From null at suse.de Tue Jul 1 12:30:10 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 01 Jul 2025 12:30:10 -0000 Subject: SUSE-SU-2025:02189-1: moderate: Security update for ImageMagick Message-ID: <175137301010.31446.8400970077449733641@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2025:02189-1 Release Date: 2025-07-01T11:48:52Z Rating: moderate References: * bsc#1235113 * bsc#1243622 Affected Products: * Desktop Applications Module 15-SP6 * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that has two security fixes can now be installed. ## Description: This update for ImageMagick fixes the following issues: * Restore SUSE specific hardening config policies that got lost in refactoring (bsc#1243622). * Fix issues leading to `magick -gamma` not producing expected image results (bsc#1235113). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-2189=1 openSUSE-SLE-15.6-2025-2189=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-2189=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-2189=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.8.1 * ImageMagick-extra-debuginfo-7.1.1.21-150600.3.8.1 * ImageMagick-extra-7.1.1.21-150600.3.8.1 * libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.8.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.8.1 * libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.8.1 * ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.8.1 * perl-PerlMagick-debuginfo-7.1.1.21-150600.3.8.1 * ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.8.1 * libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.8.1 * libMagick++-devel-7.1.1.21-150600.3.8.1 * ImageMagick-config-7-SUSE-7.1.1.21-150600.3.8.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.8.1 * ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.8.1 * ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.8.1 * ImageMagick-debugsource-7.1.1.21-150600.3.8.1 * ImageMagick-devel-7.1.1.21-150600.3.8.1 * perl-PerlMagick-7.1.1.21-150600.3.8.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.8.1 * ImageMagick-7.1.1.21-150600.3.8.1 * openSUSE Leap 15.6 (x86_64) * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.8.1 * libMagick++-7_Q16HDRI5-32bit-7.1.1.21-150600.3.8.1 * libMagick++-devel-32bit-7.1.1.21-150600.3.8.1 * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.8.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.1.21-150600.3.8.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.1.21-150600.3.8.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.1.21-150600.3.8.1 * ImageMagick-devel-32bit-7.1.1.21-150600.3.8.1 * openSUSE Leap 15.6 (noarch) * ImageMagick-doc-7.1.1.21-150600.3.8.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.8.1 * libMagick++-devel-64bit-7.1.1.21-150600.3.8.1 * libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.1.21-150600.3.8.1 * libMagick++-7_Q16HDRI5-64bit-7.1.1.21-150600.3.8.1 * ImageMagick-devel-64bit-7.1.1.21-150600.3.8.1 * libMagickWand-7_Q16HDRI10-64bit-7.1.1.21-150600.3.8.1 * libMagickCore-7_Q16HDRI10-64bit-7.1.1.21-150600.3.8.1 * libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.8.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.8.1 * libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.8.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.8.1 * libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.8.1 * ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.8.1 * ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.8.1 * libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.8.1 * libMagick++-devel-7.1.1.21-150600.3.8.1 * ImageMagick-config-7-SUSE-7.1.1.21-150600.3.8.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.8.1 * ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.8.1 * ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.8.1 * ImageMagick-debugsource-7.1.1.21-150600.3.8.1 * ImageMagick-devel-7.1.1.21-150600.3.8.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.8.1 * ImageMagick-7.1.1.21-150600.3.8.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * perl-PerlMagick-debuginfo-7.1.1.21-150600.3.8.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.8.1 * perl-PerlMagick-7.1.1.21-150600.3.8.1 * ImageMagick-debugsource-7.1.1.21-150600.3.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1235113 * https://bugzilla.suse.com/show_bug.cgi?id=1243622 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Jul 1 12:30:16 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 01 Jul 2025 12:30:16 -0000 Subject: SUSE-SU-2025:02188-1: moderate: Security update for ImageMagick Message-ID: <175137301632.31446.5395439064445107209@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2025:02188-1 Release Date: 2025-07-01T11:48:32Z Rating: moderate References: * bsc#1241658 * bsc#1241659 * bsc#1243622 Cross-References: * CVE-2025-43965 * CVE-2025-46393 CVSS scores: * CVE-2025-43965 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-43965 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L * CVE-2025-43965 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-46393 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-46393 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L * CVE-2025-46393 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Desktop Applications Module 15-SP7 * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for ImageMagick fixes the following issues: Security issues fixed: * CVE-2025-43965: mishandling of image depth after SetQuantumFormat is used in MIFF image processing (bsc#1241659). * CVE-2025-46393: mishandling of packet_size and rendering of channels in arbitrary order in multispectral MIFF image processing (bsc#1241658). Other issues fixed: * Restore SUSE specific hardening config policies that got lost in refactoring (bsc#1243622). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-2188=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-2188=1 ## Package List: * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libMagick++-devel-7.1.1.43-150700.3.3.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.43-150700.3.3.1 * libMagick++-7_Q16HDRI5-7.1.1.43-150700.3.3.1 * ImageMagick-debugsource-7.1.1.43-150700.3.3.1 * libMagickCore-7_Q16HDRI10-7.1.1.43-150700.3.3.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.43-150700.3.3.1 * ImageMagick-config-7-upstream-secure-7.1.1.43-150700.3.3.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.43-150700.3.3.1 * ImageMagick-debuginfo-7.1.1.43-150700.3.3.1 * ImageMagick-7.1.1.43-150700.3.3.1 * ImageMagick-config-7-upstream-websafe-7.1.1.43-150700.3.3.1 * ImageMagick-config-7-upstream-limited-7.1.1.43-150700.3.3.1 * libMagickWand-7_Q16HDRI10-7.1.1.43-150700.3.3.1 * ImageMagick-config-7-upstream-open-7.1.1.43-150700.3.3.1 * ImageMagick-devel-7.1.1.43-150700.3.3.1 * ImageMagick-config-7-SUSE-7.1.1.43-150700.3.3.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ImageMagick-debugsource-7.1.1.43-150700.3.3.1 * perl-PerlMagick-7.1.1.43-150700.3.3.1 * perl-PerlMagick-debuginfo-7.1.1.43-150700.3.3.1 * ImageMagick-debuginfo-7.1.1.43-150700.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-43965.html * https://www.suse.com/security/cve/CVE-2025-46393.html * https://bugzilla.suse.com/show_bug.cgi?id=1241658 * https://bugzilla.suse.com/show_bug.cgi?id=1241659 * https://bugzilla.suse.com/show_bug.cgi?id=1243622 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Jul 1 12:30:19 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 01 Jul 2025 12:30:19 -0000 Subject: SUSE-SU-2025:02187-1: important: Security update for xwayland Message-ID: <175137301926.31446.5618359590853015493@smelt2.prg2.suse.org> # Security update for xwayland Announcement ID: SUSE-SU-2025:02187-1 Release Date: 2025-07-01T11:48:12Z Rating: important References: * bsc#1244084 Cross-References: * CVE-2025-49176 CVSS scores: * CVE-2025-49176 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-49176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-49176 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for xwayland fixes the following issues: * CVE-2025-49176: Fixed the integer overflow in Big Requests Extension (bsc#1244084). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2025-2187=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * xwayland-24.1.5-150700.3.6.1 * xwayland-debugsource-24.1.5-150700.3.6.1 * xwayland-debuginfo-24.1.5-150700.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-49176.html * https://bugzilla.suse.com/show_bug.cgi?id=1244084 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Jul 1 12:30:21 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 01 Jul 2025 12:30:21 -0000 Subject: SUSE-SU-2025:02186-1: moderate: Security update for screen Message-ID: <175137302178.31446.14685923528215734336@smelt2.prg2.suse.org> # Security update for screen Announcement ID: SUSE-SU-2025:02186-1 Release Date: 2025-07-01T11:48:02Z Rating: moderate References: * bsc#1242269 Cross-References: * CVE-2025-46802 CVSS scores: * CVE-2025-46802 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-46802 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2025-46802 ( NVD ): 5.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-46802 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for screen fixes the following issues: Security issues fixed: * CVE-2025-46802: temporary `chmod` of a user's TTY to mode 0666 when attempting to attach to a multi-user session allows for TTY hijacking (bsc#1242269). Other issues fixed: * Use TTY file descriptor passing after a suspend (`MSG_CONT`). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2186=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * screen-4.0.4-23.9.1 * screen-debuginfo-4.0.4-23.9.1 * screen-debugsource-4.0.4-23.9.1 ## References: * https://www.suse.com/security/cve/CVE-2025-46802.html * https://bugzilla.suse.com/show_bug.cgi?id=1242269 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Jul 1 12:30:27 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 01 Jul 2025 12:30:27 -0000 Subject: SUSE-SU-2025:02184-1: important: Security update for jakarta-commons-fileupload Message-ID: <175137302747.31446.9394264924380843401@smelt2.prg2.suse.org> # Security update for jakarta-commons-fileupload Announcement ID: SUSE-SU-2025:02184-1 Release Date: 2025-07-01T08:14:16Z Rating: important References: * bsc#1244657 Cross-References: * CVE-2025-48976 CVSS scores: * CVE-2025-48976 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-48976 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-48976 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for jakarta-commons-fileupload fixes the following issues: Upgrade to upstream version 1.6.0 * CVE-2025-48976: Fixed allocation of resources for multipart headers with insufficient limits can lead to a DoS (bsc#1244657). Full changelog: https://commons.apache.org/proper/commons-fileupload/changes.html#a1.6.0 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-2184=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2184=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * jakarta-commons-fileupload-javadoc-1.6.0-126.3.1 * jakarta-commons-fileupload-1.6.0-126.3.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * jakarta-commons-fileupload-javadoc-1.6.0-126.3.1 * jakarta-commons-fileupload-1.6.0-126.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-48976.html * https://bugzilla.suse.com/show_bug.cgi?id=1244657 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Jul 1 16:30:03 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 01 Jul 2025 16:30:03 -0000 Subject: SUSE-SU-2025:02192-1: important: Security update for xorg-x11-server Message-ID: <175138740396.16034.6336100660504886349@smelt2.prg2.suse.org> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2025:02192-1 Release Date: 2025-07-01T15:07:21Z Rating: important References: * bsc#1244084 Cross-References: * CVE-2025-49176 CVSS scores: * CVE-2025-49176 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-49176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-49176 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2025-49176: Fixed the integer overflow in Big Requests Extension (bsc#1244084). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-2192=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2192=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2192=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2192=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2192=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-2192=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2025-2192=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2192=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * xorg-x11-server-extra-1.20.3-150400.38.60.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.60.1 * xorg-x11-server-debugsource-1.20.3-150400.38.60.1 * xorg-x11-server-1.20.3-150400.38.60.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.60.1 * xorg-x11-server-source-1.20.3-150400.38.60.1 * xorg-x11-server-sdk-1.20.3-150400.38.60.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * xorg-x11-server-extra-1.20.3-150400.38.60.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.60.1 * xorg-x11-server-debugsource-1.20.3-150400.38.60.1 * xorg-x11-server-1.20.3-150400.38.60.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.60.1 * xorg-x11-server-sdk-1.20.3-150400.38.60.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * xorg-x11-server-extra-1.20.3-150400.38.60.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.60.1 * xorg-x11-server-debugsource-1.20.3-150400.38.60.1 * xorg-x11-server-1.20.3-150400.38.60.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.60.1 * xorg-x11-server-sdk-1.20.3-150400.38.60.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-1.20.3-150400.38.60.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.60.1 * xorg-x11-server-debugsource-1.20.3-150400.38.60.1 * xorg-x11-server-1.20.3-150400.38.60.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.60.1 * xorg-x11-server-sdk-1.20.3-150400.38.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * xorg-x11-server-extra-1.20.3-150400.38.60.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.60.1 * xorg-x11-server-debugsource-1.20.3-150400.38.60.1 * xorg-x11-server-1.20.3-150400.38.60.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.60.1 * xorg-x11-server-sdk-1.20.3-150400.38.60.1 * SUSE Manager Proxy 4.3 (x86_64) * xorg-x11-server-extra-1.20.3-150400.38.60.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.60.1 * xorg-x11-server-debugsource-1.20.3-150400.38.60.1 * xorg-x11-server-1.20.3-150400.38.60.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.60.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * xorg-x11-server-extra-1.20.3-150400.38.60.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.60.1 * xorg-x11-server-debugsource-1.20.3-150400.38.60.1 * xorg-x11-server-1.20.3-150400.38.60.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.60.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * xorg-x11-server-extra-1.20.3-150400.38.60.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.60.1 * xorg-x11-server-debugsource-1.20.3-150400.38.60.1 * xorg-x11-server-1.20.3-150400.38.60.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.60.1 ## References: * https://www.suse.com/security/cve/CVE-2025-49176.html * https://bugzilla.suse.com/show_bug.cgi?id=1244084 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Jul 1 16:30:06 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 01 Jul 2025 16:30:06 -0000 Subject: SUSE-SU-2025:02191-1: important: Security update for xwayland Message-ID: <175138740652.16034.9808874827442656304@smelt2.prg2.suse.org> # Security update for xwayland Announcement ID: SUSE-SU-2025:02191-1 Release Date: 2025-07-01T15:06:53Z Rating: important References: * bsc#1244084 Cross-References: * CVE-2025-49176 CVSS scores: * CVE-2025-49176 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-49176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-49176 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for xwayland fixes the following issues: * CVE-2025-49176: Fixed the integer overflow in Big Requests Extension (bsc#1244084). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-2191=1 openSUSE-SLE-15.6-2025-2191=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-2191=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * xwayland-devel-24.1.1-150600.5.15.1 * xwayland-debugsource-24.1.1-150600.5.15.1 * xwayland-24.1.1-150600.5.15.1 * xwayland-debuginfo-24.1.1-150600.5.15.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * xwayland-debugsource-24.1.1-150600.5.15.1 * xwayland-24.1.1-150600.5.15.1 * xwayland-debuginfo-24.1.1-150600.5.15.1 ## References: * https://www.suse.com/security/cve/CVE-2025-49176.html * https://bugzilla.suse.com/show_bug.cgi?id=1244084 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Jul 1 16:30:10 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 01 Jul 2025 16:30:10 -0000 Subject: SUSE-SU-2025:02190-1: moderate: Security update for redis Message-ID: <175138741068.16034.13678685318921999302@smelt2.prg2.suse.org> # Security update for redis Announcement ID: SUSE-SU-2025:02190-1 Release Date: 2025-07-01T15:06:43Z Rating: moderate References: * bsc#1243804 Cross-References: * CVE-2025-27151 CVSS scores: * CVE-2025-27151 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-27151 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for redis fixes the following issues: * CVE-2025-27151: Absence of filename size check may cause a stack overflow (bsc#1243804) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-2190=1 SUSE-2025-2190=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-2190=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * redis-7.2.4-150600.3.12.1 * redis-debuginfo-7.2.4-150600.3.12.1 * redis-debugsource-7.2.4-150600.3.12.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * redis-7.2.4-150600.3.12.1 * redis-debuginfo-7.2.4-150600.3.12.1 * redis-debugsource-7.2.4-150600.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2025-27151.html * https://bugzilla.suse.com/show_bug.cgi?id=1243804 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Jul 2 12:30:10 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 02 Jul 2025 12:30:10 -0000 Subject: SUSE-SU-2025:02198-1: low: Security update for runc Message-ID: <175145941037.31232.17760228712242302341@smelt2.prg2.suse.org> # Security update for runc Announcement ID: SUSE-SU-2025:02198-1 Release Date: 2025-07-02T09:23:30Z Rating: low References: * bsc#1230092 Cross-References: * CVE-2024-45310 CVSS scores: * CVE-2024-45310 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2024-45310 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N Affected Products: * Containers Module 15-SP6 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for runc fixes the following issues: * CVE-2024-45310: Fixed unintentional creation of empty files/directories on host (bsc#1230092) Other fixes: * Update to runc v1.2.6. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-2198=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-2198=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-2198=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-2198=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-2198=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-2198=1 * Containers Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-2198=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2198=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2198=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2198=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2198=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2198=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2198=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2198=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2198=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2198=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2198=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2198=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-2198=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-2198=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2198=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2198=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * runc-1.2.6-150000.73.2 * runc-debuginfo-1.2.6-150000.73.2 ## References: * https://www.suse.com/security/cve/CVE-2024-45310.html * https://bugzilla.suse.com/show_bug.cgi?id=1230092 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Jul 2 16:30:04 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 02 Jul 2025 16:30:04 -0000 Subject: SUSE-SU-2025:02208-1: important: Security update for xorg-x11-server Message-ID: <175147380426.31446.5405755513761183238@smelt2.prg2.suse.org> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2025:02208-1 Release Date: 2025-07-02T15:16:27Z Rating: important References: * bsc#1244084 Cross-References: * CVE-2025-49176 CVSS scores: * CVE-2025-49176 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-49176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-49176 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2025-49176: Fixed the integer overflow in Big Requests Extension (bsc#1244084). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2208=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2208=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2208=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-2208=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2025-2208=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-2208=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * xorg-x11-server-debugsource-1.20.3-150200.22.5.108.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.108.1 * xorg-x11-server-extra-1.20.3-150200.22.5.108.1 * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.108.1 * xorg-x11-server-1.20.3-150200.22.5.108.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.108.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debugsource-1.20.3-150200.22.5.108.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.108.1 * xorg-x11-server-extra-1.20.3-150200.22.5.108.1 * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.108.1 * xorg-x11-server-1.20.3-150200.22.5.108.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.108.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * xorg-x11-server-debugsource-1.20.3-150200.22.5.108.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.108.1 * xorg-x11-server-extra-1.20.3-150200.22.5.108.1 * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.108.1 * xorg-x11-server-1.20.3-150200.22.5.108.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.108.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.108.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.108.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.108.1 * xorg-x11-server-wayland-1.20.3-150200.22.5.108.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.108.1 * xorg-x11-server-debugsource-1.20.3-150200.22.5.108.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.108.1 * xorg-x11-server-wayland-1.20.3-150200.22.5.108.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * xorg-x11-server-debugsource-1.20.3-150200.22.5.108.1 * xorg-x11-server-sdk-1.20.3-150200.22.5.108.1 * xorg-x11-server-extra-1.20.3-150200.22.5.108.1 * xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.108.1 * xorg-x11-server-1.20.3-150200.22.5.108.1 * xorg-x11-server-debuginfo-1.20.3-150200.22.5.108.1 ## References: * https://www.suse.com/security/cve/CVE-2025-49176.html * https://bugzilla.suse.com/show_bug.cgi?id=1244084 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Jul 2 16:30:07 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 02 Jul 2025 16:30:07 -0000 Subject: SUSE-SU-2025:02207-1: important: Security update for xorg-x11-server Message-ID: <175147380787.31446.14071534787475913037@smelt2.prg2.suse.org> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2025:02207-1 Release Date: 2025-07-02T15:15:58Z Rating: important References: * bsc#1244084 Cross-References: * CVE-2025-49176 CVSS scores: * CVE-2025-49176 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-49176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-49176 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2025-49176: Fixed the integer overflow in Big Requests Extension (bsc#1244084). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-2207=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2207=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2207=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2207=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2207=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.38.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.38.1 * xorg-x11-server-Xvfb-21.1.4-150500.7.38.1 * xorg-x11-server-source-21.1.4-150500.7.38.1 * xorg-x11-server-debugsource-21.1.4-150500.7.38.1 * xorg-x11-server-debuginfo-21.1.4-150500.7.38.1 * xorg-x11-server-21.1.4-150500.7.38.1 * xorg-x11-server-sdk-21.1.4-150500.7.38.1 * xorg-x11-server-extra-21.1.4-150500.7.38.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.38.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.38.1 * xorg-x11-server-Xvfb-21.1.4-150500.7.38.1 * xorg-x11-server-debugsource-21.1.4-150500.7.38.1 * xorg-x11-server-debuginfo-21.1.4-150500.7.38.1 * xorg-x11-server-21.1.4-150500.7.38.1 * xorg-x11-server-sdk-21.1.4-150500.7.38.1 * xorg-x11-server-extra-21.1.4-150500.7.38.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.38.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.38.1 * xorg-x11-server-Xvfb-21.1.4-150500.7.38.1 * xorg-x11-server-debugsource-21.1.4-150500.7.38.1 * xorg-x11-server-debuginfo-21.1.4-150500.7.38.1 * xorg-x11-server-21.1.4-150500.7.38.1 * xorg-x11-server-sdk-21.1.4-150500.7.38.1 * xorg-x11-server-extra-21.1.4-150500.7.38.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.38.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.38.1 * xorg-x11-server-Xvfb-21.1.4-150500.7.38.1 * xorg-x11-server-debugsource-21.1.4-150500.7.38.1 * xorg-x11-server-debuginfo-21.1.4-150500.7.38.1 * xorg-x11-server-21.1.4-150500.7.38.1 * xorg-x11-server-sdk-21.1.4-150500.7.38.1 * xorg-x11-server-extra-21.1.4-150500.7.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.38.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.38.1 * xorg-x11-server-Xvfb-21.1.4-150500.7.38.1 * xorg-x11-server-debugsource-21.1.4-150500.7.38.1 * xorg-x11-server-debuginfo-21.1.4-150500.7.38.1 * xorg-x11-server-21.1.4-150500.7.38.1 * xorg-x11-server-sdk-21.1.4-150500.7.38.1 * xorg-x11-server-extra-21.1.4-150500.7.38.1 ## References: * https://www.suse.com/security/cve/CVE-2025-49176.html * https://bugzilla.suse.com/show_bug.cgi?id=1244084 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Jul 2 16:30:11 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 02 Jul 2025 16:30:11 -0000 Subject: SUSE-SU-2025:02206-1: important: Security update for xorg-x11-server Message-ID: <175147381149.31446.15860725264077436169@smelt2.prg2.suse.org> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2025:02206-1 Release Date: 2025-07-02T15:15:40Z Rating: important References: * bsc#1244084 Cross-References: * CVE-2025-49176 CVSS scores: * CVE-2025-49176 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-49176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-49176 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2025-49176: Fixed the integer overflow in Big Requests Extension (bsc#1244084). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2206=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-2206=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-21.1.15-150700.5.6.1 * xorg-x11-server-Xvfb-21.1.15-150700.5.6.1 * xorg-x11-server-debugsource-21.1.15-150700.5.6.1 * xorg-x11-server-21.1.15-150700.5.6.1 * xorg-x11-server-extra-debuginfo-21.1.15-150700.5.6.1 * xorg-x11-server-Xvfb-debuginfo-21.1.15-150700.5.6.1 * xorg-x11-server-debuginfo-21.1.15-150700.5.6.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debugsource-21.1.15-150700.5.6.1 * xorg-x11-server-sdk-21.1.15-150700.5.6.1 * xorg-x11-server-debuginfo-21.1.15-150700.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-49176.html * https://bugzilla.suse.com/show_bug.cgi?id=1244084 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Jul 2 16:30:19 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 02 Jul 2025 16:30:19 -0000 Subject: SUSE-SU-2025:02205-1: moderate: Security update for python-requests Message-ID: <175147381941.31446.2717997103905602072@smelt2.prg2.suse.org> # Security update for python-requests Announcement ID: SUSE-SU-2025:02205-1 Release Date: 2025-07-02T15:15:23Z Rating: moderate References: * bsc#1244039 Cross-References: * CVE-2024-47081 CVSS scores: * CVE-2024-47081 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-47081 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-47081 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Python 3 Module 15-SP6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-requests fixes the following issues: * CVE-2024-47081: fixes netrc credential leak (bsc#1244039). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-2205=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-2205=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2025-2205=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-2205=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2025-2205=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-requests-2.31.0-150400.6.18.1 * openSUSE Leap 15.6 (noarch) * python311-requests-2.31.0-150400.6.18.1 * Public Cloud Module 15-SP4 (noarch) * python311-requests-2.31.0-150400.6.18.1 * Python 3 Module 15-SP6 (noarch) * python311-requests-2.31.0-150400.6.18.1 * Python 3 Module 15-SP7 (noarch) * python311-requests-2.31.0-150400.6.18.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47081.html * https://bugzilla.suse.com/show_bug.cgi?id=1244039 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Jul 2 16:30:37 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 02 Jul 2025 16:30:37 -0000 Subject: SUSE-SU-2025:02201-1: important: Security update for clamav Message-ID: <175147383739.31446.14184420626218468690@smelt2.prg2.suse.org> # Security update for clamav Announcement ID: SUSE-SU-2025:02201-1 Release Date: 2025-07-02T13:04:40Z Rating: important References: * bsc#1243565 * bsc#1245054 * bsc#1245055 Cross-References: * CVE-2025-20234 * CVE-2025-20260 CVSS scores: * CVE-2025-20234 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-20234 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-20234 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-20260 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-20260 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for clamav fixes the following issues: ClamAV version 1.4.3: * CVE-2025-20260: PDF Scanning Buffer Overflow Vulnerability (bsc#1245054). * CVE-2025-20234: Vulnerability in Universal Disk Format (UDF) processing (bsc#1245055). Other bugfixes: * Fix a race condition between the mockup servers started by different test cases in freshclam_test.py (bsc#1243565) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-2201=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2201=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * clamav-1.4.3-3.47.1 * clamav-devel-1.4.3-3.47.1 * libclamav12-debuginfo-1.4.3-3.47.1 * libclammspack0-1.4.3-3.47.1 * clamav-debuginfo-1.4.3-3.47.1 * libfreshclam3-debuginfo-1.4.3-3.47.1 * clamav-milter-debuginfo-1.4.3-3.47.1 * libclamav12-1.4.3-3.47.1 * libfreshclam3-1.4.3-3.47.1 * clamav-milter-1.4.3-3.47.1 * clamav-debugsource-1.4.3-3.47.1 * libclammspack0-debuginfo-1.4.3-3.47.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * clamav-docs-html-1.4.3-3.47.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * clamav-1.4.3-3.47.1 * clamav-devel-1.4.3-3.47.1 * libclamav12-debuginfo-1.4.3-3.47.1 * libclammspack0-1.4.3-3.47.1 * clamav-debuginfo-1.4.3-3.47.1 * libfreshclam3-debuginfo-1.4.3-3.47.1 * clamav-milter-debuginfo-1.4.3-3.47.1 * libclamav12-1.4.3-3.47.1 * libfreshclam3-1.4.3-3.47.1 * clamav-milter-1.4.3-3.47.1 * clamav-debugsource-1.4.3-3.47.1 * libclammspack0-debuginfo-1.4.3-3.47.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * clamav-docs-html-1.4.3-3.47.1 ## References: * https://www.suse.com/security/cve/CVE-2025-20234.html * https://www.suse.com/security/cve/CVE-2025-20260.html * https://bugzilla.suse.com/show_bug.cgi?id=1243565 * https://bugzilla.suse.com/show_bug.cgi?id=1245054 * https://bugzilla.suse.com/show_bug.cgi?id=1245055 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Jul 2 16:30:40 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 02 Jul 2025 16:30:40 -0000 Subject: SUSE-SU-2025:02200-1: important: Security update for clamav Message-ID: <175147384028.31446.16360057023124476317@smelt2.prg2.suse.org> # Security update for clamav Announcement ID: SUSE-SU-2025:02200-1 Release Date: 2025-07-02T13:03:47Z Rating: important References: * bsc#1245054 * bsc#1245055 Cross-References: * CVE-2025-20234 * CVE-2025-20260 CVSS scores: * CVE-2025-20234 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-20234 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-20234 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-20260 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-20260 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for clamav fixes the following issues: ClamAV version 1.4.3: * CVE-2025-20260: PDF Scanning Buffer Overflow Vulnerability (bsc#1245054). * CVE-2025-20234: Vulnerability in Universal Disk Format (UDF) processing (bsc#1245055). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2200=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-2200=1 openSUSE-SLE-15.6-2025-2200=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2200=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * clamav-milter-1.4.3-150600.18.18.1 * libclammspack0-1.4.3-150600.18.18.1 * libclamav12-1.4.3-150600.18.18.1 * clamav-debugsource-1.4.3-150600.18.18.1 * libfreshclam3-debuginfo-1.4.3-150600.18.18.1 * clamav-devel-1.4.3-150600.18.18.1 * libfreshclam3-1.4.3-150600.18.18.1 * libclamav12-debuginfo-1.4.3-150600.18.18.1 * libclammspack0-debuginfo-1.4.3-150600.18.18.1 * clamav-debuginfo-1.4.3-150600.18.18.1 * clamav-milter-debuginfo-1.4.3-150600.18.18.1 * clamav-1.4.3-150600.18.18.1 * Basesystem Module 15-SP7 (noarch) * clamav-docs-html-1.4.3-150600.18.18.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * clamav-milter-1.4.3-150600.18.18.1 * libclammspack0-1.4.3-150600.18.18.1 * libclamav12-1.4.3-150600.18.18.1 * clamav-debugsource-1.4.3-150600.18.18.1 * libfreshclam3-debuginfo-1.4.3-150600.18.18.1 * clamav-devel-1.4.3-150600.18.18.1 * libfreshclam3-1.4.3-150600.18.18.1 * libclamav12-debuginfo-1.4.3-150600.18.18.1 * libclammspack0-debuginfo-1.4.3-150600.18.18.1 * clamav-debuginfo-1.4.3-150600.18.18.1 * clamav-milter-debuginfo-1.4.3-150600.18.18.1 * clamav-1.4.3-150600.18.18.1 * openSUSE Leap 15.6 (noarch) * clamav-docs-html-1.4.3-150600.18.18.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * clamav-milter-1.4.3-150600.18.18.1 * libclammspack0-1.4.3-150600.18.18.1 * libclamav12-1.4.3-150600.18.18.1 * clamav-debugsource-1.4.3-150600.18.18.1 * libfreshclam3-debuginfo-1.4.3-150600.18.18.1 * clamav-devel-1.4.3-150600.18.18.1 * libfreshclam3-1.4.3-150600.18.18.1 * libclamav12-debuginfo-1.4.3-150600.18.18.1 * libclammspack0-debuginfo-1.4.3-150600.18.18.1 * clamav-debuginfo-1.4.3-150600.18.18.1 * clamav-milter-debuginfo-1.4.3-150600.18.18.1 * clamav-1.4.3-150600.18.18.1 * Basesystem Module 15-SP6 (noarch) * clamav-docs-html-1.4.3-150600.18.18.1 ## References: * https://www.suse.com/security/cve/CVE-2025-20234.html * https://www.suse.com/security/cve/CVE-2025-20260.html * https://bugzilla.suse.com/show_bug.cgi?id=1245054 * https://bugzilla.suse.com/show_bug.cgi?id=1245055 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Jul 2 20:30:10 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 02 Jul 2025 20:30:10 -0000 Subject: SUSE-SU-2025:02213-1: moderate: Security update for libgepub Message-ID: <175148821012.12496.8645282907816523299@smelt2.prg2.suse.org> # Security update for libgepub Announcement ID: SUSE-SU-2025:02213-1 Release Date: 2025-07-02T16:38:18Z Rating: moderate References: * bsc#1244704 Cross-References: * CVE-2025-6196 CVSS scores: * CVE-2025-6196 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-6196 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-6196 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for libgepub fixes the following issues: * CVE-2025-6196: Fixed an integer overflow in the EPUB archive handling code that can leads to massive memory allocation and application crash. (bsc#1244704) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2213=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2213=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * libgepub-0_6-0-0.6.0-150200.3.5.1 * libgepub-0_6-0-debuginfo-0.6.0-150200.3.5.1 * typelib-1_0-Gepub-0_6-0.6.0-150200.3.5.1 * libgepub-debugsource-0.6.0-150200.3.5.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * libgepub-0_6-0-0.6.0-150200.3.5.1 * libgepub-0_6-0-debuginfo-0.6.0-150200.3.5.1 * typelib-1_0-Gepub-0_6-0.6.0-150200.3.5.1 * libgepub-debugsource-0.6.0-150200.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2025-6196.html * https://bugzilla.suse.com/show_bug.cgi?id=1244704 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Jul 2 20:30:12 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 02 Jul 2025 20:30:12 -0000 Subject: SUSE-SU-2025:02212-1: low: Security update for libsoup Message-ID: <175148821265.12496.3337605211896237561@smelt2.prg2.suse.org> # Security update for libsoup Announcement ID: SUSE-SU-2025:02212-1 Release Date: 2025-07-02T16:37:54Z Rating: low References: * bsc#1243314 Cross-References: * CVE-2025-4945 CVSS scores: * CVE-2025-4945 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-4945 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2025-4945 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for libsoup fixes the following issues: * CVE-2025-4945: Add value checks for date/time parsing (bsc#1243314). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2212=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2212=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libsoup-2_4-1-2.68.4-150200.4.12.1 * libsoup-2_4-1-debuginfo-2.68.4-150200.4.12.1 * libsoup-debugsource-2.68.4-150200.4.12.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libsoup-2_4-1-2.68.4-150200.4.12.1 * libsoup-2_4-1-debuginfo-2.68.4-150200.4.12.1 * libsoup-debugsource-2.68.4-150200.4.12.1 ## References: * https://www.suse.com/security/cve/CVE-2025-4945.html * https://bugzilla.suse.com/show_bug.cgi?id=1243314 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Jul 3 12:30:07 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 03 Jul 2025 12:30:07 -0000 Subject: SUSE-SU-2025:02216-1: important: Security update for icu Message-ID: <175154580710.14128.11581312355575690036@smelt2.prg2.suse.org> # Security update for icu Announcement ID: SUSE-SU-2025:02216-1 Release Date: 2025-07-03T10:09:05Z Rating: important References: * bsc#1243721 Cross-References: * CVE-2025-5222 CVSS scores: * CVE-2025-5222 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-5222 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for icu fixes the following issues: * CVE-2025-5222: Fixed stack buffer overflow in the SRBRoot:addTag function (bsc#1243721) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2216=1 * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-2216=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libicu-devel-52.1-8.16.1 * libicu52_1-52.1-8.16.1 * icu-debuginfo-52.1-8.16.1 * libicu52_1-debuginfo-32bit-52.1-8.16.1 * libicu52_1-data-52.1-8.16.1 * libicu52_1-debuginfo-52.1-8.16.1 * icu-debugsource-52.1-8.16.1 * libicu52_1-32bit-52.1-8.16.1 * libicu-doc-52.1-8.16.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libicu52_1-52.1-8.16.1 * libicu-devel-52.1-8.16.1 * icu-debuginfo-52.1-8.16.1 * libicu52_1-data-52.1-8.16.1 * libicu52_1-debuginfo-52.1-8.16.1 * icu-debugsource-52.1-8.16.1 * libicu-doc-52.1-8.16.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libicu52_1-32bit-52.1-8.16.1 * libicu52_1-debuginfo-32bit-52.1-8.16.1 ## References: * https://www.suse.com/security/cve/CVE-2025-5222.html * https://bugzilla.suse.com/show_bug.cgi?id=1243721 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Jul 3 12:30:15 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 03 Jul 2025 12:30:15 -0000 Subject: SUSE-SU-2025:02214-1: important: Security update for tomcat Message-ID: <175154581589.14128.1049572780426500767@smelt2.prg2.suse.org> # Security update for tomcat Announcement ID: SUSE-SU-2025:02214-1 Release Date: 2025-07-03T08:04:08Z Rating: important References: * bsc#1243815 * bsc#1244649 * bsc#1244656 Cross-References: * CVE-2025-46701 * CVE-2025-48988 * CVE-2025-49125 CVSS scores: * CVE-2025-46701 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-46701 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-46701 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-48988 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-48988 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-48988 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-49125 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-49125 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-49125 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for tomcat fixes the following issues: * CVE-2025-46701: Refactored CGI servlet to access resources via WebResources (bsc#1243815). * CVE-2025-48988: Limited the total number of parts in a multi-part request and limits the size of the headers provided with each part (bsc#1244656). * CVE-2025-49125: Expand checks for webAppMount (bsc#1244649). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-2214=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2214=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * tomcat-jsp-2_3-api-9.0.36-3.145.1 * tomcat-9.0.36-3.145.1 * tomcat-servlet-4_0-api-9.0.36-3.145.1 * tomcat-webapps-9.0.36-3.145.1 * tomcat-lib-9.0.36-3.145.1 * tomcat-javadoc-9.0.36-3.145.1 * tomcat-admin-webapps-9.0.36-3.145.1 * tomcat-docs-webapp-9.0.36-3.145.1 * tomcat-el-3_0-api-9.0.36-3.145.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * tomcat-jsp-2_3-api-9.0.36-3.145.1 * tomcat-9.0.36-3.145.1 * tomcat-servlet-4_0-api-9.0.36-3.145.1 * tomcat-webapps-9.0.36-3.145.1 * tomcat-lib-9.0.36-3.145.1 * tomcat-javadoc-9.0.36-3.145.1 * tomcat-admin-webapps-9.0.36-3.145.1 * tomcat-docs-webapp-9.0.36-3.145.1 * tomcat-el-3_0-api-9.0.36-3.145.1 ## References: * https://www.suse.com/security/cve/CVE-2025-46701.html * https://www.suse.com/security/cve/CVE-2025-48988.html * https://www.suse.com/security/cve/CVE-2025-49125.html * https://bugzilla.suse.com/show_bug.cgi?id=1243815 * https://bugzilla.suse.com/show_bug.cgi?id=1244649 * https://bugzilla.suse.com/show_bug.cgi?id=1244656 -------------- next part -------------- An HTML attachment was scrubbed... URL: