systemd fixes the following issues:
- triggers.systemd: skip update of hwdb, journal-catalog if executed during
an offline update.
- systemd-repart is no more considered as experimental (jsc#PED-13213)
- Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2720-1
Released: Thu Aug 7 05:38:44 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References:
This update for crypto-policies fixes the following issues:
- Update the BSI policy (jsc#PED-12880)
* BSI: switch to 3072 minimum RSA key size
* BSI: Update BSI policy for new 2024 minimum
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2730-1
Released: Fri Aug 8 06:51:35 2025
Summary: Recommended update for perl-DBD-Pg
Type: recommended
Severity: moderate
References: 1244183
This update for perl-DBD-Pg fixes the following issues:
- Dependency submission for the openQA stack (bsc#1244183)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2731-1
Released: Fri Aug 8 06:51:47 2025
Summary: Recommended update for perl-DBI
Type: recommended
Severity: moderate
References: 1244183
This update for perl-DBI fixes the following issues:
- Dependency submission for the openQA stack (bsc#1244183)
- Updated to 1.647.0 (1.647)
* Remove 'experimental' tag from statistics_info
* RT tickets moved to github issues (rwfranks++)
* Fix install issue
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2734-1
Released: Fri Aug 8 10:05:10 2025
Summary: Security update for dpkg
Type: security
Severity: moderate
References: 1245573,CVE-2025-6297
This update for dpkg fixes the following issues:
- CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2758-1
Released: Tue Aug 12 12:05:22 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1246296,CVE-2025-7425
This update for libxml2 fixes the following issues:
- CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2761-1
Released: Tue Aug 12 14:17:29 2025
Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa
Type: recommended
Severity: moderate
References: 1233012
This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues:
- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:2763-1
Released: Tue Aug 12 14:45:40 2025
Summary: Optional update for libyaml
Type: optional
Severity: moderate
References: 1246570
This update for libyaml ships the missing libyaml-0-2 library package to
SUSE MicroOS 5.1 and 5.2.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2772-1
Released: Tue Aug 12 19:35:08 2025
Summary: Recommended update for grub2
Type: security
Severity: moderate
References: 1234959,1246157,1246231,1246237,CVE-2024-56738
This update for grub2 fixes the following issues:
- CVE-2024-56738: Fixed side-channel attack due to not
constant-time algorithm in grub_crypto_memcmp (bsc#1234959)
Other fixes:
- Fix test -f and -s do not work properly over the network files
served via tftp and http (bsc#1246157, bsc#1246237)
- Skip mount point in grub_find_device function (bsc#1246231)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2776-1
Released: Wed Aug 13 08:10:36 2025
Summary: Recommended update for systemd-rpm-macros
Type: recommended
Severity: moderate
References: 1237143
This update for systemd-rpm-macros fixes the following issues:
- Introduce %udev_trigger_with_reload() for packages that need to trigger events
in theirs scriplets. The new macro automatically triggers a reload of the udev
rule files as this step is often overlooked by packages (bsc#1237143).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2778-1
Released: Wed Aug 13 08:45:57 2025
Summary: Security update for python3
Type: security
Severity: important
References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194
This update for python3 fixes the following issues:
- CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273).
- CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056)
- CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059)
- CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060)
- CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061)
- CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032)
- CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705)
- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249)
Other fixes:
- Limit buffer size for IPv6 address parsing (bsc#1244401).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2780-1
Released: Wed Aug 13 10:28:27 2025
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050
This update for gcc14 fixes the following issues:
Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799
- Fixed libqt6webengine build.
- Fix build on s390x [bsc#1241549]
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Allow GCC executables to be built PIE. [bsc#1239938]
- Backport -msplit-patch-nops required for user-space livepatching on powerpc.
- Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566]
- Disable profiling during build when %want_reproducible_builds is set [bsc#1238491]
- Fixes reported ICE in [bsc#1237442]
- Add larchintrin.h, lasxintrin.h and lsxintrin.h
headers to gccXY main package in %files section
- libstdc++6 fix for parsing tzdata 2024b [gcc#116657]
- Fix ICE with LTO building openvino on aarch64 [bsc#1230262]
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2818-1
Released: Fri Aug 15 14:56:21 2025
Summary: Security update for apache-commons-lang3
Type: security
Severity: moderate
References: 1246397,CVE-2025-48924
This update for apache-commons-lang3 fixes the following issues:
- Update to version 3.18.0
- CVE-2025-48924: Fixed an uncontrolled recursion vulnerability that may lead to a DoS. (bsc#1246397)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2841-1
Released: Mon Aug 18 13:01:25 2025
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1246697
This update for openssl-1_1 fixes the following issues:
- FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test
instead of NID_secp256k1. [bsc#1246697]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2921-1
Released: Tue Aug 19 16:54:12 2025
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: important
References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690
This update for libzypp, zypper fixes the following issues:
- Fix evaluation of libproxy results (bsc#1247690)
- Replace URL variables inside mirrorlist/metalink files
- Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054)
- During installation indicate the backend being used (bsc#1246038)
If some package actually needs to know, it should test for
ZYPP_CLASSIC_RPMTRANS being set in the environment.
Otherwise the transaction is driven by librpm.
- Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459)
- Verbose log libproxy results if PX_DEBUG=1 is set.
- BuildRequires: cmake >= 3.17.
- Allow explicit request to probe an added repo's URL (bsc#1246466)
- Fix tests with -DISABLE_MEDIABACKEND_TESTS=1
- Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149)
- Add regression test for (bsc#1245220) and some other filesize related tests.
- Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466)
- Accept 'show' as alias for 'info' (bsc#1245985)
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:2931-1
Released: Wed Aug 20 17:39:18 2025
Summary: Optional update for rsyslog
Type: optional
Severity: low
References:
This update for rsyslog fixes the following issues:
- Add rsyslog-module-kafka to Package HUB
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2956-1
Released: Fri Aug 22 08:57:48 2025
Summary: Recommended update for openssl-3
Type: recommended
Severity: moderate
References: 1247144,1247148
This update for openssl-3 fixes the following issues:
- Increased limit for CRL download (bsc#1247148, bsc#1247144)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2964-1
Released: Fri Aug 22 14:52:39 2025
Summary: Security update for glibc
Type: security
Severity: moderate
References: 1240058,1246965,CVE-2025-8058
This update for glibc fixes the following issues:
- CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2970-1
Released: Mon Aug 25 10:27:57 2025
Summary: Security update for pam
Type: security
Severity: moderate
References: 1232234,1246221,CVE-2024-10041
This update for pam fixes the following issues:
- Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2985-1
Released: Mon Aug 25 15:55:03 2025
Summary: Security update for python-urllib3
Type: security
Severity: moderate
References: 1244925,CVE-2025-50181
This update for python-urllib3 fixes the following issues:
- CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2986-1
Released: Tue Aug 26 12:41:07 2025
Summary: Security update for postgresql17
Type: security
Severity: important
References: 1248119,1248120,1248122,CVE-2025-8713,CVE-2025-8714,CVE-2025-8715
This update for postgresql17 fixes the following issues:
Updated to 17.6:
* CVE-2025-8713: Fixed optimizer statistics exposing
sampled data within a view, partition, or child table
(bsc#1248120)
* CVE-2025-8714: Fixed untrusted data inclusion in pg_dump
allows superuser of origin server to execute arbitrary code
in psql client (bsc#1248122)
* CVE-2025-8715: Fixed improper neutralization of newlines
in pg_dump leading to arbitrary code execution in the psql
client and in the restore target server (bsc#1248119)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3024-1
Released: Fri Aug 29 14:40:10 2025
Summary: Security update for tomcat
Type: security
Severity: important
References: 1243895,1246318,1246388,1246389,CVE-2025-48989,CVE-2025-49125,CVE-2025-52434,CVE-2025-52520,CVE-2025-53506
This update for tomcat fixes the following issues:
Updated to 9.0.108:
- CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload (bsc#1246388)
- CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318)
- CVE-2025-52434: Fixed race condition on connection close when using the APR/Native connector leading to a JVM crash (bsc#1246389)
- CVE-2025-48989: Fixed 'MadeYouReset' DoS in HTTP/2 due to client triggered stream reset (bsc#1243895)
Other:
- Correct a regression in the fix for CVE-2025-49125 that
prevented access to PreResources and PostResources when mounted below the
web application root with a path that was terminated with a file
separator.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3025-1
Released: Fri Aug 29 14:42:18 2025
Summary: Security update for javamail
Type: security
Severity: moderate
References: 1246873,CVE-2025-7962
This update for javamail fixes the following issues:
- Update to version 1.6.2
- CVE-2025-7962: Fixed an improper neutralization of \r and \n UTF-8 characters can lead to SMTP injection (bsc#1246873)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3066-1
Released: Thu Sep 4 08:37:17 2025
Summary: Recommended update for systemd-presets-branding-SLE
Type: recommended
Severity: moderate
References: 1244553,1246835
This update for systemd-presets-branding-SLE fixes the following issues:
- Enable sysstat_collect.timer and sysstat_summary.timer
(bsc#1244553, bsc#1246835).
- Modified default SLE presets.
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:3094-1
Released: Mon Sep 8 11:46:41 2025
Summary: Optional update for NetworkManager
Type: optional
Severity: low
References: 1246113
This update for NetworkManager fixes the following issue
- Add NetworkManager-wwan to SLE-Module-Desktop-Applications_15-SP7 (bsc#1246113)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3114-1
Released: Tue Sep 9 12:35:12 2025
Summary: Security update for netty, netty-tcnative
Type: security
Severity: important
References: 1247991,1249116,1249134,CVE-2025-55163,CVE-2025-58056,CVE-2025-58057
This update for netty, netty-tcnative fixes the following issues:
Upgrade to upstream version 4.1.126.
Security issues fixed:
- CVE-2025-58057: decompression codecs allocating a large number of buffers after processing specially crafted input can
cause a denial of service (bsc#1249134).
- CVE-2025-58056: incorrect parsing of chunk extensions can lead to request smuggling (bsc#1249116).
- CVE-2025-55163: 'MadeYouReset' denial of serivce attack in the HTTP/2 protocol (bsc#1247991).
Other issues fixed:
- Fixes from version 4.1.126
* Fix IllegalReferenceCountException on invalid upgrade response.
* Drop unknown frame on missing stream.
* Don't try to handle incomplete upgrade request.
* Update to netty-tcnative 2.0.73Final.
- Fixes from version 4.1.124
* Fix NPE and AssertionErrors when many tasks are scheduled and cancelled.
* HTTP2: Http2ConnectionHandler should always use Http2ConnectionEncoder.
* Epoll: Correctly handle UDP packets with source port of 0.
* Fix netty-common OSGi Import-Package header.
* MqttConnectPayload.toString() includes password.
- Fixes from version 4.1.123
* Fix chunk reuse bug in adaptive allocator.
* More accurate adaptive memory usage accounting.
* Introduce size-classes for the adaptive allocator.
* Reduce magazine proliferation eagerness.
* Fix concurrent ByteBuffer access issue in AdaptiveByteBuf.getBytes.
* Fix possible buffer corruption caused by incorrect setCharSequence(...) implementation.
* AdaptiveByteBuf: Fix AdaptiveByteBuf.maxFastWritableBytes() to take writerIndex() into account.
* Optimize capacity bumping for adaptive ByteBufs.
* AbstractDnsRecord: equals() and hashCode() to ignore name field's case.
* Backport Unsafe guards.
* Guard recomputed offset access with hasUnsafe.
* HTTP2: Always produce a RST frame on stream exception.
* Correct what artifacts included in netty-bom.
- Fixes from version 4.1.122
* DirContextUtils.addNameServer(...) should just catch Exception internally.
* Make public API specify explicit maxAllocation to prevent OOM.
* Fix concurrent ByteBuf write access bug in adaptive allocator.
* Fix transport-native-kqueue Bundle-SymbolicNames.
* Fix resolver-dns-native-macos Bundle-SymbolicNames.
* Always correctly calculate the memory address of the ByteBuf even if sun.misc.Unsafe is not usable.
* Upgrade lz4 dependencies as the old version did not correctly handle ByteBuffer that have an arrayOffset > 0.
* Optimize ByteBuf.setCharSequence for adaptive allocator.
* Kqueue: Fix registration failure when fd is reused.
* Make JdkZlibEncoder accept Deflater.DEFAULT_COMPRESSION as level.
* Ensure OpenSsl.availableJavaCipherSuites does not contain null values.
* Always prefer direct buffers for pooled allocators if not explicit disabled.
* Update to netty-tcnative 2.0.72.Final.
* Re-enable sun.misc.Unsafe by default on Java 24+.
* Kqueue: Delay removal from registration map to fix noisy warnings.
- Fixes from version 4.1.121
* Epoll.isAvailable() returns false on Ubuntu 20.04/22.04 arch amd64.
* Fix transport-native-epoll Bundle-SymbolicNames.
- Fixes from version 4.1.120
* Fix flawed termination condition check in HttpPostRequestEncoder#encodeNextChunkUrlEncoded(int) for current
InterfaceHttpData.
* Exposed decoderEnforceMaxConsecutiveEmptyDataFrames and decoderEnforceMaxRstFramesPerWindow.
* ThreadExecutorMap must restore old EventExecutor.
* Make Recycler virtual thread friendly.
* Disable sun.misc.Unsafe by default on Java 24+.
* Adaptive: Correctly enforce leak detection when using AdaptiveByteBufAllocator.
* Add suppressed exception to original cause when calling Future.sync*.
* Add SETTINGS_ENABLE_CONNECT_PROTOCOL to the default HTTP/2 settings.
* Correct computation for suboptimal chunk retirement probability.
* Fix bug in method AdaptivePoolingAllocator.allocateWithoutLock(...).
* Fix a Bytebuf leak in TcpDnsQueryDecoder.
* SSL: Clear native error if named group is not supported.
* WebSocketClientCompressionHandler shouldn't claim window bits support when jzlib is not available.
* Fix the assignment error of maxQoS parameter in ConnAck Properties.
- Fixes from version 4.1.119
* Replace SSL assertion with explicit record length check.
* Fix NPE when upgrade message fails to aggregate.
* SslHandler: Fix possible NPE when executor is used for delegating.
* Consistently add channel info in HTTP/2 logs.
* Add QueryStringDecoder option to leave '+' alone.
* Use initialized BouncyCastle providers when available.
- Fix pom.xml errors that will be fatal with Maven 4
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3132-1
Released: Wed Sep 10 13:54:02 2025
Summary: Recommended update for salt and Python dependencies
Type: recommended
Severity: moderate
References:
This update for salt and Python dependencies fixes the following issues:
- Implementation of python311-salt package and required Python 3.11 dependencies on SUSE Linux Enterprise 15 SP4
(no source changes) (jsc#PED-13283)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3005-1
Released: Thu Sep 11 12:21:40 2025
Summary: Security update for postgresql16
Type: security
Severity: important
References: 1248119,1248120,1248122,CVE-2025-8713,CVE-2025-8714,CVE-2025-8715
This update for postgresql16 fixes the following issues:
Upgraded to 16.10:
* CVE-2025-8713: Fixed optimizer statistics exposing
sampled data within a view, partition, or child table
(bsc#1248120)
* CVE-2025-8714: Fixed untrusted data inclusion in pg_dump
allows superuser of origin server to execute arbitrary code
in psql client (bsc#1248122)
* CVE-2025-8715: Fixed improper neutralization of newlines
in pg_dump leading to arbitrary code execution in the psql
client and in the restore target server (bsc#1248119)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3198-1
Released: Fri Sep 12 14:15:08 2025
Summary: Security update for curl
Type: security
Severity: important
References: 1228260,1236589,1243397,1243706,1243933,1246197,1249191,1249348,1249367,CVE-2024-6874,CVE-2025-0665,CVE-2025-10148,CVE-2025-4947,CVE-2025-5025,CVE-2025-5399,CVE-2025-9086
This update for curl fixes the following issues:
Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
Security issues fixed:
- CVE-2025-0665: eventfd double close can cause libcurl to act unreliably (bsc#1236589).
- CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks (bsc#1243397).
- CVE-2025-5025: no QUIC certificate pinning with wolfSSL can lead to connections to impostor servers that are not
easily noticed (bsc#1243706).
- CVE-2025-5399: bug in websocket code can cause libcurl to get trapped in an endless busy-loop when processing
specially crafted packets (bsc#1243933).
- CVE-2024-6874: punycode conversions to/from IDN can leak stack content when libcurl is built to use the macidn IDN
backend (bsc#1228260).
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix wrong return code when --retry is used (bsc#1249367).
* tool_operate: fix return code when --retry is used but not triggered [b42776b]
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Fixed with version 8.14.1:
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3216-1
Released: Mon Sep 15 08:37:40 2025
Summary: Recommended update for
Type: recommended
Severity: important
References: 1246081
This update for fixes the following issues:
- Add lmdb binary into Basesystem 15-SP6 and 15-SP7 (bsc#1246081)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3241-1
Released: Wed Sep 17 08:28:28 2025
Summary: Recommended update for salt-shaptools
Type: recommended
Severity: important
References: 1248174
This update for salt-shaptools fixes the following issues:
- Fix crmsh import usage using crm binary python version.
This enables salt modules/states correct usage when the Salt Bundle is used (bsc#1248174)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3268-1
Released: Thu Sep 18 13:08:10 2025
Summary: Security update for curl
Type: security
Severity: important
References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3285-1
Released: Sun Sep 21 11:18:05 2025
Summary: Security update for mybatis, ognl
Type: security
Severity: important
References: 1248252,CVE-2025-53192
This update for mybatis, ognl fixes the following issues:
Version update to 3.5.7:
* Bug fixes:
+ Improved performance under JDK 8. #2223
Version update to 3.5.8:
* List of changes:
+ Avoid NullPointerException when mapping an empty string to
java.lang.Character. #2368
+ Fixed an incorrect argument when initializing static object.
This resolves a compatibility issue with quarkus-mybatis.
#2284
+ Performance improvements. #2297 #2335 #2340
Version update to 3.5.9:
* List of changes:
+ Add nullable to <foreach />. If enabled, it skips the
iteration when the collection is null instead of throwing an
exception. To enable this feature globally, set
nullableOnForEach=true in the config. #1883
Version update to 3.5.10:
* Bug fixes:
+ Unexpected illegal reflective access warning (or
InaccessibleObjectException on Java 16+) when calling method
in OGNL expression. #2392
+ IllegalAccessException when auto-mapping Records (JEP-359)
#2195
+ 'interrupted' status is not set when
PooledConnection#getConnection() is interrupted. #2503
* Enhancements:
+ A new option argNameBasedConstructorAutoMapping is added. If
enabled, constructor argument names are used to look up
columns when auto-mapping. #2192
+ Added a new property skipSetAutoCommitOnClose to
JdbcTransactionFactory. Skipping setAutoCommit() call could
improve performance with some drivers. #2426
+ <idArg /> can now be listed after <arg /> in <constructor />.
#2541
Version update to 3.5.11:
* Bug fixes:
+ OGNL could throw IllegalArgumentException when invoking
inherited method. #2609
+ returnInstanceForEmptyRow is not applied to constructor
auto-mapping. #2665
Version update to 3.5.12
* User impactful changes
+ #2703 Referencing collection parameter by name fails fixing
#2693
+ #2709 Fix a race condition caused by other threads calling
mapper methods while mapped tables are being constructed
+ #2727 Enable ability to provide custom configuration to
XMLConfigBuilder
+ #2731 Adding mapper could fail under JPMS
+ #2741 Add 'affectedData' attribute to @select,
@SelectProvider, and <select />
+ #2767 Resolve resultType by namespace and id when not
provided resultType and resultMap
+ #2804 Search readable property when resolving constructor arg
type by name
+ Minor correction: 'boolean' can never be null (primative)
+ General library updates
+ Uses parameters option for compiler now (needed by spring boot
3) (for reflection needs)
* Code cleanup
+ #2816 Use open rewrite to partially cleanup java code
+ #2817 Add private constructors per open rewrite
+ #2819 Add final where appropriate per open rewrite
+ #2825 Cleanup if statement breaks / return logic
+ #2826 Eclipse based cleanup
* Build
+ #2820 Remove test ci group profile in favor of more direct
usage on GH-Actions and update deprecated surefire along in
overview in README.md
+ Adjustments to build so shaded ognl and javassist no longer
throw warnings
+ Build with jdk 21-ea as well now
+ Various test cleanup, updates, and additions
+ Turn on auto formatting of all java code including note to
contributors on readme to skip formatting when necessary in
code blocks
+ Tests may use jdk 11 now while retaining jdk 8 runtime
+ Pom cleanup / better clarification on parameters
* Documentation
+ Various documentation updates
Version update to 3.5.13:
* Bug fix:
+ Unable to resolve result type when the target property has
a getter with different return type #2834
Version update to 3.5.14:
* Bug fixes:
+ Registered type handler is not used for anonymous enums #2956
+ Discriminator does not work in constructor mapping #2913
Version update to 3.5.15:
* Changes
+ XNode#toString() should output all child nodes. See #3001 and
associated tickets on this issue
+ Fix performance of mappedColumnNames.contains by using 'set'
rather than 'list'. See #3023
+ Fix osgi issue with javassist. See #3031
+ Updated shaded OGNL to 3.4.2. See #3035
+ Add support method for generating dynamic sql on SQL class.
See #2887
+ General library updates
+ General document updates
* Build
+ We now show builds from java 11, 17, 21, and 22 on Github
Actions. Code is still java 8 compatible at this time.
+ Update vulnerable hsqldb to 2.7.2 fixing our tests that now
work due to newer support. Note, users were never affected by
this but at least one user pull request was attempted opened
in addition to both renovate and dependabot and various
reporting on it.
+ Now using more properties to define versions in pom to lower
the frequency of pull requests from renovate
Version update to 3.5.16:
* Security:
+ Prevent Invocation from being used by vulnerable applications.
#3115
* Bugs:
+ When database ID resolution is failed, invalid bound statement
is used. #3040
* Enhancements:
+ It is now possible to write a custom map wrapper to customize
how to map column name with dots or brackets. #13 #3062
* Performance:
+ Improved compatibility with Virtual Threads introduced by
Loom.
+ Reduced memory footprint when performing the default (i.e.
order based) constructor auto-mapping. #3113
* Build:
+ Include the shaded libraries (OGNL and Javassist) in the
sources.jar.
Version update to 3.5.17:
* Bugs:
+ VendorDatabaseIdProvider#getDatabaseId() should return product
name when properties is empty #3297
+ Update NClobTypeHandler to use methods for national character
set #3298
* Enhancements:
+ Allow DefaultSqlSessionFactory to provide a custom
SqlSession #3128
Version update to 3.5.18:
* Regressions
+ Fixed issue in 3.5.17 #3334
* New
+ Ignore empty xnode per #3349
+ Share expression validator #3339
+ Throw helpful error instead of IndexOutOfBoundsException
(automapping) #3327
+ Optimize mapper builder #3252
* Tests
+ Add TransactionFactory, Transaction test cases #3277
* Build
+ Reworked pom to match current java 17 build usage
+ Moved all tests to newer java standards
+ Cleaned up github actions
+ Run 'site' branch only on release commits
Version update to 3.5.19:
* Revert Regression introduced by #3349.
- Initial packaging with version 3.4.7
ognl replaces the EOLed apache-commons-ognl that has an unpatched
security bug (bsc#1248252, CVE-2025-53192)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3300-1
Released: Tue Sep 23 11:03:41 2025
Summary: Security update for vim
Type: security
Severity: moderate
References: 1246602,1246604,1247938,1247939,CVE-2025-53905,CVE-2025-53906,CVE-2025-55157,CVE-2025-55158
This update for vim fixes the following issues:
Updated to 9.1.1629:
- CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim’s tar.vim plugin (bsc#1246604)
- CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim’s zip (bsc#1246602)
- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938)
- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3333-1
Released: Wed Sep 24 08:55:10 2025
Summary: Security update for avahi
Type: security
Severity: moderate
References: 1233421,CVE-2024-52615
This update for avahi fixes the following issues:
- CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing
attacks (bsc#1233421).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3369-1
Released: Fri Sep 26 12:54:43 2025
Summary: Security update for libssh
Type: security
Severity: moderate
References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277
This update for libssh fixes the following issues:
- CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is
repeated with incorrect guesses (bsc#1249375).
- CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID
(bsc#1246974).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3371-1
Released: Fri Sep 26 13:41:03 2025
Summary: Recommended update for sysconfig
Type: recommended
Severity: important
References: 1237595
This update for sysconfig fixes the following issues:
- Update to version 0.85.10
- codespell run for all repository files and changes file
- spec: define permissions for ghost file attrs to avoid
rpm --restore resets them to 0 (bsc#1237595).
- spec: fix name-repeated-in-summary rpmlint warning
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3372-1
Released: Fri Sep 26 13:42:10 2025
Summary: Recommended update for iproute2
Type: recommended
Severity: important
References: 1243005,1248660
This update for iproute2 fixes the following issues:
- add post-6.4 follow-up fixes (bsc#1243005)
- sync UAPI header copies with SLE15-SP6 kernel
- devlink: support ipsec_crypto and ipsec_packet cap (bsc#1248660)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3431-1
Released: Tue Sep 30 15:51:12 2025
Summary: Recommended update for bind
Type: recommended
Severity: important
References: 1230649
This update for bind fixes the following issues:
- ensure file descriptors 0-2 are in use before using libuv (bsc#1230649)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3442-1
Released: Tue Sep 30 16:54:04 2025
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1250232,CVE-2025-9230
This update for openssl-3 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3443-1
Released: Tue Sep 30 16:54:54 2025
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1250232,CVE-2025-9230
This update for openssl-1_1 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3487-1
Released: Wed Oct 8 08:17:19 2025
Summary: Recommended update for grub2
Type: recommended
Severity: important
References: 1249088
This update for grub2 fixes the following issues:
- Fix boot hangs in setting up serial console when ACPI SPCR table is present
and redirection is disabled (bsc#1249088)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3591-1
Released: Mon Oct 13 15:33:33 2025
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: important
References: 1230267,1246912,1250343
This update for libzypp, zypper fixes the following issues:
- runposttrans: strip root prefix from tmppath (bsc#1250343)
- fixup! Make ld.so ignore the subarch packages during install (bsc#1246912)
- Make ld.so ignore the subarch packages during install (bsc#1246912)
- Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines.
- Changes to support building against restructured libzypp in stack build (bsc#1230267)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3612-1
Released: Thu Oct 16 06:04:17 2025
Summary: Security update for samba
Type: security
Severity: critical
References: 1251279,1251280,CVE-2025-10230,CVE-2025-9640
This update for samba fixes the following issues:
- CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279).
- CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3623-1
Released: Thu Oct 16 16:36:00 2025
Summary: Recommended update for sudo
Type: recommended
Severity: important
References: 1240954,1245743
This update for sudo fixes the following issues:
- Fix loss of SSH connection does not propagate through sudo (bsc#1240954, bsc#1245743).
If user's tty goes away, tell monitor to revoke the tty in its session.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3624-1
Released: Thu Oct 16 21:59:19 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1249584,CVE-2025-59375
This update for expat fixes the following issues:
- CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations
by submitting crafted XML input (bsc#1249584).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3699-1
Released: Tue Oct 21 12:07:47 2025
Summary: Security update for krb5
Type: security
Severity: moderate
References: 1241219,CVE-2025-3576
This update for krb5 fixes the following issues:
- CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using
RC4-HMAC-MD5 (bsc#1241219).
Krb5 as very old protocol supported quite a number of ciphers
that are not longer up to current cryptographic standards.
To avoid problems with those, SUSE has by default now disabled
those alorithms.
The following algorithms have been removed from valid krb5 enctypes:
- des3-cbc-sha1
- arcfour-hmac-md5
To reenable those algorithms, you can use allow options in krb5.conf:
[libdefaults]
allow_des3 = true
allow_rc4 = true
to reenable them.
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:3746-1
Released: Thu Oct 23 10:33:56 2025
Summary: Optional update for perl packages
Type: optional
Severity: low
References: 1244183
This update for perl packages fixes the following issues:
- Add packages needed by products like openQA (bsc#1244183).
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:3747-1
Released: Thu Oct 23 10:34:49 2025
Summary: Optional update for python-tempora
Type: optional
Severity: low
References: 37681
This update for python-tempora fixes the following issue:
- Use update-alternatives tempora binaries (bsc#1223694)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3804-1
Released: Mon Oct 27 12:35:04 2025
Summary: Security update for mozilla-nss
Type: security
Severity: important
References: 1251263,CVE-2025-9187
This update for mozilla-nss fixes the following issues:
- Move NSS DB password hash away from SHA-1
Update to NSS 3.112.2:
* Prevent leaks during pkcs12 decoding.
* SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates
Update to NSS 3.112.1:
* restore support for finding certificates by decoded serial number.
-----------------------------------------------------------------
Advisory ID: SUSE-Manager-5.0-2025-3825
Released: Tue Oct 28 08:25:58 2025
Summary: Security update 5.0.5.1 for for Multi-Linux Manager
Type: security
Severity: important
References: 1227577,1231150,1231157,1246277,1246421,1246439,1248085,1248252,1250911,CVE-2025-53192,CVE-2025-53880,CVE-2025-53883
Security update 5.0.5.1 for for Multi-Linux Manager: Server, Proxy and Retail Branch Server
This is a codestream only update
The following package changes have been done:
- crypto-policies-20230920.570ea89-150600.3.12.1 updated
- libssh-config-0.9.8-150600.11.6.1 updated
- glibc-2.38-150600.14.37.1 updated
- boost-license1_66_0-1.66.0-150200.12.7.1 updated
- libbrotlicommon1-1.0.7-150200.3.5.1 updated
- libbrotlidec1-1.0.7-150200.3.5.1 updated
- libxml2-2-2.10.3-150500.5.32.1 updated
- libsqlite3-0-3.50.2-150000.3.33.1 updated
- libgcc_s1-14.3.0+git11799-150000.1.11.1 updated
- libstdc++6-14.3.0+git11799-150000.1.11.1 updated
- libudev1-254.27-150600.4.43.3 updated
- libopenssl3-3.1.4-150600.5.39.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.39.1 updated
- libssh4-0.9.8-150600.11.6.1 updated
- libboost_system1_66_0-1.66.0-150200.12.7.1 updated
- libboost_thread1_66_0-1.66.0-150200.12.7.1 updated
- libcurl4-8.14.1-150600.4.28.1 updated
- pam-1.3.0-150000.6.86.1 updated
- libsolv-tools-base-0.7.34-150600.8.17.2 updated
- libzypp-17.37.18-150600.3.82.1 updated
- zypper-1.14.94-150600.10.52.1 updated
- curl-8.14.1-150600.4.28.1 updated
- openssl-3-3.1.4-150600.5.39.1 updated
- libexpat1-2.7.1-150400.3.31.1 updated
- update-alternatives-1.19.0.4-150000.4.7.1 updated
- libsystemd0-254.27-150600.4.43.3 updated
- systemd-presets-branding-SLE-15.1-150600.35.3.1 updated
- systemd-254.27-150600.4.43.3 updated
- krb5-1.20.1-150600.11.14.1 updated
- glibc-locale-base-2.38-150600.14.37.1 updated
- libarchive13-3.7.2-150600.3.17.1 updated
- libatomic1-14.3.0+git11799-150000.1.11.1 updated
- libavahi-common3-0.8-150600.15.9.1 updated
- libbrotlienc1-1.0.7-150200.3.5.1 updated
- libfreebl3-3.112.2-150400.3.60.1 updated
- libgomp1-14.3.0+git11799-150000.1.11.1 updated
- libitm1-14.3.0+git11799-150000.1.11.1 updated
- liblmdb-0_9_30-0.9.30-150500.3.2.1 updated
- liblsan0-14.3.0+git11799-150000.1.11.1 updated
- libopenssl1_1-1.1.1w-150600.5.18.1 updated
- libpq5-17.6-150600.13.16.1 updated
- libquadmath0-14.3.0+git11799-150000.1.11.1 updated
- libsolv-tools-0.7.34-150600.8.17.2 updated
- libwayland-client0-1.22.0-150600.1.6 added
- libxml2-tools-2.10.3-150500.5.32.1 updated
- libyaml-0-2-0.1.7-150000.3.4.1 updated
- release-notes-susemanager-5.0.5.1-150600.11.42.2 updated
- sudo-1.9.15p5-150600.3.12.1 updated
- systemd-rpm-macros-16-150000.7.42.1 updated
- uyuni-config-modules-5.0.17-150600.3.22.1 updated
- vim-data-common-9.1.1629-150500.20.33.1 updated
- glibc-locale-2.38-150600.14.37.1 updated
- libavahi-client3-0.8-150600.15.9.1 updated
- libpython3_6m1_0-3.6.15-150300.10.97.1 updated
- python3-base-3.6.15-150300.10.97.1 updated
- python3-3.6.15-150300.10.97.2 updated
- python3-curses-3.6.15-150300.10.97.2 updated
- postgresql16-16.10-150600.16.21.1 updated
- bind-utils-9.18.33-150600.3.9.1 updated
- iproute2-6.4-150600.7.9.1 updated
- glibc-devel-2.38-150600.14.37.1 updated
- mozilla-nss-certs-3.112.2-150400.3.60.1 updated
- spacewalk-java-lib-5.0.28-150600.3.36.8 updated
- vim-9.1.1629-150500.20.33.1 updated
- perl-DBI-1.647.0-150600.12.6.1 updated
- apache2-prefork-2.4.58-150600.5.35.1 updated
- libgnutls30-3.8.3-150600.4.9.1 updated
- sysconfig-0.85.10-150200.15.1 updated
- sysconfig-netconfig-0.85.10-150200.15.1 updated
- python3-zypp-plugin-0.6.5-150600.18.8.1 updated
- python3-solv-0.7.34-150600.8.17.2 updated
- python3-six-1.14.0-150200.15.1 updated
- python3-pytz-2022.1-150300.3.9.1 updated
- python3-pyparsing-2.4.7-150300.3.3.1 updated
- python3-pycparser-2.17-150000.3.5.1 updated
- python3-pyasn1-0.4.2-150000.3.8.1 updated
- python3-more-itertools-8.10.0-150400.10.1 updated
- python3-iniconfig-1.1.1-150000.1.13.1 updated
- python3-idna-2.6-150000.3.6.1 updated
- python3-defusedxml-0.6.0-1.42 added
- python3-decorator-4.4.2-150200.7.6.1 updated
- python3-chardet-3.0.4-150000.5.6.1 updated
- python3-certifi-2018.1.18-150000.3.6.1 updated
- python3-asn1crypto-0.24.0-150000.3.5.1 updated
- python3-appdirs-1.4.3-150000.3.3.1 updated
- python3-PyYAML-5.4.1-150300.3.6.1 updated
- postgresql16-server-16.10-150600.16.21.1 updated
- mozilla-nss-3.112.2-150400.3.60.1 updated
- libsoftokn3-3.112.2-150400.3.60.1 updated
- perl-DBD-Pg-3.18.0-150600.14.6.1 updated
- apache2-2.4.58-150600.5.35.1 updated
- grub2-2.12-150600.8.37.1 updated
- grub2-i386-pc-2.12-150600.8.37.1 updated
- rsyslog-8.2406.0-150600.12.8.1 updated
- salt-shaptools-0.3.19+git.1757602235.33fff4c-150200.3.15.1 updated
- python3-python-dateutil-2.8.1-150300.3.3.1 updated
- python3-tempora-1.8-150200.3.8.1 updated
- python3-packaging-21.3-150200.3.6.1 updated
- python3-cffi-1.13.2-150200.3.5.1 updated
- python3-libxml2-2.10.3-150500.5.32.1 updated
- python3-py-1.10.0-150100.5.15.1 updated
- postgresql16-contrib-16.10-150600.16.21.1 updated
- samba-client-libs-4.19.8+git.435.78ced6cf30d-150600.3.21.1 updated
- libnm0-1.44.2-150600.3.4.1 updated
- java-17-openjdk-headless-17.0.16.0-150400.3.57.1 updated
- perl-HTML-Parser-3.830.0-150000.3.3.1 updated
- susemanager-build-keys-15.5.3-150600.5.12.1 updated
- grub2-x86_64-efi-2.12-150600.8.37.1 updated
- grub2-powerpc-ieee1275-2.12-150600.8.37.1 updated
- grub2-arm64-efi-2.12-150600.8.37.1 updated
- python3-setuptools-44.1.1-150400.9.15.1 updated
- spacewalk-backend-sql-postgresql-5.0.15-150600.4.20.9 updated
- typelib-1_0-NM-1_0-1.44.2-150600.3.4.1 updated
- tomcat-servlet-4_0-api-9.0.108-150200.91.1 updated
- tomcat-el-3_0-api-9.0.108-150200.91.1 updated
- apache-commons-lang3-3.18.0-150200.3.12.1 updated
- java-17-openjdk-17.0.16.0-150400.3.57.1 updated
- spacewalk-base-minimal-5.0.22-150600.3.30.10 updated
- susemanager-build-keys-web-15.5.3-150600.5.12.1 updated
- python3-cryptography-3.3.2-150400.26.1 updated
- tomcat-jsp-2_3-api-9.0.108-150200.91.1 updated
- ognl-3.4.7-150200.5.3.1 added
- javamail-1.6.2-150200.3.7.1 updated
- netty-4.1.126-150200.4.34.1 updated
- python3-firewall-2.0.1-150600.3.12.1 updated
- spacewalk-base-minimal-config-5.0.22-150600.3.30.10 updated
- python3-pyOpenSSL-21.0.0-150400.10.1 updated
- tomcat-lib-9.0.108-150200.91.1 updated
- mybatis-3.5.19-150200.5.9.1 updated
- firewalld-2.0.1-150600.3.12.1 updated
- python3-urllib3-1.25.10-150300.4.18.1 updated
- python3-rhnlib-5.0.5-150600.4.6.4 updated
- python3-requests-2.25.1-150300.3.18.1 updated
- spacewalk-backend-5.0.15-150600.4.20.9 updated
- spacewalk-base-5.0.22-150600.3.30.10 updated
- spacewalk-search-5.0.5-150600.3.9.2 updated
- fence-agents-4.13.1+git.1704296072.32469f29-150600.3.22.1 updated
- spacewalk-backend-sql-5.0.15-150600.4.20.9 updated
- tomcat-9.0.108-150200.91.1 updated
- spacewalk-backend-server-5.0.15-150600.4.20.9 updated
- susemanager-sls-5.0.17-150600.3.22.1 updated
- spacewalk-java-postgresql-5.0.28-150600.3.36.8 updated
- spacewalk-java-config-5.0.28-150600.3.36.8 updated
- spacewalk-backend-xmlrpc-5.0.15-150600.4.20.9 updated
- spacewalk-backend-xml-export-libs-5.0.15-150600.4.20.9 updated
- spacewalk-backend-package-push-server-5.0.15-150600.4.20.9 updated
- spacewalk-backend-iss-5.0.15-150600.4.20.9 updated
- spacewalk-backend-app-5.0.15-150600.4.20.9 updated
- saltboot-formula-0.1.1750679229.f368550-150600.3.9.2 updated
- spacewalk-html-5.0.22-150600.3.30.10 updated
- spacewalk-taskomatic-5.0.28-150600.3.36.8 updated
- spacewalk-java-5.0.28-150600.3.36.8 updated
- spacewalk-backend-iss-export-5.0.15-150600.4.20.9 updated
- spacewalk-backend-tools-5.0.15-150600.4.20.9 updated
- container:suse-manager-5.0-init-5.0.5.1-5.0.5.1-7.24.10 added
- apache-commons-ognl-4.0~20191021git51cf8f4-150200.5.7.6 removed
- container:suse-manager-5.0-init-5.0.5-5.0.5-7.21.12 removed
More information about the sle-container-updates
mailing list