From null at suse.de Thu May 1 20:30:13 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 01 May 2025 20:30:13 -0000 Subject: SUSE-SU-2025:1425-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4) Message-ID: <174613141340.25998.7644676818306787870@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4) Announcement ID: SUSE-SU-2025:1425-1 Release Date: 2025-05-01T19:39:28Z Rating: important References: * bsc#1233294 * bsc#1235431 * bsc#1240840 Cross-References: * CVE-2024-50205 * CVE-2024-56650 * CVE-2024-8805 CVSS scores: * CVE-2024-50205 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50205 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-50205 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56650 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-8805 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8805 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8805 ( NVD ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_136 fixes several issues. The following security issues were fixed: * CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (bsc#1240840). * CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233294). * CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235431). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1425=1 SUSE-2025-1427=1 SUSE-2025-1424=1 SUSE-2025-1426=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-1426=1 SUSE-SLE- Module-Live-Patching-15-SP4-2025-1425=1 SUSE-SLE-Module-Live- Patching-15-SP4-2025-1427=1 SUSE-SLE-Module-Live-Patching-15-SP4-2025-1424=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_116-default-17-150400.2.1 * kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-7-150400.2.1 * kernel-livepatch-5_14_21-150400_24_128-default-9-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_31-debugsource-7-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_25-debugsource-17-150400.2.1 * kernel-livepatch-5_14_21-150400_24_116-default-debuginfo-17-150400.2.1 * kernel-livepatch-5_14_21-150400_24_133-default-7-150400.2.1 * kernel-livepatch-5_14_21-150400_24_133-default-debuginfo-7-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_32-debugsource-7-150400.2.1 * kernel-livepatch-5_14_21-150400_24_136-default-7-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_29-debugsource-9-150400.2.1 * kernel-livepatch-5_14_21-150400_24_128-default-debuginfo-9-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_116-default-17-150400.2.1 * kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-7-150400.2.1 * kernel-livepatch-5_14_21-150400_24_128-default-9-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_31-debugsource-7-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_25-debugsource-17-150400.2.1 * kernel-livepatch-5_14_21-150400_24_116-default-debuginfo-17-150400.2.1 * kernel-livepatch-5_14_21-150400_24_133-default-7-150400.2.1 * kernel-livepatch-5_14_21-150400_24_133-default-debuginfo-7-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_32-debugsource-7-150400.2.1 * kernel-livepatch-5_14_21-150400_24_136-default-7-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_29-debugsource-9-150400.2.1 * kernel-livepatch-5_14_21-150400_24_128-default-debuginfo-9-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-50205.html * https://www.suse.com/security/cve/CVE-2024-56650.html * https://www.suse.com/security/cve/CVE-2024-8805.html * https://bugzilla.suse.com/show_bug.cgi?id=1233294 * https://bugzilla.suse.com/show_bug.cgi?id=1235431 * https://bugzilla.suse.com/show_bug.cgi?id=1240840 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 1 20:30:21 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 01 May 2025 20:30:21 -0000 Subject: SUSE-SU-2025:1423-1: important: Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3) Message-ID: <174613142195.25998.2119957077802282533@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3) Announcement ID: SUSE-SU-2025:1423-1 Release Date: 2025-05-01T16:11:35Z Rating: important References: * bsc#1227753 * bsc#1233294 * bsc#1235431 Cross-References: * CVE-2023-52885 * CVE-2024-50205 * CVE-2024-56650 CVSS scores: * CVE-2023-52885 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52885 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50205 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50205 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-50205 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56650 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_167 fixes several issues. The following security issues were fixed: * CVE-2023-52885: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (bsc#1227753). * CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233294). * CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235431). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1423=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-1423=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_46-debugsource-12-150300.2.1 * kernel-livepatch-5_3_18-150300_59_167-default-12-150300.2.1 * kernel-livepatch-5_3_18-150300_59_167-default-debuginfo-12-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_167-preempt-12-150300.2.1 * kernel-livepatch-5_3_18-150300_59_167-preempt-debuginfo-12-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52885.html * https://www.suse.com/security/cve/CVE-2024-50205.html * https://www.suse.com/security/cve/CVE-2024-56650.html * https://bugzilla.suse.com/show_bug.cgi?id=1227753 * https://bugzilla.suse.com/show_bug.cgi?id=1233294 * https://bugzilla.suse.com/show_bug.cgi?id=1235431 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 2 12:30:07 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 02 May 2025 12:30:07 -0000 Subject: SUSE-SU-2025:1435-1: moderate: Security update for libxml2 Message-ID: <174618900736.25998.12202094174667281536@smelt2.prg2.suse.org> # Security update for libxml2 Announcement ID: SUSE-SU-2025:1435-1 Release Date: 2025-05-02T10:39:17Z Rating: moderate References: * bsc#1241453 * bsc#1241551 Cross-References: * CVE-2025-32414 * CVE-2025-32415 CVSS scores: * CVE-2025-32414 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2025-32414 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-32414 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32414 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-32415 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-32415 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-32415 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves two vulnerabilities can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) * CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1435=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-1435=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-1435=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-1435=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-1435=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libxml2-2-debuginfo-2.9.14-150400.5.41.1 * libxml2-devel-2.9.14-150400.5.41.1 * python3-libxml2-2.9.14-150400.5.41.1 * libxml2-2-2.9.14-150400.5.41.1 * python311-libxml2-2.9.14-150400.5.41.1 * python3-libxml2-debuginfo-2.9.14-150400.5.41.1 * libxml2-tools-debuginfo-2.9.14-150400.5.41.1 * libxml2-python-debugsource-2.9.14-150400.5.41.1 * python311-libxml2-debuginfo-2.9.14-150400.5.41.1 * libxml2-tools-2.9.14-150400.5.41.1 * libxml2-debugsource-2.9.14-150400.5.41.1 * openSUSE Leap 15.4 (x86_64) * libxml2-2-32bit-debuginfo-2.9.14-150400.5.41.1 * libxml2-devel-32bit-2.9.14-150400.5.41.1 * libxml2-2-32bit-2.9.14-150400.5.41.1 * openSUSE Leap 15.4 (noarch) * libxml2-doc-2.9.14-150400.5.41.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libxml2-2-64bit-2.9.14-150400.5.41.1 * libxml2-devel-64bit-2.9.14-150400.5.41.1 * libxml2-2-64bit-debuginfo-2.9.14-150400.5.41.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libxml2-2-debuginfo-2.9.14-150400.5.41.1 * python3-libxml2-2.9.14-150400.5.41.1 * libxml2-2-2.9.14-150400.5.41.1 * python3-libxml2-debuginfo-2.9.14-150400.5.41.1 * libxml2-tools-debuginfo-2.9.14-150400.5.41.1 * libxml2-python-debugsource-2.9.14-150400.5.41.1 * libxml2-tools-2.9.14-150400.5.41.1 * libxml2-debugsource-2.9.14-150400.5.41.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libxml2-2-debuginfo-2.9.14-150400.5.41.1 * python3-libxml2-2.9.14-150400.5.41.1 * libxml2-2-2.9.14-150400.5.41.1 * python3-libxml2-debuginfo-2.9.14-150400.5.41.1 * libxml2-tools-debuginfo-2.9.14-150400.5.41.1 * libxml2-python-debugsource-2.9.14-150400.5.41.1 * libxml2-tools-2.9.14-150400.5.41.1 * libxml2-debugsource-2.9.14-150400.5.41.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libxml2-2-debuginfo-2.9.14-150400.5.41.1 * python3-libxml2-2.9.14-150400.5.41.1 * libxml2-2-2.9.14-150400.5.41.1 * python3-libxml2-debuginfo-2.9.14-150400.5.41.1 * libxml2-tools-debuginfo-2.9.14-150400.5.41.1 * libxml2-python-debugsource-2.9.14-150400.5.41.1 * libxml2-tools-2.9.14-150400.5.41.1 * libxml2-debugsource-2.9.14-150400.5.41.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libxml2-2-debuginfo-2.9.14-150400.5.41.1 * python3-libxml2-2.9.14-150400.5.41.1 * libxml2-2-2.9.14-150400.5.41.1 * python3-libxml2-debuginfo-2.9.14-150400.5.41.1 * libxml2-tools-debuginfo-2.9.14-150400.5.41.1 * libxml2-python-debugsource-2.9.14-150400.5.41.1 * libxml2-tools-2.9.14-150400.5.41.1 * libxml2-debugsource-2.9.14-150400.5.41.1 ## References: * https://www.suse.com/security/cve/CVE-2025-32414.html * https://www.suse.com/security/cve/CVE-2025-32415.html * https://bugzilla.suse.com/show_bug.cgi?id=1241453 * https://bugzilla.suse.com/show_bug.cgi?id=1241551 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 2 12:30:13 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 02 May 2025 12:30:13 -0000 Subject: SUSE-SU-2025:1434-1: moderate: Security update for poppler Message-ID: <174618901301.25998.9604529698438432180@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2025:1434-1 Release Date: 2025-05-02T10:37:11Z Rating: moderate References: * bsc#1241620 Cross-References: * CVE-2025-43903 CVSS scores: * CVE-2025-43903 ( SUSE ): 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2025-43903 ( NVD ): 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2025-43903: improper verification of adbe.pkcs7.sha1 signatures allows for signature forgeries. (bsc#1241620) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-1434=1 openSUSE-SLE-15.6-2025-1434=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1434=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1434=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * poppler-tools-24.03.0-150600.3.13.1 * poppler-tools-debuginfo-24.03.0-150600.3.13.1 * libpoppler135-24.03.0-150600.3.13.1 * libpoppler135-debuginfo-24.03.0-150600.3.13.1 * libpoppler-glib8-debuginfo-24.03.0-150600.3.13.1 * poppler-qt6-debugsource-24.03.0-150600.3.13.1 * typelib-1_0-Poppler-0_18-24.03.0-150600.3.13.1 * poppler-debugsource-24.03.0-150600.3.13.1 * libpoppler-qt6-3-24.03.0-150600.3.13.1 * libpoppler-cpp0-24.03.0-150600.3.13.1 * libpoppler-qt5-devel-24.03.0-150600.3.13.1 * libpoppler-devel-24.03.0-150600.3.13.1 * libpoppler-cpp0-debuginfo-24.03.0-150600.3.13.1 * libpoppler-qt5-1-24.03.0-150600.3.13.1 * libpoppler-qt6-devel-24.03.0-150600.3.13.1 * poppler-qt5-debugsource-24.03.0-150600.3.13.1 * libpoppler-qt5-1-debuginfo-24.03.0-150600.3.13.1 * libpoppler-glib8-24.03.0-150600.3.13.1 * libpoppler-qt6-3-debuginfo-24.03.0-150600.3.13.1 * libpoppler-glib-devel-24.03.0-150600.3.13.1 * openSUSE Leap 15.6 (x86_64) * libpoppler135-32bit-24.03.0-150600.3.13.1 * libpoppler-glib8-32bit-24.03.0-150600.3.13.1 * libpoppler-cpp0-32bit-24.03.0-150600.3.13.1 * libpoppler-glib8-32bit-debuginfo-24.03.0-150600.3.13.1 * libpoppler-qt5-1-32bit-24.03.0-150600.3.13.1 * libpoppler135-32bit-debuginfo-24.03.0-150600.3.13.1 * libpoppler-qt5-1-32bit-debuginfo-24.03.0-150600.3.13.1 * libpoppler-cpp0-32bit-debuginfo-24.03.0-150600.3.13.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libpoppler-cpp0-64bit-debuginfo-24.03.0-150600.3.13.1 * libpoppler-qt5-1-64bit-24.03.0-150600.3.13.1 * libpoppler-glib8-64bit-24.03.0-150600.3.13.1 * libpoppler-cpp0-64bit-24.03.0-150600.3.13.1 * libpoppler-glib8-64bit-debuginfo-24.03.0-150600.3.13.1 * libpoppler-qt5-1-64bit-debuginfo-24.03.0-150600.3.13.1 * libpoppler135-64bit-debuginfo-24.03.0-150600.3.13.1 * libpoppler135-64bit-24.03.0-150600.3.13.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * poppler-tools-24.03.0-150600.3.13.1 * poppler-tools-debuginfo-24.03.0-150600.3.13.1 * libpoppler135-24.03.0-150600.3.13.1 * libpoppler135-debuginfo-24.03.0-150600.3.13.1 * libpoppler-glib8-debuginfo-24.03.0-150600.3.13.1 * typelib-1_0-Poppler-0_18-24.03.0-150600.3.13.1 * poppler-debugsource-24.03.0-150600.3.13.1 * libpoppler-cpp0-24.03.0-150600.3.13.1 * libpoppler-devel-24.03.0-150600.3.13.1 * libpoppler-cpp0-debuginfo-24.03.0-150600.3.13.1 * libpoppler-glib8-24.03.0-150600.3.13.1 * libpoppler-glib-devel-24.03.0-150600.3.13.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * poppler-qt6-debugsource-24.03.0-150600.3.13.1 * libpoppler-qt6-3-24.03.0-150600.3.13.1 * poppler-debugsource-24.03.0-150600.3.13.1 * libpoppler-cpp0-24.03.0-150600.3.13.1 * libpoppler-qt5-devel-24.03.0-150600.3.13.1 * libpoppler-devel-24.03.0-150600.3.13.1 * libpoppler-cpp0-debuginfo-24.03.0-150600.3.13.1 * libpoppler-qt5-1-24.03.0-150600.3.13.1 * libpoppler-qt6-devel-24.03.0-150600.3.13.1 * poppler-qt5-debugsource-24.03.0-150600.3.13.1 * libpoppler-qt5-1-debuginfo-24.03.0-150600.3.13.1 * libpoppler-qt6-3-debuginfo-24.03.0-150600.3.13.1 * SUSE Package Hub 15 15-SP6 (x86_64) * libpoppler135-32bit-debuginfo-24.03.0-150600.3.13.1 * libpoppler-glib8-32bit-debuginfo-24.03.0-150600.3.13.1 * libpoppler135-32bit-24.03.0-150600.3.13.1 * libpoppler-glib8-32bit-24.03.0-150600.3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2025-43903.html * https://bugzilla.suse.com/show_bug.cgi?id=1241620 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 2 12:30:16 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 02 May 2025 12:30:16 -0000 Subject: SUSE-SU-2025:1433-1: important: Security update for redis Message-ID: <174618901649.25998.7458009370283358386@smelt2.prg2.suse.org> # Security update for redis Announcement ID: SUSE-SU-2025:1433-1 Release Date: 2025-05-02T10:23:49Z Rating: important References: * bsc#1241708 Cross-References: * CVE-2025-21605 CVSS scores: * CVE-2025-21605 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21605 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21605 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for redis fixes the following issues: * CVE-2025-21605: Fixed an output buffer denial of service. (bsc#1241708) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-1433=1 openSUSE-SLE-15.6-2025-1433=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-1433=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * redis-debugsource-7.2.4-150600.3.9.1 * redis-debuginfo-7.2.4-150600.3.9.1 * redis-7.2.4-150600.3.9.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * redis-debugsource-7.2.4-150600.3.9.1 * redis-debuginfo-7.2.4-150600.3.9.1 * redis-7.2.4-150600.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21605.html * https://bugzilla.suse.com/show_bug.cgi?id=1241708 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 2 12:30:18 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 02 May 2025 12:30:18 -0000 Subject: SUSE-SU-2025:1432-1: important: Security update for redis Message-ID: <174618901897.25998.11369379119242894133@smelt2.prg2.suse.org> # Security update for redis Announcement ID: SUSE-SU-2025:1432-1 Release Date: 2025-05-02T10:23:33Z Rating: important References: * bsc#1241708 Cross-References: * CVE-2025-21605 CVSS scores: * CVE-2025-21605 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21605 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21605 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for redis fixes the following issues: * CVE-2025-21605: Fixed an output buffer denial of service. (bsc#1241708) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-1432=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-1432=1 openSUSE-SLE-15.6-2025-1432=1 ## Package List: * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * redis7-debuginfo-7.0.8-150600.8.9.1 * redis7-7.0.8-150600.8.9.1 * redis7-debugsource-7.0.8-150600.8.9.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * redis7-debuginfo-7.0.8-150600.8.9.1 * redis7-7.0.8-150600.8.9.1 * redis7-debugsource-7.0.8-150600.8.9.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21605.html * https://bugzilla.suse.com/show_bug.cgi?id=1241708 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 2 12:30:26 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 02 May 2025 12:30:26 -0000 Subject: SUSE-SU-2025:1431-1: important: Security update for govulncheck-vulndb Message-ID: <174618902687.25998.14980215532038590277@smelt2.prg2.suse.org> # Security update for govulncheck-vulndb Announcement ID: SUSE-SU-2025:1431-1 Release Date: 2025-05-02T08:11:11Z Rating: important References: * jsc#PED-11136 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that contains one feature can now be installed. ## Description: This update for govulncheck-vulndb fixes the following issues: * Update to version 0.0.20250424T181457 (jsc#PED-11136) * GO-2025-3603 * GO-2025-3604 * GO-2025-3607 * GO-2025-3608 * GO-2025-3609 * GO-2025-3610 * GO-2025-3611 * GO-2025-3612 * GO-2025-3615 * GO-2025-3618 * GO-2025-3619 * GO-2025-3620 * GO-2025-3621 * GO-2025-3622 * GO-2025-3623 * GO-2025-3625 * GO-2025-3627 * GO-2025-3630 * GO-2025-3631 * GO-2025-3632 * GO-2025-3633 * GO-2025-3634 * GO-2025-3635 * GO-2025-3636 * GO-2025-3637 * GO-2025-3638 * GO-2025-3639 * GO-2025-3640 * GO-2025-3642 * GO-2025-3643 * GO-2025-3644 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1431=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1431=1 ## Package List: * openSUSE Leap 15.6 (noarch) * govulncheck-vulndb-0.0.20250424T181457-150000.1.68.1 * SUSE Package Hub 15 15-SP6 (noarch) * govulncheck-vulndb-0.0.20250424T181457-150000.1.68.1 ## References: * https://jira.suse.com/browse/PED-11136 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 2 12:30:30 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 02 May 2025 12:30:30 -0000 Subject: SUSE-SU-2025:1430-1: critical: Security update for python-h11 Message-ID: <174618903024.25998.1685559265865217072@smelt2.prg2.suse.org> # Security update for python-h11 Announcement ID: SUSE-SU-2025:1430-1 Release Date: 2025-05-02T08:11:00Z Rating: critical References: * bsc#1241872 Cross-References: * CVE-2025-43859 CVSS scores: * CVE-2025-43859 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-43859 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-43859 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for python-h11 fixes the following issues: * CVE-2025-43859: leniency when parsing of line terminators in chunked-coding message bodies can lead to request smuggling. (bsc#1241872) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1430=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1430=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-1430=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1430=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1430=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1430=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1430=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1430=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1430=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1430=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1430=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-h11-0.14.0-150400.9.6.1 * openSUSE Leap 15.6 (noarch) * python311-h11-0.14.0-150400.9.6.1 * Python 3 Module 15-SP6 (noarch) * python311-h11-0.14.0-150400.9.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python311-h11-0.14.0-150400.9.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python311-h11-0.14.0-150400.9.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * python311-h11-0.14.0-150400.9.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * python311-h11-0.14.0-150400.9.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * python311-h11-0.14.0-150400.9.6.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * python311-h11-0.14.0-150400.9.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python311-h11-0.14.0-150400.9.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * python311-h11-0.14.0-150400.9.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-43859.html * https://bugzilla.suse.com/show_bug.cgi?id=1241872 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 2 12:30:35 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 02 May 2025 12:30:35 -0000 Subject: SUSE-SU-2025:1429-1: important: Security update for java-21-openjdk Message-ID: <174618903592.25998.15812142087850579752@smelt2.prg2.suse.org> # Security update for java-21-openjdk Announcement ID: SUSE-SU-2025:1429-1 Release Date: 2025-05-02T08:10:12Z Rating: important References: * bsc#1241274 * bsc#1241275 * bsc#1241276 Cross-References: * CVE-2025-21587 * CVE-2025-30691 * CVE-2025-30698 CVSS scores: * CVE-2025-21587 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-21587 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-21587 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-30691 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-30691 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-30691 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-30698 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-30698 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-30698 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.7+6 (April 2025 CPU) CVEs fixed: * CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data (bsc#1241274) * CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access (bsc#1241275) * CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS (bsc#1241276) Changes: + JDK-8198237: [macos] Test java/awt/Frame/ /ExceptionOnSetExtendedStateTest/ /ExceptionOnSetExtendedStateTest.java fails + JDK-8211851: (ch) java/nio/channels/AsynchronousSocketChannel/ /StressLoopback.java times out (aix) + JDK-8226933: [TEST_BUG]GTK L&F: There is no swatches or RGB tab in JColorChooser + JDK-8226938: [TEST_BUG]GTK L&F: There is no Details button in FileChooser Dialog + JDK-8227529: With malformed --app-image the error messages are awful + JDK-8277240: java/awt/Graphics2D/ScaledTransform/ /ScaledTransform.java dialog does not get disposed + JDK-8283664: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/PrintTextTest.java + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8293345: SunPKCS11 provider checks on PKCS11 Mechanism are problematic + JDK-8294316: SA core file support is broken on macosx-x64 starting with macOS 12.x + JDK-8295159: DSO created with -ffast-math breaks Java floating-point arithmetic + JDK-8302111: Serialization considerations + JDK-8304701: Request with timeout aborts later in-flight request on HTTP/1.1 cxn + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8311546: Certificate name constraints improperly validated with leading period + JDK-8312570: [TESTBUG] Jtreg compiler/loopopts/superword/ /TestDependencyOffsets.java fails on 512-bit SVE + JDK-8313633: [macOS] java/awt/dnd/NextDropActionTest/ /NextDropActionTest.java fails with java.lang.RuntimeException: wrong next drop action! + JDK-8313905: Checked_cast assert in CDS compare_by_loader + JDK-8314752: Use google test string comparison macros + JDK-8314909: tools/jpackage/windows/Win8282351Test.java fails with java.lang.AssertionError: Expected [0]. Actual [1618]: + JDK-8315486: vmTestbase/nsk/jdwp/ThreadReference/ /ForceEarlyReturn/forceEarlyReturn002/forceEarlyReturn002.java timed out + JDK-8315825: Open some swing tests + JDK-8315882: Open some swing tests 2 + JDK-8315883: Open source several Swing JToolbar tests + JDK-8315952: Open source several Swing JToolbar JTooltip JTree tests + JDK-8316056: Open source several Swing JTree tests + JDK-8316146: Open some swing tests 4 + JDK-8316149: Open source several Swing JTree JViewport KeyboardManager tests + JDK-8316218: Open some swing tests 5 + JDK-8316371: Open some swing tests 6 + JDK-8316627: JViewport Test headless failure + JDK-8316885: jcmd: Compiler.CodeHeap_Analytics cmd does not inform about missing aggregate + JDK-8317283: jpackage tests run osx-specific checks on windows and linux + JDK-8317636: Improve heap walking API tests to verify correctness of field indexes + JDK-8317808: HTTP/2 stream cancelImpl may leave subscriber registered + JDK-8317919: pthread_attr_init handle return value and destroy pthread_attr_t object + JDK-8319233: AArch64: Build failure with clang due to -Wformat-nonliteral warning + JDK-8320372: test/jdk/sun/security/x509/DNSName/ /LeadingPeriod.java validity check failed + JDK-8320676: Manual printer tests have no Pass/Fail buttons, instructions close set 1 + JDK-8320691: Timeout handler on Windows takes 2 hours to complete + JDK-8320706: RuntimePackageTest.testUsrInstallDir test fails on Linux + JDK-8320916: jdk/jfr/event/gc/stacktrace/ /TestParallelMarkSweepAllocationPendingStackTrace.java failed with "OutOfMemoryError: GC overhead limit exceeded" + JDK-8321818: vmTestbase/nsk/stress/strace/strace015.java failed with 'Cannot read the array length because "<local4>" is null' + JDK-8322983: Virtual Threads: exclude 2 tests + JDK-8324672: Update jdk/java/time/tck/java/time/ /TCKInstant.java now() to be more robust + JDK-8324807: Manual printer tests have no Pass/Fail buttons, instructions close set 2 + JDK-8324838: test_nmt_locationprinting.cpp broken in the gcc windows build + JDK-8325042: Remove unused JVMDITools test files + JDK-8325529: Remove unused imports from `ModuleGenerator` test file + JDK-8325659: Normalize Random usage by incubator vector tests + JDK-8325937: runtime/handshake/HandshakeDirectTest.java causes "monitor end should be strictly below the frame pointer" assertion failure on AArch64 + JDK-8326421: Add jtreg test for large arrayCopy disjoint case. + JDK-8326525: com/sun/tools/attach/BasicTests.java does not verify AgentLoadException case + JDK-8327098: GTest needs larger combination limit + JDK-8327390: JitTester: Implement temporary folder functionality + JDK-8327460: Compile tests with the same visibility rules as product code + JDK-8327476: Upgrade JLine to 3.26.1 + JDK-8327505: Test com/sun/jmx/remote/ /NotificationMarshalVersions/TestSerializationMismatch.java fails + JDK-8327857: Remove applet usage from JColorChooser tests Test4222508 + JDK-8327859: Remove applet usage from JColorChooser tests Test4319113 + JDK-8327986: ASAN reports use-after-free in DirectivesParserTest.empty_object_vm + JDK-8327994: Update code gen in CallGeneratorHelper + JDK-8328005: Convert java/awt/im/JTextFieldTest.java applet test to main + JDK-8328085: C2: Use after free in PhaseChaitin::Register_Allocate() + JDK-8328121: Remove applet usage from JColorChooser tests Test4759306 + JDK-8328130: Remove applet usage from JColorChooser tests Test4759934 + JDK-8328185: Convert java/awt/image/MemoryLeakTest/ /MemoryLeakTest.java applet test to main + JDK-8328227: Remove applet usage from JColorChooser tests Test4887836 + JDK-8328368: Convert java/awt/image/multiresolution/ /MultiDisplayTest/MultiDisplayTest.java applet test to main + JDK-8328370: Convert java/awt/print/Dialog/PrintApplet.java applet test to main + JDK-8328380: Remove applet usage from JColorChooser tests Test6348456 + JDK-8328387: Convert java/awt/Frame/FrameStateTest/ /FrameStateTest.html applet test to main + JDK-8328403: Remove applet usage from JColorChooser tests Test6977726 + JDK-8328553: Get rid of JApplet in test/jdk/sanity/client/lib/ /SwingSet2/src/DemoModule.java + JDK-8328558: Convert javax/swing/JCheckBox/8032667/ /bug8032667.java applet test to main + JDK-8328717: Convert javax/swing/JColorChooser/8065098/ /bug8065098.java applet test to main + JDK-8328719: Convert java/awt/print/PageFormat/SetOrient.html applet test to main + JDK-8328730: Convert java/awt/print/bug8023392/bug8023392.html applet test to main + JDK-8328753: Open source few Undecorated Frame tests + JDK-8328819: Remove applet usage from JFileChooser tests bug6698013 + JDK-8328827: Convert java/awt/print/PrinterJob/ /PrinterDialogsModalityTest/PrinterDialogsModalityTest.html applet test to main + JDK-8329210: Delete Redundant Printer Dialog Modality Test + JDK-8329320: Simplify awt/print/PageFormat/NullPaper.java test + JDK-8329322: Convert PageFormat/Orient.java to use PassFailJFrame + JDK-8329692: Add more details to FrameStateTest.java test instructions + JDK-8330647: Two CDS tests fail with -UseCompressedOops and UseSerialGC/UseParallelGC + JDK-8330702: Update failure handler to don't generate Error message if cores actions are empty + JDK-8331735: UpcallLinker::on_exit races with GC when copying frame anchor + JDK-8331959: Update PKCS#11 Cryptographic Token Interface to v3.1 + JDK-8331977: Crash: SIGSEGV in dlerror() + JDK-8331993: Add counting leading/trailing zero tests for Integer + JDK-8332158: [XWayland] test/jdk/java/awt/Mouse/ /EnterExitEvents/ResizingFrameTest.java + JDK-8332494: java/util/zip/EntryCount64k.java failing with java.lang.RuntimeException: '\\A\\Z' missing from stderr + JDK-8332917: failure_handler should execute gdb "info threads" command on linux + JDK-8333116: test/jdk/tools/jpackage/share/ServiceTest.java test fails + JDK-8333360: PrintNullString.java doesn't use float arguments + JDK-8333391: Test com/sun/jdi/InterruptHangTest.java failed: Thread was never interrupted during sleep + JDK-8333403: Write a test to check various components events are triggered properly + JDK-8333647: C2 SuperWord: some additional PopulateIndex tests + JDK-8334305: Remove all code for nsk.share.Log verbose mode + JDK-8334371: [AIX] Beginning with AIX 7.3 TL1 mmap() supports 64K memory pages + JDK-8334490: Normalize string with locale invariant `toLowerCase()` + JDK-8334777: Test javax/management/remote/mandatory/notif/ /NotifReconnectDeadlockTest.java failed with NullPointerException + JDK-8335288: SunPKCS11 initialization will call C_GetMechanismInfo on unsupported mechanisms + JDK-8335468: [XWayland] JavaFX hangs when calling java.awt.Robot.getPixelColor + JDK-8335789: [TESTBUG] XparColor.java test fails with Error. Parse Exception: Invalid or unrecognized bugid: @ + JDK-8336012: Fix usages of jtreg-reserved properties + JDK-8336498: [macos] [build]: install-file macro may run into permission denied error + JDK-8336692: Redo fix for JDK-8284620 + JDK-8336942: Improve test coverage for class loading elements with annotations of different retentions + JDK-8337222: gc/TestDisableExplicitGC.java fails due to unexpected CodeCache GC + JDK-8337494: Clarify JarInputStream behavior + JDK-8337660: C2: basic blocks with only BoxLock nodes are wrongly treated as empty + JDK-8337692: Better TLS connection support + JDK-8337886: java/awt/Frame/MaximizeUndecoratedTest.java fails in OEL due to a slight color difference + JDK-8337951: Test sun/security/validator/samedn.sh CertificateNotYetValidException: NotBefore validation + JDK-8337994: [REDO] Native memory leak when not recording any events + JDK-8338100: C2: assert(!n_loop->is_member(get_loop(lca))) failed: control must not be back in the loop + JDK-8338303: Linux ppc64le with toolchain clang - detection failure in early JVM startup + JDK-8338426: Test java/nio/channels/Selector/WakeupNow.java failed + JDK-8338430: Improve compiler transformations + JDK-8338571: [TestBug] DefaultCloseOperation.java test not working as expected wrt instruction after JDK-8325851 fix + JDK-8338595: Add more linesize for MIME decoder in macro bench test Base64Decode + JDK-8338668: Test javax/swing/JFileChooser/8080628/ /bug8080628.java doesn't test for GTK L&F + JDK-8339154: Cleanups and JUnit conversion of test/jdk/java/util/zip/Available.java + JDK-8339261: Logs truncated in test javax/net/ssl/DTLS/DTLSRehandshakeTest.java + JDK-8339356: Test javax/net/ssl/SSLSocket/Tls13PacketSize.java failed with java.net.SocketException: An established connection was aborted by the software in your host machine + JDK-8339475: Clean up return code handling for pthread calls in library coding + JDK-8339524: Clean up a few ExtendedRobot tests + JDK-8339542: compiler/codecache/CheckSegmentedCodeCache.java fails + JDK-8339687: Rearrange reachabilityFence()s in jdk.test.lib.util.ForceGC + JDK-8339728: [Accessibility,Windows,JAWS] Bug in the getKeyChar method of the AccessBridge class + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339834: Replace usages of -mx and -ms in some tests + JDK-8339883: Open source several AWT/2D related tests + JDK-8339902: Open source couple TextField related tests + JDK-8339943: Frame not disposed in java/awt/dnd/DropActionChangeTest.java + JDK-8340078: Open source several 2D tests + JDK-8340116: test/jdk/sun/security/tools/jarsigner/ /PreserveRawManifestEntryAndDigest.java can fail due to regex + JDK-8340313: Crash due to invalid oop in nmethod after C1 patching + JDK-8340411: open source several 2D imaging tests + JDK-8340480: Bad copyright notices in changes from JDK-8339902 + JDK-8340687: Open source closed frame tests #1 + JDK-8340719: Open source AWT List tests + JDK-8340824: C2: Memory for TypeInterfaces not reclaimed by hashcons() + JDK-8340969: jdk/jfr/startupargs/TestStartDuration.java should be marked as flagless + JDK-8341037: Use standard layouts in DefaultFrameIconTest.java and MenuCrash.java + JDK-8341111: open source several AWT tests including menu shortcut tests + JDK-8341135: Incorrect format string after JDK-8339475 + JDK-8341194: [REDO] Implement C2 VectorizedHashCode on AArch64 + JDK-8341316: [macos] javax/swing/ProgressMonitor/ /ProgressMonitorEscapeKeyPress.java fails sometimes in macos + JDK-8341412: Various test failures after JDK-8334305 + JDK-8341424: GHA: Collect hs_errs from build time failures + JDK-8341453: java/awt/a11y/AccessibleJTableTest.java fails in some cases where the test tables are not visible + JDK-8341715: PPC64: ObjectMonitor::_owner should be reset unconditionally in nmethod unlocking + JDK-8341820: Check return value of hcreate_r + JDK-8341862: PPC64: C1 unwind_handler fails to unlock synchronized methods with LM_MONITOR + JDK-8341881: [REDO] java/nio/file/attribute/ /BasicFileAttributeView/CreationTime.java#tmp fails on alinux3 + JDK-8341978: Improve JButton/bug4490179.java + JDK-8341982: Simplify JButton/bug4323121.java + JDK-8342098: Write a test to compare the images + JDK-8342145: File libCreationTimeHelper.c compile fails on Alpine + JDK-8342270: Test sun/security/pkcs11/Provider/ /RequiredMechCheck.java needs write access to src tree + JDK-8342498: Add test for Allocation elimination after use as alignment reference by SuperWord + JDK-8342508: Use latch in BasicMenuUI/bug4983388.java instead of delay + JDK-8342541: Exclude List/KeyEventsTest/KeyEventsTest.java from running on macOS + JDK-8342562: Enhance Deflater operations + JDK-8342602: Remove JButton/PressedButtonRightClickTest test + JDK-8342609: jpackage test helper function incorrectly removes a directory instead of its contents only + JDK-8342634: javax/imageio/plugins/wbmp/ /WBMPStreamTruncateTest.java creates temp file in src dir + JDK-8342635: javax/swing/JFileChooser/FileSystemView/ /WindowsDefaultIconSizeTest.java creates tmp file in src dir + JDK-8342704: GHA: Report truncation is broken after JDK-8341424 + JDK-8342811: java/net/httpclient/PlainProxyConnectionTest.java failed: Unexpected connection count: 5 + JDK-8342858: Make target mac-jdk-bundle fails on chmod command + JDK-8342988: GHA: Build JTReg in single step + JDK-8343007: Enhance Buffered Image handling + JDK-8343100: Consolidate EmptyFolderTest and EmptyFolderPackageTest jpackage tests into single java file + JDK-8343101: Rework BasicTest.testTemp test cases + JDK-8343102: Remove `--compress` from jlink command lines from jpackage tests + JDK-8343118: [TESTBUG] java/awt/PrintJob/PrintCheckboxTest/ /PrintCheckboxManualTest.java fails with Error. Can't find HTML file PrintCheckboxManualTest.html + JDK-8343128: PassFailJFrame.java test result: Error. Bad action for script: build} + JDK-8343129: Disable unstable check of ThreadsListHandle.sanity_vm ThreadList values + JDK-8343144: UpcallLinker::on_entry racingly clears pending exception with GC safepoints + JDK-8343149: Cleanup os::print_tos_pc on AIX + JDK-8343178: Test BasicTest.java javac compile fails cannot find symbol + JDK-8343205: CompileBroker::possibly_add_compiler_threads excessively polls available memory + JDK-8343314: Move common properties from jpackage jtreg test declarations to TEST.properties file + JDK-8343343: Misc crash dump improvements on more platforms after JDK-8294160 + JDK-8343378: Exceptions in javax/management DeadLockTest.java do not cause test failure + JDK-8343396: Use OperatingSystem, Architecture, and OSVersion in jpackage tests + JDK-8343491: javax/management/remote/mandatory/connection/ /DeadLockTest.java failing with NoSuchObjectException: no such object in table + JDK-8343599: Kmem limit and max values swapped when printing container information + JDK-8343882: BasicAnnoTests doesn't handle multiple annotations at the same position + JDK-8344275: tools/jpackage/windows/Win8301247Test.java fails on localized Windows platform + JDK-8344326: Move jpackage tests from "jdk.jpackage.tests" package to the default package + JDK-8344581: [TESTBUG] java/awt/Robot/ /ScreenCaptureRobotTest.java failing on macOS + JDK-8344589: Update IANA Language Subtag Registry to Version 2024-11-19 + JDK-8344646: The libjsig deprecation warning should go to stderr not stdout + JDK-8345296: AArch64: VM crashes with SIGILL when prctl is disallowed + JDK-8345368: java/io/File/createTempFile/SpecialTempFile.java fails on Windows Server 2025 + JDK-8345370: Bump update version for OpenJDK: jdk-21.0.7 + JDK-8345375: Improve debuggability of test/jdk/java/net/Socket/CloseAvailable.java + JDK-8345414: Google CAInterop test failures + JDK-8345468: test/jdk/javax/swing/JScrollBar/4865918/ /bug4865918.java fails in ubuntu22.04 + JDK-8345569: [ubsan] adjustments to filemap.cpp and virtualspace.cpp for macOS aarch64 + JDK-8345614: Improve AnnotationFormatError message for duplicate annotation interfaces + JDK-8345676: [ubsan] ProcessImpl_md.c:561:40: runtime error: applying zero offset to null pointer on macOS aarch64 + JDK-8345684: OperatingSystemMXBean.getSystemCpuLoad() throws NPE + JDK-8345750: Shenandoah: Test TestJcmdHeapDump.java#aggressive intermittent assert(gc_cause() == GCCause::_no_gc) failed: Over-writing cause + JDK-8346055: javax/swing/text/StyledEditorKit/4506788/ /bug4506788.java fails in ubuntu22.04 + JDK-8346108: [21u][BACKOUT] 8337994: [REDO] Native memory leak when not recording any events + JDK-8346324: javax/swing/JScrollBar/4865918/bug4865918.java fails in CI + JDK-8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs + JDK-8346671: java/nio/file/Files/probeContentType/Basic.java fails on Windows 2025 + JDK-8346713: [testsuite] NeverActAsServerClassMachine breaks TestPLABAdaptToMinTLABSize.java TestPinnedHumongousFragmentation.java TestPinnedObjectContents.java + JDK-8346828: javax/swing/JScrollBar/4865918/bug4865918.java still fails in CI + JDK-8346847: [s390x] minimal build failure + JDK-8346880: [aix] java/lang/ProcessHandle/InfoTest.java still fails: "reported cputime less than expected" + JDK-8346881: [ubsan] logSelection.cpp:154:24 / logSelectionList.cpp:72:94 : runtime error: applying non-zero offset 1 to null pointer + JDK-8346887: DrawFocusRect() may cause an assertion failure + JDK-8346972: Test java/nio/channels/FileChannel/ /LoopingTruncate.java fails sometimes with IOException: There is not enough space on the disk + JDK-8347038: [JMH] jdk.incubator.vector.SpiltReplicate fails NoClassDefFoundError + JDK-8347129: cpuset cgroups controller is required for no good reason + JDK-8347171: (dc) java/nio/channels/DatagramChannel/ /InterruptibleOrNot.java fails with virtual thread factory + JDK-8347256: Epsilon: Demote heap size and AlwaysPreTouch warnings to info level + JDK-8347267: [macOS]: UnixOperatingSystem.c:67:40: runtime error: division by zero + JDK-8347268: [ubsan] logOutput.cpp:357:21: runtime error: applying non-zero offset 1 to null pointer + JDK-8347424: Fix and rewrite sun/security/x509/DNSName/LeadingPeriod.java test + JDK-8347427: JTabbedPane/8134116/Bug8134116.java has no license header + JDK-8347576: Error output in libjsound has non matching format strings + JDK-8347740: java/io/File/createTempFile/SpecialTempFile.java failing + JDK-8347847: Enhance jar file support + JDK-8347911: Limit the length of inflated text chunks + JDK-8347965: (tz) Update Timezone Data to 2025a + JDK-8348562: ZGC: segmentation fault due to missing node type check in barrier elision analysis + JDK-8348625: [21u, 17u] Revert JDK-8185862 to restore old java.awt.headless behavior on Windows + JDK-8348675: TrayIcon tests fail in Ubuntu 24.10 Wayland + JDK-8349039: Adjust exception No type named <ThreadType> in database + JDK-8349603: [21u, 17u, 11u] Update GHA JDKs after Jan/25 updates + JDK-8349729: [21u] AIX jtreg tests fail to compile with qvisibility=hidden + JDK-8352097: (tz) zone.tab update missed in 2025a backport + JDK-8353904: [21u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.7 * Update to upstream tag jdk-21.0.6+7 (January 2025 CPU) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1429=1 SUSE-2025-1429=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1429=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * java-21-openjdk-debugsource-21.0.7.0-150600.3.12.1 * java-21-openjdk-headless-debuginfo-21.0.7.0-150600.3.12.1 * java-21-openjdk-demo-21.0.7.0-150600.3.12.1 * java-21-openjdk-21.0.7.0-150600.3.12.1 * java-21-openjdk-headless-21.0.7.0-150600.3.12.1 * java-21-openjdk-src-21.0.7.0-150600.3.12.1 * java-21-openjdk-devel-21.0.7.0-150600.3.12.1 * java-21-openjdk-jmods-21.0.7.0-150600.3.12.1 * java-21-openjdk-debuginfo-21.0.7.0-150600.3.12.1 * java-21-openjdk-devel-debuginfo-21.0.7.0-150600.3.12.1 * openSUSE Leap 15.6 (noarch) * java-21-openjdk-javadoc-21.0.7.0-150600.3.12.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * java-21-openjdk-debugsource-21.0.7.0-150600.3.12.1 * java-21-openjdk-headless-debuginfo-21.0.7.0-150600.3.12.1 * java-21-openjdk-demo-21.0.7.0-150600.3.12.1 * java-21-openjdk-21.0.7.0-150600.3.12.1 * java-21-openjdk-headless-21.0.7.0-150600.3.12.1 * java-21-openjdk-devel-21.0.7.0-150600.3.12.1 * java-21-openjdk-debuginfo-21.0.7.0-150600.3.12.1 * java-21-openjdk-devel-debuginfo-21.0.7.0-150600.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21587.html * https://www.suse.com/security/cve/CVE-2025-30691.html * https://www.suse.com/security/cve/CVE-2025-30698.html * https://bugzilla.suse.com/show_bug.cgi?id=1241274 * https://bugzilla.suse.com/show_bug.cgi?id=1241275 * https://bugzilla.suse.com/show_bug.cgi?id=1241276 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 2 16:30:06 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 02 May 2025 16:30:06 -0000 Subject: SUSE-SU-2025:1440-1: moderate: Security update for libxml2 Message-ID: <174620340637.26033.9556987951413636133@smelt2.prg2.suse.org> # Security update for libxml2 Announcement ID: SUSE-SU-2025:1440-1 Release Date: 2025-05-02T13:44:52Z Rating: moderate References: * bsc#1241453 * bsc#1241551 Cross-References: * CVE-2025-32414 * CVE-2025-32415 CVSS scores: * CVE-2025-32414 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2025-32414 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-32414 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32414 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-32415 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-32415 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-32415 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) * CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1440=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libxml2-tools-debuginfo-2.9.4-46.84.1 * libxml2-2-debuginfo-2.9.4-46.84.1 * libxml2-devel-2.9.4-46.84.1 * libxml2-tools-2.9.4-46.84.1 * libxml2-2-debuginfo-32bit-2.9.4-46.84.1 * python-libxml2-debuginfo-2.9.4-46.84.1 * libxml2-2-32bit-2.9.4-46.84.1 * python-libxml2-2.9.4-46.84.1 * libxml2-debugsource-2.9.4-46.84.1 * libxml2-2-2.9.4-46.84.1 * python-libxml2-debugsource-2.9.4-46.84.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * libxml2-doc-2.9.4-46.84.1 ## References: * https://www.suse.com/security/cve/CVE-2025-32414.html * https://www.suse.com/security/cve/CVE-2025-32415.html * https://bugzilla.suse.com/show_bug.cgi?id=1241453 * https://bugzilla.suse.com/show_bug.cgi?id=1241551 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 2 16:30:09 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 02 May 2025 16:30:09 -0000 Subject: SUSE-SU-2025:1439-1: moderate: Security update for libxml2 Message-ID: <174620340930.26033.12263227058896026573@smelt2.prg2.suse.org> # Security update for libxml2 Announcement ID: SUSE-SU-2025:1439-1 Release Date: 2025-05-02T13:44:43Z Rating: moderate References: * bsc#1241453 * bsc#1241551 Cross-References: * CVE-2025-32414 * CVE-2025-32415 CVSS scores: * CVE-2025-32414 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2025-32414 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-32414 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32414 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-32415 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-32415 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-32415 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) * CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1439=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-1439=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1439=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1439=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python-libxml2-python-debugsource-2.9.7-150000.3.79.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.79.1 * python3-libxml2-python-2.9.7-150000.3.79.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libxml2-tools-debuginfo-2.9.7-150000.3.79.1 * libxml2-2-2.9.7-150000.3.79.1 * libxml2-debugsource-2.9.7-150000.3.79.1 * libxml2-tools-2.9.7-150000.3.79.1 * libxml2-2-debuginfo-2.9.7-150000.3.79.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python3-libxml2-python-debuginfo-2.9.7-150000.3.79.1 * libxml2-tools-debuginfo-2.9.7-150000.3.79.1 * libxml2-2-2.9.7-150000.3.79.1 * libxml2-debugsource-2.9.7-150000.3.79.1 * python3-libxml2-python-2.9.7-150000.3.79.1 * python-libxml2-python-debugsource-2.9.7-150000.3.79.1 * libxml2-tools-2.9.7-150000.3.79.1 * libxml2-2-debuginfo-2.9.7-150000.3.79.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python3-libxml2-python-debuginfo-2.9.7-150000.3.79.1 * libxml2-tools-debuginfo-2.9.7-150000.3.79.1 * libxml2-2-2.9.7-150000.3.79.1 * libxml2-debugsource-2.9.7-150000.3.79.1 * python3-libxml2-python-2.9.7-150000.3.79.1 * python-libxml2-python-debugsource-2.9.7-150000.3.79.1 * libxml2-tools-2.9.7-150000.3.79.1 * libxml2-2-debuginfo-2.9.7-150000.3.79.1 ## References: * https://www.suse.com/security/cve/CVE-2025-32414.html * https://www.suse.com/security/cve/CVE-2025-32415.html * https://bugzilla.suse.com/show_bug.cgi?id=1241453 * https://bugzilla.suse.com/show_bug.cgi?id=1241551 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 2 16:30:12 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 02 May 2025 16:30:12 -0000 Subject: SUSE-SU-2025:1438-1: moderate: Security update for libxml2 Message-ID: <174620341238.26033.16698458716509854591@smelt2.prg2.suse.org> # Security update for libxml2 Announcement ID: SUSE-SU-2025:1438-1 Release Date: 2025-05-02T13:44:22Z Rating: moderate References: * bsc#1241453 * bsc#1241551 Cross-References: * CVE-2025-32414 * CVE-2025-32415 CVSS scores: * CVE-2025-32414 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2025-32414 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-32414 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32414 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-32415 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-32415 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-32415 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) * CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-1438=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1438=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-1438=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1438=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-1438=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libxml2-python-debugsource-2.10.3-150500.5.26.1 * libxml2-2-2.10.3-150500.5.26.1 * libxml2-devel-2.10.3-150500.5.26.1 * python311-libxml2-2.10.3-150500.5.26.1 * libxml2-2-debuginfo-2.10.3-150500.5.26.1 * python3-libxml2-2.10.3-150500.5.26.1 * libxml2-tools-debuginfo-2.10.3-150500.5.26.1 * python311-libxml2-debuginfo-2.10.3-150500.5.26.1 * libxml2-tools-2.10.3-150500.5.26.1 * python3-libxml2-debuginfo-2.10.3-150500.5.26.1 * libxml2-debugsource-2.10.3-150500.5.26.1 * openSUSE Leap 15.5 (x86_64) * libxml2-2-32bit-2.10.3-150500.5.26.1 * libxml2-2-32bit-debuginfo-2.10.3-150500.5.26.1 * libxml2-devel-32bit-2.10.3-150500.5.26.1 * openSUSE Leap 15.5 (noarch) * libxml2-doc-2.10.3-150500.5.26.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libxml2-devel-64bit-2.10.3-150500.5.26.1 * libxml2-2-64bit-2.10.3-150500.5.26.1 * libxml2-2-64bit-debuginfo-2.10.3-150500.5.26.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libxml2-python-debugsource-2.10.3-150500.5.26.1 * libxml2-2-2.10.3-150500.5.26.1 * libxml2-devel-2.10.3-150500.5.26.1 * python311-libxml2-2.10.3-150500.5.26.1 * libxml2-2-debuginfo-2.10.3-150500.5.26.1 * python3-libxml2-2.10.3-150500.5.26.1 * libxml2-tools-debuginfo-2.10.3-150500.5.26.1 * python311-libxml2-debuginfo-2.10.3-150500.5.26.1 * libxml2-tools-2.10.3-150500.5.26.1 * python3-libxml2-debuginfo-2.10.3-150500.5.26.1 * libxml2-debugsource-2.10.3-150500.5.26.1 * openSUSE Leap 15.6 (x86_64) * libxml2-2-32bit-2.10.3-150500.5.26.1 * libxml2-2-32bit-debuginfo-2.10.3-150500.5.26.1 * libxml2-devel-32bit-2.10.3-150500.5.26.1 * openSUSE Leap 15.6 (noarch) * libxml2-doc-2.10.3-150500.5.26.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libxml2-python-debugsource-2.10.3-150500.5.26.1 * libxml2-2-2.10.3-150500.5.26.1 * libxml2-2-debuginfo-2.10.3-150500.5.26.1 * python3-libxml2-2.10.3-150500.5.26.1 * libxml2-tools-debuginfo-2.10.3-150500.5.26.1 * libxml2-tools-2.10.3-150500.5.26.1 * python3-libxml2-debuginfo-2.10.3-150500.5.26.1 * libxml2-debugsource-2.10.3-150500.5.26.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libxml2-python-debugsource-2.10.3-150500.5.26.1 * libxml2-2-2.10.3-150500.5.26.1 * libxml2-devel-2.10.3-150500.5.26.1 * libxml2-2-debuginfo-2.10.3-150500.5.26.1 * python3-libxml2-2.10.3-150500.5.26.1 * libxml2-tools-debuginfo-2.10.3-150500.5.26.1 * libxml2-tools-2.10.3-150500.5.26.1 * python3-libxml2-debuginfo-2.10.3-150500.5.26.1 * libxml2-debugsource-2.10.3-150500.5.26.1 * Basesystem Module 15-SP6 (x86_64) * libxml2-2-32bit-2.10.3-150500.5.26.1 * libxml2-2-32bit-debuginfo-2.10.3-150500.5.26.1 * Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64) * python311-libxml2-debuginfo-2.10.3-150500.5.26.1 * libxml2-python-debugsource-2.10.3-150500.5.26.1 * python311-libxml2-2.10.3-150500.5.26.1 ## References: * https://www.suse.com/security/cve/CVE-2025-32414.html * https://www.suse.com/security/cve/CVE-2025-32415.html * https://bugzilla.suse.com/show_bug.cgi?id=1241453 * https://bugzilla.suse.com/show_bug.cgi?id=1241551 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 2 16:30:18 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 02 May 2025 16:30:18 -0000 Subject: SUSE-SU-2025:1436-1: important: Security update for MozillaFirefox Message-ID: <174620341894.26033.17595176658568190511@smelt2.prg2.suse.org> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2025:1436-1 Release Date: 2025-05-02T13:15:07Z Rating: important References: * bsc#1241621 Cross-References: * CVE-2025-2817 * CVE-2025-4082 * CVE-2025-4083 * CVE-2025-4084 * CVE-2025-4087 * CVE-2025-4091 * CVE-2025-4093 CVSS scores: * CVE-2025-2817 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-2817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-2817 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-4082 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-4082 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-4083 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-4083 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-4083 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-4084 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-4084 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-4087 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-4087 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-4087 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-4091 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-4091 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-4091 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-4093 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-4093 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-4093 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Desktop Applications Module 15-SP6 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves seven vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Firefox Extended Support Release 128.10.0 ESR MFSA 2025-29 (bsc#1241621): * CVE-2025-2817: Potential privilege escalation in Firefox Updater * CVE-2025-4082: WebGL shader attribute memory corruption in Firefox for macOS * CVE-2025-4083: Process isolation bypass using `javascript:` URI links in cross-origin frames * CVE-2025-4084: Potential local code execution in "copy as cURL" command * CVE-2025-4087: Unsafe attribute access during XPath parsing * CVE-2025-4091: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10 * CVE-2025-4093: Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1436=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-1436=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1436=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1436=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1436=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1436=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1436=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1436=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1436=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1436=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1436=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1436=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1436=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-1436=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-128.10.0-150200.152.179.1 * MozillaFirefox-branding-upstream-128.10.0-150200.152.179.1 * MozillaFirefox-translations-other-128.10.0-150200.152.179.1 * MozillaFirefox-translations-common-128.10.0-150200.152.179.1 * MozillaFirefox-128.10.0-150200.152.179.1 * MozillaFirefox-debugsource-128.10.0-150200.152.179.1 * openSUSE Leap 15.6 (noarch) * MozillaFirefox-devel-128.10.0-150200.152.179.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-128.10.0-150200.152.179.1 * MozillaFirefox-translations-other-128.10.0-150200.152.179.1 * MozillaFirefox-translations-common-128.10.0-150200.152.179.1 * MozillaFirefox-128.10.0-150200.152.179.1 * MozillaFirefox-debugsource-128.10.0-150200.152.179.1 * Desktop Applications Module 15-SP6 (noarch) * MozillaFirefox-devel-128.10.0-150200.152.179.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-debuginfo-128.10.0-150200.152.179.1 * MozillaFirefox-translations-other-128.10.0-150200.152.179.1 * MozillaFirefox-translations-common-128.10.0-150200.152.179.1 * MozillaFirefox-128.10.0-150200.152.179.1 * MozillaFirefox-debugsource-128.10.0-150200.152.179.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * MozillaFirefox-devel-128.10.0-150200.152.179.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * MozillaFirefox-debuginfo-128.10.0-150200.152.179.1 * MozillaFirefox-translations-other-128.10.0-150200.152.179.1 * MozillaFirefox-translations-common-128.10.0-150200.152.179.1 * MozillaFirefox-128.10.0-150200.152.179.1 * MozillaFirefox-debugsource-128.10.0-150200.152.179.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * MozillaFirefox-devel-128.10.0-150200.152.179.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * MozillaFirefox-debuginfo-128.10.0-150200.152.179.1 * MozillaFirefox-translations-other-128.10.0-150200.152.179.1 * MozillaFirefox-translations-common-128.10.0-150200.152.179.1 * MozillaFirefox-128.10.0-150200.152.179.1 * MozillaFirefox-debugsource-128.10.0-150200.152.179.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * MozillaFirefox-devel-128.10.0-150200.152.179.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * MozillaFirefox-debuginfo-128.10.0-150200.152.179.1 * MozillaFirefox-translations-other-128.10.0-150200.152.179.1 * MozillaFirefox-translations-common-128.10.0-150200.152.179.1 * MozillaFirefox-128.10.0-150200.152.179.1 * MozillaFirefox-debugsource-128.10.0-150200.152.179.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * MozillaFirefox-devel-128.10.0-150200.152.179.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * MozillaFirefox-debuginfo-128.10.0-150200.152.179.1 * MozillaFirefox-translations-other-128.10.0-150200.152.179.1 * MozillaFirefox-translations-common-128.10.0-150200.152.179.1 * MozillaFirefox-128.10.0-150200.152.179.1 * MozillaFirefox-debugsource-128.10.0-150200.152.179.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * MozillaFirefox-devel-128.10.0-150200.152.179.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-128.10.0-150200.152.179.1 * MozillaFirefox-translations-other-128.10.0-150200.152.179.1 * MozillaFirefox-translations-common-128.10.0-150200.152.179.1 * MozillaFirefox-128.10.0-150200.152.179.1 * MozillaFirefox-debugsource-128.10.0-150200.152.179.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * MozillaFirefox-devel-128.10.0-150200.152.179.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-128.10.0-150200.152.179.1 * MozillaFirefox-translations-other-128.10.0-150200.152.179.1 * MozillaFirefox-translations-common-128.10.0-150200.152.179.1 * MozillaFirefox-128.10.0-150200.152.179.1 * MozillaFirefox-debugsource-128.10.0-150200.152.179.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * MozillaFirefox-devel-128.10.0-150200.152.179.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-128.10.0-150200.152.179.1 * MozillaFirefox-translations-other-128.10.0-150200.152.179.1 * MozillaFirefox-translations-common-128.10.0-150200.152.179.1 * MozillaFirefox-128.10.0-150200.152.179.1 * MozillaFirefox-debugsource-128.10.0-150200.152.179.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * MozillaFirefox-devel-128.10.0-150200.152.179.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-debuginfo-128.10.0-150200.152.179.1 * MozillaFirefox-translations-other-128.10.0-150200.152.179.1 * MozillaFirefox-translations-common-128.10.0-150200.152.179.1 * MozillaFirefox-128.10.0-150200.152.179.1 * MozillaFirefox-debugsource-128.10.0-150200.152.179.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * MozillaFirefox-devel-128.10.0-150200.152.179.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * MozillaFirefox-debuginfo-128.10.0-150200.152.179.1 * MozillaFirefox-translations-other-128.10.0-150200.152.179.1 * MozillaFirefox-translations-common-128.10.0-150200.152.179.1 * MozillaFirefox-128.10.0-150200.152.179.1 * MozillaFirefox-debugsource-128.10.0-150200.152.179.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * MozillaFirefox-devel-128.10.0-150200.152.179.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * MozillaFirefox-debuginfo-128.10.0-150200.152.179.1 * MozillaFirefox-translations-other-128.10.0-150200.152.179.1 * MozillaFirefox-translations-common-128.10.0-150200.152.179.1 * MozillaFirefox-128.10.0-150200.152.179.1 * MozillaFirefox-debugsource-128.10.0-150200.152.179.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * MozillaFirefox-devel-128.10.0-150200.152.179.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-debuginfo-128.10.0-150200.152.179.1 * MozillaFirefox-translations-other-128.10.0-150200.152.179.1 * MozillaFirefox-translations-common-128.10.0-150200.152.179.1 * MozillaFirefox-128.10.0-150200.152.179.1 * MozillaFirefox-debugsource-128.10.0-150200.152.179.1 * SUSE Enterprise Storage 7.1 (noarch) * MozillaFirefox-devel-128.10.0-150200.152.179.1 ## References: * https://www.suse.com/security/cve/CVE-2025-2817.html * https://www.suse.com/security/cve/CVE-2025-4082.html * https://www.suse.com/security/cve/CVE-2025-4083.html * https://www.suse.com/security/cve/CVE-2025-4084.html * https://www.suse.com/security/cve/CVE-2025-4087.html * https://www.suse.com/security/cve/CVE-2025-4091.html * https://www.suse.com/security/cve/CVE-2025-4093.html * https://bugzilla.suse.com/show_bug.cgi?id=1241621 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 5 08:30:10 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 May 2025 08:30:10 -0000 Subject: SUSE-SU-2025:1449-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4) Message-ID: <174643381070.32303.11857968068792786030@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4) Announcement ID: SUSE-SU-2025:1449-1 Release Date: 2025-05-05T07:36:00Z Rating: important References: * bsc#1235431 * bsc#1240840 Cross-References: * CVE-2024-56650 * CVE-2024-8805 CVSS scores: * CVE-2024-56650 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-8805 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8805 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8805 ( NVD ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_144 fixes several issues. The following security issues were fixed: * CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (bsc#1240840). * CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235431). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1449=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-1449=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_144-default-5-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_34-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-5-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_144-default-5-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_34-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-5-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-56650.html * https://www.suse.com/security/cve/CVE-2024-8805.html * https://bugzilla.suse.com/show_bug.cgi?id=1235431 * https://bugzilla.suse.com/show_bug.cgi?id=1240840 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 5 08:30:14 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 May 2025 08:30:14 -0000 Subject: SUSE-SU-2025:1444-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP4) Message-ID: <174643381479.32303.5089601425255323441@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP4) Announcement ID: SUSE-SU-2025:1444-1 Release Date: 2025-05-04T13:39:40Z Rating: important References: * bsc#1235431 Cross-References: * CVE-2024-56650 CVSS scores: * CVE-2024-56650 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_147 fixes one issue. The following security issue was fixed: * CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235431). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1444=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-1444=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_35-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_147-default-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_147-default-debuginfo-5-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_35-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_147-default-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_147-default-debuginfo-5-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-56650.html * https://bugzilla.suse.com/show_bug.cgi?id=1235431 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 5 08:30:22 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 May 2025 08:30:22 -0000 Subject: SUSE-SU-2025:1448-1: important: Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3) Message-ID: <174643382278.32303.14987805463372330317@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3) Announcement ID: SUSE-SU-2025:1448-1 Release Date: 2025-05-05T06:37:05Z Rating: important References: * bsc#1227753 * bsc#1233294 * bsc#1235431 * bsc#1240840 Cross-References: * CVE-2023-52885 * CVE-2024-50205 * CVE-2024-56650 * CVE-2024-8805 CVSS scores: * CVE-2023-52885 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52885 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50205 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50205 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-50205 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56650 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-8805 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8805 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8805 ( NVD ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_164 fixes several issues. The following security issues were fixed: * CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (bsc#1240840). * CVE-2023-52885: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (bsc#1227753). * CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233294). * CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235431). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-1448=1 SUSE-2025-1442=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1448=1 SUSE-SLE- Module-Live-Patching-15-SP3-2025-1442=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_164-default-13-150300.2.1 * kernel-livepatch-5_3_18-150300_59_158-default-17-150300.2.1 * kernel-livepatch-5_3_18-150300_59_158-default-debuginfo-17-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_45-debugsource-13-150300.2.1 * kernel-livepatch-5_3_18-150300_59_164-default-debuginfo-13-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_43-debugsource-17-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_164-preempt-13-150300.2.1 * kernel-livepatch-5_3_18-150300_59_158-preempt-17-150300.2.1 * kernel-livepatch-5_3_18-150300_59_164-preempt-debuginfo-13-150300.2.1 * kernel-livepatch-5_3_18-150300_59_158-preempt-debuginfo-17-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_158-default-17-150300.2.1 * kernel-livepatch-5_3_18-150300_59_164-default-13-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52885.html * https://www.suse.com/security/cve/CVE-2024-50205.html * https://www.suse.com/security/cve/CVE-2024-56650.html * https://www.suse.com/security/cve/CVE-2024-8805.html * https://bugzilla.suse.com/show_bug.cgi?id=1227753 * https://bugzilla.suse.com/show_bug.cgi?id=1233294 * https://bugzilla.suse.com/show_bug.cgi?id=1235431 * https://bugzilla.suse.com/show_bug.cgi?id=1240840 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 5 08:30:29 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 May 2025 08:30:29 -0000 Subject: SUSE-SU-2025:1445-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4) Message-ID: <174643382916.32303.1331248270567363782@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4) Announcement ID: SUSE-SU-2025:1445-1 Release Date: 2025-05-04T16:10:06Z Rating: important References: * bsc#1233294 * bsc#1235431 * bsc#1240840 Cross-References: * CVE-2024-50205 * CVE-2024-56650 * CVE-2024-8805 CVSS scores: * CVE-2024-50205 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50205 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-50205 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56650 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-8805 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8805 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8805 ( NVD ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_141 fixes several issues. The following security issues were fixed: * CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (bsc#1240840). * CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233294). * CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235431). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1445=1 SUSE-2025-1441=1 SUSE-2025-1443=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-1445=1 SUSE-SLE- Module-Live-Patching-15-SP4-2025-1441=1 SUSE-SLE-Module-Live- Patching-15-SP4-2025-1443=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_119-default-debuginfo-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_125-default-11-150400.2.1 * kernel-livepatch-5_14_21-150400_24_141-default-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-11-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_26-debugsource-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_119-default-16-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_33-debugsource-6-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_28-debugsource-11-150400.2.1 * kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-6-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_119-default-debuginfo-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_125-default-11-150400.2.1 * kernel-livepatch-5_14_21-150400_24_141-default-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-11-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_26-debugsource-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_119-default-16-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_33-debugsource-6-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_28-debugsource-11-150400.2.1 * kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-6-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-50205.html * https://www.suse.com/security/cve/CVE-2024-56650.html * https://www.suse.com/security/cve/CVE-2024-8805.html * https://bugzilla.suse.com/show_bug.cgi?id=1233294 * https://bugzilla.suse.com/show_bug.cgi?id=1235431 * https://bugzilla.suse.com/show_bug.cgi?id=1240840 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 5 08:30:36 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 May 2025 08:30:36 -0000 Subject: SUSE-SU-2025:1453-1: moderate: Security update for libva Message-ID: <174643383603.32303.15676537286344614124@smelt2.prg2.suse.org> # Security update for libva Announcement ID: SUSE-SU-2025:1453-1 Release Date: 2025-05-05T07:44:16Z Rating: moderate References: * bsc#1202828 * bsc#1217770 * bsc#1224413 * jsc#PED-11066 Cross-References: * CVE-2023-39929 CVSS scores: * CVE-2023-39929 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability, contains one feature and has two security fixes can now be installed. ## Description: This update for libva fixes the following issues: Update to libva version 2.20.0, which includes security fix for: * CVE-2023-39929: uncontrolled search path may allow an authenticated user to escalate privilege via local access (bsc#1224413, jsc#PED-11066) This includes latest version of one of the components needed for Video (processing) hardware support on Intel GPUs (bsc#1217770) Update to version 2.20.0: * av1: Revise offsets comments for av1 encode * drm: * Limit the array size to avoid out of range * Remove no longer used helpers * jpeg: add support for crop and partial decode * trace: * Add trace for vaExportSurfaceHandle * Unlock mutex before return * Fix minor issue about printf data type and value range * va/backend: * Annotate vafool as deprecated * Document the vaGetDriver* APIs * va/x11/va_fglrx: Remove some dead code * va/x11/va_nvctrl: Remove some dead code * va: * Add new VADecodeErrorType to indicate the reset happended in the driver * Add vendor string on va_TraceInitialize * Added Q416 fourcc (three-plane 16-bit YUV 4:4:4) * Drop no longer applicable vaGetDriverNames check * Fix:don't leak driver names, when override is set * Fix:set driver number to be zero if vaGetDriverNames failed * Optimize code of getting driver name for all protocols/os (wayland,x11,drm,win32,android) * Remove legacy code paths * Remove unreachable "DRIVER BUG" * x11/dri2: limit the array handling to avoid out of range access * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLE env var * Implement vaGetDriverNames * Remove legacy code paths Update to 2.19.0: * add: Add mono_chrome to VAEncSequenceParameterBufferAV1 * add: Enable support for license acquisition of multiple protected playbacks * fix: use secure_getenv instead of getenv * trace: Improve and add VA trace log for AV1 encode * trace: Unify va log message, replace va_TracePrint with va_TraceMsg. Update to version 2.18.0: * doc: Add build and install libva informatio in home page. * fix: * Add libva.def into distribution package * NULL check before calling strncmp. * Remove reference to non-existent symbol * meson: docs: * Add encoder interface for av1 * Use libva_version over project_version() * va: * Add VAProfileH264High10 * Always build with va-messaging API * Fix the codying style of CHECK_DISPLAY * Remove Android pre Jelly Bean workarounds * Remove dummy isValid() hook * Remove unused drm_sarea.h include & ANDROID references in va_dricommon.h * va/sysdeps.h: remove Android section * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var * Use LIBVA_DRI3_DISABLE in GetNumCandidates * Add libva-wayland to baselibs.conf, now that its build have moved to the main part of spec, source validator should no longer complain on SLE. Update to 2.17.0: * win: Simplify signature for driver name loading * win: Rewrite driver registry query and fix some bugs/leaks/inefficiencies * win: Add missing null check after calloc * va: Update security disclaimer * dep:remove the file .cvsignore * pkgconfig: add 'with-legacy' for emgd, nvctrl and fglrx * meson: add 'with-legacy' for emgd, nvctrl and fglrx * x11: move all FGLRX code to va_fglrx.c * x11: move all NVCTRL code to va_nvctrl.c * meson: stop using deprecated meson.source_root() * meson: stop using configure_file copy=true * va: correctly include the win32 (local) headers * win: clean-up the coding style * va: dos2unix all the files * drm: remove unnecessary dri2 version/extension query * trace: annotate internal functions with DLL_HIDDEN * build/sysdeps: Remove HAVE_GNUC_VISIBILITY_ATTRIBUTE and use _GNUC_ support level attribute instead * meson: Check support for -Wl,-version-script and build link_args accordingly * meson: Set va_win32 soversion to '' and remove the install_data rename * fix: resouce check null * va_trace: Add Win32 memory types in va_TraceSurfaceAttributes * va_trace: va_TraceSurfaceAttributes should check the VASurfaceAttribMemoryType * va: Adds Win32 Node and Windows build support * va: Adds compat_win32 abstraction for Windows build and prepares va common code for windows build * pkgconfig: Add Win32 package for when WITH_WIN32 is enabled * meson: Add with_win32 option, makes libdrm non-mandatory on Win * x11: add basic DRI3 support * drm: remove VA_DRM_IsRenderNodeFd() helper * drm: add radeon drm + radeonsi mesa combo ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-1453=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1453=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1453=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1453=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1453=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libva-x11-2-debuginfo-2.20.0-150500.3.5.1 * libva-devel-2.20.0-150500.3.5.1 * libva-debugsource-2.20.0-150500.3.5.1 * libva2-2.20.0-150500.3.5.1 * libva-gl-debugsource-2.20.0-150500.3.5.1 * libva-glx2-debuginfo-2.20.0-150500.3.5.1 * libva2-debuginfo-2.20.0-150500.3.5.1 * libva-wayland2-debuginfo-2.20.0-150500.3.5.1 * libva-glx2-2.20.0-150500.3.5.1 * libva-drm2-2.20.0-150500.3.5.1 * libva-gl-devel-2.20.0-150500.3.5.1 * libva-wayland2-2.20.0-150500.3.5.1 * libva-x11-2-2.20.0-150500.3.5.1 * libva-drm2-debuginfo-2.20.0-150500.3.5.1 * openSUSE Leap 15.5 (x86_64) * libva-x11-2-32bit-debuginfo-2.20.0-150500.3.5.1 * libva2-32bit-debuginfo-2.20.0-150500.3.5.1 * libva-wayland2-32bit-debuginfo-2.20.0-150500.3.5.1 * libva2-32bit-2.20.0-150500.3.5.1 * libva-wayland2-32bit-2.20.0-150500.3.5.1 * libva-devel-32bit-2.20.0-150500.3.5.1 * libva-drm2-32bit-2.20.0-150500.3.5.1 * libva-glx2-32bit-debuginfo-2.20.0-150500.3.5.1 * libva-glx2-32bit-2.20.0-150500.3.5.1 * libva-gl-devel-32bit-2.20.0-150500.3.5.1 * libva-drm2-32bit-debuginfo-2.20.0-150500.3.5.1 * libva-x11-2-32bit-2.20.0-150500.3.5.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libva2-64bit-2.20.0-150500.3.5.1 * libva-wayland2-64bit-2.20.0-150500.3.5.1 * libva-wayland2-64bit-debuginfo-2.20.0-150500.3.5.1 * libva-drm2-64bit-debuginfo-2.20.0-150500.3.5.1 * libva-drm2-64bit-2.20.0-150500.3.5.1 * libva-devel-64bit-2.20.0-150500.3.5.1 * libva2-64bit-debuginfo-2.20.0-150500.3.5.1 * libva-glx2-64bit-2.20.0-150500.3.5.1 * libva-x11-2-64bit-debuginfo-2.20.0-150500.3.5.1 * libva-x11-2-64bit-2.20.0-150500.3.5.1 * libva-gl-devel-64bit-2.20.0-150500.3.5.1 * libva-glx2-64bit-debuginfo-2.20.0-150500.3.5.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libva-x11-2-debuginfo-2.20.0-150500.3.5.1 * libva-devel-2.20.0-150500.3.5.1 * libva-debugsource-2.20.0-150500.3.5.1 * libva2-2.20.0-150500.3.5.1 * libva2-debuginfo-2.20.0-150500.3.5.1 * libva-wayland2-debuginfo-2.20.0-150500.3.5.1 * libva-drm2-2.20.0-150500.3.5.1 * libva-wayland2-2.20.0-150500.3.5.1 * libva-x11-2-2.20.0-150500.3.5.1 * libva-drm2-debuginfo-2.20.0-150500.3.5.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libva-x11-2-debuginfo-2.20.0-150500.3.5.1 * libva-devel-2.20.0-150500.3.5.1 * libva-debugsource-2.20.0-150500.3.5.1 * libva2-2.20.0-150500.3.5.1 * libva2-debuginfo-2.20.0-150500.3.5.1 * libva-wayland2-debuginfo-2.20.0-150500.3.5.1 * libva-drm2-2.20.0-150500.3.5.1 * libva-wayland2-2.20.0-150500.3.5.1 * libva-x11-2-2.20.0-150500.3.5.1 * libva-drm2-debuginfo-2.20.0-150500.3.5.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libva-x11-2-debuginfo-2.20.0-150500.3.5.1 * libva-devel-2.20.0-150500.3.5.1 * libva-debugsource-2.20.0-150500.3.5.1 * libva2-2.20.0-150500.3.5.1 * libva2-debuginfo-2.20.0-150500.3.5.1 * libva-wayland2-debuginfo-2.20.0-150500.3.5.1 * libva-drm2-2.20.0-150500.3.5.1 * libva-wayland2-2.20.0-150500.3.5.1 * libva-x11-2-2.20.0-150500.3.5.1 * libva-drm2-debuginfo-2.20.0-150500.3.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libva-x11-2-debuginfo-2.20.0-150500.3.5.1 * libva-devel-2.20.0-150500.3.5.1 * libva-debugsource-2.20.0-150500.3.5.1 * libva2-2.20.0-150500.3.5.1 * libva2-debuginfo-2.20.0-150500.3.5.1 * libva-wayland2-debuginfo-2.20.0-150500.3.5.1 * libva-drm2-2.20.0-150500.3.5.1 * libva-wayland2-2.20.0-150500.3.5.1 * libva-x11-2-2.20.0-150500.3.5.1 * libva-drm2-debuginfo-2.20.0-150500.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39929.html * https://bugzilla.suse.com/show_bug.cgi?id=1202828 * https://bugzilla.suse.com/show_bug.cgi?id=1217770 * https://bugzilla.suse.com/show_bug.cgi?id=1224413 * https://jira.suse.com/browse/PED-11066 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 5 08:30:40 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 May 2025 08:30:40 -0000 Subject: SUSE-SU-2025:1452-1: moderate: Security update for libva Message-ID: <174643384048.32303.12474256603858427999@smelt2.prg2.suse.org> # Security update for libva Announcement ID: SUSE-SU-2025:1452-1 Release Date: 2025-05-05T07:44:00Z Rating: moderate References: * bsc#1202828 * bsc#1217770 * bsc#1224413 * jsc#PED-11066 * jsc#PED-1174 Cross-References: * CVE-2023-39929 CVSS scores: * CVE-2023-39929 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability, contains two features and has two security fixes can now be installed. ## Description: This update for libva fixes the following issues: Update to libva version 2.20.0, which includes security fix for: * CVE-2023-39929: Uncontrolled search path may allow an authenticated user to escalate privilege via local access (bsc#1224413, jsc#PED-11066) This includes latest version of one of the components needed for Video (processing) hardware support on Intel GPUs (bsc#1217770) Update to version 2.20.0: * av1: Revise offsets comments for av1 encode * drm: * Limit the array size to avoid out of range * Remove no longer used helpers * jpeg: add support for crop and partial decode * trace: * Add trace for vaExportSurfaceHandle * Unlock mutex before return * Fix minor issue about printf data type and value range * va/backend: * Annotate vafool as deprecated * Document the vaGetDriver* APIs * va/x11/va_fglrx: Remove some dead code * va/x11/va_nvctrl: Remove some dead code * va: * Add new VADecodeErrorType to indicate the reset happended in the driver * Add vendor string on va_TraceInitialize * Added Q416 fourcc (three-plane 16-bit YUV 4:4:4) * Drop no longer applicable vaGetDriverNames check * Fix:don't leak driver names, when override is set * Fix:set driver number to be zero if vaGetDriverNames failed * Optimize code of getting driver name for all protocols/os (wayland,x11,drm,win32,android) * Remove legacy code paths * Remove unreachable "DRIVER BUG" * win32: * Only print win32 driver messages in DEBUG builds * Remove duplicate adapter_luid entry * x11/dri2: limit the array handling to avoid out of range access * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLE env var * Implement vaGetDriverNames * Remove legacy code paths Update to 2.19.0: * add: Add mono_chrome to VAEncSequenceParameterBufferAV1 * add: Enable support for license acquisition of multiple protected playbacks * fix: use secure_getenv instead of getenv * trace: Improve and add VA trace log for AV1 encode * trace: Unify va log message, replace va_TracePrint with va_TraceMsg. Update to version 2.18.0: * doc: Add build and install libva informatio in home page. * fix: * Add libva.def into distribution package * NULL check before calling strncmp. * Remove reference to non-existent symbol * meson: docs: * Add encoder interface for av1 * Use libva_version over project_version() * va: * Add VAProfileH264High10 * Always build with va-messaging API * Fix the codying style of CHECK_DISPLAY * Remove Android pre Jelly Bean workarounds * Remove dummy isValid() hook * Remove unused drm_sarea.h include & ANDROID references in va_dricommon.h * va/sysdeps.h: remove Android section * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var * Use LIBVA_DRI3_DISABLE in GetNumCandidates update to 2.17.0: * win: Simplify signature for driver name loading * win: Rewrite driver registry query and fix some bugs/leaks/inefficiencies * win: Add missing null check after calloc * va: Update security disclaimer * dep:remove the file .cvsignore * pkgconfig: add 'with-legacy' for emgd, nvctrl and fglrx * meson: add 'with-legacy' for emgd, nvctrl and fglrx * x11: move all FGLRX code to va_fglrx.c * x11: move all NVCTRL code to va_nvctrl.c * meson: stop using deprecated meson.source_root() * meson: stop using configure_file copy=true * va: correctly include the win32 (local) headers * win: clean-up the coding style * va: dos2unix all the files * drm: remove unnecessary dri2 version/extension query * trace: annotate internal functions with DLL_HIDDEN * build/sysdeps: Remove HAVE_GNUC_VISIBILITY_ATTRIBUTE and use _GNUC_ support level attribute instead * meson: Check support for -Wl,-version-script and build link_args accordingly * meson: Set va_win32 soversion to '' and remove the install_data rename * fix: resouce check null * va_trace: Add Win32 memory types in va_TraceSurfaceAttributes * va_trace: va_TraceSurfaceAttributes should check the VASurfaceAttribMemoryType * va: Adds Win32 Node and Windows build support * va: Adds compat_win32 abstraction for Windows build and prepares va common code for windows build * pkgconfig: Add Win32 package for when WITH_WIN32 is enabled * meson: Add with_win32 option, makes libdrm non-mandatory on Win * x11: add basic DRI3 support * drm: remove VA_DRM_IsRenderNodeFd() helper * drm: add radeon drm + radeonsi mesa combo * needed for jira#PED-1174 (Video decoding/encoding support (VA-API, ...) for Intel GPUs is outside of Mesa) Update to 2.16.0: * add: Add HierarchicalFlag & hierarchical_level_plus1 for AV1e. * dep: Update README.md to remove badge links * dep: Removed waffle-io badge from README to fix broken link * dep: Drop mailing list, IRC and Slack * autotools: use wayland-scanner private-code * autotools: use the wayland-scanner.pc to locate the prog * meson: use wayland-scanner private-code * meson: request native wayland-scanner * meson: use the wayland-scanner.pc to locate the prog * meson: set HAVE_VA_X11 when applicable * style:Correct slight coding style in several new commits * trace: add Linux ftrace mode for va trace * trace: Add missing pthread_mutex_destroy * drm: remove no-longer needed X == X mappings * drm: fallback to drm driver name == va driver name * drm: simplify the mapping table * x11: simplify the mapping table Update to version 2.15.0 was part of Intel oneVPL GPU Runtime 2022Q2 Release 22.4.4 Update to 2.15.0: * Add: new display HW attribute to report PCI ID * Add: sample depth related parameters for AV1e * Add: refresh_frame_flags for AV1e * Add: missing fields in va_TraceVAEncSequenceParameterBufferHEVC. * Add: nvidia-drm to the drm driver map * Add: type and buffer for delta qp per block * Deprecation: remove the va_fool support * Fix:Correct the version of meson build on master branch * Fix:X11 DRI2: check if device is a render node * Build:Use also strong stack protection if supported * Trace:print the string for profile/entrypoint/configattrib Update to 2.14.0: * add: Add av1 encode interfaces * add: VA/X11 VAAPI driver mapping for crocus DRI driver * doc: Add description of the fd management for surface importing * ci: fix freebsd build * meson: Copy public headers to build directory to support subproject * CVE-2023-39929: Fixed an issue where an uncontrolled search path may allow authenticated users to escalate privilege via local access. (bsc#1224413) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1452=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1452=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1452=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1452=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1452=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libva-drm2-debuginfo-2.20.0-150400.3.5.1 * libva-devel-2.20.0-150400.3.5.1 * libva-x11-2-2.20.0-150400.3.5.1 * libva2-2.20.0-150400.3.5.1 * libva-gl-devel-2.20.0-150400.3.5.1 * libva-glx2-2.20.0-150400.3.5.1 * libva-x11-2-debuginfo-2.20.0-150400.3.5.1 * libva-gl-debugsource-2.20.0-150400.3.5.1 * libva-glx2-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-2.20.0-150400.3.5.1 * libva-debugsource-2.20.0-150400.3.5.1 * libva-wayland2-debuginfo-2.20.0-150400.3.5.1 * libva-drm2-2.20.0-150400.3.5.1 * libva2-debuginfo-2.20.0-150400.3.5.1 * openSUSE Leap 15.4 (x86_64) * libva-glx2-32bit-2.20.0-150400.3.5.1 * libva-drm2-32bit-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-32bit-debuginfo-2.20.0-150400.3.5.1 * libva-devel-32bit-2.20.0-150400.3.5.1 * libva-x11-2-32bit-2.20.0-150400.3.5.1 * libva2-32bit-2.20.0-150400.3.5.1 * libva-x11-2-32bit-debuginfo-2.20.0-150400.3.5.1 * libva-glx2-32bit-debuginfo-2.20.0-150400.3.5.1 * libva-gl-devel-32bit-2.20.0-150400.3.5.1 * libva2-32bit-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-32bit-2.20.0-150400.3.5.1 * libva-drm2-32bit-2.20.0-150400.3.5.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libva-glx2-64bit-2.20.0-150400.3.5.1 * libva-drm2-64bit-2.20.0-150400.3.5.1 * libva-glx2-64bit-debuginfo-2.20.0-150400.3.5.1 * libva2-64bit-debuginfo-2.20.0-150400.3.5.1 * libva-gl-devel-64bit-2.20.0-150400.3.5.1 * libva-drm2-64bit-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-64bit-2.20.0-150400.3.5.1 * libva-x11-2-64bit-2.20.0-150400.3.5.1 * libva-devel-64bit-2.20.0-150400.3.5.1 * libva2-64bit-2.20.0-150400.3.5.1 * libva-x11-2-64bit-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-64bit-debuginfo-2.20.0-150400.3.5.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libva-drm2-debuginfo-2.20.0-150400.3.5.1 * libva-devel-2.20.0-150400.3.5.1 * libva-x11-2-2.20.0-150400.3.5.1 * libva2-2.20.0-150400.3.5.1 * libva-x11-2-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-2.20.0-150400.3.5.1 * libva-debugsource-2.20.0-150400.3.5.1 * libva-wayland2-debuginfo-2.20.0-150400.3.5.1 * libva-drm2-2.20.0-150400.3.5.1 * libva2-debuginfo-2.20.0-150400.3.5.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libva-drm2-debuginfo-2.20.0-150400.3.5.1 * libva-devel-2.20.0-150400.3.5.1 * libva-x11-2-2.20.0-150400.3.5.1 * libva2-2.20.0-150400.3.5.1 * libva-x11-2-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-2.20.0-150400.3.5.1 * libva-debugsource-2.20.0-150400.3.5.1 * libva-wayland2-debuginfo-2.20.0-150400.3.5.1 * libva-drm2-2.20.0-150400.3.5.1 * libva2-debuginfo-2.20.0-150400.3.5.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libva-drm2-debuginfo-2.20.0-150400.3.5.1 * libva-devel-2.20.0-150400.3.5.1 * libva-x11-2-2.20.0-150400.3.5.1 * libva2-2.20.0-150400.3.5.1 * libva-x11-2-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-2.20.0-150400.3.5.1 * libva-debugsource-2.20.0-150400.3.5.1 * libva-wayland2-debuginfo-2.20.0-150400.3.5.1 * libva-drm2-2.20.0-150400.3.5.1 * libva2-debuginfo-2.20.0-150400.3.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libva-drm2-debuginfo-2.20.0-150400.3.5.1 * libva-devel-2.20.0-150400.3.5.1 * libva-x11-2-2.20.0-150400.3.5.1 * libva2-2.20.0-150400.3.5.1 * libva-x11-2-debuginfo-2.20.0-150400.3.5.1 * libva-wayland2-2.20.0-150400.3.5.1 * libva-debugsource-2.20.0-150400.3.5.1 * libva-wayland2-debuginfo-2.20.0-150400.3.5.1 * libva-drm2-2.20.0-150400.3.5.1 * libva2-debuginfo-2.20.0-150400.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39929.html * https://bugzilla.suse.com/show_bug.cgi?id=1202828 * https://bugzilla.suse.com/show_bug.cgi?id=1217770 * https://bugzilla.suse.com/show_bug.cgi?id=1224413 * https://jira.suse.com/browse/PED-11066 * https://jira.suse.com/browse/PED-1174 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 5 08:30:45 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 May 2025 08:30:45 -0000 Subject: SUSE-SU-2025:1451-1: moderate: Security update for libva Message-ID: <174643384552.32303.16805508984661655773@smelt2.prg2.suse.org> # Security update for libva Announcement ID: SUSE-SU-2025:1451-1 Release Date: 2025-05-05T07:43:42Z Rating: moderate References: * bsc#1202828 * bsc#1217770 * bsc#1224413 * jsc#PED-11066 * jsc#PED-1174 * jsc#SLE-19361 Cross-References: * CVE-2023-39929 CVSS scores: * CVE-2023-39929 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability, contains three features and has two security fixes can now be installed. ## Description: This update for libva fixes the following issues: Update to libva version 2.20.0, which includes security fix for: * uncontrolled search path may allow an authenticated user to escalate privilege via local access (CVE-2023-39929, bsc#1224413, jsc#PED-11066) This includes latest version of one of the components needed for Video (processing) hardware support on Intel GPUs (bsc#1217770) Update to version 2.20.0: * av1: Revise offsets comments for av1 encode * drm: * Limit the array size to avoid out of range * Remove no longer used helpers * jpeg: add support for crop and partial decode * trace: * Add trace for vaExportSurfaceHandle * Unlock mutex before return * Fix minor issue about printf data type and value range * va/backend: * Annotate vafool as deprecated * Document the vaGetDriver* APIs * va/x11/va_fglrx: Remove some dead code * va/x11/va_nvctrl: Remove some dead code * va: * Add new VADecodeErrorType to indicate the reset happended in the driver * Add vendor string on va_TraceInitialize * Added Q416 fourcc (three-plane 16-bit YUV 4:4:4) * Drop no longer applicable vaGetDriverNames check * Fix:don't leak driver names, when override is set * Fix:set driver number to be zero if vaGetDriverNames failed * Optimize code of getting driver name for all protocols/os (wayland,x11,drm,win32,android) * Remove legacy code paths * Remove unreachable "DRIVER BUG" * win32: * Only print win32 driver messages in DEBUG builds * Remove duplicate adapter_luid entry * x11/dri2: limit the array handling to avoid out of range access * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLE env var * Implement vaGetDriverNames * Remove legacy code paths Update to 2.19.0: * add: Add mono_chrome to VAEncSequenceParameterBufferAV1 * add: Enable support for license acquisition of multiple protected playbacks * fix: use secure_getenv instead of getenv * trace: Improve and add VA trace log for AV1 encode * trace: Unify va log message, replace va_TracePrint with va_TraceMsg. Update to version 2.18.0: * doc: Add build and install libva informatio in home page. * fix: * Add libva.def into distribution package * NULL check before calling strncmp. * Remove reference to non-existent symbol * meson: docs: * Add encoder interface for av1 * Use libva_version over project_version() * va: * Add VAProfileH264High10 * Always build with va-messaging API * Fix the codying style of CHECK_DISPLAY * Remove Android pre Jelly Bean workarounds * Remove dummy isValid() hook * Remove unused drm_sarea.h include & ANDROID references in va_dricommon.h * va/sysdeps.h: remove Android section * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var * Use LIBVA_DRI3_DISABLE in GetNumCandidates Update to 2.17.0: * win: Simplify signature for driver name loading * win: Rewrite driver registry query and fix some bugs/leaks/inefficiencies * win: Add missing null check after calloc * va: Update security disclaimer * dep:remove the file .cvsignore * pkgconfig: add 'with-legacy' for emgd, nvctrl and fglrx * meson: add 'with-legacy' for emgd, nvctrl and fglrx * x11: move all FGLRX code to va_fglrx.c * x11: move all NVCTRL code to va_nvctrl.c * meson: stop using deprecated meson.source_root() * meson: stop using configure_file copy=true * va: correctly include the win32 (local) headers * win: clean-up the coding style * va: dos2unix all the files * drm: remove unnecessary dri2 version/extension query * trace: annotate internal functions with DLL_HIDDEN * build/sysdeps: Remove HAVE_GNUC_VISIBILITY_ATTRIBUTE and use _GNUC_ support level attribute instead * meson: Check support for -Wl,-version-script and build link_args accordingly * meson: Set va_win32 soversion to '' and remove the install_data rename * fix: resouce check null * va_trace: Add Win32 memory types in va_TraceSurfaceAttributes * va_trace: va_TraceSurfaceAttributes should check the VASurfaceAttribMemoryType * va: Adds Win32 Node and Windows build support * va: Adds compat_win32 abstraction for Windows build and prepares va common code for windows build * pkgconfig: Add Win32 package for when WITH_WIN32 is enabled * meson: Add with_win32 option, makes libdrm non-mandatory on Win * x11: add basic DRI3 support * drm: remove VA_DRM_IsRenderNodeFd() helper * drm: add radeon drm + radeonsi mesa combo Needed for jira#PED-1174 (Video decoding/encoding support (VA-API, ...) for Intel GPUs is outside of Mesa) Update to 2.16.0: * add: Add HierarchicalFlag & hierarchical_level_plus1 for AV1e. * dep: Update README.md to remove badge links * dep: Removed waffle-io badge from README to fix broken link * dep: Drop mailing list, IRC and Slack * autotools: use wayland-scanner private-code * autotools: use the wayland-scanner.pc to locate the prog * meson: use wayland-scanner private-code * meson: request native wayland-scanner * meson: use the wayland-scanner.pc to locate the prog * meson: set HAVE_VA_X11 when applicable * style:Correct slight coding style in several new commits * trace: add Linux ftrace mode for va trace * trace: Add missing pthread_mutex_destroy * drm: remove no-longer needed X == X mappings * drm: fallback to drm driver name == va driver name * drm: simplify the mapping table * x11: simplify the mapping table Update to version 2.15.0 was part of Intel oneVPL GPU Runtime 2022Q2 Release 22.4.4 Update to 2.15.0: * Add: new display HW attribute to report PCI ID * Add: sample depth related parameters for AV1e * Add: refresh_frame_flags for AV1e * Add: missing fields in va_TraceVAEncSequenceParameterBufferHEVC. * Add: nvidia-drm to the drm driver map * Add: type and buffer for delta qp per block * Deprecation: remove the va_fool support * Fix:Correct the version of meson build on master branch * Fix:X11 DRI2: check if device is a render node * Build:Use also strong stack protection if supported * Trace:print the string for profile/entrypoint/configattrib Update to 2.14.0: * add: Add av1 encode interfaces * add: VA/X11 VAAPI driver mapping for crocus DRI driver * doc: Add description of the fd management for surface importing * ci: fix freebsd build * meson: Copy public headers to build directory to support subproject Update to 2.13.0 * add new surface format fourcc XYUV * Fix av1 dec doc page link issue * unify the code styles using the style_unify script * Check the function pointer before using (fixes github issue#536) * update NEWS for 2.13.0 Update to 2.12.0: * add: Report the capability of vaCopy support * add: Report the capability of sub device * add: Add config attributes to advertise HEVC/H.265 encoder features * add: Video processing HVS Denoise: Added 4 modes * add: Introduce VASurfaceAttribDRMFormatModifiers * add: Add 3DLUT Filter in Video Processing. * doc: Update log2_tile_column description for vp9enc * trace: Correct av1 film grain trace information * ci: Fix freebsd build by switching to vmactions/freebsd-vm at v0.1.3 Update to 2.11.0: * add: LibVA Protected Content API * add: Add a configuration attribute to advertise AV1d LST feature * fix: wayland: don't try to authenticate with render nodes * autotools: use shell grouping instead of sed to prepend a line * trace: Add details data dump for mpeg2 IQ matrix. * doc: update docs for VASurfaceAttribPixelFormat * doc: Libva documentation edit for AV1 reference frames * doc: Modify AV1 frame_width_minus1 and frame_height_minus1 comment * doc: Remove tile_rows and tile_cols restriction to match AV1 spec * doc: Format code for doxygen output * doc: AV1 decode documentation edit for superres_scale_denominator * ci: upgrade FreeBSD to 12.2 * ci: disable travis build * ci: update cache before attempting to install packages * ci: avoid running workloads on other workloads changes * ci: enable github actions * CVE-2023-39929: Fixed an issue where an uncontrolled search path may allow authenticated users to escalate privilege via local access. (bsc#1224413) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-1451=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1451=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1451=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1451=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-1451=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libva2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-debuginfo-2.20.0-150300.3.3.1 * libva-debugsource-2.20.0-150300.3.3.1 * libva-drm2-debuginfo-2.20.0-150300.3.3.1 * libva2-2.20.0-150300.3.3.1 * libva-wayland2-2.20.0-150300.3.3.1 * libva-glx2-2.20.0-150300.3.3.1 * libva-gl-debugsource-2.20.0-150300.3.3.1 * libva-gl-devel-2.20.0-150300.3.3.1 * libva-drm2-2.20.0-150300.3.3.1 * libva-glx2-debuginfo-2.20.0-150300.3.3.1 * libva-wayland2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-2.20.0-150300.3.3.1 * libva-devel-2.20.0-150300.3.3.1 * openSUSE Leap 15.3 (x86_64) * libva-drm2-32bit-debuginfo-2.20.0-150300.3.3.1 * libva-wayland2-32bit-2.20.0-150300.3.3.1 * libva-wayland2-32bit-debuginfo-2.20.0-150300.3.3.1 * libva-drm2-32bit-2.20.0-150300.3.3.1 * libva-glx2-32bit-2.20.0-150300.3.3.1 * libva-x11-2-32bit-2.20.0-150300.3.3.1 * libva2-32bit-2.20.0-150300.3.3.1 * libva-x11-2-32bit-debuginfo-2.20.0-150300.3.3.1 * libva-glx2-32bit-debuginfo-2.20.0-150300.3.3.1 * libva-gl-devel-32bit-2.20.0-150300.3.3.1 * libva2-32bit-debuginfo-2.20.0-150300.3.3.1 * libva-devel-32bit-2.20.0-150300.3.3.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libva-drm2-64bit-debuginfo-2.20.0-150300.3.3.1 * libva-wayland2-64bit-debuginfo-2.20.0-150300.3.3.1 * libva-drm2-64bit-2.20.0-150300.3.3.1 * libva-gl-devel-64bit-2.20.0-150300.3.3.1 * libva-x11-2-64bit-debuginfo-2.20.0-150300.3.3.1 * libva-wayland2-64bit-2.20.0-150300.3.3.1 * libva-glx2-64bit-debuginfo-2.20.0-150300.3.3.1 * libva2-64bit-2.20.0-150300.3.3.1 * libva-glx2-64bit-2.20.0-150300.3.3.1 * libva-x11-2-64bit-2.20.0-150300.3.3.1 * libva2-64bit-debuginfo-2.20.0-150300.3.3.1 * libva-devel-64bit-2.20.0-150300.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libva2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-debuginfo-2.20.0-150300.3.3.1 * libva-debugsource-2.20.0-150300.3.3.1 * libva-drm2-debuginfo-2.20.0-150300.3.3.1 * libva2-2.20.0-150300.3.3.1 * libva-wayland2-2.20.0-150300.3.3.1 * libva-drm2-2.20.0-150300.3.3.1 * libva-wayland2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-2.20.0-150300.3.3.1 * libva-devel-2.20.0-150300.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * libva2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-debuginfo-2.20.0-150300.3.3.1 * libva-debugsource-2.20.0-150300.3.3.1 * libva-drm2-debuginfo-2.20.0-150300.3.3.1 * libva2-2.20.0-150300.3.3.1 * libva-wayland2-2.20.0-150300.3.3.1 * libva-drm2-2.20.0-150300.3.3.1 * libva-wayland2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-2.20.0-150300.3.3.1 * libva-devel-2.20.0-150300.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libva2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-debuginfo-2.20.0-150300.3.3.1 * libva-debugsource-2.20.0-150300.3.3.1 * libva-drm2-debuginfo-2.20.0-150300.3.3.1 * libva2-2.20.0-150300.3.3.1 * libva-wayland2-2.20.0-150300.3.3.1 * libva-drm2-2.20.0-150300.3.3.1 * libva-wayland2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-2.20.0-150300.3.3.1 * libva-devel-2.20.0-150300.3.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libva2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-debuginfo-2.20.0-150300.3.3.1 * libva-debugsource-2.20.0-150300.3.3.1 * libva-drm2-debuginfo-2.20.0-150300.3.3.1 * libva2-2.20.0-150300.3.3.1 * libva-wayland2-2.20.0-150300.3.3.1 * libva-drm2-2.20.0-150300.3.3.1 * libva-wayland2-debuginfo-2.20.0-150300.3.3.1 * libva-x11-2-2.20.0-150300.3.3.1 * libva-devel-2.20.0-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39929.html * https://bugzilla.suse.com/show_bug.cgi?id=1202828 * https://bugzilla.suse.com/show_bug.cgi?id=1217770 * https://bugzilla.suse.com/show_bug.cgi?id=1224413 * https://jira.suse.com/browse/PED-11066 * https://jira.suse.com/browse/PED-1174 * https://jira.suse.com/browse/SLE-19361 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 5 08:30:55 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 May 2025 08:30:55 -0000 Subject: SUSE-SU-2025:1450-1: important: Security update for ffmpeg Message-ID: <174643385532.32303.5618057423379060436@smelt2.prg2.suse.org> # Security update for ffmpeg Announcement ID: SUSE-SU-2025:1450-1 Release Date: 2025-05-05T07:43:27Z Rating: important References: * bsc#1223272 * bsc#1234028 * bsc#1235091 * bsc#1235092 * bsc#1236007 * bsc#1237358 * bsc#1237371 * bsc#1237382 Cross-References: * CVE-2023-51793 * CVE-2024-12361 * CVE-2024-35365 * CVE-2024-35368 * CVE-2024-36613 * CVE-2025-0518 * CVE-2025-22919 * CVE-2025-22921 CVSS scores: * CVE-2023-51793 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-12361 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-12361 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-35365 ( SUSE ): 2.0 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-35365 ( SUSE ): 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2024-35365 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-35368 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-35368 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-35368 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36613 ( SUSE ): 4.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-36613 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L * CVE-2024-36613 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-0518 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-0518 ( NVD ): 4.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22919 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-22919 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-22919 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-22921 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-22921 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-22921 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP6 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves eight vulnerabilities can now be installed. ## Description: This update for ffmpeg fixes the following issues: * CVE-2025-22921: Clear array length when freeing it. (bsc#1237382) * CVE-2025-0518: Fix memory data leak when use sscanf(). (bsc#1236007) * CVE-2025-22919: Check for valid sample rate, to fix the invalid sample rate >= 0. (bsc#1237371) * CVE-2024-12361: Add check for av_packet_new_side_data() to avoid null pointer dereference if allocation fails. (bsc#1237358) * CVE-2024-36613: Adjust order of operations around block align. (bsc#1235092) * CVE-2024-35365: Fix double-free on error. (bsc#1235091) * CVE-2024-35368: Fix double-free on the AVFrame is unreferenced. (bsc#1234028) * CVE-2023-51793: Fix out of array access. (bsc#1223272). * CVE-2023-51793: Fixed a heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c (bsc#1223272). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1450=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-1450=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1450=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1450=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1450=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1450=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1450=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1450=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1450=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1450=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1450=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1450=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1450=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1450=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-1450=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-1450=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libpostproc54-debuginfo-3.4.2-150200.11.60.1 * libswscale4-debuginfo-3.4.2-150200.11.60.1 * libswresample-devel-3.4.2-150200.11.60.1 * libavutil-devel-3.4.2-150200.11.60.1 * ffmpeg-3.4.2-150200.11.60.1 * libpostproc-devel-3.4.2-150200.11.60.1 * ffmpeg-debugsource-3.4.2-150200.11.60.1 * ffmpeg-debuginfo-3.4.2-150200.11.60.1 * libswresample2-debuginfo-3.4.2-150200.11.60.1 * libavcodec-devel-3.4.2-150200.11.60.1 * libavresample3-debuginfo-3.4.2-150200.11.60.1 * libswscale-devel-3.4.2-150200.11.60.1 * libavcodec57-debuginfo-3.4.2-150200.11.60.1 * libavresample-devel-3.4.2-150200.11.60.1 * libavutil55-debuginfo-3.4.2-150200.11.60.1 * libavresample3-3.4.2-150200.11.60.1 * libavdevice57-debuginfo-3.4.2-150200.11.60.1 * libavfilter-devel-3.4.2-150200.11.60.1 * libavutil55-3.4.2-150200.11.60.1 * libpostproc54-3.4.2-150200.11.60.1 * libavdevice-devel-3.4.2-150200.11.60.1 * libswscale4-3.4.2-150200.11.60.1 * libswresample2-3.4.2-150200.11.60.1 * libavcodec57-3.4.2-150200.11.60.1 * libavdevice57-3.4.2-150200.11.60.1 * libavformat57-3.4.2-150200.11.60.1 * libavfilter6-debuginfo-3.4.2-150200.11.60.1 * ffmpeg-private-devel-3.4.2-150200.11.60.1 * libavfilter6-3.4.2-150200.11.60.1 * libavformat-devel-3.4.2-150200.11.60.1 * libavformat57-debuginfo-3.4.2-150200.11.60.1 * openSUSE Leap 15.6 (x86_64) * libpostproc54-32bit-3.4.2-150200.11.60.1 * libavdevice57-32bit-debuginfo-3.4.2-150200.11.60.1 * libavresample3-32bit-3.4.2-150200.11.60.1 * libavcodec57-32bit-debuginfo-3.4.2-150200.11.60.1 * libavfilter6-32bit-3.4.2-150200.11.60.1 * libavutil55-32bit-debuginfo-3.4.2-150200.11.60.1 * libavformat57-32bit-debuginfo-3.4.2-150200.11.60.1 * libswresample2-32bit-3.4.2-150200.11.60.1 * libavformat57-32bit-3.4.2-150200.11.60.1 * libswresample2-32bit-debuginfo-3.4.2-150200.11.60.1 * libpostproc54-32bit-debuginfo-3.4.2-150200.11.60.1 * libavdevice57-32bit-3.4.2-150200.11.60.1 * libavresample3-32bit-debuginfo-3.4.2-150200.11.60.1 * libavutil55-32bit-3.4.2-150200.11.60.1 * libswscale4-32bit-3.4.2-150200.11.60.1 * libavfilter6-32bit-debuginfo-3.4.2-150200.11.60.1 * libswscale4-32bit-debuginfo-3.4.2-150200.11.60.1 * libavcodec57-32bit-3.4.2-150200.11.60.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libpostproc54-debuginfo-3.4.2-150200.11.60.1 * libavutil55-3.4.2-150200.11.60.1 * libpostproc54-3.4.2-150200.11.60.1 * libpostproc-devel-3.4.2-150200.11.60.1 * ffmpeg-debugsource-3.4.2-150200.11.60.1 * ffmpeg-debuginfo-3.4.2-150200.11.60.1 * libavutil-devel-3.4.2-150200.11.60.1 * libswresample-devel-3.4.2-150200.11.60.1 * libswresample2-debuginfo-3.4.2-150200.11.60.1 * libswscale4-debuginfo-3.4.2-150200.11.60.1 * libavutil55-debuginfo-3.4.2-150200.11.60.1 * libswscale4-3.4.2-150200.11.60.1 * libswresample2-3.4.2-150200.11.60.1 * libavcodec57-3.4.2-150200.11.60.1 * libswscale-devel-3.4.2-150200.11.60.1 * libavcodec57-debuginfo-3.4.2-150200.11.60.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * libavresample3-3.4.2-150200.11.60.1 * libavdevice57-debuginfo-3.4.2-150200.11.60.1 * ffmpeg-debugsource-3.4.2-150200.11.60.1 * ffmpeg-debuginfo-3.4.2-150200.11.60.1 * libavformat57-debuginfo-3.4.2-150200.11.60.1 * libavfilter6-3.4.2-150200.11.60.1 * ffmpeg-3.4.2-150200.11.60.1 * libavdevice57-3.4.2-150200.11.60.1 * libavformat57-3.4.2-150200.11.60.1 * libavresample3-debuginfo-3.4.2-150200.11.60.1 * libavfilter6-debuginfo-3.4.2-150200.11.60.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libpostproc54-debuginfo-3.4.2-150200.11.60.1 * libswscale4-debuginfo-3.4.2-150200.11.60.1 * libswresample-devel-3.4.2-150200.11.60.1 * libavutil-devel-3.4.2-150200.11.60.1 * libpostproc-devel-3.4.2-150200.11.60.1 * ffmpeg-debugsource-3.4.2-150200.11.60.1 * ffmpeg-debuginfo-3.4.2-150200.11.60.1 * libswresample2-debuginfo-3.4.2-150200.11.60.1 * libavresample3-debuginfo-3.4.2-150200.11.60.1 * libswscale-devel-3.4.2-150200.11.60.1 * libavutil55-debuginfo-3.4.2-150200.11.60.1 * libavcodec57-debuginfo-3.4.2-150200.11.60.1 * libavresample-devel-3.4.2-150200.11.60.1 * libavresample3-3.4.2-150200.11.60.1 * libavutil55-3.4.2-150200.11.60.1 * libpostproc54-3.4.2-150200.11.60.1 * libswscale4-3.4.2-150200.11.60.1 * libswresample2-3.4.2-150200.11.60.1 * libavcodec57-3.4.2-150200.11.60.1 * libavformat57-3.4.2-150200.11.60.1 * libavformat57-debuginfo-3.4.2-150200.11.60.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libavresample3-3.4.2-150200.11.60.1 * libpostproc54-debuginfo-3.4.2-150200.11.60.1 * libavutil55-3.4.2-150200.11.60.1 * libpostproc54-3.4.2-150200.11.60.1 * libpostproc-devel-3.4.2-150200.11.60.1 * ffmpeg-debugsource-3.4.2-150200.11.60.1 * ffmpeg-debuginfo-3.4.2-150200.11.60.1 * libavformat57-debuginfo-3.4.2-150200.11.60.1 * libavutil-devel-3.4.2-150200.11.60.1 * libswresample-devel-3.4.2-150200.11.60.1 * libswresample2-debuginfo-3.4.2-150200.11.60.1 * libswscale4-debuginfo-3.4.2-150200.11.60.1 * libavutil55-debuginfo-3.4.2-150200.11.60.1 * libswscale4-3.4.2-150200.11.60.1 * libswresample2-3.4.2-150200.11.60.1 * libavcodec57-3.4.2-150200.11.60.1 * libavformat57-3.4.2-150200.11.60.1 * libavresample3-debuginfo-3.4.2-150200.11.60.1 * libswscale-devel-3.4.2-150200.11.60.1 * libavcodec57-debuginfo-3.4.2-150200.11.60.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libavresample3-3.4.2-150200.11.60.1 * libpostproc54-debuginfo-3.4.2-150200.11.60.1 * libavutil55-3.4.2-150200.11.60.1 * libpostproc54-3.4.2-150200.11.60.1 * libpostproc-devel-3.4.2-150200.11.60.1 * ffmpeg-debugsource-3.4.2-150200.11.60.1 * ffmpeg-debuginfo-3.4.2-150200.11.60.1 * libavformat57-debuginfo-3.4.2-150200.11.60.1 * libavutil-devel-3.4.2-150200.11.60.1 * libswresample-devel-3.4.2-150200.11.60.1 * libswresample2-debuginfo-3.4.2-150200.11.60.1 * libswscale4-debuginfo-3.4.2-150200.11.60.1 * libavutil55-debuginfo-3.4.2-150200.11.60.1 * libswscale4-3.4.2-150200.11.60.1 * libswresample2-3.4.2-150200.11.60.1 * libavcodec57-3.4.2-150200.11.60.1 * libavformat57-3.4.2-150200.11.60.1 * libavresample3-debuginfo-3.4.2-150200.11.60.1 * libswscale-devel-3.4.2-150200.11.60.1 * libavcodec57-debuginfo-3.4.2-150200.11.60.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libpostproc54-debuginfo-3.4.2-150200.11.60.1 * libavutil55-3.4.2-150200.11.60.1 * libpostproc54-3.4.2-150200.11.60.1 * libpostproc-devel-3.4.2-150200.11.60.1 * ffmpeg-debugsource-3.4.2-150200.11.60.1 * ffmpeg-debuginfo-3.4.2-150200.11.60.1 * libavutil-devel-3.4.2-150200.11.60.1 * libswresample-devel-3.4.2-150200.11.60.1 * libswresample2-debuginfo-3.4.2-150200.11.60.1 * libswscale4-debuginfo-3.4.2-150200.11.60.1 * libavutil55-debuginfo-3.4.2-150200.11.60.1 * libswscale4-3.4.2-150200.11.60.1 * libswresample2-3.4.2-150200.11.60.1 * libavcodec57-3.4.2-150200.11.60.1 * libswscale-devel-3.4.2-150200.11.60.1 * libavcodec57-debuginfo-3.4.2-150200.11.60.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libpostproc54-debuginfo-3.4.2-150200.11.60.1 * libavutil55-3.4.2-150200.11.60.1 * libpostproc54-3.4.2-150200.11.60.1 * libpostproc-devel-3.4.2-150200.11.60.1 * ffmpeg-debugsource-3.4.2-150200.11.60.1 * ffmpeg-debuginfo-3.4.2-150200.11.60.1 * libavutil-devel-3.4.2-150200.11.60.1 * libswresample-devel-3.4.2-150200.11.60.1 * libswresample2-debuginfo-3.4.2-150200.11.60.1 * libswscale4-debuginfo-3.4.2-150200.11.60.1 * libavutil55-debuginfo-3.4.2-150200.11.60.1 * libswscale4-3.4.2-150200.11.60.1 * libswresample2-3.4.2-150200.11.60.1 * libavcodec57-3.4.2-150200.11.60.1 * libswscale-devel-3.4.2-150200.11.60.1 * libavcodec57-debuginfo-3.4.2-150200.11.60.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * libpostproc54-debuginfo-3.4.2-150200.11.60.1 * libswscale4-debuginfo-3.4.2-150200.11.60.1 * libswresample-devel-3.4.2-150200.11.60.1 * libavutil-devel-3.4.2-150200.11.60.1 * libpostproc-devel-3.4.2-150200.11.60.1 * ffmpeg-debugsource-3.4.2-150200.11.60.1 * ffmpeg-debuginfo-3.4.2-150200.11.60.1 * libswresample2-debuginfo-3.4.2-150200.11.60.1 * libavresample3-debuginfo-3.4.2-150200.11.60.1 * libswscale-devel-3.4.2-150200.11.60.1 * libavutil55-debuginfo-3.4.2-150200.11.60.1 * libavcodec57-debuginfo-3.4.2-150200.11.60.1 * libavresample-devel-3.4.2-150200.11.60.1 * libavresample3-3.4.2-150200.11.60.1 * libavutil55-3.4.2-150200.11.60.1 * libpostproc54-3.4.2-150200.11.60.1 * libswscale4-3.4.2-150200.11.60.1 * libswresample2-3.4.2-150200.11.60.1 * libavcodec57-3.4.2-150200.11.60.1 * libavformat57-3.4.2-150200.11.60.1 * libavformat57-debuginfo-3.4.2-150200.11.60.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libavresample3-3.4.2-150200.11.60.1 * libpostproc54-debuginfo-3.4.2-150200.11.60.1 * libavutil55-3.4.2-150200.11.60.1 * libpostproc54-3.4.2-150200.11.60.1 * libpostproc-devel-3.4.2-150200.11.60.1 * ffmpeg-debugsource-3.4.2-150200.11.60.1 * ffmpeg-debuginfo-3.4.2-150200.11.60.1 * libavformat57-debuginfo-3.4.2-150200.11.60.1 * libavutil-devel-3.4.2-150200.11.60.1 * libswresample-devel-3.4.2-150200.11.60.1 * libswresample2-debuginfo-3.4.2-150200.11.60.1 * libswscale4-debuginfo-3.4.2-150200.11.60.1 * libavutil55-debuginfo-3.4.2-150200.11.60.1 * libswscale4-3.4.2-150200.11.60.1 * libswresample2-3.4.2-150200.11.60.1 * libavcodec57-3.4.2-150200.11.60.1 * libavformat57-3.4.2-150200.11.60.1 * libavresample3-debuginfo-3.4.2-150200.11.60.1 * libswscale-devel-3.4.2-150200.11.60.1 * libavcodec57-debuginfo-3.4.2-150200.11.60.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libpostproc54-debuginfo-3.4.2-150200.11.60.1 * libavutil55-3.4.2-150200.11.60.1 * libpostproc54-3.4.2-150200.11.60.1 * libpostproc-devel-3.4.2-150200.11.60.1 * ffmpeg-debugsource-3.4.2-150200.11.60.1 * ffmpeg-debuginfo-3.4.2-150200.11.60.1 * libavutil-devel-3.4.2-150200.11.60.1 * libswresample-devel-3.4.2-150200.11.60.1 * libswresample2-debuginfo-3.4.2-150200.11.60.1 * libswscale4-debuginfo-3.4.2-150200.11.60.1 * libavutil55-debuginfo-3.4.2-150200.11.60.1 * libswscale4-3.4.2-150200.11.60.1 * libswresample2-3.4.2-150200.11.60.1 * libavcodec57-3.4.2-150200.11.60.1 * libswscale-devel-3.4.2-150200.11.60.1 * libavcodec57-debuginfo-3.4.2-150200.11.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libpostproc54-debuginfo-3.4.2-150200.11.60.1 * libswscale4-debuginfo-3.4.2-150200.11.60.1 * libswresample-devel-3.4.2-150200.11.60.1 * libavutil-devel-3.4.2-150200.11.60.1 * libpostproc-devel-3.4.2-150200.11.60.1 * ffmpeg-debugsource-3.4.2-150200.11.60.1 * ffmpeg-debuginfo-3.4.2-150200.11.60.1 * libswresample2-debuginfo-3.4.2-150200.11.60.1 * libavresample3-debuginfo-3.4.2-150200.11.60.1 * libswscale-devel-3.4.2-150200.11.60.1 * libavutil55-debuginfo-3.4.2-150200.11.60.1 * libavcodec57-debuginfo-3.4.2-150200.11.60.1 * libavresample-devel-3.4.2-150200.11.60.1 * libavresample3-3.4.2-150200.11.60.1 * libavutil55-3.4.2-150200.11.60.1 * libpostproc54-3.4.2-150200.11.60.1 * libswscale4-3.4.2-150200.11.60.1 * libswresample2-3.4.2-150200.11.60.1 * libavcodec57-3.4.2-150200.11.60.1 * libavformat57-3.4.2-150200.11.60.1 * libavformat57-debuginfo-3.4.2-150200.11.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libavresample3-3.4.2-150200.11.60.1 * libpostproc54-debuginfo-3.4.2-150200.11.60.1 * libavutil55-3.4.2-150200.11.60.1 * libpostproc54-3.4.2-150200.11.60.1 * libpostproc-devel-3.4.2-150200.11.60.1 * ffmpeg-debugsource-3.4.2-150200.11.60.1 * ffmpeg-debuginfo-3.4.2-150200.11.60.1 * libavformat57-debuginfo-3.4.2-150200.11.60.1 * libavutil-devel-3.4.2-150200.11.60.1 * libswresample-devel-3.4.2-150200.11.60.1 * libswresample2-debuginfo-3.4.2-150200.11.60.1 * libswscale4-debuginfo-3.4.2-150200.11.60.1 * libavutil55-debuginfo-3.4.2-150200.11.60.1 * libswscale4-3.4.2-150200.11.60.1 * libswresample2-3.4.2-150200.11.60.1 * libavcodec57-3.4.2-150200.11.60.1 * libavformat57-3.4.2-150200.11.60.1 * libavresample3-debuginfo-3.4.2-150200.11.60.1 * libswscale-devel-3.4.2-150200.11.60.1 * libavcodec57-debuginfo-3.4.2-150200.11.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libpostproc54-debuginfo-3.4.2-150200.11.60.1 * libavutil55-3.4.2-150200.11.60.1 * libpostproc54-3.4.2-150200.11.60.1 * libpostproc-devel-3.4.2-150200.11.60.1 * ffmpeg-debugsource-3.4.2-150200.11.60.1 * ffmpeg-debuginfo-3.4.2-150200.11.60.1 * libavutil-devel-3.4.2-150200.11.60.1 * libswresample-devel-3.4.2-150200.11.60.1 * libswresample2-debuginfo-3.4.2-150200.11.60.1 * libswscale4-debuginfo-3.4.2-150200.11.60.1 * libavutil55-debuginfo-3.4.2-150200.11.60.1 * libswscale4-3.4.2-150200.11.60.1 * libswresample2-3.4.2-150200.11.60.1 * libavcodec57-3.4.2-150200.11.60.1 * libswscale-devel-3.4.2-150200.11.60.1 * libavcodec57-debuginfo-3.4.2-150200.11.60.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * libavresample3-3.4.2-150200.11.60.1 * ffmpeg-debugsource-3.4.2-150200.11.60.1 * ffmpeg-debuginfo-3.4.2-150200.11.60.1 * libavformat57-debuginfo-3.4.2-150200.11.60.1 * libavformat57-3.4.2-150200.11.60.1 * libavformat-devel-3.4.2-150200.11.60.1 * libavcodec-devel-3.4.2-150200.11.60.1 * libavresample3-debuginfo-3.4.2-150200.11.60.1 * libavresample-devel-3.4.2-150200.11.60.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libpostproc54-debuginfo-3.4.2-150200.11.60.1 * libswscale4-debuginfo-3.4.2-150200.11.60.1 * libswresample-devel-3.4.2-150200.11.60.1 * libavutil-devel-3.4.2-150200.11.60.1 * libpostproc-devel-3.4.2-150200.11.60.1 * ffmpeg-debugsource-3.4.2-150200.11.60.1 * ffmpeg-debuginfo-3.4.2-150200.11.60.1 * libswresample2-debuginfo-3.4.2-150200.11.60.1 * libavresample3-debuginfo-3.4.2-150200.11.60.1 * libswscale-devel-3.4.2-150200.11.60.1 * libavutil55-debuginfo-3.4.2-150200.11.60.1 * libavcodec57-debuginfo-3.4.2-150200.11.60.1 * libavresample-devel-3.4.2-150200.11.60.1 * libavresample3-3.4.2-150200.11.60.1 * libavutil55-3.4.2-150200.11.60.1 * libpostproc54-3.4.2-150200.11.60.1 * libswscale4-3.4.2-150200.11.60.1 * libswresample2-3.4.2-150200.11.60.1 * libavcodec57-3.4.2-150200.11.60.1 * libavformat57-3.4.2-150200.11.60.1 * libavformat57-debuginfo-3.4.2-150200.11.60.1 ## References: * https://www.suse.com/security/cve/CVE-2023-51793.html * https://www.suse.com/security/cve/CVE-2024-12361.html * https://www.suse.com/security/cve/CVE-2024-35365.html * https://www.suse.com/security/cve/CVE-2024-35368.html * https://www.suse.com/security/cve/CVE-2024-36613.html * https://www.suse.com/security/cve/CVE-2025-0518.html * https://www.suse.com/security/cve/CVE-2025-22919.html * https://www.suse.com/security/cve/CVE-2025-22921.html * https://bugzilla.suse.com/show_bug.cgi?id=1223272 * https://bugzilla.suse.com/show_bug.cgi?id=1234028 * https://bugzilla.suse.com/show_bug.cgi?id=1235091 * https://bugzilla.suse.com/show_bug.cgi?id=1235092 * https://bugzilla.suse.com/show_bug.cgi?id=1236007 * https://bugzilla.suse.com/show_bug.cgi?id=1237358 * https://bugzilla.suse.com/show_bug.cgi?id=1237371 * https://bugzilla.suse.com/show_bug.cgi?id=1237382 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:09:56 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:09:56 -0000 Subject: SUSE-SU-2025:1490-1: important: Security update for java-17-openjdk Message-ID: <174661979690.24379.11325828971663069796@smelt2.prg2.suse.org> # Security update for java-17-openjdk Announcement ID: SUSE-SU-2025:1490-1 Release Date: 2025-05-06T11:49:02Z Rating: important References: * bsc#1241274 * bsc#1241275 * bsc#1241276 Cross-References: * CVE-2025-21587 * CVE-2025-30691 * CVE-2025-30698 CVSS scores: * CVE-2025-21587 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-21587 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-21587 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-30691 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-30691 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-30691 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-30698 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-30698 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-30698 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP6 * Legacy Module 15-SP6 * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.15+6 (April 2025 CPU) CVEs: * CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data (bsc#1241274) * CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access (bsc#1241275) * CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS (bsc#1241276) Changes: + JDK-6355567: AdobeMarkerSegment causes failure to read valid JPEG + JDK-8065099: [macos] javax/swing/PopupFactory/6276087/ /NonOpaquePopupMenuTest.java fails: no background shine through + JDK-8179502: Enhance OCSP, CRL and Certificate Fetch Timeouts + JDK-8198237: [macos] Test java/awt/Frame/ /ExceptionOnSetExtendedStateTest/ /ExceptionOnSetExtendedStateTest.java fails + JDK-8198666: Many java/awt/Modal/OnTop/ test fails on mac + JDK-8208565: [TEST_BUG] javax/swing/PopupFactory/6276087/ /NonOpaquePopupMenuTest.java throws NPE + JDK-8226933: [TEST_BUG]GTK L&F: There is no swatches or RGB tab in JColorChooser + JDK-8226938: [TEST_BUG]GTK L&F: There is no Details button in FileChooser Dialog + JDK-8266435: WBMPImageReader.read() should not truncate the input stream + JDK-8267893: Improve jtreg test failure handler do get native/mixed stack traces for cores and live processes + JDK-8270961: [TESTBUG] Move GotWrongOOMEException into vm.share.gc package + JDK-8274893: Update java.desktop classes to use try-with-resources + JDK-8276202: LogFileOutput.invalid_file_vm asserts when being executed from a read only working directory + JDK-8277240: java/awt/Graphics2D/ScaledTransform/ /ScaledTransform.java dialog does not get disposed + JDK-8281234: The -protected option is not always checked in keytool and jarsigner + JDK-8282314: nsk/jvmti/SuspendThread/suspendthrd003 may leak memory + JDK-8283387: [macos] a11y : Screen magnifier does not show selected Tab + JDK-8283404: [macos] a11y : Screen magnifier does not show JMenu name + JDK-8283664: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/PrintTextTest.java + JDK-8286779: javax.crypto.CryptoPolicyParser#isConsistent always returns 'true' + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8290400: Must run exe installers in jpackage jtreg tests without UI + JDK-8292588: [macos] Multiscreen/MultiScreenLocationTest/ /MultiScreenLocationTest.java: Robot.mouseMove test failed on Screen #0 + JDK-8292704: sun/security/tools/jarsigner/compatibility/ /Compatibility.java use wrong key size for EC + JDK-8292848: AWT_Mixing and TrayIcon tests fail on el8 with hard-coded isOel7 + JDK-8293345: SunPKCS11 provider checks on PKCS11 Mechanism are problematic + JDK-8293412: Remove unnecessary java.security.egd overrides + JDK-8294067: [macOS] javax/swing/JComboBox/6559152/ /bug6559152.java Cannot select an item from popup with the ENTER key. + JDK-8294316: SA core file support is broken on macosx-x64 starting with macOS 12.x + JDK-8295087: Manual Test to Automated Test Conversion + JDK-8295176: some langtools test pollutes source tree + JDK-8296591: Signature benchmark + JDK-8296818: Enhance JMH tests java/security/Signatures.java + JDK-8299077: [REDO] JDK-4512626 Non-editable JTextArea provides no visual indication of keyboard focus + JDK-8299127: [REDO] JDK-8194048 Regression automated test '/open/test/jdk/javax/swing/text/DefaultCaret/HidingSelection/ /HidingSelectionTest.java' fails + JDK-8299128: [REDO] JDK-8213562 Test javax/swing/text/ /DefaultCaret/HidingSelection/MultiSelectionTest.java fails + JDK-8299739: HashedPasswordFileTest.java and ExceptionTest.java can fail with java.lang.NullPointerException + JDK-8299994: java/security/Policy/Root/Root.java fails when home directory is read-only + JDK-8301989: new javax.swing.text.DefaultCaret().setBlinkRate(N) results in NPE + JDK-8302111: Serialization considerations + JDK-8305853: java/text/Format/DateFormat/ /DateFormatRegression.java fails with "Uncaught exception thrown in test method Test4089106" + JDK-8306711: Improve diagnosis of `IntlTest` framework + JDK-8308341: JNI_GetCreatedJavaVMs returns a partially initialized JVM + JDK-8309171: Test vmTestbase/nsk/jvmti/scenarios/ /jni_interception/JI05/ji05t001/TestDescription.java fails after JDK-8308341 + JDK-8309231: ProblemList vmTestbase/nsk/jvmti/scenarios/ /jni_interception/JI05/ji05t001/TestDescription.java + JDK-8309740: Expand timeout windows for tests in JDK-8179502 + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8310234: Refactor Locale tests to use JUnit + JDK-8310629: java/security/cert/CertPathValidator/OCSP/ /OCSPTimeout.java fails with RuntimeException: Server not ready + JDK-8311306: Test com/sun/management/ThreadMXBean/ /ThreadCpuTimeArray.java failed: out of expected range + JDK-8311546: Certificate name constraints improperly validated with leading period + JDK-8311663: Additional refactoring of Locale tests to JUnit + JDK-8312416: Tests in Locale should have more descriptive names + JDK-8312518: [macos13] setFullScreenWindow() shows black screen on macOS 13 & above + JDK-8313633: [macOS] java/awt/dnd/NextDropActionTest/ /NextDropActionTest.java fails with java.lang.RuntimeException: wrong next drop action! + JDK-8313710: jcmd: typo in the documentation of JFR.start and JFR.dump + JDK-8314225: SIGSEGV in JavaThread::is_lock_owned + JDK-8314610: hotspot can't compile with the latest of gtest because of <iomanip> + JDK-8314752: Use google test string comparison macros + JDK-8314909: tools/jpackage/windows/Win8282351Test.java fails with java.lang.AssertionError: Expected [0]. Actual [1618]: + JDK-8314975: JavadocTester should set source path if not specified + JDK-8315486: vmTestbase/nsk/jdwp/ThreadReference/ /ForceEarlyReturn/forceEarlyReturn002/forceEarlyReturn002.java timed out + JDK-8315825: Open some swing tests + JDK-8315882: Open some swing tests 2 + JDK-8315883: Open source several Swing JToolbar tests + JDK-8315952: Open source several Swing JToolbar JTooltip JTree tests + JDK-8316056: Open source several Swing JTree tests + JDK-8316146: Open some swing tests 4 + JDK-8316149: Open source several Swing JTree JViewport KeyboardManager tests + JDK-8316218: Open some swing tests 5 + JDK-8316371: Open some swing tests 6 + JDK-8316559: Refactor some util/Calendar tests to JUnit + JDK-8316627: JViewport Test headless failure + JDK-8316696: Remove the testing base classes: IntlTest and CollatorTest + JDK-8317631: Refactor ChoiceFormat tests to use JUnit + JDK-8317636: Improve heap walking API tests to verify correctness of field indexes + JDK-8318442: java/net/httpclient/ManyRequests2.java fails intermittently on Linux + JDK-8319567: Update java/lang/invoke tests to support vm flags + JDK-8319568: Update java/lang/reflect/exeCallerAccessTest/ /CallerAccessTest.java to accept vm flags + JDK-8319569: Several java/util tests should be updated to accept VM flags + JDK-8319647: Few java/lang/System/LoggerFinder/modules tests ignore vm flags + JDK-8319648: java/lang/SecurityManager tests ignore vm flags + JDK-8319672: Several classloader tests ignore VM flags + JDK-8319673: Few security tests ignore VM flags + JDK-8319676: A couple of jdk/modules/incubator/ tests ignore VM flags + JDK-8319677: Test jdk/internal/misc/VM/RuntimeArguments.java should be marked as flagless + JDK-8319818: Address GCC 13.2.0 warnings (stringop-overflow and dangling-pointer) + JDK-8320372: test/jdk/sun/security/x509/DNSName/ /LeadingPeriod.java validity check failed + JDK-8320676: Manual printer tests have no Pass/Fail buttons, instructions close set 1 + JDK-8320691: Timeout handler on Windows takes 2 hours to complete + JDK-8320714: java/util/Locale/LocaleProvidersRun.java and java/util/ResourceBundle/modules/visibility/ /VisibilityTest.java timeout after passing + JDK-8320916: jdk/jfr/event/gc/stacktrace/ /TestParallelMarkSweepAllocationPendingStackTrace.java failed with "OutOfMemoryError: GC overhead limit exceeded" + JDK-8321818: vmTestbase/nsk/stress/strace/strace015.java failed with 'Cannot read the array length because "<local4>" is null' + JDK-8323196: jdk/jfr/api/consumer/filestream/TestOrdered.java failed with "Events are not ordered! Reuse = false" + JDK-8324672: Update jdk/java/time/tck/java/time/TCKInstant.java now() to be more robust + JDK-8324807: Manual printer tests have no Pass/Fail buttons, instructions close set 2 + JDK-8325024: java/security/cert/CertPathValidator/OCSP( /OCSPTimeout.java incorrect comment information + JDK-8325042: Remove unused JVMDITools test files + JDK-8325529: Remove unused imports from `ModuleGenerator` test file + JDK-8325659: Normalize Random usage by incubator vector tests + JDK-8325906: Problemlist vmTestbase/vm/mlvm/meth/stress/ /compiler/deoptimize/Test.java#id1 until JDK-8320865 is fixed + JDK-8325908: Finish removal of IntlTest and CollatorTest + JDK-8325937: runtime/handshake/HandshakeDirectTest.java causes "monitor end should be strictly below the frame pointer" assertion failure on AArch64 + JDK-8326421: Add jtreg test for large arrayCopy disjoint case. + JDK-8326525: com/sun/tools/attach/BasicTests.java does not verify AgentLoadException case + JDK-8327098: GTest needs larger combination limit + JDK-8327476: Upgrade JLine to 3.26.1 + JDK-8327505: Test com/sun/jmx/remote/ /NotificationMarshalVersions/TestSerializationMismatch.java fails + JDK-8327857: Remove applet usage from JColorChooser tests Test4222508 + JDK-8327859: Remove applet usage from JColorChooser tests Test4319113 + JDK-8327986: ASAN reports use-after-free in DirectivesParserTest.empty_object_vm + JDK-8328005: Convert java/awt/im/JTextFieldTest.java applet test to main + JDK-8328085: C2: Use after free in PhaseChaitin::Register_Allocate() + JDK-8328121: Remove applet usage from JColorChooser tests Test4759306 + JDK-8328130: Remove applet usage from JColorChooser tests Test4759934 + JDK-8328185: Convert java/awt/image/MemoryLeakTest/ /MemoryLeakTest.java applet test to main + JDK-8328227: Remove applet usage from JColorChooser tests Test4887836 + JDK-8328368: Convert java/awt/image/multiresolution/ /MultiDisplayTest/MultiDisplayTest.java applet test to main + JDK-8328370: Convert java/awt/print/Dialog/PrintApplet.java applet test to main + JDK-8328380: Remove applet usage from JColorChooser tests Test6348456 + JDK-8328387: Convert java/awt/Frame/FrameStateTest/ /FrameStateTest.html applet test to main + JDK-8328403: Remove applet usage from JColorChooser tests Test6977726 + JDK-8328553: Get rid of JApplet in test/jdk/sanity/client/lib/SwingSet2/src/DemoModule.java + JDK-8328558: Convert javax/swing/JCheckBox/8032667/ /bug8032667.java applet test to main + JDK-8328717: Convert javax/swing/JColorChooser/8065098/ /bug8065098.java applet test to main + JDK-8328719: Convert java/awt/print/PageFormat/SetOrient.html applet test to main + JDK-8328730: Convert java/awt/print/bug8023392/bug8023392.html applet test to main + JDK-8328753: Open source few Undecorated Frame tests + JDK-8328819: Remove applet usage from JFileChooser tests bug6698013 + JDK-8328827: Convert java/awt/print/PrinterJob/ /PrinterDialogsModalityTest/PrinterDialogsModalityTest.html applet test to main + JDK-8329210: Delete Redundant Printer Dialog Modality Test + JDK-8329320: Simplify awt/print/PageFormat/NullPaper.java test + JDK-8329322: Convert PageFormat/Orient.java to use PassFailJFrame + JDK-8329692: Add more details to FrameStateTest.java test instructions + JDK-8330702: Update failure handler to don't generate Error message if cores actions are empty + JDK-8331153: JFR: Improve logging of jdk/jfr/api/consumer/filestream/TestOrdered.java + JDK-8331735: UpcallLinker::on_exit races with GC when copying frame anchor + JDK-8331959: Update PKCS#11 Cryptographic Token Interface to v3.1 + JDK-8332158: [XWayland] test/jdk/java/awt/Mouse/ /EnterExitEvents/ResizingFrameTest.java + JDK-8332917: failure_handler should execute gdb "info threads" command on linux + JDK-8333360: PrintNullString.java doesn't use float arguments + JDK-8333391: Test com/sun/jdi/InterruptHangTest.java failed: Thread was never interrupted during sleep + JDK-8333403: Write a test to check various components events are triggered properly + JDK-8333427: langtools/tools/javac/newlines/NewLineTest.java is failing on Japanese Windows + JDK-8334305: Remove all code for nsk.share.Log verbose mode + JDK-8334490: Normalize string with locale invariant `toLowerCase()` + JDK-8334777: Test javax/management/remote/mandatory/notif/ /NotifReconnectDeadlockTest.java failed with NullPointerException + JDK-8335150: Test LogGeneratedClassesTest.java fails on rpmbuild mock enviroment + JDK-8335172: Add manual steps to run security/auth/callback/ /TextCallbackHandler/Password.java test + JDK-8335789: [TESTBUG] XparColor.java test fails with Error. Parse Exception: Invalid or unrecognized bugid: @ + JDK-8336012: Fix usages of jtreg-reserved properties + JDK-8336498: [macos] [build]: install-file macro may run into permission denied error + JDK-8336692: Redo fix for JDK-8284620 + JDK-8336942: Improve test coverage for class loading elements with annotations of different retentions + JDK-8337222: gc/TestDisableExplicitGC.java fails due to unexpected CodeCache GC + JDK-8337494: Clarify JarInputStream behavior + JDK-8337692: Better TLS connection support + JDK-8337826: Improve logging in OCSPTimeout and SimpleOCSPResponder to help diagnose JDK-8309754 + JDK-8337886: java/awt/Frame/MaximizeUndecoratedTest.java fails in OEL due to a slight color difference + JDK-8337951: Test sun/security/validator/samedn.sh CertificateNotYetValidException: NotBefore validation + JDK-8338100: C2: assert(!n_loop->is_member(get_loop(lca))) failed: control must not be back in the loop + JDK-8338426: Test java/nio/channels/Selector/WakeupNow.java failed + JDK-8338430: Improve compiler transformations + JDK-8338571: [TestBug] DefaultCloseOperation.java test not working as expected wrt instruction after JDK-8325851 fix + JDK-8338595: Add more linesize for MIME decoder in macro bench test Base64Decode + JDK-8338668: Test javax/swing/JFileChooser/8080628/ /bug8080628.java doesn't test for GTK L&F + JDK-8339154: Cleanups and JUnit conversion of test/jdk/java/util/zip/Available.java + JDK-8339261: Logs truncated in test javax/net/ssl/DTLS/DTLSRehandshakeTest.java + JDK-8339356: Test javax/net/ssl/SSLSocket/Tls13PacketSize.java failed with java.net.SocketException: An established connection was aborted by the software in your host machine + JDK-8339524: Clean up a few ExtendedRobot tests + JDK-8339687: Rearrange reachabilityFence()s in jdk.test.lib.util.ForceGC + JDK-8339728: [Accessibility,Windows,JAWS] Bug in the getKeyChar method of the AccessBridge class + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339883: Open source several AWT/2D related tests + JDK-8339902: Open source couple TextField related tests + JDK-8339943: Frame not disposed in java/awt/dnd/DropActionChangeTest.java + JDK-8340078: Open source several 2D tests + JDK-8340116: test/jdk/sun/security/tools/jarsigner/ /PreserveRawManifestEntryAndDigest.java can fail due to regex + JDK-8340411: open source several 2D imaging tests + JDK-8340480: Bad copyright notices in changes from JDK-8339902 + JDK-8340687: Open source closed frame tests #1 + JDK-8340719: Open source AWT List tests + JDK-8340969: jdk/jfr/startupargs/TestStartDuration.java should be marked as flagless + JDK-8341037: Use standard layouts in DefaultFrameIconTest.java and MenuCrash.java + JDK-8341111: open source several AWT tests including menu shortcut tests + JDK-8341316: [macos] javax/swing/ProgressMonitor/ /ProgressMonitorEscapeKeyPress.java fails sometimes in macos + JDK-8341412: Various test failures after JDK-8334305 + JDK-8341424: GHA: Collect hs_errs from build time failures + JDK-8341453: java/awt/a11y/AccessibleJTableTest.java fails in some cases where the test tables are not visible + JDK-8341722: Fix some warnings as errors when building on Linux with toolchain clang + JDK-8341881: [REDO] java/nio/file/attribute/ /BasicFileAttributeView/CreationTime.java#tmp fails on alinux3 + JDK-8341978: Improve JButton/bug4490179.java + JDK-8341982: Simplify JButton/bug4323121.java + JDK-8342098: Write a test to compare the images + JDK-8342145: File libCreationTimeHelper.c compile fails on Alpine + JDK-8342270: Test sun/security/pkcs11/Provider/ /RequiredMechCheck.java needs write access to src tree + JDK-8342498: Add test for Allocation elimination after use as alignment reference by SuperWord + JDK-8342508: Use latch in BasicMenuUI/bug4983388.java instead of delay + JDK-8342541: Exclude List/KeyEventsTest/KeyEventsTest.java from running on macOS + JDK-8342562: Enhance Deflater operations + JDK-8342602: Remove JButton/PressedButtonRightClickTest test + JDK-8342607: Enhance register printing on x86_64 platforms + JDK-8342609: jpackage test helper function incorrectly removes a directory instead of its contents only + JDK-8342634: javax/imageio/plugins/wbmp/ /WBMPStreamTruncateTest.java creates temp file in src dir + JDK-8342635: javax/swing/JFileChooser/FileSystemView/ /WindowsDefaultIconSizeTest.java creates tmp file in src dir + JDK-8342704: GHA: Report truncation is broken after JDK-8341424 + JDK-8342811: java/net/httpclient/PlainProxyConnectionTest.java failed: Unexpected connection count: 5 + JDK-8342858: Make target mac-jdk-bundle fails on chmod command + JDK-8342988: GHA: Build JTReg in single step + JDK-8343007: Enhance Buffered Image handling + JDK-8343100: Consolidate EmptyFolderTest and EmptyFolderPackageTest jpackage tests into single java file + JDK-8343101: Rework BasicTest.testTemp test cases + JDK-8343118: [TESTBUG] java/awt/PrintJob/PrintCheckboxTest/ /PrintCheckboxManualTest.java fails with Error. Can't find HTML file PrintCheckboxManualTest.html + JDK-8343128: PassFailJFrame.java test result: Error. Bad action for script: build} + JDK-8343129: Disable unstable check of ThreadsListHandle.sanity_vm ThreadList values + JDK-8343178: Test BasicTest.java javac compile fails cannot find symbol + JDK-8343378: Exceptions in javax/management DeadLockTest.java do not cause test failure + JDK-8343491: javax/management/remote/mandatory/connection/ /DeadLockTest.java failing with NoSuchObjectException: no such object in table + JDK-8343599: Kmem limit and max values swapped when printing container information + JDK-8343724: [PPC64] Disallow OptoScheduling + JDK-8343882: BasicAnnoTests doesn't handle multiple annotations at the same position + JDK-8344581: [TESTBUG] java/awt/Robot/ /ScreenCaptureRobotTest.java failing on macOS + JDK-8344589: Update IANA Language Subtag Registry to Version 2024-11-19 + JDK-8344646: The libjsig deprecation warning should go to stderr not stdout + JDK-8345296: AArch64: VM crashes with SIGILL when prctl is disallowed + JDK-8345368: java/io/File/createTempFile/SpecialTempFile.java fails on Windows Server 2025 + JDK-8345371: Bump update version for OpenJDK: jdk-17.0.15 + JDK-8345375: Improve debuggability of test/jdk/java/net/Socket/CloseAvailable.java + JDK-8345414: Google CAInterop test failures + JDK-8345468: test/jdk/javax/swing/JScrollBar/4865918/ /bug4865918.java fails in ubuntu22.04 + JDK-8346055: javax/swing/text/StyledEditorKit/4506788/ /bug4506788.java fails in ubuntu22.04 + JDK-8346324: javax/swing/JScrollBar/4865918/bug4865918.java fails in CI + JDK-8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs + JDK-8346671: java/nio/file/Files/probeContentType/Basic.java fails on Windows 2025 + JDK-8346828: javax/swing/JScrollBar/4865918/bug4865918.java still fails in CI + JDK-8346887: DrawFocusRect() may cause an assertion failure + JDK-8346908: Update JDK 17 javadoc man page + JDK-8346972: Test java/nio/channels/FileChannel/ /LoopingTruncate.java fails sometimes with IOException: There is not enough space on the disk + JDK-8347424: Fix and rewrite sun/security/x509/DNSName/LeadingPeriod.java test + JDK-8347427: JTabbedPane/8134116/Bug8134116.java has no license header + JDK-8347740: java/io/File/createTempFile/SpecialTempFile.java failing + JDK-8347847: Enhance jar file support + JDK-8347965: (tz) Update Timezone Data to 2025a + JDK-8348625: [21u, 17u] Revert JDK-8185862 to restore old java.awt.headless behavior on Windows + JDK-8348675: TrayIcon tests fail in Ubuntu 24.10 Wayland + JDK-8349603: [21u, 17u, 11u] Update GHA JDKs after Jan/25 updates + JDK-8352097: (tz) zone.tab update missed in 2025a backport + JDK-8353905: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.15 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2025-1490=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1490=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1490=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1490=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1490=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-1490=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1490=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1490=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1490=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1490=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1490=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1490=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1490=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1490=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1490=1 ## Package List: * SUSE Manager Retail Branch Server 4.3 (x86_64) * java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1 * java-17-openjdk-demo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-17.0.15.0-150400.3.54.1 * java-17-openjdk-17.0.15.0-150400.3.54.1 * java-17-openjdk-devel-17.0.15.0-150400.3.54.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1 * java-17-openjdk-demo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-17.0.15.0-150400.3.54.1 * java-17-openjdk-17.0.15.0-150400.3.54.1 * java-17-openjdk-devel-17.0.15.0-150400.3.54.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1 * java-17-openjdk-demo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-jmods-17.0.15.0-150400.3.54.1 * java-17-openjdk-src-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-17.0.15.0-150400.3.54.1 * java-17-openjdk-17.0.15.0-150400.3.54.1 * java-17-openjdk-devel-17.0.15.0-150400.3.54.1 * openSUSE Leap 15.4 (noarch) * java-17-openjdk-javadoc-17.0.15.0-150400.3.54.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1 * java-17-openjdk-demo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-jmods-17.0.15.0-150400.3.54.1 * java-17-openjdk-src-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-17.0.15.0-150400.3.54.1 * java-17-openjdk-17.0.15.0-150400.3.54.1 * java-17-openjdk-devel-17.0.15.0-150400.3.54.1 * openSUSE Leap 15.6 (noarch) * java-17-openjdk-javadoc-17.0.15.0-150400.3.54.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-17.0.15.0-150400.3.54.1 * java-17-openjdk-17.0.15.0-150400.3.54.1 * java-17-openjdk-devel-17.0.15.0-150400.3.54.1 * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1 * java-17-openjdk-demo-17.0.15.0-150400.3.54.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1 * java-17-openjdk-demo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-17.0.15.0-150400.3.54.1 * java-17-openjdk-17.0.15.0-150400.3.54.1 * java-17-openjdk-devel-17.0.15.0-150400.3.54.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1 * java-17-openjdk-demo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-17.0.15.0-150400.3.54.1 * java-17-openjdk-17.0.15.0-150400.3.54.1 * java-17-openjdk-devel-17.0.15.0-150400.3.54.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1 * java-17-openjdk-demo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-17.0.15.0-150400.3.54.1 * java-17-openjdk-17.0.15.0-150400.3.54.1 * java-17-openjdk-devel-17.0.15.0-150400.3.54.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1 * java-17-openjdk-demo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-17.0.15.0-150400.3.54.1 * java-17-openjdk-17.0.15.0-150400.3.54.1 * java-17-openjdk-devel-17.0.15.0-150400.3.54.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1 * java-17-openjdk-demo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-17.0.15.0-150400.3.54.1 * java-17-openjdk-17.0.15.0-150400.3.54.1 * java-17-openjdk-devel-17.0.15.0-150400.3.54.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1 * java-17-openjdk-demo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-17.0.15.0-150400.3.54.1 * java-17-openjdk-17.0.15.0-150400.3.54.1 * java-17-openjdk-devel-17.0.15.0-150400.3.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1 * java-17-openjdk-demo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-17.0.15.0-150400.3.54.1 * java-17-openjdk-17.0.15.0-150400.3.54.1 * java-17-openjdk-devel-17.0.15.0-150400.3.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1 * java-17-openjdk-demo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-17.0.15.0-150400.3.54.1 * java-17-openjdk-17.0.15.0-150400.3.54.1 * java-17-openjdk-devel-17.0.15.0-150400.3.54.1 * SUSE Manager Proxy 4.3 (x86_64) * java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1 * java-17-openjdk-demo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-17.0.15.0-150400.3.54.1 * java-17-openjdk-17.0.15.0-150400.3.54.1 * java-17-openjdk-devel-17.0.15.0-150400.3.54.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21587.html * https://www.suse.com/security/cve/CVE-2025-30691.html * https://www.suse.com/security/cve/CVE-2025-30698.html * https://bugzilla.suse.com/show_bug.cgi?id=1241274 * https://bugzilla.suse.com/show_bug.cgi?id=1241275 * https://bugzilla.suse.com/show_bug.cgi?id=1241276 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:30:05 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:30:05 -0000 Subject: SUSE-SU-2025:1506-1: important: Security update for MozillaThunderbird Message-ID: <174662100520.30275.12694548293815466190@smelt2.prg2.suse.org> # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2025:1506-1 Release Date: 2025-05-07T12:13:22Z Rating: important References: * bsc#1241621 Cross-References: * CVE-2025-2817 * CVE-2025-4082 * CVE-2025-4083 * CVE-2025-4084 * CVE-2025-4087 * CVE-2025-4091 * CVE-2025-4093 CVSS scores: * CVE-2025-2817 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-2817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-2817 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-4082 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-4082 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-4082 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-4083 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-4083 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-4083 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-4084 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-4084 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-4084 ( NVD ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N * CVE-2025-4087 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-4087 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-4087 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-4091 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-4091 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-4091 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-4093 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-4093 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-4093 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves seven vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird ESR 128.10 update (bsc#1241621): * CVE-2025-4082: WebGL shader attribute memory corruption in Thunderbird for macOS. * CVE-2025-4087: Unsafe attribute access during XPath parsing. * CVE-2025-4093: Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird. * CVE-2025-4091: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. * CVE-2025-4083: Process isolation bypass using "javascript:" URI links in cross-origin frames. * CVE-2025-4084: Potential local code execution in "copy as cURL" command. * CVE-2025-2817: Privilege escalation in Thunderbird Updater. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-1506=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1506=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1506=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * MozillaThunderbird-debugsource-128.10.0-150200.8.212.1 * MozillaThunderbird-128.10.0-150200.8.212.1 * MozillaThunderbird-translations-common-128.10.0-150200.8.212.1 * MozillaThunderbird-debuginfo-128.10.0-150200.8.212.1 * MozillaThunderbird-translations-other-128.10.0-150200.8.212.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debugsource-128.10.0-150200.8.212.1 * MozillaThunderbird-128.10.0-150200.8.212.1 * MozillaThunderbird-translations-common-128.10.0-150200.8.212.1 * MozillaThunderbird-debuginfo-128.10.0-150200.8.212.1 * MozillaThunderbird-translations-other-128.10.0-150200.8.212.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x) * MozillaThunderbird-debugsource-128.10.0-150200.8.212.1 * MozillaThunderbird-128.10.0-150200.8.212.1 * MozillaThunderbird-translations-common-128.10.0-150200.8.212.1 * MozillaThunderbird-debuginfo-128.10.0-150200.8.212.1 * MozillaThunderbird-translations-other-128.10.0-150200.8.212.1 ## References: * https://www.suse.com/security/cve/CVE-2025-2817.html * https://www.suse.com/security/cve/CVE-2025-4082.html * https://www.suse.com/security/cve/CVE-2025-4083.html * https://www.suse.com/security/cve/CVE-2025-4084.html * https://www.suse.com/security/cve/CVE-2025-4087.html * https://www.suse.com/security/cve/CVE-2025-4091.html * https://www.suse.com/security/cve/CVE-2025-4093.html * https://bugzilla.suse.com/show_bug.cgi?id=1241621 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:30:09 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:30:09 -0000 Subject: SUSE-SU-2025:1505-1: moderate: Security update for apparmor Message-ID: <174662100919.30275.9983695309074323069@smelt2.prg2.suse.org> # Security update for apparmor Announcement ID: SUSE-SU-2025:1505-1 Release Date: 2025-05-07T12:06:44Z Rating: moderate References: * bsc#1241678 Cross-References: * CVE-2024-10041 CVSS scores: * CVE-2024-10041 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-10041 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-10041 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for apparmor fixes the following issues: * Add dac_read_search capability for unix_chkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. (bsc#1241678) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-1505=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1505=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1505=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1505=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-1505=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-1505=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1505=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1505=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * ruby-apparmor-2.13.6-150300.3.24.1 * perl-apparmor-debuginfo-2.13.6-150300.3.24.1 * perl-apparmor-2.13.6-150300.3.24.1 * libapparmor-debugsource-2.13.6-150300.3.24.1 * libapparmor1-2.13.6-150300.3.24.1 * pam_apparmor-2.13.6-150300.3.24.1 * apache2-mod_apparmor-2.13.6-150300.3.24.1 * apparmor-debugsource-2.13.6-150300.3.24.1 * apparmor-parser-2.13.6-150300.3.24.1 * apparmor-parser-debuginfo-2.13.6-150300.3.24.1 * pam_apparmor-debuginfo-2.13.6-150300.3.24.1 * python3-apparmor-2.13.6-150300.3.24.1 * libapparmor1-debuginfo-2.13.6-150300.3.24.1 * ruby-apparmor-debuginfo-2.13.6-150300.3.24.1 * apache2-mod_apparmor-debuginfo-2.13.6-150300.3.24.1 * python3-apparmor-debuginfo-2.13.6-150300.3.24.1 * libapparmor-devel-2.13.6-150300.3.24.1 * openSUSE Leap 15.3 (noarch) * apparmor-profiles-2.13.6-150300.3.24.1 * apparmor-utils-2.13.6-150300.3.24.1 * apparmor-abstractions-2.13.6-150300.3.24.1 * apparmor-parser-lang-2.13.6-150300.3.24.1 * apparmor-docs-2.13.6-150300.3.24.1 * apparmor-utils-lang-2.13.6-150300.3.24.1 * openSUSE Leap 15.3 (x86_64) * libapparmor1-32bit-2.13.6-150300.3.24.1 * pam_apparmor-32bit-2.13.6-150300.3.24.1 * pam_apparmor-32bit-debuginfo-2.13.6-150300.3.24.1 * libapparmor1-32bit-debuginfo-2.13.6-150300.3.24.1 * openSUSE Leap 15.3 (aarch64_ilp32) * pam_apparmor-64bit-2.13.6-150300.3.24.1 * pam_apparmor-64bit-debuginfo-2.13.6-150300.3.24.1 * libapparmor1-64bit-2.13.6-150300.3.24.1 * libapparmor1-64bit-debuginfo-2.13.6-150300.3.24.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * perl-apparmor-debuginfo-2.13.6-150300.3.24.1 * perl-apparmor-2.13.6-150300.3.24.1 * libapparmor1-2.13.6-150300.3.24.1 * pam_apparmor-2.13.6-150300.3.24.1 * apache2-mod_apparmor-2.13.6-150300.3.24.1 * apparmor-debugsource-2.13.6-150300.3.24.1 * apparmor-parser-2.13.6-150300.3.24.1 * apparmor-parser-debuginfo-2.13.6-150300.3.24.1 * libapparmor1-debuginfo-2.13.6-150300.3.24.1 * pam_apparmor-debuginfo-2.13.6-150300.3.24.1 * python3-apparmor-2.13.6-150300.3.24.1 * libapparmor-debugsource-2.13.6-150300.3.24.1 * apache2-mod_apparmor-debuginfo-2.13.6-150300.3.24.1 * python3-apparmor-debuginfo-2.13.6-150300.3.24.1 * libapparmor-devel-2.13.6-150300.3.24.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * apparmor-profiles-2.13.6-150300.3.24.1 * apparmor-utils-2.13.6-150300.3.24.1 * apparmor-abstractions-2.13.6-150300.3.24.1 * apparmor-parser-lang-2.13.6-150300.3.24.1 * apparmor-docs-2.13.6-150300.3.24.1 * apparmor-utils-lang-2.13.6-150300.3.24.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * pam_apparmor-32bit-debuginfo-2.13.6-150300.3.24.1 * pam_apparmor-32bit-2.13.6-150300.3.24.1 * libapparmor1-32bit-2.13.6-150300.3.24.1 * libapparmor1-32bit-debuginfo-2.13.6-150300.3.24.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * perl-apparmor-debuginfo-2.13.6-150300.3.24.1 * perl-apparmor-2.13.6-150300.3.24.1 * libapparmor1-2.13.6-150300.3.24.1 * pam_apparmor-2.13.6-150300.3.24.1 * apache2-mod_apparmor-2.13.6-150300.3.24.1 * apparmor-debugsource-2.13.6-150300.3.24.1 * apparmor-parser-2.13.6-150300.3.24.1 * apparmor-parser-debuginfo-2.13.6-150300.3.24.1 * libapparmor1-debuginfo-2.13.6-150300.3.24.1 * pam_apparmor-debuginfo-2.13.6-150300.3.24.1 * python3-apparmor-2.13.6-150300.3.24.1 * libapparmor-debugsource-2.13.6-150300.3.24.1 * apache2-mod_apparmor-debuginfo-2.13.6-150300.3.24.1 * python3-apparmor-debuginfo-2.13.6-150300.3.24.1 * libapparmor-devel-2.13.6-150300.3.24.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * apparmor-profiles-2.13.6-150300.3.24.1 * apparmor-utils-2.13.6-150300.3.24.1 * apparmor-abstractions-2.13.6-150300.3.24.1 * apparmor-parser-lang-2.13.6-150300.3.24.1 * apparmor-docs-2.13.6-150300.3.24.1 * apparmor-utils-lang-2.13.6-150300.3.24.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (x86_64) * pam_apparmor-32bit-debuginfo-2.13.6-150300.3.24.1 * pam_apparmor-32bit-2.13.6-150300.3.24.1 * libapparmor1-32bit-2.13.6-150300.3.24.1 * libapparmor1-32bit-debuginfo-2.13.6-150300.3.24.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * perl-apparmor-debuginfo-2.13.6-150300.3.24.1 * perl-apparmor-2.13.6-150300.3.24.1 * libapparmor1-2.13.6-150300.3.24.1 * pam_apparmor-2.13.6-150300.3.24.1 * apache2-mod_apparmor-2.13.6-150300.3.24.1 * apparmor-debugsource-2.13.6-150300.3.24.1 * apparmor-parser-2.13.6-150300.3.24.1 * apparmor-parser-debuginfo-2.13.6-150300.3.24.1 * libapparmor1-debuginfo-2.13.6-150300.3.24.1 * pam_apparmor-debuginfo-2.13.6-150300.3.24.1 * python3-apparmor-2.13.6-150300.3.24.1 * libapparmor-debugsource-2.13.6-150300.3.24.1 * apache2-mod_apparmor-debuginfo-2.13.6-150300.3.24.1 * python3-apparmor-debuginfo-2.13.6-150300.3.24.1 * libapparmor-devel-2.13.6-150300.3.24.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * apparmor-profiles-2.13.6-150300.3.24.1 * apparmor-utils-2.13.6-150300.3.24.1 * apparmor-abstractions-2.13.6-150300.3.24.1 * apparmor-parser-lang-2.13.6-150300.3.24.1 * apparmor-docs-2.13.6-150300.3.24.1 * apparmor-utils-lang-2.13.6-150300.3.24.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * pam_apparmor-32bit-debuginfo-2.13.6-150300.3.24.1 * pam_apparmor-32bit-2.13.6-150300.3.24.1 * libapparmor1-32bit-2.13.6-150300.3.24.1 * libapparmor1-32bit-debuginfo-2.13.6-150300.3.24.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * perl-apparmor-debuginfo-2.13.6-150300.3.24.1 * perl-apparmor-2.13.6-150300.3.24.1 * libapparmor1-2.13.6-150300.3.24.1 * pam_apparmor-2.13.6-150300.3.24.1 * apache2-mod_apparmor-2.13.6-150300.3.24.1 * apparmor-debugsource-2.13.6-150300.3.24.1 * apparmor-parser-2.13.6-150300.3.24.1 * apparmor-parser-debuginfo-2.13.6-150300.3.24.1 * libapparmor1-debuginfo-2.13.6-150300.3.24.1 * pam_apparmor-debuginfo-2.13.6-150300.3.24.1 * python3-apparmor-2.13.6-150300.3.24.1 * libapparmor-debugsource-2.13.6-150300.3.24.1 * apache2-mod_apparmor-debuginfo-2.13.6-150300.3.24.1 * python3-apparmor-debuginfo-2.13.6-150300.3.24.1 * libapparmor-devel-2.13.6-150300.3.24.1 * SUSE Enterprise Storage 7.1 (noarch) * apparmor-profiles-2.13.6-150300.3.24.1 * apparmor-utils-2.13.6-150300.3.24.1 * apparmor-abstractions-2.13.6-150300.3.24.1 * apparmor-parser-lang-2.13.6-150300.3.24.1 * apparmor-docs-2.13.6-150300.3.24.1 * apparmor-utils-lang-2.13.6-150300.3.24.1 * SUSE Enterprise Storage 7.1 (x86_64) * pam_apparmor-32bit-debuginfo-2.13.6-150300.3.24.1 * pam_apparmor-32bit-2.13.6-150300.3.24.1 * libapparmor1-32bit-2.13.6-150300.3.24.1 * libapparmor1-32bit-debuginfo-2.13.6-150300.3.24.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * apparmor-abstractions-2.13.6-150300.3.24.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * pam_apparmor-2.13.6-150300.3.24.1 * apparmor-parser-debuginfo-2.13.6-150300.3.24.1 * apparmor-debugsource-2.13.6-150300.3.24.1 * apparmor-parser-2.13.6-150300.3.24.1 * libapparmor1-debuginfo-2.13.6-150300.3.24.1 * pam_apparmor-debuginfo-2.13.6-150300.3.24.1 * libapparmor-debugsource-2.13.6-150300.3.24.1 * libapparmor1-2.13.6-150300.3.24.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * pam_apparmor-2.13.6-150300.3.24.1 * apparmor-parser-debuginfo-2.13.6-150300.3.24.1 * apparmor-debugsource-2.13.6-150300.3.24.1 * apparmor-parser-2.13.6-150300.3.24.1 * libapparmor1-debuginfo-2.13.6-150300.3.24.1 * pam_apparmor-debuginfo-2.13.6-150300.3.24.1 * libapparmor-debugsource-2.13.6-150300.3.24.1 * libapparmor1-2.13.6-150300.3.24.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * pam_apparmor-2.13.6-150300.3.24.1 * apparmor-parser-debuginfo-2.13.6-150300.3.24.1 * apparmor-debugsource-2.13.6-150300.3.24.1 * apparmor-parser-2.13.6-150300.3.24.1 * libapparmor1-debuginfo-2.13.6-150300.3.24.1 * pam_apparmor-debuginfo-2.13.6-150300.3.24.1 * libapparmor-debugsource-2.13.6-150300.3.24.1 * libapparmor1-2.13.6-150300.3.24.1 ## References: * https://www.suse.com/security/cve/CVE-2024-10041.html * https://bugzilla.suse.com/show_bug.cgi?id=1241678 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:30:22 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:30:22 -0000 Subject: SUSE-SU-2025:1504-1: important: Security update for libsoup Message-ID: <174662102248.30275.18347340460755587530@smelt2.prg2.suse.org> # Security update for libsoup Announcement ID: SUSE-SU-2025:1504-1 Release Date: 2025-05-07T12:06:19Z Rating: important References: * bsc#1240750 * bsc#1240752 * bsc#1240754 * bsc#1240756 * bsc#1240757 * bsc#1241162 * bsc#1241164 * bsc#1241214 * bsc#1241222 * bsc#1241223 * bsc#1241226 * bsc#1241238 * bsc#1241252 * bsc#1241263 * bsc#1241686 * bsc#1241688 Cross-References: * CVE-2025-2784 * CVE-2025-32050 * CVE-2025-32051 * CVE-2025-32052 * CVE-2025-32053 * CVE-2025-32906 * CVE-2025-32907 * CVE-2025-32908 * CVE-2025-32909 * CVE-2025-32910 * CVE-2025-32911 * CVE-2025-32912 * CVE-2025-32913 * CVE-2025-32914 * CVE-2025-46420 * CVE-2025-46421 CVSS scores: * CVE-2025-2784 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-2784 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-2784 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-32050 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32050 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32050 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32051 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32051 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32051 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32052 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-32052 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32053 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-32053 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32053 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32906 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2025-32906 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32907 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32907 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32907 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-32908 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32908 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32908 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32909 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-32909 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-32909 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-32910 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32910 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-32910 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-32911 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-32911 ( NVD ): 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2025-32912 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-32912 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-32913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32914 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-32914 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2025-46420 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-46420 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-46420 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-46421 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2025-46421 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 16 vulnerabilities can now be installed. ## Description: This update for libsoup fixes the following issues: * CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space` when sniffing conten (bsc#1240750) * CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752) * CVE-2025-32051: Fixed segmentation fault when parsing malformed data URI (bsc#1240754) * CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756) * CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757) * CVE-2025-32906: Fixed out of bounds reads in soup_headers_parse_request() (bsc#1241263) * CVE-2025-32907: Fixed excessive memory consumption in server when client requests a large amount of overlapping ranges in a single HTTP request (bsc#1241222) * CVE-2025-32908: Fixed HTTP request may lead to server crash due to HTTP/2 server not fully validating the values of pseudo-headers (bsc#1241223) * CVE-2025-32909: Fixed NULL pointer dereference in the sniff_mp4 function in soup-content-sniffer.c (bsc#1241226) * CVE-2025-32910: Fixed NULL pointer deference on client when server omits the realm parameter in an Unauthorized response with Digest authentication (bsc#1241252) * CVE-2025-32911: Fixed double free on soup_message_headers_get_content_disposition() via "params" (bsc#1241238) * CVE-2025-32912: Fixed NULL pointer dereference in SoupAuthDigest (bsc#1241214) * CVE-2025-32913: Fixed NULL pointer dereference in soup_message_headers_get_content_disposition (bsc#1241162) * CVE-2025-32914: Fixed out of bounds read in `soup_multipart_new_from_message()` (bsc#1241164) * CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via soup-headers.c (bsc#1241686) * CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect (bsc#1241688) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-1504=1 openSUSE-SLE-15.6-2025-1504=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1504=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libsoup-debugsource-3.4.4-150600.3.7.1 * libsoup-3_0-0-debuginfo-3.4.4-150600.3.7.1 * libsoup-devel-3.4.4-150600.3.7.1 * typelib-1_0-Soup-3_0-3.4.4-150600.3.7.1 * libsoup-3_0-0-3.4.4-150600.3.7.1 * openSUSE Leap 15.6 (x86_64) * libsoup-3_0-0-32bit-3.4.4-150600.3.7.1 * libsoup-devel-32bit-3.4.4-150600.3.7.1 * libsoup-3_0-0-32bit-debuginfo-3.4.4-150600.3.7.1 * openSUSE Leap 15.6 (noarch) * libsoup-lang-3.4.4-150600.3.7.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libsoup-3_0-0-64bit-3.4.4-150600.3.7.1 * libsoup-devel-64bit-3.4.4-150600.3.7.1 * libsoup-3_0-0-64bit-debuginfo-3.4.4-150600.3.7.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libsoup-debugsource-3.4.4-150600.3.7.1 * libsoup-3_0-0-debuginfo-3.4.4-150600.3.7.1 * libsoup-devel-3.4.4-150600.3.7.1 * typelib-1_0-Soup-3_0-3.4.4-150600.3.7.1 * libsoup-3_0-0-3.4.4-150600.3.7.1 * Basesystem Module 15-SP6 (noarch) * libsoup-lang-3.4.4-150600.3.7.1 ## References: * https://www.suse.com/security/cve/CVE-2025-2784.html * https://www.suse.com/security/cve/CVE-2025-32050.html * https://www.suse.com/security/cve/CVE-2025-32051.html * https://www.suse.com/security/cve/CVE-2025-32052.html * https://www.suse.com/security/cve/CVE-2025-32053.html * https://www.suse.com/security/cve/CVE-2025-32906.html * https://www.suse.com/security/cve/CVE-2025-32907.html * https://www.suse.com/security/cve/CVE-2025-32908.html * https://www.suse.com/security/cve/CVE-2025-32909.html * https://www.suse.com/security/cve/CVE-2025-32910.html * https://www.suse.com/security/cve/CVE-2025-32911.html * https://www.suse.com/security/cve/CVE-2025-32912.html * https://www.suse.com/security/cve/CVE-2025-32913.html * https://www.suse.com/security/cve/CVE-2025-32914.html * https://www.suse.com/security/cve/CVE-2025-46420.html * https://www.suse.com/security/cve/CVE-2025-46421.html * https://bugzilla.suse.com/show_bug.cgi?id=1240750 * https://bugzilla.suse.com/show_bug.cgi?id=1240752 * https://bugzilla.suse.com/show_bug.cgi?id=1240754 * https://bugzilla.suse.com/show_bug.cgi?id=1240756 * https://bugzilla.suse.com/show_bug.cgi?id=1240757 * https://bugzilla.suse.com/show_bug.cgi?id=1241162 * https://bugzilla.suse.com/show_bug.cgi?id=1241164 * https://bugzilla.suse.com/show_bug.cgi?id=1241214 * https://bugzilla.suse.com/show_bug.cgi?id=1241222 * https://bugzilla.suse.com/show_bug.cgi?id=1241223 * https://bugzilla.suse.com/show_bug.cgi?id=1241226 * https://bugzilla.suse.com/show_bug.cgi?id=1241238 * https://bugzilla.suse.com/show_bug.cgi?id=1241252 * https://bugzilla.suse.com/show_bug.cgi?id=1241263 * https://bugzilla.suse.com/show_bug.cgi?id=1241686 * https://bugzilla.suse.com/show_bug.cgi?id=1241688 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:30:30 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:30:30 -0000 Subject: SUSE-SU-2025:1503-1: important: Security update for libsoup2 Message-ID: <174662103006.30275.13378916865369091500@smelt2.prg2.suse.org> # Security update for libsoup2 Announcement ID: SUSE-SU-2025:1503-1 Release Date: 2025-05-07T12:06:08Z Rating: important References: * bsc#1240750 * bsc#1240752 * bsc#1240756 * bsc#1240757 * bsc#1241164 * bsc#1241222 * bsc#1241686 * bsc#1241688 Cross-References: * CVE-2025-2784 * CVE-2025-32050 * CVE-2025-32052 * CVE-2025-32053 * CVE-2025-32907 * CVE-2025-32914 * CVE-2025-46420 * CVE-2025-46421 CVSS scores: * CVE-2025-2784 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-2784 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-2784 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-32050 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32050 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32050 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32052 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-32052 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32053 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-32053 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32053 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32907 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32907 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32907 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-32914 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-32914 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2025-46420 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-46420 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-46420 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-46421 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2025-46421 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves eight vulnerabilities can now be installed. ## Description: This update for libsoup2 fixes the following issues: * CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space` when sniffing conten (bsc#1240750) * CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752) * CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756) * CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757) * CVE-2025-32907: Fixed excessive memory consumption in server when client requests a large amount of overlapping ranges in a single HTTP request (bsc#1241222) * CVE-2025-32914: Fixed out of bounds read in `soup_multipart_new_from_message()` (bsc#1241164) * CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via soup-headers.c (bsc#1241686) * CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect (bsc#1241688) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-1503=1 openSUSE-SLE-15.6-2025-1503=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1503=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * typelib-1_0-Soup-2_4-2.74.3-150600.4.6.1 * libsoup-2_4-1-2.74.3-150600.4.6.1 * libsoup2-devel-2.74.3-150600.4.6.1 * libsoup2-debugsource-2.74.3-150600.4.6.1 * libsoup-2_4-1-debuginfo-2.74.3-150600.4.6.1 * openSUSE Leap 15.6 (x86_64) * libsoup-2_4-1-32bit-debuginfo-2.74.3-150600.4.6.1 * libsoup2-devel-32bit-2.74.3-150600.4.6.1 * libsoup-2_4-1-32bit-2.74.3-150600.4.6.1 * openSUSE Leap 15.6 (noarch) * libsoup2-lang-2.74.3-150600.4.6.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libsoup-2_4-1-64bit-2.74.3-150600.4.6.1 * libsoup-2_4-1-64bit-debuginfo-2.74.3-150600.4.6.1 * libsoup2-devel-64bit-2.74.3-150600.4.6.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * typelib-1_0-Soup-2_4-2.74.3-150600.4.6.1 * libsoup-2_4-1-2.74.3-150600.4.6.1 * libsoup2-devel-2.74.3-150600.4.6.1 * libsoup2-debugsource-2.74.3-150600.4.6.1 * libsoup-2_4-1-debuginfo-2.74.3-150600.4.6.1 * Basesystem Module 15-SP6 (noarch) * libsoup2-lang-2.74.3-150600.4.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-2784.html * https://www.suse.com/security/cve/CVE-2025-32050.html * https://www.suse.com/security/cve/CVE-2025-32052.html * https://www.suse.com/security/cve/CVE-2025-32053.html * https://www.suse.com/security/cve/CVE-2025-32907.html * https://www.suse.com/security/cve/CVE-2025-32914.html * https://www.suse.com/security/cve/CVE-2025-46420.html * https://www.suse.com/security/cve/CVE-2025-46421.html * https://bugzilla.suse.com/show_bug.cgi?id=1240750 * https://bugzilla.suse.com/show_bug.cgi?id=1240752 * https://bugzilla.suse.com/show_bug.cgi?id=1240756 * https://bugzilla.suse.com/show_bug.cgi?id=1240757 * https://bugzilla.suse.com/show_bug.cgi?id=1241164 * https://bugzilla.suse.com/show_bug.cgi?id=1241222 * https://bugzilla.suse.com/show_bug.cgi?id=1241686 * https://bugzilla.suse.com/show_bug.cgi?id=1241688 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:30:35 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:30:35 -0000 Subject: SUSE-SU-2025:1468-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6) Message-ID: <174662103512.30275.9815659522112766363@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6) Announcement ID: SUSE-SU-2025:1468-1 Release Date: 2025-05-06T09:06:58Z Rating: important References: * bsc#1233677 * bsc#1235008 * bsc#1235431 * bsc#1240840 Cross-References: * CVE-2024-53082 * CVE-2024-53237 * CVE-2024-56650 * CVE-2024-8805 CVSS scores: * CVE-2024-53082 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-53082 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-53237 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53237 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53237 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53237 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56650 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-8805 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8805 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8805 ( NVD ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_23_25 fixes several issues. The following security issues were fixed: * CVE-2024-53237: Bluetooth: fix use-after-free in device_for_each_child() (bsc#1235008). * CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233677). * CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (bsc#1240840). * CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235431). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-1473=1 SUSE-SLE- Module-Live-Patching-15-SP6-2025-1468=1 SUSE-SLE-Module-Live- Patching-15-SP6-2025-1469=1 SUSE-SLE-Module-Live-Patching-15-SP6-2025-1470=1 SUSE-SLE-Module-Live-Patching-15-SP6-2025-1471=1 SUSE-SLE-Module-Live- Patching-15-SP6-2025-1472=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-1468=1 SUSE-2025-1469=1 SUSE-2025-1470=1 SUSE-2025-1471=1 SUSE-2025-1472=1 SUSE-2025-1473=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_2-debugsource-13-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_5-debugsource-8-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_0-debugsource-15-150600.4.37.1 * kernel-livepatch-6_4_0-150600_21-default-debuginfo-15-150600.4.37.1 * kernel-livepatch-6_4_0-150600_23_7-default-13-150600.2.1 * kernel-livepatch-6_4_0-150600_23_14-default-13-150600.2.1 * kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-9-150600.2.1 * kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-8-150600.2.1 * kernel-livepatch-6_4_0-150600_23_17-default-13-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_3-debugsource-13-150600.2.1 * kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-13-150600.2.1 * kernel-livepatch-6_4_0-150600_21-default-15-150600.4.37.1 * kernel-livepatch-SLE15-SP6_Update_4-debugsource-9-150600.2.1 * kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-13-150600.2.1 * kernel-livepatch-6_4_0-150600_23_7-default-debuginfo-13-150600.2.1 * kernel-livepatch-6_4_0-150600_23_22-default-9-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_1-debugsource-13-150600.2.1 * kernel-livepatch-6_4_0-150600_23_25-default-8-150600.2.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_2-debugsource-13-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_0-debugsource-15-150600.4.37.1 * kernel-livepatch-6_4_0-150600_23_7-default-13-150600.2.1 * kernel-livepatch-6_4_0-150600_21-default-debuginfo-15-150600.4.37.1 * kernel-livepatch-6_4_0-150600_23_14-default-13-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_5-debugsource-8-150600.2.1 * kernel-livepatch-6_4_0-150600_23_17-default-13-150600.2.1 * kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-8-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_3-debugsource-13-150600.2.1 * kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-13-150600.2.1 * kernel-livepatch-6_4_0-150600_21-default-15-150600.4.37.1 * kernel-livepatch-SLE15-SP6_Update_4-debugsource-9-150600.2.1 * kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-13-150600.2.1 * kernel-livepatch-6_4_0-150600_23_25-default-8-150600.2.1 * kernel-livepatch-6_4_0-150600_23_7-default-debuginfo-13-150600.2.1 * kernel-livepatch-6_4_0-150600_23_22-default-9-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_1-debugsource-13-150600.2.1 * kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-9-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-53082.html * https://www.suse.com/security/cve/CVE-2024-53237.html * https://www.suse.com/security/cve/CVE-2024-56650.html * https://www.suse.com/security/cve/CVE-2024-8805.html * https://bugzilla.suse.com/show_bug.cgi?id=1233677 * https://bugzilla.suse.com/show_bug.cgi?id=1235008 * https://bugzilla.suse.com/show_bug.cgi?id=1235431 * https://bugzilla.suse.com/show_bug.cgi?id=1240840 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:30:37 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:30:37 -0000 Subject: SUSE-SU-2025:1467-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP5) Message-ID: <174662103788.30275.7422530109683332606@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP5) Announcement ID: SUSE-SU-2025:1467-1 Release Date: 2025-05-06T15:06:15Z Rating: important References: * bsc#1235431 Cross-References: * CVE-2024-56650 CVSS scores: * CVE-2024-56650 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_88 fixes one issue. The following security issue was fixed: * CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235431). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-1467=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1467=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-1493=1 SUSE-2025-1485=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-1493=1 SUSE-SLE- Module-Live-Patching-15-SP5-2025-1485=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-1475=1 SUSE-2025-1474=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-1474=1 SUSE-SLE- Module-Live-Patching-15-SP6-2025-1475=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_51-debugsource-4-150300.2.1 * kernel-livepatch-5_3_18-150300_59_185-default-debuginfo-4-150300.2.1 * kernel-livepatch-5_3_18-150300_59_185-default-4-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_185-preempt-4-150300.2.1 * kernel-livepatch-5_3_18-150300_59_185-preempt-debuginfo-4-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_185-default-4-150300.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_22-debugsource-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_88-default-4-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_21-debugsource-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_91-default-4-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_22-debugsource-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_88-default-4-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_21-debugsource-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_91-default-4-150500.2.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_33-default-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_30-default-5-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_6-debugsource-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-5-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_7-debugsource-5-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_33-default-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_30-default-5-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_6-debugsource-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-5-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_7-debugsource-5-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-56650.html * https://bugzilla.suse.com/show_bug.cgi?id=1235431 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:30:42 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:30:42 -0000 Subject: SUSE-SU-2025:1463-1: important: Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3) Message-ID: <174662104254.30275.3751104521340542738@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3) Announcement ID: SUSE-SU-2025:1463-1 Release Date: 2025-05-06T14:35:55Z Rating: important References: * bsc#1233294 * bsc#1235431 Cross-References: * CVE-2024-50205 * CVE-2024-56650 CVSS scores: * CVE-2024-50205 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50205 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-50205 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56650 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_179 fixes several issues. The following security issues were fixed: * CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233294). * CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235431). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-1491=1 SUSE-2025-1463=1 SUSE-2025-1458=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1458=1 SUSE-SLE- Module-Live-Patching-15-SP3-2025-1491=1 SUSE-SLE-Module-Live- Patching-15-SP3-2025-1463=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_174-default-debuginfo-9-150300.2.1 * kernel-livepatch-5_3_18-150300_59_174-default-9-150300.2.1 * kernel-livepatch-5_3_18-150300_59_170-default-10-150300.2.1 * kernel-livepatch-5_3_18-150300_59_179-default-8-150300.2.1 * kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-10-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_48-debugsource-9-150300.2.1 * kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-8-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_49-debugsource-8-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_47-debugsource-10-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_174-preempt-9-150300.2.1 * kernel-livepatch-5_3_18-150300_59_170-preempt-debuginfo-10-150300.2.1 * kernel-livepatch-5_3_18-150300_59_179-preempt-8-150300.2.1 * kernel-livepatch-5_3_18-150300_59_179-preempt-debuginfo-8-150300.2.1 * kernel-livepatch-5_3_18-150300_59_170-preempt-10-150300.2.1 * kernel-livepatch-5_3_18-150300_59_174-preempt-debuginfo-9-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_174-default-9-150300.2.1 * kernel-livepatch-5_3_18-150300_59_179-default-8-150300.2.1 * kernel-livepatch-5_3_18-150300_59_170-default-10-150300.2.1 * kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-10-150300.2.1 * kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-8-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_49-debugsource-8-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_47-debugsource-10-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-50205.html * https://www.suse.com/security/cve/CVE-2024-56650.html * https://bugzilla.suse.com/show_bug.cgi?id=1233294 * https://bugzilla.suse.com/show_bug.cgi?id=1235431 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:30:46 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:30:46 -0000 Subject: SUSE-SU-2025:1454-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5) Message-ID: <174662104650.30275.10878336309895403131@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5) Announcement ID: SUSE-SU-2025:1454-1 Release Date: 2025-05-06T09:44:33Z Rating: important References: * bsc#1233294 * bsc#1235431 * bsc#1240840 Cross-References: * CVE-2024-50205 * CVE-2024-56650 * CVE-2024-8805 CVSS scores: * CVE-2024-50205 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50205 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-50205 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56650 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-8805 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8805 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8805 ( NVD ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_83 fixes several issues. The following security issues were fixed: * CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (bsc#1240840). * CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233294). * CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235431). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-1482=1 SUSE-SLE- Module-Live-Patching-15-SP5-2025-1483=1 SUSE-SLE-Module-Live- Patching-15-SP5-2025-1484=1 SUSE-SLE-Module-Live-Patching-15-SP5-2025-1478=1 SUSE-SLE-Module-Live-Patching-15-SP5-2025-1479=1 SUSE-SLE-Module-Live- Patching-15-SP5-2025-1480=1 SUSE-SLE-Module-Live-Patching-15-SP5-2025-1481=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-1483=1 SUSE-2025-1484=1 SUSE-2025-1478=1 SUSE-2025-1479=1 SUSE-2025-1480=1 SUSE-2025-1481=1 SUSE-2025-1482=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1454=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-1454=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_12-debugsource-17-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_19-debugsource-7-150500.2.1 * kernel-livepatch-5_14_21-150500_55_65-default-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_65-default-debuginfo-15-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_13-debugsource-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_73-default-debuginfo-9-150500.2.1 * kernel-livepatch-5_14_21-150500_55_80-default-7-150500.2.1 * kernel-livepatch-5_14_21-150500_55_62-default-debuginfo-15-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_15-debugsource-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-7-150500.2.1 * kernel-livepatch-5_14_21-150500_55_62-default-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_83-default-7-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_20-debugsource-7-150500.2.1 * kernel-livepatch-5_14_21-150500_55_68-default-14-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_14-debugsource-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_73-default-9-150500.2.1 * kernel-livepatch-5_14_21-150500_55_68-default-debuginfo-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_59-default-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_59-default-debuginfo-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-7-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le x86_64) * kernel-livepatch-SLE15-SP5_Update_17-debugsource-9-150500.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_17-debugsource-9-150500.2.1 * kernel-livepatch-5_14_21-150500_55_80-default-7-150500.2.1 * kernel-livepatch-5_14_21-150500_55_62-default-debuginfo-15-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_15-debugsource-14-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_14-debugsource-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-7-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_12-debugsource-17-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_19-debugsource-7-150500.2.1 * kernel-livepatch-5_14_21-150500_55_83-default-7-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_13-debugsource-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_73-default-debuginfo-9-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_20-debugsource-7-150500.2.1 * kernel-livepatch-5_14_21-150500_55_68-default-debuginfo-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_73-default-9-150500.2.1 * kernel-livepatch-5_14_21-150500_55_59-default-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_59-default-debuginfo-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_65-default-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_65-default-debuginfo-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-7-150500.2.1 * kernel-livepatch-5_14_21-150500_55_62-default-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_68-default-14-150500.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-14-150400.2.1 * kernel-livepatch-5_14_21-150400_24_122-default-14-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_27-debugsource-14-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-14-150400.2.1 * kernel-livepatch-5_14_21-150400_24_122-default-14-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_27-debugsource-14-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-50205.html * https://www.suse.com/security/cve/CVE-2024-56650.html * https://www.suse.com/security/cve/CVE-2024-8805.html * https://bugzilla.suse.com/show_bug.cgi?id=1233294 * https://bugzilla.suse.com/show_bug.cgi?id=1235431 * https://bugzilla.suse.com/show_bug.cgi?id=1240840 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:30:55 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:30:55 -0000 Subject: SUSE-SU-2025:1501-1: moderate: Security update for opensaml Message-ID: <174662105537.30275.537430473720802436@smelt2.prg2.suse.org> # Security update for opensaml Announcement ID: SUSE-SU-2025:1501-1 Release Date: 2025-05-07T09:42:33Z Rating: moderate References: * bsc#1239889 Cross-References: * CVE-2025-31335 CVSS scores: * CVE-2025-31335 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2025-31335 ( NVD ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for opensaml fixes the following issues: * CVE-2025-31335: Fixed parameter manipulation allowing forging signed SAML messages (bsc#1239889) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1501=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * opensaml-bin-2.5.5-3.6.1 * libsaml8-debuginfo-2.5.5-3.6.1 * libsaml-devel-2.5.5-3.6.1 * opensaml-schemas-2.5.5-3.6.1 * opensaml-debugsource-2.5.5-3.6.1 * opensaml-bin-debuginfo-2.5.5-3.6.1 * libsaml8-2.5.5-3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-31335.html * https://bugzilla.suse.com/show_bug.cgi?id=1239889 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:30:59 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:30:59 -0000 Subject: SUSE-SU-2025:1500-1: moderate: Security update for opensaml Message-ID: <174662105953.30275.16723378505736826673@smelt2.prg2.suse.org> # Security update for opensaml Announcement ID: SUSE-SU-2025:1500-1 Release Date: 2025-05-07T09:42:25Z Rating: moderate References: * bsc#1239889 Cross-References: * CVE-2025-31335 CVSS scores: * CVE-2025-31335 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2025-31335 ( NVD ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for opensaml fixes the following issues: * CVE-2025-31335: Fixed a bug where parameter manipulation allows the forging of signed SAML messages. (bsc#1239889) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-1500=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1500=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-1500=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * opensaml-debuginfo-3.1.0-150300.3.3.1 * opensaml-bin-3.1.0-150300.3.3.1 * libsaml11-debuginfo-3.1.0-150300.3.3.1 * libsaml-devel-3.1.0-150300.3.3.1 * opensaml-schemas-3.1.0-150300.3.3.1 * opensaml-debugsource-3.1.0-150300.3.3.1 * opensaml-bin-debuginfo-3.1.0-150300.3.3.1 * libsaml11-3.1.0-150300.3.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * opensaml-debuginfo-3.1.0-150300.3.3.1 * opensaml-bin-3.1.0-150300.3.3.1 * libsaml11-debuginfo-3.1.0-150300.3.3.1 * libsaml-devel-3.1.0-150300.3.3.1 * opensaml-schemas-3.1.0-150300.3.3.1 * opensaml-debugsource-3.1.0-150300.3.3.1 * opensaml-bin-debuginfo-3.1.0-150300.3.3.1 * libsaml11-3.1.0-150300.3.3.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * opensaml-debuginfo-3.1.0-150300.3.3.1 * libsaml11-debuginfo-3.1.0-150300.3.3.1 * libsaml-devel-3.1.0-150300.3.3.1 * opensaml-schemas-3.1.0-150300.3.3.1 * opensaml-debugsource-3.1.0-150300.3.3.1 * libsaml11-3.1.0-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-31335.html * https://bugzilla.suse.com/show_bug.cgi?id=1239889 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:31:26 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:31:26 -0000 Subject: SUSE-SU-2025:1494-1: important: Security update for libxslt Message-ID: <174662108652.30275.335887949160465290@smelt2.prg2.suse.org> # Security update for libxslt Announcement ID: SUSE-SU-2025:1494-1 Release Date: 2025-05-06T23:46:16Z Rating: important References: * bsc#1239625 * bsc#1239637 Cross-References: * CVE-2024-55549 * CVE-2025-24855 CVSS scores: * CVE-2024-55549 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H * CVE-2024-55549 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H * CVE-2025-24855 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H * CVE-2025-24855 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for libxslt fixes the following issues: * CVE-2025-24855: Fixed use-after-free of XPath context node (bsc#1239625) * CVE-2024-55549: Fixed use-after-free related to excluded namespaces (bsc#1239637) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-1494=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1494=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libxslt-tools-debuginfo-1.1.28-17.18.1 * libxslt-debugsource-1.1.28-17.18.1 * libxslt-devel-1.1.28-17.18.1 * libxslt1-debuginfo-1.1.28-17.18.1 * libxslt-tools-1.1.28-17.18.1 * libxslt1-1.1.28-17.18.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libxslt1-debuginfo-32bit-1.1.28-17.18.1 * libxslt1-32bit-1.1.28-17.18.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libxslt1-debuginfo-32bit-1.1.28-17.18.1 * libxslt-tools-debuginfo-1.1.28-17.18.1 * libxslt-debugsource-1.1.28-17.18.1 * libxslt-devel-1.1.28-17.18.1 * libxslt1-debuginfo-1.1.28-17.18.1 * libxslt1-32bit-1.1.28-17.18.1 * libxslt-tools-1.1.28-17.18.1 * libxslt1-1.1.28-17.18.1 ## References: * https://www.suse.com/security/cve/CVE-2024-55549.html * https://www.suse.com/security/cve/CVE-2025-24855.html * https://bugzilla.suse.com/show_bug.cgi?id=1239625 * https://bugzilla.suse.com/show_bug.cgi?id=1239637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:31:28 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:31:28 -0000 Subject: SUSE-SU-2025:1492-1: moderate: Security update for rubygem-rack-1_6 Message-ID: <174662108880.30275.3170087479523206091@smelt2.prg2.suse.org> # Security update for rubygem-rack-1_6 Announcement ID: SUSE-SU-2025:1492-1 Release Date: 2025-05-06T14:36:05Z Rating: moderate References: * bsc#1238607 Cross-References: * CVE-2025-27111 CVSS scores: * CVE-2025-27111 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-27111 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2025-27111 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for rubygem-rack-1_6 fixes the following issues: * CVE-2025-27111: Fixed Escape Sequence Injection vulnerability (bsc#1238607) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1492=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-rack-1_6-1.6.8-150000.3.6.1 * ruby2.5-rubygem-rack-testsuite-1_6-1.6.8-150000.3.6.1 * ruby2.5-rubygem-rack-doc-1_6-1.6.8-150000.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-27111.html * https://bugzilla.suse.com/show_bug.cgi?id=1238607 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:31:31 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:31:31 -0000 Subject: SUSE-SU-2025:1489-1: moderate: Security update for ImageMagick Message-ID: <174662109122.30275.12815574059922766282@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2025:1489-1 Release Date: 2025-05-06T10:57:42Z Rating: moderate References: * bsc#1241659 Cross-References: * CVE-2025-43965 CVSS scores: * CVE-2025-43965 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-43965 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L * CVE-2025-43965 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2025-43965: mishandling of image depth after SetQuantumFormat is used in MIFF image processing. (bsc#1241659) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1489=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libMagickCore-6_Q16-1-6.8.8.1-71.204.1 * ImageMagick-debuginfo-6.8.8.1-71.204.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.204.1 * ImageMagick-config-6-upstream-6.8.8.1-71.204.1 * ImageMagick-debugsource-6.8.8.1-71.204.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.204.1 * libMagickWand-6_Q16-1-6.8.8.1-71.204.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.204.1 * libMagick++-devel-6.8.8.1-71.204.1 * ImageMagick-devel-6.8.8.1-71.204.1 ## References: * https://www.suse.com/security/cve/CVE-2025-43965.html * https://bugzilla.suse.com/show_bug.cgi?id=1241659 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:31:36 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:31:36 -0000 Subject: SUSE-SU-2025:1488-1: moderate: Security update for ImageMagick Message-ID: <174662109627.30275.4311108740846579300@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2025:1488-1 Release Date: 2025-05-06T10:57:33Z Rating: moderate References: * bsc#1241658 * bsc#1241659 Cross-References: * CVE-2025-43965 * CVE-2025-46393 CVSS scores: * CVE-2025-43965 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-43965 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L * CVE-2025-43965 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-46393 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-46393 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L * CVE-2025-46393 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Desktop Applications Module 15-SP6 * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2025-43965: mishandling of image depth after SetQuantumFormat is used in MIFF image processing. (bsc#1241659) * CVE-2025-46393: mishandling of packet_size leads to rendering of channels in arbitrary order in multispectral MIFF image processing. (bsc#1241658) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-1488=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-1488=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-1488=1 openSUSE-SLE-15.6-2025-1488=1 ## Package List: * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * ImageMagick-debugsource-7.1.1.21-150600.3.3.1 * libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.3.1 * ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.3.1 * libMagick++-devel-7.1.1.21-150600.3.3.1 * ImageMagick-devel-7.1.1.21-150600.3.3.1 * libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.3.1 * libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.3.1 * ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.3.1 * ImageMagick-config-7-SUSE-7.1.1.21-150600.3.3.1 * ImageMagick-7.1.1.21-150600.3.3.1 * ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.3.1 * ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.3.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.3.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.3.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.3.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.3.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * perl-PerlMagick-debuginfo-7.1.1.21-150600.3.3.1 * ImageMagick-debugsource-7.1.1.21-150600.3.3.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.3.1 * perl-PerlMagick-7.1.1.21-150600.3.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * ImageMagick-debugsource-7.1.1.21-150600.3.3.1 * libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.3.1 * ImageMagick-extra-7.1.1.21-150600.3.3.1 * ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.3.1 * ImageMagick-extra-debuginfo-7.1.1.21-150600.3.3.1 * ImageMagick-devel-7.1.1.21-150600.3.3.1 * libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.3.1 * libMagick++-devel-7.1.1.21-150600.3.3.1 * ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.3.1 * libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.3.1 * perl-PerlMagick-7.1.1.21-150600.3.3.1 * perl-PerlMagick-debuginfo-7.1.1.21-150600.3.3.1 * ImageMagick-config-7-SUSE-7.1.1.21-150600.3.3.1 * ImageMagick-7.1.1.21-150600.3.3.1 * ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.3.1 * ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.3.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.3.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.3.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.3.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.3.1 * openSUSE Leap 15.6 (x86_64) * libMagick++-devel-32bit-7.1.1.21-150600.3.3.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.1.21-150600.3.3.1 * ImageMagick-devel-32bit-7.1.1.21-150600.3.3.1 * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.3.1 * libMagick++-7_Q16HDRI5-32bit-7.1.1.21-150600.3.3.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.1.21-150600.3.3.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.3.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.1.21-150600.3.3.1 * openSUSE Leap 15.6 (noarch) * ImageMagick-doc-7.1.1.21-150600.3.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libMagick++-7_Q16HDRI5-64bit-7.1.1.21-150600.3.3.1 * libMagickCore-7_Q16HDRI10-64bit-7.1.1.21-150600.3.3.1 * libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.3.1 * libMagickWand-7_Q16HDRI10-64bit-7.1.1.21-150600.3.3.1 * libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.3.1 * libMagick++-devel-64bit-7.1.1.21-150600.3.3.1 * libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.1.21-150600.3.3.1 * ImageMagick-devel-64bit-7.1.1.21-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-43965.html * https://www.suse.com/security/cve/CVE-2025-46393.html * https://bugzilla.suse.com/show_bug.cgi?id=1241658 * https://bugzilla.suse.com/show_bug.cgi?id=1241659 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:31:41 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:31:41 -0000 Subject: SUSE-SU-2025:1487-1: important: Security update for java-11-openjdk Message-ID: <174662110191.30275.4843070485852484619@smelt2.prg2.suse.org> # Security update for java-11-openjdk Announcement ID: SUSE-SU-2025:1487-1 Release Date: 2025-05-06T10:05:56Z Rating: important References: * bsc#1241274 * bsc#1241275 * bsc#1241276 Cross-References: * CVE-2025-21587 * CVE-2025-30691 * CVE-2025-30698 CVSS scores: * CVE-2025-21587 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-21587 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-21587 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-30691 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-30691 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-30691 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-30698 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-30698 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-30698 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * Legacy Module 15-SP6 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.27+6 (April 2025 CPU) CVEs: * CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data (bsc#1241274) * CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access (bsc#1241275) * CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS (bsc#1241276) Changes: + JDK-8195675: Call to insertText with single character from custom Input Method ignored + JDK-8202926: Test java/awt/Focus/ /WindowUpdateFocusabilityTest/ /WindowUpdateFocusabilityTest.html fails + JDK-8216539: tools/jar/modularJar/Basic.java timed out + JDK-8268364: jmethod clearing should be done during unloading + JDK-8273914: Indy string concat changes order of operations + JDK-8294316: SA core file support is broken on macosx-x64 starting with macOS 12.x + JDK-8306408: Fix the format of several tables in building.md + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8312049: runtime/logging/ClassLoadUnloadTest can be improved + JDK-8320916: jdk/jfr/event/gc/stacktrace/ /TestParallelMarkSweepAllocationPendingStackTrace.java failed with "OutOfMemoryError: GC overhead limit exceeded" + JDK-8327650: Test java/nio/channels/DatagramChannel/ /StressNativeSignal.java timed out + JDK-8328242: Add a log area to the PassFailJFrame + JDK-8331863: DUIterator_Fast used before it is constructed + JDK-8336012: Fix usages of jtreg-reserved properties + JDK-8337494: Clarify JarInputStream behavior + JDK-8337692: Better TLS connection support + JDK-8338430: Improve compiler transformations + JDK-8339560: Unaddressed comments during code review of JDK-8337664 + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339931: Update problem list for WindowUpdateFocusabilityTest.java + JDK-8340387: Update OS detection code to recognize Windows Server 2025 + JDK-8341424: GHA: Collect hs_errs from build time failures + JDK-8342562: Enhance Deflater operations + JDK-8342704: GHA: Report truncation is broken after JDK-8341424 + JDK-8343007: Enhance Buffered Image handling + JDK-8343474: [updates] Customize README.md to specifics of update project + JDK-8343599: Kmem limit and max values swapped when printing container information + JDK-8343786: [11u] GHA: Bump macOS and Xcode versions to macos-13 and XCode 14.3.1 + JDK-8344589: Update IANA Language Subtag Registry to Version 2024-11-19 + JDK-8345509: Bump update version of OpenJDK: 11.0.27 + JDK-8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs + JDK-8347427: JTabbedPane/8134116/Bug8134116.java has no license header + JDK-8347847: Enhance jar file support + JDK-8347965: (tz) Update Timezone Data to 2025a + JDK-8349603: [21u, 17u, 11u] Update GHA JDKs after Jan/25 updates + JDK-8352097: (tz) zone.tab update missed in 2025a backport + JDK-8354087: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.27 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1487=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1487=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1487=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1487=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1487=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1487=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1487=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1487=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1487=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1487=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1487=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2025-1487=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1487=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-1487=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1487=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-1487=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1487=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1487=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1 * java-11-openjdk-headless-11.0.27.0-150000.3.125.1 * java-11-openjdk-devel-11.0.27.0-150000.3.125.1 * java-11-openjdk-demo-11.0.27.0-150000.3.125.1 * java-11-openjdk-11.0.27.0-150000.3.125.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1 * java-11-openjdk-headless-11.0.27.0-150000.3.125.1 * java-11-openjdk-devel-11.0.27.0-150000.3.125.1 * java-11-openjdk-demo-11.0.27.0-150000.3.125.1 * java-11-openjdk-11.0.27.0-150000.3.125.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * java-11-openjdk-11.0.27.0-150000.3.125.1 * java-11-openjdk-demo-11.0.27.0-150000.3.125.1 * java-11-openjdk-headless-11.0.27.0-150000.3.125.1 * java-11-openjdk-devel-11.0.27.0-150000.3.125.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * java-11-openjdk-11.0.27.0-150000.3.125.1 * java-11-openjdk-demo-11.0.27.0-150000.3.125.1 * java-11-openjdk-headless-11.0.27.0-150000.3.125.1 * java-11-openjdk-devel-11.0.27.0-150000.3.125.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1 * java-11-openjdk-debuginfo-11.0.27.0-150000.3.125.1 * java-11-openjdk-headless-11.0.27.0-150000.3.125.1 * java-11-openjdk-devel-11.0.27.0-150000.3.125.1 * java-11-openjdk-demo-11.0.27.0-150000.3.125.1 * java-11-openjdk-11.0.27.0-150000.3.125.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1 * java-11-openjdk-headless-11.0.27.0-150000.3.125.1 * java-11-openjdk-devel-11.0.27.0-150000.3.125.1 * java-11-openjdk-demo-11.0.27.0-150000.3.125.1 * java-11-openjdk-11.0.27.0-150000.3.125.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * java-11-openjdk-11.0.27.0-150000.3.125.1 * java-11-openjdk-demo-11.0.27.0-150000.3.125.1 * java-11-openjdk-headless-11.0.27.0-150000.3.125.1 * java-11-openjdk-devel-11.0.27.0-150000.3.125.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1 * java-11-openjdk-debuginfo-11.0.27.0-150000.3.125.1 * java-11-openjdk-headless-11.0.27.0-150000.3.125.1 * java-11-openjdk-devel-11.0.27.0-150000.3.125.1 * java-11-openjdk-demo-11.0.27.0-150000.3.125.1 * java-11-openjdk-11.0.27.0-150000.3.125.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1 * java-11-openjdk-headless-11.0.27.0-150000.3.125.1 * java-11-openjdk-devel-11.0.27.0-150000.3.125.1 * java-11-openjdk-demo-11.0.27.0-150000.3.125.1 * java-11-openjdk-11.0.27.0-150000.3.125.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * java-11-openjdk-11.0.27.0-150000.3.125.1 * java-11-openjdk-demo-11.0.27.0-150000.3.125.1 * java-11-openjdk-headless-11.0.27.0-150000.3.125.1 * java-11-openjdk-devel-11.0.27.0-150000.3.125.1 * SUSE Manager Proxy 4.3 (x86_64) * java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1 * java-11-openjdk-headless-11.0.27.0-150000.3.125.1 * java-11-openjdk-devel-11.0.27.0-150000.3.125.1 * java-11-openjdk-demo-11.0.27.0-150000.3.125.1 * java-11-openjdk-11.0.27.0-150000.3.125.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1 * java-11-openjdk-headless-11.0.27.0-150000.3.125.1 * java-11-openjdk-devel-11.0.27.0-150000.3.125.1 * java-11-openjdk-demo-11.0.27.0-150000.3.125.1 * java-11-openjdk-11.0.27.0-150000.3.125.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1 * java-11-openjdk-headless-11.0.27.0-150000.3.125.1 * java-11-openjdk-devel-11.0.27.0-150000.3.125.1 * java-11-openjdk-demo-11.0.27.0-150000.3.125.1 * java-11-openjdk-11.0.27.0-150000.3.125.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1 * java-11-openjdk-debuginfo-11.0.27.0-150000.3.125.1 * java-11-openjdk-headless-11.0.27.0-150000.3.125.1 * java-11-openjdk-devel-11.0.27.0-150000.3.125.1 * java-11-openjdk-demo-11.0.27.0-150000.3.125.1 * java-11-openjdk-11.0.27.0-150000.3.125.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1 * java-11-openjdk-debuginfo-11.0.27.0-150000.3.125.1 * java-11-openjdk-devel-debuginfo-11.0.27.0-150000.3.125.1 * java-11-openjdk-jmods-11.0.27.0-150000.3.125.1 * java-11-openjdk-headless-11.0.27.0-150000.3.125.1 * java-11-openjdk-devel-11.0.27.0-150000.3.125.1 * java-11-openjdk-demo-11.0.27.0-150000.3.125.1 * java-11-openjdk-src-11.0.27.0-150000.3.125.1 * java-11-openjdk-11.0.27.0-150000.3.125.1 * java-11-openjdk-headless-debuginfo-11.0.27.0-150000.3.125.1 * openSUSE Leap 15.6 (noarch) * java-11-openjdk-javadoc-11.0.27.0-150000.3.125.1 * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1 * java-11-openjdk-debuginfo-11.0.27.0-150000.3.125.1 * java-11-openjdk-devel-debuginfo-11.0.27.0-150000.3.125.1 * java-11-openjdk-headless-11.0.27.0-150000.3.125.1 * java-11-openjdk-devel-11.0.27.0-150000.3.125.1 * java-11-openjdk-demo-11.0.27.0-150000.3.125.1 * java-11-openjdk-11.0.27.0-150000.3.125.1 * java-11-openjdk-headless-debuginfo-11.0.27.0-150000.3.125.1 * SUSE Package Hub 15 15-SP6 (noarch) * java-11-openjdk-javadoc-11.0.27.0-150000.3.125.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1 * java-11-openjdk-debuginfo-11.0.27.0-150000.3.125.1 * java-11-openjdk-headless-11.0.27.0-150000.3.125.1 * java-11-openjdk-devel-11.0.27.0-150000.3.125.1 * java-11-openjdk-demo-11.0.27.0-150000.3.125.1 * java-11-openjdk-11.0.27.0-150000.3.125.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21587.html * https://www.suse.com/security/cve/CVE-2025-30691.html * https://www.suse.com/security/cve/CVE-2025-30698.html * https://bugzilla.suse.com/show_bug.cgi?id=1241274 * https://bugzilla.suse.com/show_bug.cgi?id=1241275 * https://bugzilla.suse.com/show_bug.cgi?id=1241276 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:31:51 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:31:51 -0000 Subject: SUSE-SU-2025:1477-1: moderate: Security update for libva Message-ID: <174662111164.30275.14092009614283434839@smelt2.prg2.suse.org> # Security update for libva Announcement ID: SUSE-SU-2025:1477-1 Release Date: 2025-05-06T09:17:19Z Rating: moderate References: * bsc#1202828 * bsc#1217770 * bsc#1224413 * jsc#PED-11066 * jsc#PED-1174 * jsc#PM-1623 * jsc#SLE-12712 * jsc#SLE-19361 * jsc#SLE-8838 Cross-References: * CVE-2023-39929 CVSS scores: * CVE-2023-39929 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability, contains six features and has two security fixes can now be installed. ## Description: This update for libva fixes the following issues: Update to libva version 2.20.0, which includes security fix for: * uncontrolled search path may allow an authenticated user to escalate privilege via local access (CVE-2023-39929, bsc#1224413, jsc#PED-11066) This includes latest version of one of the components needed for Video (processing) hardware support on Intel GPUs (bsc#1217770) Update to version 2.20.0: * av1: Revise offsets comments for av1 encode * drm: * Limit the array size to avoid out of range * Remove no longer used helpers * jpeg: add support for crop and partial decode * trace: * Add trace for vaExportSurfaceHandle * Unlock mutex before return * Fix minor issue about printf data type and value range * va/backend: * Annotate vafool as deprecated * Document the vaGetDriver* APIs * va/x11/va_fglrx: Remove some dead code * va/x11/va_nvctrl: Remove some dead code * va: * Add new VADecodeErrorType to indicate the reset happended in the driver * Add vendor string on va_TraceInitialize * Added Q416 fourcc (three-plane 16-bit YUV 4:4:4) * Drop no longer applicable vaGetDriverNames check * Fix:don't leak driver names, when override is set * Fix:set driver number to be zero if vaGetDriverNames failed * Optimize code of getting driver name for all protocols/os (wayland,x11,drm,win32,android) * Remove legacy code paths * Remove unreachable "DRIVER BUG" * win32: * Only print win32 driver messages in DEBUG builds * Remove duplicate adapter_luid entry * x11/dri2: limit the array handling to avoid out of range access * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLE env var * Implement vaGetDriverNames * Remove legacy code paths Update to 2.19.0: * add: Add mono_chrome to VAEncSequenceParameterBufferAV1 * add: Enable support for license acquisition of multiple protected playbacks * fix: use secure_getenv instead of getenv * trace: Improve and add VA trace log for AV1 encode * trace: Unify va log message, replace va_TracePrint with va_TraceMsg. Update to version 2.18.0: * doc: Add build and install libva informatio in home page. * fix: * Add libva.def into distribution package * NULL check before calling strncmp. * Remove reference to non-existent symbol * meson: docs: * Add encoder interface for av1 * Use libva_version over project_version() * va: * Add VAProfileH264High10 * Always build with va-messaging API * Fix the codying style of CHECK_DISPLAY * Remove Android pre Jelly Bean workarounds * Remove dummy isValid() hook * Remove unused drm_sarea.h include & ANDROID references in va_dricommon.h * va/sysdeps.h: remove Android section * x11: * Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var * Use LIBVA_DRI3_DISABLE in GetNumCandidates Update to 2.17.0: * win: Simplify signature for driver name loading * win: Rewrite driver registry query and fix some bugs/leaks/inefficiencies * win: Add missing null check after calloc * va: Update security disclaimer * dep:remove the file .cvsignore * pkgconfig: add 'with-legacy' for emgd, nvctrl and fglrx * meson: add 'with-legacy' for emgd, nvctrl and fglrx * x11: move all FGLRX code to va_fglrx.c * x11: move all NVCTRL code to va_nvctrl.c * meson: stop using deprecated meson.source_root() * meson: stop using configure_file copy=true * va: correctly include the win32 (local) headers * win: clean-up the coding style * va: dos2unix all the files * drm: remove unnecessary dri2 version/extension query * trace: annotate internal functions with DLL_HIDDEN * build/sysdeps: Remove HAVE_GNUC_VISIBILITY_ATTRIBUTE and use _GNUC_ support level attribute instead * meson: Check support for -Wl,-version-script and build link_args accordingly * meson: Set va_win32 soversion to '' and remove the install_data rename * fix: resouce check null * va_trace: Add Win32 memory types in va_TraceSurfaceAttributes * va_trace: va_TraceSurfaceAttributes should check the VASurfaceAttribMemoryType * va: Adds Win32 Node and Windows build support * va: Adds compat_win32 abstraction for Windows build and prepares va common code for windows build * pkgconfig: Add Win32 package for when WITH_WIN32 is enabled * meson: Add with_win32 option, makes libdrm non-mandatory on Win * x11: add basic DRI3 support * drm: remove VA_DRM_IsRenderNodeFd() helper * drm: add radeon drm + radeonsi mesa combo Needed for jira#PED-1174 (Video decoding/encoding support (VA-API, ...) for Intel GPUs is outside of Mesa) update to 2.16.0: * add: Add HierarchicalFlag & hierarchical_level_plus1 for AV1e. * dep: Update README.md to remove badge links * dep: Removed waffle-io badge from README to fix broken link * dep: Drop mailing list, IRC and Slack * autotools: use wayland-scanner private-code * autotools: use the wayland-scanner.pc to locate the prog * meson: use wayland-scanner private-code * meson: request native wayland-scanner * meson: use the wayland-scanner.pc to locate the prog * meson: set HAVE_VA_X11 when applicable * style:Correct slight coding style in several new commits * trace: add Linux ftrace mode for va trace * trace: Add missing pthread_mutex_destroy * drm: remove no-longer needed X == X mappings * drm: fallback to drm driver name == va driver name * drm: simplify the mapping table * x11: simplify the mapping table Update to version 2.15.0 was part of Intel oneVPL GPU Runtime 2022Q2 Release 22.4.4 Update to 2.15.0: * Add: new display HW attribute to report PCI ID * Add: sample depth related parameters for AV1e * Add: refresh_frame_flags for AV1e * Add: missing fields in va_TraceVAEncSequenceParameterBufferHEVC. * Add: nvidia-drm to the drm driver map * Add: type and buffer for delta qp per block * Deprecation: remove the va_fool support * Fix:Correct the version of meson build on master branch * Fix:X11 DRI2: check if device is a render node * Build:Use also strong stack protection if supported * Trace:print the string for profile/entrypoint/configattrib Update to 2.14.0: * add: Add av1 encode interfaces * add: VA/X11 VAAPI driver mapping for crocus DRI driver * doc: Add description of the fd management for surface importing * ci: fix freebsd build * meson: Copy public headers to build directory to support subproject Update to 2.13.0: * add new surface format fourcc XYUV * Fix av1 dec doc page link issue * unify the code styles using the style_unify script * Check the function pointer before using (fixes github issue#536) * update NEWS for 2.13.0 update to 2.12.0: * add: Report the capability of vaCopy support * add: Report the capability of sub device * add: Add config attributes to advertise HEVC/H.265 encoder features * add: Video processing HVS Denoise: Added 4 modes * add: Introduce VASurfaceAttribDRMFormatModifiers * add: Add 3DLUT Filter in Video Processing. * doc: Update log2_tile_column description for vp9enc * trace: Correct av1 film grain trace information * ci: Fix freebsd build by switching to vmactions/freebsd-vm at v0.1.3 update to 2.11.0: * add: LibVA Protected Content API * add: Add a configuration attribute to advertise AV1d LST feature * fix: wayland: don't try to authenticate with render nodes * autotools: use shell grouping instead of sed to prepend a line * trace: Add details data dump for mpeg2 IQ matrix. * doc: update docs for VASurfaceAttribPixelFormat * doc: Libva documentation edit for AV1 reference frames * doc: Modify AV1 frame_width_minus1 and frame_height_minus1 comment * doc: Remove tile_rows and tile_cols restriction to match AV1 spec * doc: Format code for doxygen output * doc: AV1 decode documentation edit for superres_scale_denominator * ci: upgrade FreeBSD to 12.2 * ci: disable travis build * ci: update cache before attempting to install packages * ci: avoid running workloads on other workloads changes * ci: enable github actions update to 2.10.0: * add: Pass offset and size of pred_weight_table * add: add vaCopy interface to copy surface and buffer * add: add definition for different execution * add: New parameters for transport controlled BRC were added * add: add FreeBSD support * add: add a bufer type to adjust context priority dynamically * fix: correct the api version in meson.build * fix: remove deprecated variable from va_trace.c * fix: Use va_deprecated for the deprecate variable * fix: Mark chroma_sample_position as deprecated * doc: va_dec_av1: clarifies CDEF syntax element packing * doc: [AV1] Update documented ranges for loop filter and quantization params. * doc: Update va.h for multi-threaded usages * trace: va/va_trace: ignore system gettid() on Linux Update to 2.9.1: * fix version mismatch between meson and autotools Update to 2.9.0: * trace: Refine the va_TraceVAPictureParameterBufferAV1. * doc: Add comments for backward/forward reference to avoid confusion * doc: Modify comments in av1 decoder interfaces * doc: Update mailing list * Add SCC fields trace for HEVC SCC encoding. * Add FOURCC code for Y212 and Y412 format. * Add interpolation method for scaling. * add attributes for context priority setting * Add vaSyncBuffer for output buffers synchronization * Add vaSyncSurface2 with timeout Update to 2.8.0: * trace: enable return value trace for successful function call * trace: divide va_TraceEndPicture to two seperate function * trace: add support for VAProfileHEVCSccMain444_10 * fix:Fixes file descriptor leak * add fourcc code for P012 format * travis: Add a test that code files don't have the exec bit set * Remove the execute bit from all source code files * meson: Allow for libdir and includedir to be absolute paths * trace: Fix format string warnings * fix:Fix clang warning (reading garbage) * add definition to enforce both reflist not empty * trace: List correct field names in va_TraceVAPictureParameterBufferHEVC * change the return value to be UNIMPLEMENTED when the function pointer is NULL * remove check of vaPutSurface implementation * Add new slice structure flag for CAPS reporting * VA/X11: VAAPI driver mapping for iris DRI driver * VA/X11: enable driver candidate selection for DRI2 * Add SCC flags to enable/disable features * fix: Fix HDR10 MaxCLL and MaxFALL documentation * Add VAProfileHEVCSccMain444_10 for HEVC * change the compatible list to be dynamic one * trace:Convert VAProfileAV1Profile0 VAProfileAV1Profile1 to string Update to version 2.7.0: * trace: av1 decode buffers trace * trace: Add HEVC REXT and SCC trace for decoding. * Add av1 decode interfaces * Fix crashes on system without supported hardware by PR #369. * Add 2 FourCC for 10bit RGB(without Alpha) format: X2R10G10B10 and X2B10G10R10. * Fix android build issue #365 and remove some trailing whitespace * Adjust call sequence to ensure authenticate operation is executed to fix #355 Update to version 2.6.1: * adjust call sequence to ensure authenticate operation is executed this patch is not needed for media-driver, but needed for i965 driver which check authentication. Update to version 2.6.0: * enable the mutiple driver selection logic and enable it for DRM. * drm: Add iHD to driver_name_map * Add missed slice parameter 'slice_data_num_emu_prevn_bytes' * ensure that all meson files are part of the release tarball * configure: use correct comparison operator * trace: support VAConfigAttribMultipleFrame in trace * remove incorrect field of VAConfigAttribValDecJPEG * va/va_trace: Dump VP9 parameters for profile 1~3 * add multiple frame capability report * add variable to indicate layer infromation * trace: fix memory leak on closing the trace * add prediction direction caps report * Add comments for colour primaries and transfer characteristics in VAProcColorProperties This release is needed for latest intel-media-driver update (jsc#SLE-8838) Update to version 2.5.0: * Correct the comment of color_range. * Add VA_FOURCC_A2B10G10R10 for format a2b10g10r10. * Adjust VAEncMiscParameterQuantization structure to be align with VAEncMiscParameterBuffer(possible to impact BC) * Add attribute for max frame size * Add va_footer.html into distribution build * va_trace: hevc profiles added * Add new definition for input/output surface flag * va/va_trace: add trace support for VAEncMiscParameterTypeSkipFrame structure. * va/va_trace: add MPEG2 trace support for MiscParam and SequenceParam * va_openDriver: check strdup return value * Mark some duplicated field as deprecated * Add return value into logs * va/va_trace: add trace support for VAEncMiscParameterEncQuality structure. * Add newformat foucc defination * va_backend: remove unneeded linux/videodev2.h include * va_trace: add missing include * configure: don't build glx if VA/X11 isn't built * va/va_trace: unbreak with C89 after b369467 * [common] Add A2RGB10 fourcc definition * build: meson: enables va messaging and visibility * va/va_trace: add trace support for RIR(rolling intra refresh). * va/va_trace: add trace support for ROI(region of interest) Update to version 2.4.1: * [common] Add A2RGB10 fourcc definition. * build: meson: enables va messaging and visibility. * va/va_trace: * Add trace support for RIR(rolling intra refresh). * Add trace support for ROI(region of interest). Update to version 2.4.0: * va_TraceSurface support for VA_FOURCC_P010 * Add pointer to struct wl_interface for driver to use * (integrate) va: fix new line symbol in error message * av: avoid driver path truncation * Fix compilation warning (uninit and wrong variable types) for Android O MR1 * Allow import of the DRM PRIME 2 memory type * android: ignore unimportant compile warnnings * compile: fix sign/unsign compare in va_trace.c * android: replace utils/Log.h with log/log.h * High Dynamic Range Tone Mapping: Add a new filter for input metadata and some comments * Remove restrictions on vaSetDriverName() ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-1477=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1477=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libva-x11-2-debuginfo-2.20.0-3.3.4 * libva-drm2-debuginfo-2.20.0-3.3.4 * libva2-2.20.0-3.3.4 * libva-devel-2.20.0-3.3.4 * libva-drm2-2.20.0-3.3.4 * libva2-debuginfo-2.20.0-3.3.4 * libva-x11-2-2.20.0-3.3.4 * libva-debugsource-2.20.0-3.3.4 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libva-x11-2-debuginfo-2.20.0-3.3.4 * libva-drm2-debuginfo-2.20.0-3.3.4 * libva2-2.20.0-3.3.4 * libva-devel-2.20.0-3.3.4 * libva-drm2-2.20.0-3.3.4 * libva2-debuginfo-2.20.0-3.3.4 * libva-x11-2-2.20.0-3.3.4 * libva-debugsource-2.20.0-3.3.4 ## References: * https://www.suse.com/security/cve/CVE-2023-39929.html * https://bugzilla.suse.com/show_bug.cgi?id=1202828 * https://bugzilla.suse.com/show_bug.cgi?id=1217770 * https://bugzilla.suse.com/show_bug.cgi?id=1224413 * https://jira.suse.com/browse/PED-11066 * https://jira.suse.com/browse/PED-1174 * https://jira.suse.com/browse/PM-1623 * https://jira.suse.com/browse/SLE-12712 * https://jira.suse.com/browse/SLE-19361 * https://jira.suse.com/browse/SLE-8838 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:31:54 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:31:54 -0000 Subject: SUSE-SU-2025:1466-1: moderate: Security update for rabbitmq-server Message-ID: <174662111464.30275.283078287934071822@smelt2.prg2.suse.org> # Security update for rabbitmq-server Announcement ID: SUSE-SU-2025:1466-1 Release Date: 2025-05-06T06:06:40Z Rating: moderate References: * bsc#1240071 Cross-References: * CVE-2025-30219 CVSS scores: * CVE-2025-30219 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-30219 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2025-30219 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for rabbitmq-server fixes the following issues: * CVE-2025-30219: Fixed XSS in an error message in Management UI (bsc#1240071) Other fixes: \- Disable parallel make, this causes build failures ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-1466=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1466=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-1466=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * rabbitmq-server-plugins-3.8.11-150300.3.19.1 * erlang-rabbitmq-client-3.8.11-150300.3.19.1 * rabbitmq-server-3.8.11-150300.3.19.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * rabbitmq-server-plugins-3.8.11-150300.3.19.1 * erlang-rabbitmq-client-3.8.11-150300.3.19.1 * rabbitmq-server-3.8.11-150300.3.19.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * rabbitmq-server-plugins-3.8.11-150300.3.19.1 * erlang-rabbitmq-client-3.8.11-150300.3.19.1 * rabbitmq-server-3.8.11-150300.3.19.1 ## References: * https://www.suse.com/security/cve/CVE-2025-30219.html * https://bugzilla.suse.com/show_bug.cgi?id=1240071 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:31:59 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:31:59 -0000 Subject: SUSE-SU-2025:1465-1: important: Security update for apache2-mod_auth_openidc Message-ID: <174662111953.30275.15875687223175941308@smelt2.prg2.suse.org> # Security update for apache2-mod_auth_openidc Announcement ID: SUSE-SU-2025:1465-1 Release Date: 2025-05-05T21:04:41Z Rating: important References: * bsc#1240893 Cross-References: * CVE-2025-31492 CVSS scores: * CVE-2025-31492 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-31492 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-31492 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for apache2-mod_auth_openidc fixes the following issues: * CVE-2025-31492: Fixed a bug where OIDCProviderAuthRequestMethod POSTs can leak protected data. (bsc#1240893) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-1465=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1465=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * apache2-mod_auth_openidc-debugsource-2.4.0-7.19.1 * apache2-mod_auth_openidc-2.4.0-7.19.1 * apache2-mod_auth_openidc-debuginfo-2.4.0-7.19.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * apache2-mod_auth_openidc-debugsource-2.4.0-7.19.1 * apache2-mod_auth_openidc-2.4.0-7.19.1 * apache2-mod_auth_openidc-debuginfo-2.4.0-7.19.1 ## References: * https://www.suse.com/security/cve/CVE-2025-31492.html * https://bugzilla.suse.com/show_bug.cgi?id=1240893 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:32:02 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:32:02 -0000 Subject: SUSE-SU-2025:1464-1: moderate: Security update for ImageMagick Message-ID: <174662112289.30275.6512816217896756472@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2025:1464-1 Release Date: 2025-05-05T18:49:06Z Rating: moderate References: * bsc#1241658 * bsc#1241659 Cross-References: * CVE-2025-43965 * CVE-2025-46393 CVSS scores: * CVE-2025-43965 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-43965 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L * CVE-2025-43965 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-46393 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-46393 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L * CVE-2025-46393 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Desktop Applications Module 15-SP6 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2025-43965: Fixed mishandling of image depth after SetQuantumFormat is used in MIFF image processing. (bsc#1241659) * CVE-2025-46393: Fixed mishandling of packet_size leads to rendering of channels in arbitrary order in multispectral MIFF image processing. (bsc#1241658) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1464=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-1464=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.30.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.30.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.30.1 * ImageMagick-debugsource-7.1.0.9-150400.6.30.1 * ImageMagick-devel-7.1.0.9-150400.6.30.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.30.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.30.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.30.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.30.1 * ImageMagick-7.1.0.9-150400.6.30.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.30.1 * ImageMagick-extra-7.1.0.9-150400.6.30.1 * ImageMagick-extra-debuginfo-7.1.0.9-150400.6.30.1 * libMagick++-devel-7.1.0.9-150400.6.30.1 * perl-PerlMagick-7.1.0.9-150400.6.30.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.30.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.30.1 * openSUSE Leap 15.4 (x86_64) * ImageMagick-devel-32bit-7.1.0.9-150400.6.30.1 * libMagick++-devel-32bit-7.1.0.9-150400.6.30.1 * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.30.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.30.1 * libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.30.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.30.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.30.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.30.1 * openSUSE Leap 15.4 (noarch) * ImageMagick-doc-7.1.0.9-150400.6.30.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libMagick++-7_Q16HDRI5-64bit-7.1.0.9-150400.6.30.1 * libMagick++-devel-64bit-7.1.0.9-150400.6.30.1 * libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.0.9-150400.6.30.1 * libMagickWand-7_Q16HDRI10-64bit-7.1.0.9-150400.6.30.1 * libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.30.1 * libMagickCore-7_Q16HDRI10-64bit-7.1.0.9-150400.6.30.1 * libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.30.1 * ImageMagick-devel-64bit-7.1.0.9-150400.6.30.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * ImageMagick-debuginfo-7.1.0.9-150400.6.30.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.30.1 * ImageMagick-debugsource-7.1.0.9-150400.6.30.1 ## References: * https://www.suse.com/security/cve/CVE-2025-43965.html * https://www.suse.com/security/cve/CVE-2025-46393.html * https://bugzilla.suse.com/show_bug.cgi?id=1241658 * https://bugzilla.suse.com/show_bug.cgi?id=1241659 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:32:13 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:32:13 -0000 Subject: SUSE-SU-2025:1457-1: moderate: Security update for glib2 Message-ID: <174662113397.30275.6532493003291968655@smelt2.prg2.suse.org> # Security update for glib2 Announcement ID: SUSE-SU-2025:1457-1 Release Date: 2025-05-05T10:56:44Z Rating: moderate References: * bsc#1240897 Cross-References: * CVE-2025-3360 CVSS scores: * CVE-2025-3360 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-3360 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-3360 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for glib2 fixes the following issues: * CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-1457=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1457=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1457=1 ## Package List: * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libgmodule-2_0-0-2.62.6-150200.3.27.1 * libgobject-2_0-0-2.62.6-150200.3.27.1 * glib2-tools-2.62.6-150200.3.27.1 * glib2-debugsource-2.62.6-150200.3.27.1 * libgmodule-2_0-0-debuginfo-2.62.6-150200.3.27.1 * glib2-tools-debuginfo-2.62.6-150200.3.27.1 * libgobject-2_0-0-debuginfo-2.62.6-150200.3.27.1 * libglib-2_0-0-2.62.6-150200.3.27.1 * libglib-2_0-0-debuginfo-2.62.6-150200.3.27.1 * libgio-2_0-0-2.62.6-150200.3.27.1 * libgio-2_0-0-debuginfo-2.62.6-150200.3.27.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libgmodule-2_0-0-2.62.6-150200.3.27.1 * libgobject-2_0-0-2.62.6-150200.3.27.1 * glib2-tools-2.62.6-150200.3.27.1 * glib2-debugsource-2.62.6-150200.3.27.1 * libgmodule-2_0-0-debuginfo-2.62.6-150200.3.27.1 * glib2-tools-debuginfo-2.62.6-150200.3.27.1 * libgobject-2_0-0-debuginfo-2.62.6-150200.3.27.1 * libglib-2_0-0-2.62.6-150200.3.27.1 * libglib-2_0-0-debuginfo-2.62.6-150200.3.27.1 * libgio-2_0-0-2.62.6-150200.3.27.1 * libgio-2_0-0-debuginfo-2.62.6-150200.3.27.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libgmodule-2_0-0-2.62.6-150200.3.27.1 * libgobject-2_0-0-2.62.6-150200.3.27.1 * glib2-tools-2.62.6-150200.3.27.1 * glib2-debugsource-2.62.6-150200.3.27.1 * libgmodule-2_0-0-debuginfo-2.62.6-150200.3.27.1 * glib2-tools-debuginfo-2.62.6-150200.3.27.1 * libgobject-2_0-0-debuginfo-2.62.6-150200.3.27.1 * libglib-2_0-0-2.62.6-150200.3.27.1 * libglib-2_0-0-debuginfo-2.62.6-150200.3.27.1 * libgio-2_0-0-2.62.6-150200.3.27.1 * libgio-2_0-0-debuginfo-2.62.6-150200.3.27.1 ## References: * https://www.suse.com/security/cve/CVE-2025-3360.html * https://bugzilla.suse.com/show_bug.cgi?id=1240897 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:32:17 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:32:17 -0000 Subject: SUSE-SU-2025:1456-1: moderate: Security update for sqlite3 Message-ID: <174662113706.30275.6578222658778762248@smelt2.prg2.suse.org> # Security update for sqlite3 Announcement ID: SUSE-SU-2025:1456-1 Release Date: 2025-05-05T10:52:31Z Rating: moderate References: * bsc#1241020 * bsc#1241078 * jsc#SLE-16032 Cross-References: * CVE-2025-29087 * CVE-2025-29088 CVSS scores: * CVE-2025-29087 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-29087 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L * CVE-2025-29087 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-29087 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-29087 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L * CVE-2025-29088 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-29088 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-29088 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-29088 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for sqlite3 fixes the following issues: * CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) * CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: * Updated to version 3.49.1 from Factory (jsc#SLE-16032) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1456=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-1456=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-1456=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-1456=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-1456=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-1456=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1456=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-1456=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1456=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1456=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * sqlite3-tcl-3.49.1-150000.3.27.1 * sqlite3-debugsource-3.49.1-150000.3.27.1 * libsqlite3-0-debuginfo-3.49.1-150000.3.27.1 * sqlite3-tcl-debuginfo-3.49.1-150000.3.27.1 * sqlite3-debuginfo-3.49.1-150000.3.27.1 * sqlite3-3.49.1-150000.3.27.1 * sqlite3-devel-3.49.1-150000.3.27.1 * libsqlite3-0-3.49.1-150000.3.27.1 * openSUSE Leap 15.6 (x86_64) * libsqlite3-0-32bit-debuginfo-3.49.1-150000.3.27.1 * libsqlite3-0-32bit-3.49.1-150000.3.27.1 * openSUSE Leap 15.6 (noarch) * sqlite3-doc-3.49.1-150000.3.27.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * sqlite3-tcl-3.49.1-150000.3.27.1 * sqlite3-debugsource-3.49.1-150000.3.27.1 * libsqlite3-0-debuginfo-3.49.1-150000.3.27.1 * sqlite3-debuginfo-3.49.1-150000.3.27.1 * libsqlite3-0-3.49.1-150000.3.27.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * sqlite3-tcl-3.49.1-150000.3.27.1 * sqlite3-debugsource-3.49.1-150000.3.27.1 * libsqlite3-0-debuginfo-3.49.1-150000.3.27.1 * sqlite3-debuginfo-3.49.1-150000.3.27.1 * libsqlite3-0-3.49.1-150000.3.27.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * sqlite3-tcl-3.49.1-150000.3.27.1 * sqlite3-debugsource-3.49.1-150000.3.27.1 * libsqlite3-0-debuginfo-3.49.1-150000.3.27.1 * sqlite3-tcl-debuginfo-3.49.1-150000.3.27.1 * sqlite3-debuginfo-3.49.1-150000.3.27.1 * libsqlite3-0-3.49.1-150000.3.27.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * sqlite3-tcl-3.49.1-150000.3.27.1 * sqlite3-debugsource-3.49.1-150000.3.27.1 * libsqlite3-0-debuginfo-3.49.1-150000.3.27.1 * sqlite3-tcl-debuginfo-3.49.1-150000.3.27.1 * sqlite3-debuginfo-3.49.1-150000.3.27.1 * libsqlite3-0-3.49.1-150000.3.27.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * sqlite3-tcl-3.49.1-150000.3.27.1 * sqlite3-debugsource-3.49.1-150000.3.27.1 * libsqlite3-0-debuginfo-3.49.1-150000.3.27.1 * sqlite3-tcl-debuginfo-3.49.1-150000.3.27.1 * sqlite3-debuginfo-3.49.1-150000.3.27.1 * libsqlite3-0-3.49.1-150000.3.27.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * sqlite3-tcl-3.49.1-150000.3.27.1 * sqlite3-debugsource-3.49.1-150000.3.27.1 * libsqlite3-0-debuginfo-3.49.1-150000.3.27.1 * sqlite3-tcl-debuginfo-3.49.1-150000.3.27.1 * sqlite3-debuginfo-3.49.1-150000.3.27.1 * sqlite3-3.49.1-150000.3.27.1 * sqlite3-devel-3.49.1-150000.3.27.1 * libsqlite3-0-3.49.1-150000.3.27.1 * Basesystem Module 15-SP6 (x86_64) * libsqlite3-0-32bit-debuginfo-3.49.1-150000.3.27.1 * libsqlite3-0-32bit-3.49.1-150000.3.27.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * sqlite3-debugsource-3.49.1-150000.3.27.1 * libsqlite3-0-debuginfo-3.49.1-150000.3.27.1 * libsqlite3-0-3.49.1-150000.3.27.1 * sqlite3-debuginfo-3.49.1-150000.3.27.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * sqlite3-debugsource-3.49.1-150000.3.27.1 * libsqlite3-0-debuginfo-3.49.1-150000.3.27.1 * libsqlite3-0-3.49.1-150000.3.27.1 * sqlite3-debuginfo-3.49.1-150000.3.27.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * sqlite3-debugsource-3.49.1-150000.3.27.1 * libsqlite3-0-debuginfo-3.49.1-150000.3.27.1 * libsqlite3-0-3.49.1-150000.3.27.1 * sqlite3-debuginfo-3.49.1-150000.3.27.1 ## References: * https://www.suse.com/security/cve/CVE-2025-29087.html * https://www.suse.com/security/cve/CVE-2025-29088.html * https://bugzilla.suse.com/show_bug.cgi?id=1241020 * https://bugzilla.suse.com/show_bug.cgi?id=1241078 * https://jira.suse.com/browse/SLE-16032 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 12:32:21 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 12:32:21 -0000 Subject: SUSE-SU-2025:1455-1: moderate: Security update for sqlite3 Message-ID: <174662114189.30275.4355956424664566112@smelt2.prg2.suse.org> # Security update for sqlite3 Announcement ID: SUSE-SU-2025:1455-1 Release Date: 2025-05-05T10:51:42Z Rating: moderate References: * bsc#1241020 * bsc#1241078 * jsc#SLE-16032 Cross-References: * CVE-2025-29087 * CVE-2025-29088 CVSS scores: * CVE-2025-29087 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-29087 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L * CVE-2025-29087 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-29087 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-29087 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L * CVE-2025-29088 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-29088 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-29088 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-29088 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for sqlite3 fixes the following issues: * CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) * CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: * Updated to version 3.49.1 from Factory (jsc#SLE-16032) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1455=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libsqlite3-0-32bit-3.49.1-9.33.1 * sqlite3-3.49.1-9.33.1 * libsqlite3-0-debuginfo-32bit-3.49.1-9.33.1 * sqlite3-debuginfo-3.49.1-9.33.1 * libsqlite3-0-debuginfo-3.49.1-9.33.1 * libsqlite3-0-3.49.1-9.33.1 * sqlite3-tcl-3.49.1-9.33.1 * sqlite3-devel-3.49.1-9.33.1 * sqlite3-debugsource-3.49.1-9.33.1 ## References: * https://www.suse.com/security/cve/CVE-2025-29087.html * https://www.suse.com/security/cve/CVE-2025-29088.html * https://bugzilla.suse.com/show_bug.cgi?id=1241020 * https://bugzilla.suse.com/show_bug.cgi?id=1241078 * https://jira.suse.com/browse/SLE-16032 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 16:30:17 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 16:30:17 -0000 Subject: SUSE-SU-2025:1510-1: important: Security update for libsoup Message-ID: <174663541740.30275.10977819461039754614@smelt2.prg2.suse.org> # Security update for libsoup Announcement ID: SUSE-SU-2025:1510-1 Release Date: 2025-05-07T14:38:17Z Rating: important References: * bsc#1240750 * bsc#1240752 * bsc#1240754 * bsc#1240756 * bsc#1240757 * bsc#1241162 * bsc#1241164 * bsc#1241214 * bsc#1241222 * bsc#1241226 * bsc#1241252 * bsc#1241263 * bsc#1241686 * bsc#1241688 Cross-References: * CVE-2025-2784 * CVE-2025-32050 * CVE-2025-32051 * CVE-2025-32052 * CVE-2025-32053 * CVE-2025-32906 * CVE-2025-32907 * CVE-2025-32909 * CVE-2025-32910 * CVE-2025-32912 * CVE-2025-32913 * CVE-2025-32914 * CVE-2025-46420 * CVE-2025-46421 CVSS scores: * CVE-2025-2784 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-2784 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-2784 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-32050 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32050 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32050 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32051 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32051 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32051 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32052 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-32052 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32053 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-32053 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32053 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32906 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2025-32906 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32907 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32907 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32907 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-32909 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-32909 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-32909 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-32910 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32910 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-32910 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-32912 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-32912 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-32913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32914 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-32914 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2025-46420 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-46420 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-46420 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-46421 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2025-46421 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 14 vulnerabilities can now be installed. ## Description: This update for libsoup fixes the following issues: * CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space` when sniffing conten (bsc#1240750) * CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752) * CVE-2025-32051: Fixed segmentation fault when parsing malformed data URI (bsc#1240754) * CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756) * CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757) * CVE-2025-32906: Fixed out of bounds reads in soup_headers_parse_request() (bsc#1241263) * CVE-2025-32907: Fixed excessive memory consumption in server when client requests a large amount of overlapping ranges in a single HTTP request (bsc#1241222) * CVE-2025-32909: Fixed NULL pointer dereference in the sniff_mp4 function in soup-content-sniffer.c (bsc#1241226) * CVE-2025-32910: Fixed NULL pointer deference on client when server omits the realm parameter in an Unauthorized response with Digest authentication (bsc#1241252) * CVE-2025-32912: Fixed NULL pointer dereference in SoupAuthDigest (bsc#1241214) * CVE-2025-32913: Fixed NULL pointer dereference in soup_message_headers_get_content_disposition (bsc#1241162) * CVE-2025-32914: Fixed out of bounds read in `soup_multipart_new_from_message()` (bsc#1241164) * CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via soup-headers.c (bsc#1241686) * CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect (bsc#1241688) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1510=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1510=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1510=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1510=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1510=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1510=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1510=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1510=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1510=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1510=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2025-1510=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1510=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1 * libsoup-devel-3.0.4-150400.3.7.1 * libsoup-3_0-0-3.0.4-150400.3.7.1 * libsoup-debugsource-3.0.4-150400.3.7.1 * libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1 * openSUSE Leap 15.4 (x86_64) * libsoup-devel-32bit-3.0.4-150400.3.7.1 * libsoup-3_0-0-32bit-3.0.4-150400.3.7.1 * libsoup-3_0-0-32bit-debuginfo-3.0.4-150400.3.7.1 * openSUSE Leap 15.4 (noarch) * libsoup-lang-3.0.4-150400.3.7.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libsoup-devel-64bit-3.0.4-150400.3.7.1 * libsoup-3_0-0-64bit-3.0.4-150400.3.7.1 * libsoup-3_0-0-64bit-debuginfo-3.0.4-150400.3.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1 * libsoup-devel-3.0.4-150400.3.7.1 * libsoup-3_0-0-3.0.4-150400.3.7.1 * libsoup-debugsource-3.0.4-150400.3.7.1 * libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * libsoup-lang-3.0.4-150400.3.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1 * libsoup-devel-3.0.4-150400.3.7.1 * libsoup-3_0-0-3.0.4-150400.3.7.1 * libsoup-debugsource-3.0.4-150400.3.7.1 * libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * libsoup-lang-3.0.4-150400.3.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1 * libsoup-devel-3.0.4-150400.3.7.1 * libsoup-3_0-0-3.0.4-150400.3.7.1 * libsoup-debugsource-3.0.4-150400.3.7.1 * libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * libsoup-lang-3.0.4-150400.3.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1 * libsoup-devel-3.0.4-150400.3.7.1 * libsoup-3_0-0-3.0.4-150400.3.7.1 * libsoup-debugsource-3.0.4-150400.3.7.1 * libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * libsoup-lang-3.0.4-150400.3.7.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1 * libsoup-devel-3.0.4-150400.3.7.1 * libsoup-3_0-0-3.0.4-150400.3.7.1 * libsoup-debugsource-3.0.4-150400.3.7.1 * libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * libsoup-lang-3.0.4-150400.3.7.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1 * libsoup-devel-3.0.4-150400.3.7.1 * libsoup-3_0-0-3.0.4-150400.3.7.1 * libsoup-debugsource-3.0.4-150400.3.7.1 * libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * libsoup-lang-3.0.4-150400.3.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1 * libsoup-devel-3.0.4-150400.3.7.1 * libsoup-3_0-0-3.0.4-150400.3.7.1 * libsoup-debugsource-3.0.4-150400.3.7.1 * libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * libsoup-lang-3.0.4-150400.3.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1 * libsoup-devel-3.0.4-150400.3.7.1 * libsoup-3_0-0-3.0.4-150400.3.7.1 * libsoup-debugsource-3.0.4-150400.3.7.1 * libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * libsoup-lang-3.0.4-150400.3.7.1 * SUSE Manager Proxy 4.3 (x86_64) * typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1 * libsoup-devel-3.0.4-150400.3.7.1 * libsoup-3_0-0-3.0.4-150400.3.7.1 * libsoup-debugsource-3.0.4-150400.3.7.1 * libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1 * SUSE Manager Proxy 4.3 (noarch) * libsoup-lang-3.0.4-150400.3.7.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1 * libsoup-devel-3.0.4-150400.3.7.1 * libsoup-3_0-0-3.0.4-150400.3.7.1 * libsoup-debugsource-3.0.4-150400.3.7.1 * libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * libsoup-lang-3.0.4-150400.3.7.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1 * libsoup-devel-3.0.4-150400.3.7.1 * libsoup-3_0-0-3.0.4-150400.3.7.1 * libsoup-debugsource-3.0.4-150400.3.7.1 * libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1 * SUSE Manager Server 4.3 (noarch) * libsoup-lang-3.0.4-150400.3.7.1 ## References: * https://www.suse.com/security/cve/CVE-2025-2784.html * https://www.suse.com/security/cve/CVE-2025-32050.html * https://www.suse.com/security/cve/CVE-2025-32051.html * https://www.suse.com/security/cve/CVE-2025-32052.html * https://www.suse.com/security/cve/CVE-2025-32053.html * https://www.suse.com/security/cve/CVE-2025-32906.html * https://www.suse.com/security/cve/CVE-2025-32907.html * https://www.suse.com/security/cve/CVE-2025-32909.html * https://www.suse.com/security/cve/CVE-2025-32910.html * https://www.suse.com/security/cve/CVE-2025-32912.html * https://www.suse.com/security/cve/CVE-2025-32913.html * https://www.suse.com/security/cve/CVE-2025-32914.html * https://www.suse.com/security/cve/CVE-2025-46420.html * https://www.suse.com/security/cve/CVE-2025-46421.html * https://bugzilla.suse.com/show_bug.cgi?id=1240750 * https://bugzilla.suse.com/show_bug.cgi?id=1240752 * https://bugzilla.suse.com/show_bug.cgi?id=1240754 * https://bugzilla.suse.com/show_bug.cgi?id=1240756 * https://bugzilla.suse.com/show_bug.cgi?id=1240757 * https://bugzilla.suse.com/show_bug.cgi?id=1241162 * https://bugzilla.suse.com/show_bug.cgi?id=1241164 * https://bugzilla.suse.com/show_bug.cgi?id=1241214 * https://bugzilla.suse.com/show_bug.cgi?id=1241222 * https://bugzilla.suse.com/show_bug.cgi?id=1241226 * https://bugzilla.suse.com/show_bug.cgi?id=1241252 * https://bugzilla.suse.com/show_bug.cgi?id=1241263 * https://bugzilla.suse.com/show_bug.cgi?id=1241686 * https://bugzilla.suse.com/show_bug.cgi?id=1241688 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 16:30:26 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 16:30:26 -0000 Subject: SUSE-SU-2025:1509-1: important: Security update for libsoup2 Message-ID: <174663542620.30275.1045045332049030821@smelt2.prg2.suse.org> # Security update for libsoup2 Announcement ID: SUSE-SU-2025:1509-1 Release Date: 2025-05-07T14:37:39Z Rating: important References: * bsc#1240750 * bsc#1240752 * bsc#1240756 * bsc#1240757 * bsc#1241164 * bsc#1241222 * bsc#1241686 * bsc#1241688 Cross-References: * CVE-2025-2784 * CVE-2025-32050 * CVE-2025-32052 * CVE-2025-32053 * CVE-2025-32907 * CVE-2025-32914 * CVE-2025-46420 * CVE-2025-46421 CVSS scores: * CVE-2025-2784 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-2784 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-2784 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-32050 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32050 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32050 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32052 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-32052 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32053 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-32053 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32053 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32907 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32907 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32907 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-32914 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-32914 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2025-46420 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-46420 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-46420 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-46421 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2025-46421 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves eight vulnerabilities can now be installed. ## Description: This update for libsoup2 fixes the following issues: * CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space` when sniffing conten (bsc#1240750) * CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752) * CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756) * CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757) * CVE-2025-32907: Fixed excessive memory consumption in server when client requests a large amount of overlapping ranges in a single HTTP request (bsc#1241222) * CVE-2025-32914: Fixed out of bounds read in `soup_multipart_new_from_message()` (bsc#1241164) * CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via soup-headers.c (bsc#1241686) * CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect (bsc#1241688) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1509=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2025-1509=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1509=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1509=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-1509=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-1509=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-1509=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-1509=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-1509=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1509=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1509=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1509=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1509=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1509=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1509=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1509=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1509=1 ## Package List: * SUSE Manager Proxy 4.3 (x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1 * libsoup-2_4-1-2.74.2-150400.3.6.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1 * libsoup2-debugsource-2.74.2-150400.3.6.1 * libsoup2-devel-2.74.2-150400.3.6.1 * SUSE Manager Proxy 4.3 (noarch) * libsoup2-lang-2.74.2-150400.3.6.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1 * libsoup-2_4-1-2.74.2-150400.3.6.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1 * libsoup2-debugsource-2.74.2-150400.3.6.1 * libsoup2-devel-2.74.2-150400.3.6.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * libsoup2-lang-2.74.2-150400.3.6.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1 * libsoup-2_4-1-2.74.2-150400.3.6.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1 * libsoup2-debugsource-2.74.2-150400.3.6.1 * libsoup2-devel-2.74.2-150400.3.6.1 * SUSE Manager Server 4.3 (noarch) * libsoup2-lang-2.74.2-150400.3.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1 * libsoup-2_4-1-2.74.2-150400.3.6.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1 * libsoup2-debugsource-2.74.2-150400.3.6.1 * libsoup2-devel-2.74.2-150400.3.6.1 * openSUSE Leap 15.4 (x86_64) * libsoup-2_4-1-32bit-2.74.2-150400.3.6.1 * libsoup-2_4-1-32bit-debuginfo-2.74.2-150400.3.6.1 * libsoup2-devel-32bit-2.74.2-150400.3.6.1 * openSUSE Leap 15.4 (noarch) * libsoup2-lang-2.74.2-150400.3.6.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libsoup-2_4-1-64bit-2.74.2-150400.3.6.1 * libsoup-2_4-1-64bit-debuginfo-2.74.2-150400.3.6.1 * libsoup2-devel-64bit-2.74.2-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libsoup-2_4-1-2.74.2-150400.3.6.1 * libsoup2-debugsource-2.74.2-150400.3.6.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libsoup-2_4-1-2.74.2-150400.3.6.1 * libsoup2-debugsource-2.74.2-150400.3.6.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libsoup-2_4-1-2.74.2-150400.3.6.1 * libsoup2-debugsource-2.74.2-150400.3.6.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libsoup-2_4-1-2.74.2-150400.3.6.1 * libsoup2-debugsource-2.74.2-150400.3.6.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libsoup-2_4-1-2.74.2-150400.3.6.1 * libsoup2-debugsource-2.74.2-150400.3.6.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1 * libsoup-2_4-1-2.74.2-150400.3.6.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1 * libsoup2-debugsource-2.74.2-150400.3.6.1 * libsoup2-devel-2.74.2-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * libsoup2-lang-2.74.2-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1 * libsoup-2_4-1-2.74.2-150400.3.6.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1 * libsoup2-debugsource-2.74.2-150400.3.6.1 * libsoup2-devel-2.74.2-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * libsoup2-lang-2.74.2-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1 * libsoup-2_4-1-2.74.2-150400.3.6.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1 * libsoup2-debugsource-2.74.2-150400.3.6.1 * libsoup2-devel-2.74.2-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * libsoup2-lang-2.74.2-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1 * libsoup-2_4-1-2.74.2-150400.3.6.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1 * libsoup2-debugsource-2.74.2-150400.3.6.1 * libsoup2-devel-2.74.2-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * libsoup2-lang-2.74.2-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1 * libsoup-2_4-1-2.74.2-150400.3.6.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1 * libsoup2-debugsource-2.74.2-150400.3.6.1 * libsoup2-devel-2.74.2-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * libsoup2-lang-2.74.2-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1 * libsoup-2_4-1-2.74.2-150400.3.6.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1 * libsoup2-debugsource-2.74.2-150400.3.6.1 * libsoup2-devel-2.74.2-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * libsoup2-lang-2.74.2-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1 * libsoup-2_4-1-2.74.2-150400.3.6.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1 * libsoup2-debugsource-2.74.2-150400.3.6.1 * libsoup2-devel-2.74.2-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * libsoup2-lang-2.74.2-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1 * libsoup-2_4-1-2.74.2-150400.3.6.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1 * libsoup2-debugsource-2.74.2-150400.3.6.1 * libsoup2-devel-2.74.2-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * libsoup2-lang-2.74.2-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-2784.html * https://www.suse.com/security/cve/CVE-2025-32050.html * https://www.suse.com/security/cve/CVE-2025-32052.html * https://www.suse.com/security/cve/CVE-2025-32053.html * https://www.suse.com/security/cve/CVE-2025-32907.html * https://www.suse.com/security/cve/CVE-2025-32914.html * https://www.suse.com/security/cve/CVE-2025-46420.html * https://www.suse.com/security/cve/CVE-2025-46421.html * https://bugzilla.suse.com/show_bug.cgi?id=1240750 * https://bugzilla.suse.com/show_bug.cgi?id=1240752 * https://bugzilla.suse.com/show_bug.cgi?id=1240756 * https://bugzilla.suse.com/show_bug.cgi?id=1240757 * https://bugzilla.suse.com/show_bug.cgi?id=1241164 * https://bugzilla.suse.com/show_bug.cgi?id=1241222 * https://bugzilla.suse.com/show_bug.cgi?id=1241686 * https://bugzilla.suse.com/show_bug.cgi?id=1241688 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 7 16:30:29 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 May 2025 16:30:29 -0000 Subject: SUSE-SU-2025:1508-1: moderate: Security update for openvpn Message-ID: <174663542922.30275.8289821768054608963@smelt2.prg2.suse.org> # Security update for openvpn Announcement ID: SUSE-SU-2025:1508-1 Release Date: 2025-05-07T14:02:58Z Rating: moderate References: * bsc#1240392 Cross-References: * CVE-2025-2704 CVSS scores: * CVE-2025-2704 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-2704 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-2704 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for openvpn fixes the following issues: * CVE-2025-2704: Fixed remote DoS due to possible ASSERT() on OpenVPN servers using --tls-crypt-v2 (bsc#1240392) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-1508=1 openSUSE-SLE-15.6-2025-1508=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1508=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * openvpn-debuginfo-2.6.8-150600.3.17.1 * openvpn-devel-2.6.8-150600.3.17.1 * openvpn-down-root-plugin-debuginfo-2.6.8-150600.3.17.1 * openvpn-auth-pam-plugin-2.6.8-150600.3.17.1 * openvpn-dco-devel-2.6.8-150600.3.17.1 * openvpn-dco-2.6.8-150600.3.17.1 * openvpn-auth-pam-plugin-debuginfo-2.6.8-150600.3.17.1 * openvpn-dco-debuginfo-2.6.8-150600.3.17.1 * openvpn-dco-debugsource-2.6.8-150600.3.17.1 * openvpn-down-root-plugin-2.6.8-150600.3.17.1 * openvpn-2.6.8-150600.3.17.1 * openvpn-debugsource-2.6.8-150600.3.17.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * openvpn-debuginfo-2.6.8-150600.3.17.1 * openvpn-devel-2.6.8-150600.3.17.1 * openvpn-auth-pam-plugin-2.6.8-150600.3.17.1 * openvpn-dco-devel-2.6.8-150600.3.17.1 * openvpn-dco-2.6.8-150600.3.17.1 * openvpn-auth-pam-plugin-debuginfo-2.6.8-150600.3.17.1 * openvpn-dco-debuginfo-2.6.8-150600.3.17.1 * openvpn-dco-debugsource-2.6.8-150600.3.17.1 * openvpn-2.6.8-150600.3.17.1 * openvpn-debugsource-2.6.8-150600.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2025-2704.html * https://bugzilla.suse.com/show_bug.cgi?id=1240392 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 8 20:30:14 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 08 May 2025 20:30:14 -0000 Subject: SUSE-SU-2025:1518-1: important: Security update for libsoup Message-ID: <174673621445.28796.16564079825981901910@smelt2.prg2.suse.org> # Security update for libsoup Announcement ID: SUSE-SU-2025:1518-1 Release Date: 2025-05-08T19:36:02Z Rating: important References: * bsc#1233285 * bsc#1233287 * bsc#1233292 * bsc#1240750 * bsc#1240752 * bsc#1240756 * bsc#1240757 * bsc#1241164 * bsc#1241222 * bsc#1241686 * bsc#1241688 Cross-References: * CVE-2024-52530 * CVE-2024-52531 * CVE-2024-52532 * CVE-2025-2784 * CVE-2025-32050 * CVE-2025-32052 * CVE-2025-32053 * CVE-2025-32907 * CVE-2025-32914 * CVE-2025-46420 * CVE-2025-46421 CVSS scores: * CVE-2024-52530 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2024-52530 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-52530 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-52531 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2024-52531 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-52531 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-52531 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2024-52532 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-52532 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-52532 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-2784 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-2784 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-2784 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-32050 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32050 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32050 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32052 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-32052 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32053 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-32053 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32053 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32907 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32907 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32907 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-32914 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-32914 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2025-46420 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-46420 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-46420 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-46421 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2025-46421 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for libsoup fixes the following issues: * CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285) * CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292) * CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287) * CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space` when sniffing content (bsc#1240750) * CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752) * CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756) * CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757) * CVE-2025-32907: Fixed excessive memory consumption in server when client requests a large amount of overlapping ranges in a single HTTP request (bsc#1241222) * CVE-2025-32914: Fixed out of bounds read in `soup_multipart_new_from_message()` (bsc#1241164) * CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via soup-headers.c (bsc#1241686) * CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect (bsc#1241688) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-1518=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1518=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libsoup-devel-2.62.2-5.12.1 * libsoup-2_4-1-debuginfo-2.62.2-5.12.1 * typelib-1_0-Soup-2_4-2.62.2-5.12.1 * libsoup-2_4-1-2.62.2-5.12.1 * libsoup-debugsource-2.62.2-5.12.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * libsoup-lang-2.62.2-5.12.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libsoup-2_4-1-32bit-2.62.2-5.12.1 * libsoup-2_4-1-debuginfo-32bit-2.62.2-5.12.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libsoup-2_4-1-32bit-2.62.2-5.12.1 * libsoup-devel-2.62.2-5.12.1 * libsoup-2_4-1-debuginfo-2.62.2-5.12.1 * typelib-1_0-Soup-2_4-2.62.2-5.12.1 * libsoup-2_4-1-2.62.2-5.12.1 * libsoup-debugsource-2.62.2-5.12.1 * libsoup-2_4-1-debuginfo-32bit-2.62.2-5.12.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * libsoup-lang-2.62.2-5.12.1 ## References: * https://www.suse.com/security/cve/CVE-2024-52530.html * https://www.suse.com/security/cve/CVE-2024-52531.html * https://www.suse.com/security/cve/CVE-2024-52532.html * https://www.suse.com/security/cve/CVE-2025-2784.html * https://www.suse.com/security/cve/CVE-2025-32050.html * https://www.suse.com/security/cve/CVE-2025-32052.html * https://www.suse.com/security/cve/CVE-2025-32053.html * https://www.suse.com/security/cve/CVE-2025-32907.html * https://www.suse.com/security/cve/CVE-2025-32914.html * https://www.suse.com/security/cve/CVE-2025-46420.html * https://www.suse.com/security/cve/CVE-2025-46421.html * https://bugzilla.suse.com/show_bug.cgi?id=1233285 * https://bugzilla.suse.com/show_bug.cgi?id=1233287 * https://bugzilla.suse.com/show_bug.cgi?id=1233292 * https://bugzilla.suse.com/show_bug.cgi?id=1240750 * https://bugzilla.suse.com/show_bug.cgi?id=1240752 * https://bugzilla.suse.com/show_bug.cgi?id=1240756 * https://bugzilla.suse.com/show_bug.cgi?id=1240757 * https://bugzilla.suse.com/show_bug.cgi?id=1241164 * https://bugzilla.suse.com/show_bug.cgi?id=1241222 * https://bugzilla.suse.com/show_bug.cgi?id=1241686 * https://bugzilla.suse.com/show_bug.cgi?id=1241688 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 8 20:30:17 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 08 May 2025 20:30:17 -0000 Subject: SUSE-SU-2025:1517-1: moderate: Security update for apparmor Message-ID: <174673621709.28796.10548503863295918832@smelt2.prg2.suse.org> # Security update for apparmor Announcement ID: SUSE-SU-2025:1517-1 Release Date: 2025-05-08T19:35:51Z Rating: moderate References: * bsc#1241678 Cross-References: * CVE-2024-10041 CVSS scores: * CVE-2024-10041 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-10041 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-10041 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for apparmor fixes the following issues: * Add dac_read_search capability for unix_chkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. (bsc#1241678) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-1517=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1517=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * apache2-mod_apparmor-2.8.2-56.26.1 * apparmor-debugsource-2.8.2-56.26.1 * apparmor-parser-2.8.2-56.26.1 * libapparmor1-2.8.2-56.26.1 * perl-apparmor-2.8.2-56.26.1 * libapparmor1-debuginfo-2.8.2-56.26.1 * perl-apparmor-debuginfo-2.8.2-56.26.1 * apparmor-parser-debuginfo-2.8.2-56.26.1 * pam_apparmor-2.8.2-56.26.1 * apache2-mod_apparmor-debuginfo-2.8.2-56.26.1 * libapparmor-devel-2.8.2-56.26.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * apparmor-docs-2.8.2-56.26.1 * apparmor-utils-2.8.2-56.26.1 * apparmor-profiles-2.8.2-56.26.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (ppc64le s390x x86_64) * pam_apparmor-debuginfo-2.8.2-56.26.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libapparmor1-debuginfo-32bit-2.8.2-56.26.1 * pam_apparmor-32bit-2.8.2-56.26.1 * pam_apparmor-debuginfo-32bit-2.8.2-56.26.1 * libapparmor1-32bit-2.8.2-56.26.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * perl-apparmor-2.8.2-56.26.1 * apache2-mod_apparmor-2.8.2-56.26.1 * pam_apparmor-debuginfo-32bit-2.8.2-56.26.1 * apparmor-debugsource-2.8.2-56.26.1 * libapparmor1-debuginfo-32bit-2.8.2-56.26.1 * apparmor-parser-2.8.2-56.26.1 * libapparmor1-2.8.2-56.26.1 * pam_apparmor-32bit-2.8.2-56.26.1 * libapparmor1-debuginfo-2.8.2-56.26.1 * libapparmor1-32bit-2.8.2-56.26.1 * apparmor-parser-debuginfo-2.8.2-56.26.1 * pam_apparmor-2.8.2-56.26.1 * pam_apparmor-debuginfo-2.8.2-56.26.1 * apache2-mod_apparmor-debuginfo-2.8.2-56.26.1 * libapparmor-devel-2.8.2-56.26.1 * perl-apparmor-debuginfo-2.8.2-56.26.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * apparmor-docs-2.8.2-56.26.1 * apparmor-utils-2.8.2-56.26.1 * apparmor-profiles-2.8.2-56.26.1 ## References: * https://www.suse.com/security/cve/CVE-2024-10041.html * https://bugzilla.suse.com/show_bug.cgi?id=1241678 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 8 20:30:22 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 08 May 2025 20:30:22 -0000 Subject: SUSE-SU-2025:0613-2: moderate: Security update for openssl-1_1 Message-ID: <174673622206.28796.9220499388400794771@smelt2.prg2.suse.org> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2025:0613-2 Release Date: 2025-05-08T13:17:52Z Rating: moderate References: * bsc#1236136 * bsc#1236771 Cross-References: * CVE-2024-13176 CVSS scores: * CVE-2024-13176 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-13176 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-13176 ( NVD ): 4.1 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: * Certifications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: * Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Certifications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Certifications-15-SP7-2025-613=1 ## Package List: * Certifications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-debuginfo-1.1.1w-150600.5.12.2 * libopenssl1_1-1.1.1w-150600.5.12.2 * openssl-1_1-debugsource-1.1.1w-150600.5.12.2 ## References: * https://www.suse.com/security/cve/CVE-2024-13176.html * https://bugzilla.suse.com/show_bug.cgi?id=1236136 * https://bugzilla.suse.com/show_bug.cgi?id=1236771 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 8 20:30:38 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 08 May 2025 20:30:38 -0000 Subject: SUSE-SU-2025:1516-1: moderate: Security update for openssl-3 Message-ID: <174673623835.28796.18414958621030290449@smelt2.prg2.suse.org> # Security update for openssl-3 Announcement ID: SUSE-SU-2025:1516-1 Release Date: 2025-05-08T13:17:46Z Rating: moderate References: * bsc#1220523 * bsc#1220690 * bsc#1220693 * bsc#1220696 * bsc#1221365 * bsc#1221751 * bsc#1221752 * bsc#1221753 * bsc#1221760 * bsc#1221786 * bsc#1221787 * bsc#1221821 * bsc#1221822 * bsc#1221824 * bsc#1221827 * bsc#1229465 Cross-References: * CVE-2024-6119 CVSS scores: * CVE-2024-6119 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-6119 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Certifications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has 15 security fixes can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: * FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). * FIPS: RSA keygen PCT requirements. * FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). * FIPS: Port openssl to use jitterentropy (bsc#1220523). * FIPS: Block non-Approved Elliptic Curves (bsc#1221786). * FIPS: Service Level Indicator (bsc#1221365). * FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). * FIPS: Add required selftests: (bsc#1221760). * FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). * FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). * FIPS: Zero initialization required (bsc#1221752). * FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). * FIPS: NIST SP 800-56Brev2 (bsc#1221824). * FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). * FIPS: Port openssl to use jitterentropy (bsc#1220523). * FIPS: NIST SP 800-56Arev3 (bsc#1221822). * FIPS: Error state has to be enforced (bsc#1221753). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Certifications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Certifications-15-SP7-2025-1516=1 ## Package List: * Certifications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * openssl-3-debugsource-3.1.4-150600.5.15.1 * libopenssl-3-fips-provider-3.1.4-150600.5.15.1 * libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.15.1 ## References: * https://www.suse.com/security/cve/CVE-2024-6119.html * https://bugzilla.suse.com/show_bug.cgi?id=1220523 * https://bugzilla.suse.com/show_bug.cgi?id=1220690 * https://bugzilla.suse.com/show_bug.cgi?id=1220693 * https://bugzilla.suse.com/show_bug.cgi?id=1220696 * https://bugzilla.suse.com/show_bug.cgi?id=1221365 * https://bugzilla.suse.com/show_bug.cgi?id=1221751 * https://bugzilla.suse.com/show_bug.cgi?id=1221752 * https://bugzilla.suse.com/show_bug.cgi?id=1221753 * https://bugzilla.suse.com/show_bug.cgi?id=1221760 * https://bugzilla.suse.com/show_bug.cgi?id=1221786 * https://bugzilla.suse.com/show_bug.cgi?id=1221787 * https://bugzilla.suse.com/show_bug.cgi?id=1221821 * https://bugzilla.suse.com/show_bug.cgi?id=1221822 * https://bugzilla.suse.com/show_bug.cgi?id=1221824 * https://bugzilla.suse.com/show_bug.cgi?id=1221827 * https://bugzilla.suse.com/show_bug.cgi?id=1229465 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 8 20:30:45 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 08 May 2025 20:30:45 -0000 Subject: SUSE-SU-2025:1512-1: moderate: Security update for apparmor Message-ID: <174673624560.28796.10326990383811239555@smelt2.prg2.suse.org> # Security update for apparmor Announcement ID: SUSE-SU-2025:1512-1 Release Date: 2025-05-07T19:36:39Z Rating: moderate References: * bsc#1241678 Cross-References: * CVE-2024-10041 CVSS scores: * CVE-2024-10041 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-10041 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-10041 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for apparmor fixes the following issues: * Add dac_read_search capability for unix_chkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. (bsc#1241678) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-1512=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-1512=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1512=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1512=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1512=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1512=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * pam_apparmor-3.0.4-150500.11.18.1 * apparmor-parser-3.0.4-150500.11.18.1 * ruby-apparmor-debuginfo-3.0.4-150500.11.18.1 * libapparmor-debugsource-3.0.4-150500.11.18.1 * libapparmor1-debuginfo-3.0.4-150500.11.18.1 * apparmor-debugsource-3.0.4-150500.11.18.1 * python3-apparmor-3.0.4-150500.11.18.1 * pam_apparmor-debuginfo-3.0.4-150500.11.18.1 * python3-apparmor-debuginfo-3.0.4-150500.11.18.1 * ruby-apparmor-3.0.4-150500.11.18.1 * perl-apparmor-debuginfo-3.0.4-150500.11.18.1 * perl-apparmor-3.0.4-150500.11.18.1 * libapparmor-devel-3.0.4-150500.11.18.1 * libapparmor1-3.0.4-150500.11.18.1 * apparmor-parser-debuginfo-3.0.4-150500.11.18.1 * apache2-mod_apparmor-debuginfo-3.0.4-150500.11.18.1 * apache2-mod_apparmor-3.0.4-150500.11.18.1 * openSUSE Leap 15.5 (noarch) * apparmor-docs-3.0.4-150500.11.18.1 * apparmor-utils-3.0.4-150500.11.18.1 * apparmor-utils-lang-3.0.4-150500.11.18.1 * apparmor-abstractions-3.0.4-150500.11.18.1 * apparmor-parser-lang-3.0.4-150500.11.18.1 * apparmor-profiles-3.0.4-150500.11.18.1 * openSUSE Leap 15.5 (x86_64) * pam_apparmor-32bit-3.0.4-150500.11.18.1 * libapparmor1-32bit-debuginfo-3.0.4-150500.11.18.1 * libapparmor1-32bit-3.0.4-150500.11.18.1 * pam_apparmor-32bit-debuginfo-3.0.4-150500.11.18.1 * openSUSE Leap 15.5 (aarch64_ilp32) * pam_apparmor-64bit-debuginfo-3.0.4-150500.11.18.1 * pam_apparmor-64bit-3.0.4-150500.11.18.1 * libapparmor1-64bit-debuginfo-3.0.4-150500.11.18.1 * libapparmor1-64bit-3.0.4-150500.11.18.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * pam_apparmor-3.0.4-150500.11.18.1 * apparmor-parser-3.0.4-150500.11.18.1 * libapparmor-debugsource-3.0.4-150500.11.18.1 * apparmor-debugsource-3.0.4-150500.11.18.1 * libapparmor1-3.0.4-150500.11.18.1 * pam_apparmor-debuginfo-3.0.4-150500.11.18.1 * apparmor-parser-debuginfo-3.0.4-150500.11.18.1 * libapparmor1-debuginfo-3.0.4-150500.11.18.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libapparmor1-debuginfo-3.0.4-150500.11.18.1 * apparmor-parser-3.0.4-150500.11.18.1 * pam_apparmor-3.0.4-150500.11.18.1 * libapparmor-debugsource-3.0.4-150500.11.18.1 * apparmor-debugsource-3.0.4-150500.11.18.1 * python3-apparmor-3.0.4-150500.11.18.1 * libapparmor1-3.0.4-150500.11.18.1 * pam_apparmor-debuginfo-3.0.4-150500.11.18.1 * python3-apparmor-debuginfo-3.0.4-150500.11.18.1 * libapparmor-devel-3.0.4-150500.11.18.1 * perl-apparmor-3.0.4-150500.11.18.1 * perl-apparmor-debuginfo-3.0.4-150500.11.18.1 * apparmor-parser-debuginfo-3.0.4-150500.11.18.1 * apache2-mod_apparmor-debuginfo-3.0.4-150500.11.18.1 * apache2-mod_apparmor-3.0.4-150500.11.18.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * apparmor-docs-3.0.4-150500.11.18.1 * apparmor-utils-3.0.4-150500.11.18.1 * apparmor-utils-lang-3.0.4-150500.11.18.1 * apparmor-abstractions-3.0.4-150500.11.18.1 * apparmor-parser-lang-3.0.4-150500.11.18.1 * apparmor-profiles-3.0.4-150500.11.18.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * pam_apparmor-32bit-3.0.4-150500.11.18.1 * libapparmor1-32bit-debuginfo-3.0.4-150500.11.18.1 * libapparmor1-32bit-3.0.4-150500.11.18.1 * pam_apparmor-32bit-debuginfo-3.0.4-150500.11.18.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libapparmor1-debuginfo-3.0.4-150500.11.18.1 * apparmor-parser-3.0.4-150500.11.18.1 * pam_apparmor-3.0.4-150500.11.18.1 * libapparmor-debugsource-3.0.4-150500.11.18.1 * apparmor-debugsource-3.0.4-150500.11.18.1 * python3-apparmor-3.0.4-150500.11.18.1 * libapparmor1-3.0.4-150500.11.18.1 * pam_apparmor-debuginfo-3.0.4-150500.11.18.1 * python3-apparmor-debuginfo-3.0.4-150500.11.18.1 * libapparmor-devel-3.0.4-150500.11.18.1 * perl-apparmor-3.0.4-150500.11.18.1 * perl-apparmor-debuginfo-3.0.4-150500.11.18.1 * apparmor-parser-debuginfo-3.0.4-150500.11.18.1 * apache2-mod_apparmor-debuginfo-3.0.4-150500.11.18.1 * apache2-mod_apparmor-3.0.4-150500.11.18.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * apparmor-docs-3.0.4-150500.11.18.1 * apparmor-utils-3.0.4-150500.11.18.1 * apparmor-utils-lang-3.0.4-150500.11.18.1 * apparmor-abstractions-3.0.4-150500.11.18.1 * apparmor-parser-lang-3.0.4-150500.11.18.1 * apparmor-profiles-3.0.4-150500.11.18.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * pam_apparmor-32bit-3.0.4-150500.11.18.1 * libapparmor1-32bit-debuginfo-3.0.4-150500.11.18.1 * libapparmor1-32bit-3.0.4-150500.11.18.1 * pam_apparmor-32bit-debuginfo-3.0.4-150500.11.18.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libapparmor1-debuginfo-3.0.4-150500.11.18.1 * apparmor-parser-3.0.4-150500.11.18.1 * pam_apparmor-3.0.4-150500.11.18.1 * libapparmor-debugsource-3.0.4-150500.11.18.1 * apparmor-debugsource-3.0.4-150500.11.18.1 * python3-apparmor-3.0.4-150500.11.18.1 * libapparmor1-3.0.4-150500.11.18.1 * pam_apparmor-debuginfo-3.0.4-150500.11.18.1 * python3-apparmor-debuginfo-3.0.4-150500.11.18.1 * libapparmor-devel-3.0.4-150500.11.18.1 * perl-apparmor-3.0.4-150500.11.18.1 * perl-apparmor-debuginfo-3.0.4-150500.11.18.1 * apparmor-parser-debuginfo-3.0.4-150500.11.18.1 * apache2-mod_apparmor-debuginfo-3.0.4-150500.11.18.1 * apache2-mod_apparmor-3.0.4-150500.11.18.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * apparmor-docs-3.0.4-150500.11.18.1 * apparmor-utils-3.0.4-150500.11.18.1 * apparmor-utils-lang-3.0.4-150500.11.18.1 * apparmor-abstractions-3.0.4-150500.11.18.1 * apparmor-parser-lang-3.0.4-150500.11.18.1 * apparmor-profiles-3.0.4-150500.11.18.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * pam_apparmor-32bit-3.0.4-150500.11.18.1 * libapparmor1-32bit-debuginfo-3.0.4-150500.11.18.1 * libapparmor1-32bit-3.0.4-150500.11.18.1 * pam_apparmor-32bit-debuginfo-3.0.4-150500.11.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libapparmor1-debuginfo-3.0.4-150500.11.18.1 * apparmor-parser-3.0.4-150500.11.18.1 * pam_apparmor-3.0.4-150500.11.18.1 * libapparmor-debugsource-3.0.4-150500.11.18.1 * apparmor-debugsource-3.0.4-150500.11.18.1 * python3-apparmor-3.0.4-150500.11.18.1 * libapparmor1-3.0.4-150500.11.18.1 * pam_apparmor-debuginfo-3.0.4-150500.11.18.1 * python3-apparmor-debuginfo-3.0.4-150500.11.18.1 * libapparmor-devel-3.0.4-150500.11.18.1 * perl-apparmor-3.0.4-150500.11.18.1 * perl-apparmor-debuginfo-3.0.4-150500.11.18.1 * apparmor-parser-debuginfo-3.0.4-150500.11.18.1 * apache2-mod_apparmor-debuginfo-3.0.4-150500.11.18.1 * apache2-mod_apparmor-3.0.4-150500.11.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * apparmor-docs-3.0.4-150500.11.18.1 * apparmor-utils-3.0.4-150500.11.18.1 * apparmor-utils-lang-3.0.4-150500.11.18.1 * apparmor-abstractions-3.0.4-150500.11.18.1 * apparmor-parser-lang-3.0.4-150500.11.18.1 * apparmor-profiles-3.0.4-150500.11.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * pam_apparmor-32bit-3.0.4-150500.11.18.1 * libapparmor1-32bit-debuginfo-3.0.4-150500.11.18.1 * libapparmor1-32bit-3.0.4-150500.11.18.1 * pam_apparmor-32bit-debuginfo-3.0.4-150500.11.18.1 ## References: * https://www.suse.com/security/cve/CVE-2024-10041.html * https://bugzilla.suse.com/show_bug.cgi?id=1241678 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 8 20:30:52 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 08 May 2025 20:30:52 -0000 Subject: SUSE-SU-2025:1511-1: moderate: Security update for apparmor Message-ID: <174673625297.28796.4994595729497158476@smelt2.prg2.suse.org> # Security update for apparmor Announcement ID: SUSE-SU-2025:1511-1 Release Date: 2025-05-07T19:36:15Z Rating: moderate References: * bsc#1241678 Cross-References: * CVE-2024-10041 CVSS scores: * CVE-2024-10041 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-10041 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-10041 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP6 * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for apparmor fixes the following issues: * Add dac_read_search capability for unix_chkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. (bsc#1241678) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1511=1 SUSE-2025-1511=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1511=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-1511=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-1511=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * pam_apparmor-3.1.7-150600.5.9.1 * pam_apparmor-debuginfo-3.1.7-150600.5.9.1 * apache2-mod_apparmor-debuginfo-3.1.7-150600.5.9.1 * apparmor-parser-3.1.7-150600.5.9.1 * python3-apparmor-3.1.7-150600.5.9.1 * apparmor-parser-debuginfo-3.1.7-150600.5.9.1 * apparmor-debugsource-3.1.7-150600.5.9.1 * perl-apparmor-3.1.7-150600.5.9.1 * libapparmor1-debuginfo-3.1.7-150600.5.9.1 * ruby-apparmor-debuginfo-3.1.7-150600.5.9.1 * apache2-mod_apparmor-3.1.7-150600.5.9.1 * ruby-apparmor-3.1.7-150600.5.9.1 * libapparmor-debugsource-3.1.7-150600.5.9.1 * libapparmor1-3.1.7-150600.5.9.1 * libapparmor-devel-3.1.7-150600.5.9.1 * perl-apparmor-debuginfo-3.1.7-150600.5.9.1 * python3-apparmor-debuginfo-3.1.7-150600.5.9.1 * openSUSE Leap 15.6 (noarch) * apparmor-utils-3.1.7-150600.5.9.1 * apparmor-utils-lang-3.1.7-150600.5.9.1 * apparmor-parser-lang-3.1.7-150600.5.9.1 * apparmor-docs-3.1.7-150600.5.9.1 * apparmor-abstractions-3.1.7-150600.5.9.1 * apparmor-profiles-3.1.7-150600.5.9.1 * openSUSE Leap 15.6 (x86_64) * libapparmor1-32bit-3.1.7-150600.5.9.1 * pam_apparmor-32bit-debuginfo-3.1.7-150600.5.9.1 * libapparmor1-32bit-debuginfo-3.1.7-150600.5.9.1 * pam_apparmor-32bit-3.1.7-150600.5.9.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libapparmor1-64bit-debuginfo-3.1.7-150600.5.9.1 * pam_apparmor-64bit-debuginfo-3.1.7-150600.5.9.1 * libapparmor1-64bit-3.1.7-150600.5.9.1 * pam_apparmor-64bit-3.1.7-150600.5.9.1 * Basesystem Module 15-SP6 (noarch) * apparmor-utils-3.1.7-150600.5.9.1 * apparmor-utils-lang-3.1.7-150600.5.9.1 * apparmor-parser-lang-3.1.7-150600.5.9.1 * apparmor-docs-3.1.7-150600.5.9.1 * apparmor-abstractions-3.1.7-150600.5.9.1 * apparmor-profiles-3.1.7-150600.5.9.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * pam_apparmor-3.1.7-150600.5.9.1 * pam_apparmor-debuginfo-3.1.7-150600.5.9.1 * apparmor-parser-3.1.7-150600.5.9.1 * python3-apparmor-3.1.7-150600.5.9.1 * apparmor-parser-debuginfo-3.1.7-150600.5.9.1 * apparmor-debugsource-3.1.7-150600.5.9.1 * libapparmor1-debuginfo-3.1.7-150600.5.9.1 * libapparmor-debugsource-3.1.7-150600.5.9.1 * libapparmor-devel-3.1.7-150600.5.9.1 * libapparmor1-3.1.7-150600.5.9.1 * python3-apparmor-debuginfo-3.1.7-150600.5.9.1 * Basesystem Module 15-SP6 (x86_64) * pam_apparmor-32bit-debuginfo-3.1.7-150600.5.9.1 * libapparmor1-32bit-debuginfo-3.1.7-150600.5.9.1 * pam_apparmor-32bit-3.1.7-150600.5.9.1 * libapparmor1-32bit-3.1.7-150600.5.9.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * perl-apparmor-3.1.7-150600.5.9.1 * apparmor-debugsource-3.1.7-150600.5.9.1 * perl-apparmor-debuginfo-3.1.7-150600.5.9.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * apache2-mod_apparmor-3.1.7-150600.5.9.1 * apparmor-debugsource-3.1.7-150600.5.9.1 * apache2-mod_apparmor-debuginfo-3.1.7-150600.5.9.1 ## References: * https://www.suse.com/security/cve/CVE-2024-10041.html * https://bugzilla.suse.com/show_bug.cgi?id=1241678 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 9 08:30:05 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 May 2025 08:30:05 -0000 Subject: SUSE-SU-2025:1521-1: important: Security update for tomcat Message-ID: <174677940550.20256.1613612072488229436@smelt2.prg2.suse.org> # Security update for tomcat Announcement ID: SUSE-SU-2025:1521-1 Release Date: 2025-05-09T04:57:04Z Rating: important References: * bsc#1242008 * bsc#1242009 Cross-References: * CVE-2025-31650 * CVE-2025-31651 CVSS scores: * CVE-2025-31650 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-31650 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-31650 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-31650 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-31651 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-31651 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-31651 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-31651 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for tomcat fixes the following issues: Update to Tomcat 9.0.104 * CVE-2025-31650: invalid priority field values should be ignored (bsc#1242008) * CVE-2025-31651: Better handling of URLs with literal ';' and '?' (bsc#1242009) Full changelog: https://tomcat.apache.org/tomcat-9.0-doc/changelog.htm ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1521=1 * Web and Scripting Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP6-2025-1521=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1521=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1521=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1521=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1521=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1521=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1521=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1521=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1521=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1521=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1521=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1521=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1521=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-1521=1 ## Package List: * openSUSE Leap 15.6 (noarch) * tomcat-docs-webapp-9.0.104-150200.81.1 * tomcat-el-3_0-api-9.0.104-150200.81.1 * tomcat-lib-9.0.104-150200.81.1 * tomcat-embed-9.0.104-150200.81.1 * tomcat-9.0.104-150200.81.1 * tomcat-jsvc-9.0.104-150200.81.1 * tomcat-servlet-4_0-api-9.0.104-150200.81.1 * tomcat-jsp-2_3-api-9.0.104-150200.81.1 * tomcat-webapps-9.0.104-150200.81.1 * tomcat-admin-webapps-9.0.104-150200.81.1 * tomcat-javadoc-9.0.104-150200.81.1 * Web and Scripting Module 15-SP6 (noarch) * tomcat-el-3_0-api-9.0.104-150200.81.1 * tomcat-9.0.104-150200.81.1 * tomcat-servlet-4_0-api-9.0.104-150200.81.1 * tomcat-jsp-2_3-api-9.0.104-150200.81.1 * tomcat-webapps-9.0.104-150200.81.1 * tomcat-admin-webapps-9.0.104-150200.81.1 * tomcat-lib-9.0.104-150200.81.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * tomcat-el-3_0-api-9.0.104-150200.81.1 * tomcat-9.0.104-150200.81.1 * tomcat-servlet-4_0-api-9.0.104-150200.81.1 * tomcat-jsp-2_3-api-9.0.104-150200.81.1 * tomcat-webapps-9.0.104-150200.81.1 * tomcat-admin-webapps-9.0.104-150200.81.1 * tomcat-lib-9.0.104-150200.81.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * tomcat-el-3_0-api-9.0.104-150200.81.1 * tomcat-9.0.104-150200.81.1 * tomcat-servlet-4_0-api-9.0.104-150200.81.1 * tomcat-jsp-2_3-api-9.0.104-150200.81.1 * tomcat-webapps-9.0.104-150200.81.1 * tomcat-admin-webapps-9.0.104-150200.81.1 * tomcat-lib-9.0.104-150200.81.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * tomcat-el-3_0-api-9.0.104-150200.81.1 * tomcat-9.0.104-150200.81.1 * tomcat-servlet-4_0-api-9.0.104-150200.81.1 * tomcat-jsp-2_3-api-9.0.104-150200.81.1 * tomcat-webapps-9.0.104-150200.81.1 * tomcat-admin-webapps-9.0.104-150200.81.1 * tomcat-lib-9.0.104-150200.81.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * tomcat-el-3_0-api-9.0.104-150200.81.1 * tomcat-9.0.104-150200.81.1 * tomcat-servlet-4_0-api-9.0.104-150200.81.1 * tomcat-jsp-2_3-api-9.0.104-150200.81.1 * tomcat-webapps-9.0.104-150200.81.1 * tomcat-admin-webapps-9.0.104-150200.81.1 * tomcat-lib-9.0.104-150200.81.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * tomcat-el-3_0-api-9.0.104-150200.81.1 * tomcat-9.0.104-150200.81.1 * tomcat-servlet-4_0-api-9.0.104-150200.81.1 * tomcat-jsp-2_3-api-9.0.104-150200.81.1 * tomcat-webapps-9.0.104-150200.81.1 * tomcat-admin-webapps-9.0.104-150200.81.1 * tomcat-lib-9.0.104-150200.81.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * tomcat-el-3_0-api-9.0.104-150200.81.1 * tomcat-9.0.104-150200.81.1 * tomcat-servlet-4_0-api-9.0.104-150200.81.1 * tomcat-jsp-2_3-api-9.0.104-150200.81.1 * tomcat-webapps-9.0.104-150200.81.1 * tomcat-admin-webapps-9.0.104-150200.81.1 * tomcat-lib-9.0.104-150200.81.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * tomcat-el-3_0-api-9.0.104-150200.81.1 * tomcat-9.0.104-150200.81.1 * tomcat-servlet-4_0-api-9.0.104-150200.81.1 * tomcat-jsp-2_3-api-9.0.104-150200.81.1 * tomcat-webapps-9.0.104-150200.81.1 * tomcat-admin-webapps-9.0.104-150200.81.1 * tomcat-lib-9.0.104-150200.81.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * tomcat-el-3_0-api-9.0.104-150200.81.1 * tomcat-9.0.104-150200.81.1 * tomcat-servlet-4_0-api-9.0.104-150200.81.1 * tomcat-jsp-2_3-api-9.0.104-150200.81.1 * tomcat-webapps-9.0.104-150200.81.1 * tomcat-admin-webapps-9.0.104-150200.81.1 * tomcat-lib-9.0.104-150200.81.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * tomcat-el-3_0-api-9.0.104-150200.81.1 * tomcat-9.0.104-150200.81.1 * tomcat-servlet-4_0-api-9.0.104-150200.81.1 * tomcat-jsp-2_3-api-9.0.104-150200.81.1 * tomcat-webapps-9.0.104-150200.81.1 * tomcat-admin-webapps-9.0.104-150200.81.1 * tomcat-lib-9.0.104-150200.81.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * tomcat-el-3_0-api-9.0.104-150200.81.1 * tomcat-9.0.104-150200.81.1 * tomcat-servlet-4_0-api-9.0.104-150200.81.1 * tomcat-jsp-2_3-api-9.0.104-150200.81.1 * tomcat-webapps-9.0.104-150200.81.1 * tomcat-admin-webapps-9.0.104-150200.81.1 * tomcat-lib-9.0.104-150200.81.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * tomcat-el-3_0-api-9.0.104-150200.81.1 * tomcat-9.0.104-150200.81.1 * tomcat-servlet-4_0-api-9.0.104-150200.81.1 * tomcat-jsp-2_3-api-9.0.104-150200.81.1 * tomcat-webapps-9.0.104-150200.81.1 * tomcat-admin-webapps-9.0.104-150200.81.1 * tomcat-lib-9.0.104-150200.81.1 * SUSE Manager Server 4.3 (noarch) * tomcat-el-3_0-api-9.0.104-150200.81.1 * tomcat-9.0.104-150200.81.1 * tomcat-servlet-4_0-api-9.0.104-150200.81.1 * tomcat-jsp-2_3-api-9.0.104-150200.81.1 * tomcat-webapps-9.0.104-150200.81.1 * tomcat-admin-webapps-9.0.104-150200.81.1 * tomcat-lib-9.0.104-150200.81.1 * SUSE Enterprise Storage 7.1 (noarch) * tomcat-el-3_0-api-9.0.104-150200.81.1 * tomcat-9.0.104-150200.81.1 * tomcat-servlet-4_0-api-9.0.104-150200.81.1 * tomcat-jsp-2_3-api-9.0.104-150200.81.1 * tomcat-webapps-9.0.104-150200.81.1 * tomcat-admin-webapps-9.0.104-150200.81.1 * tomcat-lib-9.0.104-150200.81.1 ## References: * https://www.suse.com/security/cve/CVE-2025-31650.html * https://www.suse.com/security/cve/CVE-2025-31651.html * https://bugzilla.suse.com/show_bug.cgi?id=1242008 * https://bugzilla.suse.com/show_bug.cgi?id=1242009 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 9 08:30:07 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 May 2025 08:30:07 -0000 Subject: SUSE-SU-2025:1520-1: important: Security update for govulncheck-vulndb Message-ID: <174677940799.20256.4405025448221272750@smelt2.prg2.suse.org> # Security update for govulncheck-vulndb Announcement ID: SUSE-SU-2025:1520-1 Release Date: 2025-05-09T01:08:25Z Rating: important References: * jsc#PED-11136 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that contains one feature can now be installed. ## Description: This update for govulncheck-vulndb fixes the following issues: * Update to version 0.0.20250506T153719 2025-05-06T15:37:19Z (jsc#PED-11136) * GO-2025-3656 * GO-2025-3661 * GO-2025-3662 * GO-2025-3663 * GO-2025-3665 * Update to version 0.0.20250505T161433 2025-05-05T16:14:33Z (jsc#PED-11136) * GO-2025-3645 * GO-2025-3646 * GO-2025-3647 * GO-2025-3648 * GO-2025-3649 * GO-2025-3650 * GO-2025-3652 * GO-2025-3660 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1520=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1520=1 ## Package List: * openSUSE Leap 15.6 (noarch) * govulncheck-vulndb-0.0.20250506T153719-150000.1.71.1 * SUSE Package Hub 15 15-SP6 (noarch) * govulncheck-vulndb-0.0.20250506T153719-150000.1.71.1 ## References: * https://jira.suse.com/browse/PED-11136 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 9 08:30:18 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 May 2025 08:30:18 -0000 Subject: SUSE-SU-2025:1519-1: important: Security update for libsoup Message-ID: <174677941840.20256.17710691834847843418@smelt2.prg2.suse.org> # Security update for libsoup Announcement ID: SUSE-SU-2025:1519-1 Release Date: 2025-05-09T00:07:48Z Rating: important References: * bsc#1240750 * bsc#1240752 * bsc#1240756 * bsc#1240757 * bsc#1241164 * bsc#1241222 * bsc#1241686 * bsc#1241688 Cross-References: * CVE-2025-2784 * CVE-2025-32050 * CVE-2025-32052 * CVE-2025-32053 * CVE-2025-32907 * CVE-2025-32914 * CVE-2025-46420 * CVE-2025-46421 CVSS scores: * CVE-2025-2784 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-2784 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-2784 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-32050 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32050 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32050 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32052 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-32052 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32053 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-32053 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32053 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-32907 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32907 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32907 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-32914 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-32914 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2025-46420 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-46420 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-46420 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-46421 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2025-46421 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves eight vulnerabilities can now be installed. ## Description: This update for libsoup fixes the following issues: * CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space` when sniffing content (bsc#1240750) * CVE-2025-32050: Fixed Integer overflow in append_param_quoted (bsc#1240752) * CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756) * CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757) * CVE-2025-32907: Fixed excessive memory consumption in server when client requests a large amount of overlapping ranges in a single HTTP request (bsc#1241222) * CVE-2025-32914: Fixed out of bounds read in `soup_multipart_new_from_message()` (bsc#1241164) * CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via soup-headers.c (bsc#1241686) * CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect (bsc#1241688) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1519=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1519=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1519=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-1519=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1519=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1519=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libsoup-2_4-1-debuginfo-2.68.4-150200.4.6.1 * libsoup-2_4-1-2.68.4-150200.4.6.1 * libsoup-debugsource-2.68.4-150200.4.6.1 * libsoup-devel-2.68.4-150200.4.6.1 * typelib-1_0-Soup-2_4-2.68.4-150200.4.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * libsoup-lang-2.68.4-150200.4.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * libsoup-2_4-1-debuginfo-2.68.4-150200.4.6.1 * libsoup-2_4-1-2.68.4-150200.4.6.1 * libsoup-debugsource-2.68.4-150200.4.6.1 * libsoup-devel-2.68.4-150200.4.6.1 * typelib-1_0-Soup-2_4-2.68.4-150200.4.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * libsoup-lang-2.68.4-150200.4.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libsoup-2_4-1-debuginfo-2.68.4-150200.4.6.1 * libsoup-2_4-1-2.68.4-150200.4.6.1 * libsoup-debugsource-2.68.4-150200.4.6.1 * libsoup-devel-2.68.4-150200.4.6.1 * typelib-1_0-Soup-2_4-2.68.4-150200.4.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * libsoup-lang-2.68.4-150200.4.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libsoup-2_4-1-debuginfo-2.68.4-150200.4.6.1 * libsoup-2_4-1-2.68.4-150200.4.6.1 * libsoup-debugsource-2.68.4-150200.4.6.1 * libsoup-devel-2.68.4-150200.4.6.1 * typelib-1_0-Soup-2_4-2.68.4-150200.4.6.1 * SUSE Enterprise Storage 7.1 (noarch) * libsoup-lang-2.68.4-150200.4.6.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libsoup-debugsource-2.68.4-150200.4.6.1 * libsoup-2_4-1-debuginfo-2.68.4-150200.4.6.1 * libsoup-2_4-1-2.68.4-150200.4.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libsoup-debugsource-2.68.4-150200.4.6.1 * libsoup-2_4-1-debuginfo-2.68.4-150200.4.6.1 * libsoup-2_4-1-2.68.4-150200.4.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-2784.html * https://www.suse.com/security/cve/CVE-2025-32050.html * https://www.suse.com/security/cve/CVE-2025-32052.html * https://www.suse.com/security/cve/CVE-2025-32053.html * https://www.suse.com/security/cve/CVE-2025-32907.html * https://www.suse.com/security/cve/CVE-2025-32914.html * https://www.suse.com/security/cve/CVE-2025-46420.html * https://www.suse.com/security/cve/CVE-2025-46421.html * https://bugzilla.suse.com/show_bug.cgi?id=1240750 * https://bugzilla.suse.com/show_bug.cgi?id=1240752 * https://bugzilla.suse.com/show_bug.cgi?id=1240756 * https://bugzilla.suse.com/show_bug.cgi?id=1240757 * https://bugzilla.suse.com/show_bug.cgi?id=1241164 * https://bugzilla.suse.com/show_bug.cgi?id=1241222 * https://bugzilla.suse.com/show_bug.cgi?id=1241686 * https://bugzilla.suse.com/show_bug.cgi?id=1241688 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 9 12:30:06 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 May 2025 12:30:06 -0000 Subject: SUSE-SU-2025:1525-1: important: Security update for java-1_8_0-openjdk Message-ID: <174679380699.27840.973909329989108864@smelt2.prg2.suse.org> # Security update for java-1_8_0-openjdk Announcement ID: SUSE-SU-2025:1525-1 Release Date: 2025-05-09T11:31:06Z Rating: important References: * bsc#1241274 * bsc#1241275 * bsc#1241276 Cross-References: * CVE-2025-21587 * CVE-2025-30691 * CVE-2025-30698 CVSS scores: * CVE-2025-21587 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-21587 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-21587 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-30691 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-30691 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-30691 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-30698 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-30698 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-30698 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * Legacy Module 15-SP6 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u452 (icedtea-3.35.0) Security issues fixed: * CVE-2025-21587: unauthorized creation, deletion or modification of critical data through the JSSE component. (bsc#1241274) * CVE-2025-30691: unauthorized update, insert or delete access to a subset of Oracle Java SE data through the Compiler component. (bsc#1241275) * CVE-2025-30698: unauthorized access to Oracle Java SE data and unauthorized ability to cause partial DoS through the 2D component. (bsc#1241276) Non-security issues fixed: * JDK-8212096: javax/net/ssl/ServerName/SSLEngineExplorerMatchedSNI.java failed intermittently due to SSLException: Tag mismatch. * JDK-8261020: wrong format parameter in create_emergency_chunk_path. * JDK-8266881: enable debug log for SSLEngineExplorerMatchedSNI.java. * JDK-8268457: XML Transformer outputs Unicode supplementary character incorrectly to HTML. * JDK-8309841: Jarsigner should print a warning if an entry is removed. * JDK-8337494: clarify JarInputStream behavior. * JDK-8339637: (tz) update Timezone Data to 2024b. * JDK-8339644: improve parsing of Day/Month in tzdata rules * JDK-8339810: clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract. * JDK-8340552: harden TzdbZoneRulesCompiler against missing zone names. * JDK-8342562: enhance Deflater operations. * JDK-8346587: distrust TLS server certificates anchored by Camerfirma Root CAs. * JDK-8347847: enhance jar file support. * JDK-8347965: (tz) update Timezone Data to 2025a. * JDK-8348211: [8u] sun/management/jmxremote/startstop/JMXStartStopTest.java fails after backport of JDK-8066708. * JDK-8350816: [8u] update TzdbZoneRulesCompiler to ignore HST/EST/MST links. * JDK-8352097: (tz) zone.tab update missed in 2025a backport. * JDK-8353433: XCG currency code not recognized in JDK 8u. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1525=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-1525=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1525=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1525=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1525=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1525=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1525=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1525=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1525=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1525=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1525=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-1525=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-accessibility-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debugsource-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-src-1.8.0.452-150000.3.106.1 * openSUSE Leap 15.6 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.452-150000.3.106.1 * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debugsource-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.452-150000.3.106.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debugsource-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.452-150000.3.106.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debugsource-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.452-150000.3.106.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debugsource-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.452-150000.3.106.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debugsource-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.452-150000.3.106.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debugsource-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.452-150000.3.106.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debugsource-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.452-150000.3.106.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debugsource-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.452-150000.3.106.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debugsource-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.452-150000.3.106.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debugsource-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.452-150000.3.106.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debugsource-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-demo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-debuginfo-1.8.0.452-150000.3.106.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.452-150000.3.106.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21587.html * https://www.suse.com/security/cve/CVE-2025-30691.html * https://www.suse.com/security/cve/CVE-2025-30698.html * https://bugzilla.suse.com/show_bug.cgi?id=1241274 * https://bugzilla.suse.com/show_bug.cgi?id=1241275 * https://bugzilla.suse.com/show_bug.cgi?id=1241276 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 9 12:30:12 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 May 2025 12:30:12 -0000 Subject: SUSE-SU-2025:1524-1: important: Security update for java-1_8_0-openjdk Message-ID: <174679381201.27840.223146981248954783@smelt2.prg2.suse.org> # Security update for java-1_8_0-openjdk Announcement ID: SUSE-SU-2025:1524-1 Release Date: 2025-05-09T11:29:11Z Rating: important References: * bsc#1241274 * bsc#1241275 * bsc#1241276 Cross-References: * CVE-2025-21587 * CVE-2025-30691 * CVE-2025-30698 CVSS scores: * CVE-2025-21587 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-21587 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-21587 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-30691 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-30691 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-30691 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-30698 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-30698 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-30698 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u452 (icedtea-3.35.0) Security issues fixed: * CVE-2025-21587: unauthorized creation, deletion or modification of critical data through the JSSE component. (bsc#1241274) * CVE-2025-30691: unauthorized update, insert or delete access to a subset of Oracle Java SE data through the Compiler component. (bsc#1241275) * CVE-2025-30698: unauthorized access to Oracle Java SE data and unauthorized ability to cause partial DoS through the 2D component. (bsc#1241276) Non-security issues fixed: * JDK-8212096: javax/net/ssl/ServerName/SSLEngineExplorerMatchedSNI.java failed intermittently due to SSLException: Tag mismatch. * JDK-8261020: wrong format parameter in create_emergency_chunk_path. * JDK-8266881: enable debug log for SSLEngineExplorerMatchedSNI.java. * JDK-8268457: XML Transformer outputs Unicode supplementary character incorrectly to HTML. * JDK-8309841: Jarsigner should print a warning if an entry is removed. * JDK-8337494: clarify JarInputStream behavior. * JDK-8339637: (tz) update Timezone Data to 2024b. * JDK-8339644: improve parsing of Day/Month in tzdata rules * JDK-8339810: clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract. * JDK-8340552: harden TzdbZoneRulesCompiler against missing zone names. * JDK-8342562: enhance Deflater operations. * JDK-8346587: distrust TLS server certificates anchored by Camerfirma Root CAs. * JDK-8347847: enhance jar file support. * JDK-8347965: (tz) update Timezone Data to 2025a. * JDK-8348211: [8u] sun/management/jmxremote/startstop/JMXStartStopTest.java fails after backport of JDK-8066708. * JDK-8350816: [8u] update TzdbZoneRulesCompiler to ignore HST/EST/MST links. * JDK-8352097: (tz) zone.tab update missed in 2025a backport. * JDK-8353433: XCG currency code not recognized in JDK 8u. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-1524=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1524=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.452-27.114.1 * java-1_8_0-openjdk-debuginfo-1.8.0.452-27.114.1 * java-1_8_0-openjdk-demo-1.8.0.452-27.114.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.452-27.114.1 * java-1_8_0-openjdk-1.8.0.452-27.114.1 * java-1_8_0-openjdk-headless-1.8.0.452-27.114.1 * java-1_8_0-openjdk-devel-1.8.0.452-27.114.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.452-27.114.1 * java-1_8_0-openjdk-debugsource-1.8.0.452-27.114.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.452-27.114.1 * java-1_8_0-openjdk-debuginfo-1.8.0.452-27.114.1 * java-1_8_0-openjdk-demo-1.8.0.452-27.114.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.452-27.114.1 * java-1_8_0-openjdk-1.8.0.452-27.114.1 * java-1_8_0-openjdk-headless-1.8.0.452-27.114.1 * java-1_8_0-openjdk-devel-1.8.0.452-27.114.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.452-27.114.1 * java-1_8_0-openjdk-debugsource-1.8.0.452-27.114.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21587.html * https://www.suse.com/security/cve/CVE-2025-30691.html * https://www.suse.com/security/cve/CVE-2025-30698.html * https://bugzilla.suse.com/show_bug.cgi?id=1241274 * https://bugzilla.suse.com/show_bug.cgi?id=1241275 * https://bugzilla.suse.com/show_bug.cgi?id=1241276 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 9 12:30:14 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 May 2025 12:30:14 -0000 Subject: SUSE-SU-2025:1523-1: moderate: Security update for python-Django Message-ID: <174679381437.27840.16657791827090811575@smelt2.prg2.suse.org> # Security update for python-Django Announcement ID: SUSE-SU-2025:1523-1 Release Date: 2025-05-09T11:27:33Z Rating: moderate References: * bsc#1242210 Cross-References: * CVE-2025-32873 CVSS scores: * CVE-2025-32873 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32873 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for python-Django fixes the following issues: * CVE-2025-32873: Fixed denial-of-service possibility in `strip_tags()` (bsc#1242210) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1523=1 SUSE-2025-1523=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1523=1 ## Package List: * openSUSE Leap 15.6 (noarch) * python311-Django-4.2.11-150600.3.21.1 * SUSE Package Hub 15 15-SP6 (noarch) * python311-Django-4.2.11-150600.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2025-32873.html * https://bugzilla.suse.com/show_bug.cgi?id=1242210 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 9 12:30:17 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 May 2025 12:30:17 -0000 Subject: SUSE-SU-2025:1522-1: moderate: Security update for wireshark Message-ID: <174679381701.27840.10640230811629793944@smelt2.prg2.suse.org> # Security update for wireshark Announcement ID: SUSE-SU-2025:1522-1 Release Date: 2025-05-09T09:34:28Z Rating: moderate References: * bsc#1224259 Cross-References: * CVE-2024-4853 CVSS scores: * CVE-2024-4853 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for wireshark fixes the following issues: * CVE-2024-4853: Fixed denial of service in editcap caused by crafted capture file (bsc#1224259) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1522=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libwscodecs1-debuginfo-2.4.16-48.60.1 * wireshark-2.4.16-48.60.1 * libwireshark9-debuginfo-2.4.16-48.60.1 * libwsutil8-debuginfo-2.4.16-48.60.1 * wireshark-gtk-debuginfo-2.4.16-48.60.1 * libwiretap7-2.4.16-48.60.1 * libwiretap7-debuginfo-2.4.16-48.60.1 * libwireshark9-2.4.16-48.60.1 * wireshark-debugsource-2.4.16-48.60.1 * libwsutil8-2.4.16-48.60.1 * wireshark-debuginfo-2.4.16-48.60.1 * wireshark-gtk-2.4.16-48.60.1 * wireshark-devel-2.4.16-48.60.1 * libwscodecs1-2.4.16-48.60.1 ## References: * https://www.suse.com/security/cve/CVE-2024-4853.html * https://bugzilla.suse.com/show_bug.cgi?id=1224259 -------------- next part -------------- An HTML attachment was scrubbed... URL: