From null at suse.de Mon Sep 1 08:30:09 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 01 Sep 2025 08:30:09 -0000 Subject: SUSE-SU-2025:02522-2: moderate: Security update for libarchive Message-ID: <175671540955.10940.6062799385061379438@smelt2.prg2.suse.org> # Security update for libarchive Announcement ID: SUSE-SU-2025:02522-2 Release Date: 2025-09-01T07:03:59Z Rating: moderate References: * bsc#1244270 * bsc#1244272 Cross-References: * CVE-2025-5914 * CVE-2025-5916 CVSS scores: * CVE-2025-5914 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-5914 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-5914 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-5914 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-5916 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-5916 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2025-5916 ( NVD ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L * CVE-2025-5916 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for libarchive fixes the following issues: * CVE-2025-5916, Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270) * CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-2522=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libarchive13-debuginfo-3.3.3-32.14.1 * libarchive-devel-3.3.3-32.14.1 * libarchive13-3.3.3-32.14.1 * libarchive-debugsource-3.3.3-32.14.1 ## References: * https://www.suse.com/security/cve/CVE-2025-5914.html * https://www.suse.com/security/cve/CVE-2025-5916.html * https://bugzilla.suse.com/show_bug.cgi?id=1244270 * https://bugzilla.suse.com/show_bug.cgi?id=1244272 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 1 16:30:05 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 01 Sep 2025 16:30:05 -0000 Subject: SUSE-SU-2025:02993-2: important: Security update for jetty-minimal Message-ID: <175674420554.13709.5598465535769175005@smelt2.prg2.suse.org> # Security update for jetty-minimal Announcement ID: SUSE-SU-2025:02993-2 Release Date: 2025-09-01T14:04:13Z Rating: important References: * bsc#1244252 Cross-References: * CVE-2025-5115 CVSS scores: * CVE-2025-5115 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-5115 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-5115 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-5115 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for jetty-minimal fixes the following issues: Upgraded to version 9.4.58.v20250814: \- CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol (including DNS over HTTPS) (bsc#1244252) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-2993=1 ## Package List: * openSUSE Leap 15.6 (noarch) * jetty-http-9.4.58-150200.3.34.1 * jetty-io-9.4.58-150200.3.34.1 * jetty-security-9.4.58-150200.3.34.1 * jetty-minimal-javadoc-9.4.58-150200.3.34.1 * jetty-openid-9.4.58-150200.3.34.1 * jetty-util-ajax-9.4.58-150200.3.34.1 * jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1 * jetty-jmx-9.4.58-150200.3.34.1 * jetty-websocket-server-9.4.58-150200.3.34.1 * jetty-plus-9.4.58-150200.3.34.1 * jetty-start-9.4.58-150200.3.34.1 * jetty-jsp-9.4.58-150200.3.34.1 * jetty-quickstart-9.4.58-150200.3.34.1 * jetty-servlets-9.4.58-150200.3.34.1 * jetty-annotations-9.4.58-150200.3.34.1 * jetty-websocket-client-9.4.58-150200.3.34.1 * jetty-servlet-9.4.58-150200.3.34.1 * jetty-webapp-9.4.58-150200.3.34.1 * jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1 * jetty-websocket-common-9.4.58-150200.3.34.1 * jetty-client-9.4.58-150200.3.34.1 * jetty-deploy-9.4.58-150200.3.34.1 * jetty-cdi-9.4.58-150200.3.34.1 * jetty-ant-9.4.58-150200.3.34.1 * jetty-rewrite-9.4.58-150200.3.34.1 * jetty-xml-9.4.58-150200.3.34.1 * jetty-jaas-9.4.58-150200.3.34.1 * jetty-continuation-9.4.58-150200.3.34.1 * jetty-util-9.4.58-150200.3.34.1 * jetty-http-spi-9.4.58-150200.3.34.1 * jetty-server-9.4.58-150200.3.34.1 * jetty-fcgi-9.4.58-150200.3.34.1 * jetty-project-9.4.58-150200.3.34.1 * jetty-websocket-javadoc-9.4.58-150200.3.34.1 * jetty-jndi-9.4.58-150200.3.34.1 * jetty-websocket-servlet-9.4.58-150200.3.34.1 * jetty-websocket-api-9.4.58-150200.3.34.1 * jetty-proxy-9.4.58-150200.3.34.1 ## References: * https://www.suse.com/security/cve/CVE-2025-5115.html * https://bugzilla.suse.com/show_bug.cgi?id=1244252 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 1 16:30:10 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 01 Sep 2025 16:30:10 -0000 Subject: SUSE-SU-2025:03039-1: moderate: Recommended update for nginx Message-ID: <175674421089.13709.11484498144286195224@smelt2.prg2.suse.org> # Recommended update for nginx Announcement ID: SUSE-SU-2025:03039-1 Release Date: 2025-09-01T13:56:42Z Rating: moderate References: * bsc#1246090 Affected Products: * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that has one security fix can now be installed. ## Description: This update for nginx fixes the following issues: * Drop root priviledges while running logrotate (bsc#1246090) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-3039=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3039=1 openSUSE-SLE-15.6-2025-3039=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-3039=1 ## Package List: * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * nginx-1.21.5-150600.10.9.1 * nginx-debugsource-1.21.5-150600.10.9.1 * nginx-debuginfo-1.21.5-150600.10.9.1 * Server Applications Module 15-SP7 (noarch) * nginx-source-1.21.5-150600.10.9.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * nginx-1.21.5-150600.10.9.1 * nginx-debugsource-1.21.5-150600.10.9.1 * nginx-debuginfo-1.21.5-150600.10.9.1 * openSUSE Leap 15.6 (noarch) * nginx-source-1.21.5-150600.10.9.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * nginx-1.21.5-150600.10.9.1 * nginx-debugsource-1.21.5-150600.10.9.1 * nginx-debuginfo-1.21.5-150600.10.9.1 * Server Applications Module 15-SP6 (noarch) * nginx-source-1.21.5-150600.10.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1246090 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 1 16:30:15 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 01 Sep 2025 16:30:15 -0000 Subject: SUSE-SU-2025:03038-1: important: Security update for python-future Message-ID: <175674421551.13709.7297870157387708676@smelt2.prg2.suse.org> # Security update for python-future Announcement ID: SUSE-SU-2025:03038-1 Release Date: 2025-09-01T13:41:08Z Rating: important References: * bsc#1248124 Cross-References: * CVE-2025-50817 CVSS scores: * CVE-2025-50817 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-50817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-50817 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Python 3 Module 15-SP6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-future fixes the following issues: * CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py (bsc#1248124) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3038=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3038=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-3038=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2025-3038=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3038=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3038=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3038=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3038=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3038=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3038=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3038=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3038=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-future-0.18.3-150400.6.6.1 * openSUSE Leap 15.6 (noarch) * python311-future-0.18.3-150400.6.6.1 * Python 3 Module 15-SP6 (noarch) * python311-future-0.18.3-150400.6.6.1 * Python 3 Module 15-SP7 (noarch) * python311-future-0.18.3-150400.6.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python311-future-0.18.3-150400.6.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python311-future-0.18.3-150400.6.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * python311-future-0.18.3-150400.6.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * python311-future-0.18.3-150400.6.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * python311-future-0.18.3-150400.6.6.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * python311-future-0.18.3-150400.6.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python311-future-0.18.3-150400.6.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * python311-future-0.18.3-150400.6.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-50817.html * https://bugzilla.suse.com/show_bug.cgi?id=1248124 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 1 16:30:22 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 01 Sep 2025 16:30:22 -0000 Subject: SUSE-SU-2025:02739-2: moderate: Security update for ruby2.5 Message-ID: <175674422201.13709.11268063075315033437@smelt2.prg2.suse.org> # Security update for ruby2.5 Announcement ID: SUSE-SU-2025:02739-2 Release Date: 2025-09-01T13:05:40Z Rating: moderate References: * bsc#1237805 * bsc#1245254 Cross-References: * CVE-2025-27221 * CVE-2025-6442 CVSS scores: * CVE-2025-27221 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-27221 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-27221 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2025-27221 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2025-6442 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2025-6442 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-6442 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for ruby2.5 fixes the following issues: * CVE-2025-6442: Fixed read_header HTTP Request Smuggling Vulnerability in WEBrick (bsc#1245254) * CVE-2025-27221: Fixed userinfo leakage in URI#join, URI#merge and URI#+ (bsc#1237805) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2739=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2739=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2739=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2739=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2739=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2739=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2739=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2739=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2739=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2739=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2739=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-2739=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2025-2739=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2739=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-2739=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * ruby2.5-devel-2.5.9-150000.4.46.1 * ruby2.5-devel-extra-2.5.9-150000.4.46.1 * ruby2.5-stdlib-2.5.9-150000.4.46.1 * ruby2.5-2.5.9-150000.4.46.1 * libruby2_5-2_5-2.5.9-150000.4.46.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.46.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debugsource-2.5.9-150000.4.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * ruby2.5-devel-2.5.9-150000.4.46.1 * ruby2.5-devel-extra-2.5.9-150000.4.46.1 * ruby2.5-stdlib-2.5.9-150000.4.46.1 * ruby2.5-2.5.9-150000.4.46.1 * libruby2_5-2_5-2.5.9-150000.4.46.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.46.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debugsource-2.5.9-150000.4.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * ruby2.5-devel-2.5.9-150000.4.46.1 * ruby2.5-devel-extra-2.5.9-150000.4.46.1 * ruby2.5-stdlib-2.5.9-150000.4.46.1 * ruby2.5-2.5.9-150000.4.46.1 * libruby2_5-2_5-2.5.9-150000.4.46.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.46.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debugsource-2.5.9-150000.4.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * ruby2.5-devel-2.5.9-150000.4.46.1 * ruby2.5-devel-extra-2.5.9-150000.4.46.1 * ruby2.5-stdlib-2.5.9-150000.4.46.1 * ruby2.5-2.5.9-150000.4.46.1 * libruby2_5-2_5-2.5.9-150000.4.46.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.46.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debugsource-2.5.9-150000.4.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * ruby2.5-devel-2.5.9-150000.4.46.1 * ruby2.5-devel-extra-2.5.9-150000.4.46.1 * ruby2.5-stdlib-2.5.9-150000.4.46.1 * ruby2.5-2.5.9-150000.4.46.1 * libruby2_5-2_5-2.5.9-150000.4.46.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.46.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debugsource-2.5.9-150000.4.46.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * ruby2.5-devel-2.5.9-150000.4.46.1 * ruby2.5-devel-extra-2.5.9-150000.4.46.1 * ruby2.5-stdlib-2.5.9-150000.4.46.1 * ruby2.5-2.5.9-150000.4.46.1 * libruby2_5-2_5-2.5.9-150000.4.46.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.46.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debugsource-2.5.9-150000.4.46.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * ruby2.5-devel-2.5.9-150000.4.46.1 * ruby2.5-devel-extra-2.5.9-150000.4.46.1 * ruby2.5-stdlib-2.5.9-150000.4.46.1 * ruby2.5-2.5.9-150000.4.46.1 * libruby2_5-2_5-2.5.9-150000.4.46.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.46.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debugsource-2.5.9-150000.4.46.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * ruby2.5-devel-2.5.9-150000.4.46.1 * ruby2.5-devel-extra-2.5.9-150000.4.46.1 * ruby2.5-stdlib-2.5.9-150000.4.46.1 * ruby2.5-2.5.9-150000.4.46.1 * libruby2_5-2_5-2.5.9-150000.4.46.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.46.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debugsource-2.5.9-150000.4.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * ruby2.5-devel-2.5.9-150000.4.46.1 * ruby2.5-devel-extra-2.5.9-150000.4.46.1 * ruby2.5-stdlib-2.5.9-150000.4.46.1 * ruby2.5-2.5.9-150000.4.46.1 * libruby2_5-2_5-2.5.9-150000.4.46.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.46.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debugsource-2.5.9-150000.4.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * ruby2.5-devel-2.5.9-150000.4.46.1 * ruby2.5-devel-extra-2.5.9-150000.4.46.1 * ruby2.5-stdlib-2.5.9-150000.4.46.1 * ruby2.5-2.5.9-150000.4.46.1 * libruby2_5-2_5-2.5.9-150000.4.46.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.46.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debugsource-2.5.9-150000.4.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * ruby2.5-devel-2.5.9-150000.4.46.1 * ruby2.5-devel-extra-2.5.9-150000.4.46.1 * ruby2.5-stdlib-2.5.9-150000.4.46.1 * ruby2.5-2.5.9-150000.4.46.1 * libruby2_5-2_5-2.5.9-150000.4.46.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.46.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debugsource-2.5.9-150000.4.46.1 * SUSE Manager Proxy 4.3 (x86_64) * ruby2.5-devel-2.5.9-150000.4.46.1 * ruby2.5-devel-extra-2.5.9-150000.4.46.1 * ruby2.5-stdlib-2.5.9-150000.4.46.1 * ruby2.5-2.5.9-150000.4.46.1 * libruby2_5-2_5-2.5.9-150000.4.46.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.46.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debugsource-2.5.9-150000.4.46.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * ruby2.5-devel-2.5.9-150000.4.46.1 * ruby2.5-devel-extra-2.5.9-150000.4.46.1 * ruby2.5-stdlib-2.5.9-150000.4.46.1 * ruby2.5-2.5.9-150000.4.46.1 * libruby2_5-2_5-2.5.9-150000.4.46.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.46.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debugsource-2.5.9-150000.4.46.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * ruby2.5-devel-2.5.9-150000.4.46.1 * ruby2.5-devel-extra-2.5.9-150000.4.46.1 * ruby2.5-stdlib-2.5.9-150000.4.46.1 * ruby2.5-2.5.9-150000.4.46.1 * libruby2_5-2_5-2.5.9-150000.4.46.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.46.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debugsource-2.5.9-150000.4.46.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * ruby2.5-devel-2.5.9-150000.4.46.1 * ruby2.5-devel-extra-2.5.9-150000.4.46.1 * ruby2.5-stdlib-2.5.9-150000.4.46.1 * ruby2.5-2.5.9-150000.4.46.1 * libruby2_5-2_5-2.5.9-150000.4.46.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.46.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debuginfo-2.5.9-150000.4.46.1 * ruby2.5-debugsource-2.5.9-150000.4.46.1 ## References: * https://www.suse.com/security/cve/CVE-2025-27221.html * https://www.suse.com/security/cve/CVE-2025-6442.html * https://bugzilla.suse.com/show_bug.cgi?id=1237805 * https://bugzilla.suse.com/show_bug.cgi?id=1245254 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 1 16:30:32 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 01 Sep 2025 16:30:32 -0000 Subject: SUSE-SU-2025:03037-1: important: Security update for git Message-ID: <175674423262.13709.7689186945783329462@smelt2.prg2.suse.org> # Security update for git Announcement ID: SUSE-SU-2025:03037-1 Release Date: 2025-09-01T12:46:22Z Rating: important References: * bsc#1245938 * bsc#1245939 * bsc#1245942 * bsc#1245943 * bsc#1245946 * jsc#PED-13447 Cross-References: * CVE-2025-27613 * CVE-2025-27614 * CVE-2025-46835 * CVE-2025-48384 * CVE-2025-48385 CVSS scores: * CVE-2025-27613 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-27613 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2025-27613 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2025-27614 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-27614 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-27614 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-46835 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-46835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2025-46835 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L * CVE-2025-48384 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-48384 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-48384 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2025-48385 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-48385 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-48385 ( NVD ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 LTS * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Retail Branch Server 4.3 LTS * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 LTS An update that solves five vulnerabilities and contains one feature can now be installed. ## Description: This update for git fixes the following issues: Updated to 2.43.7 (jsc#PED-13447): * CVE-2025-27613: Fixed arbitrary writable file creation and truncation in Gitk (bsc#1245938) * CVE-2025-27614: Fixed arbitrary script execution via repo clonation in Gitk (bsc#1245939) * CVE-2025-46835: Fixed arbitrary writable file creation via untrusted repository clonation in Git GUI (bsc#1245942) * CVE-2025-48384: Fixed arbitrary writable file creation when cloning untrusted repositories with submodules using the --recursive flag (bsc#1245943) * CVE-2025-48385: Fixed arbitrary code execution due to protocol injection via fetching advertised bundle (bsc#1245946) Other fixes: * Drop git-credential-gnome-keyring package as it was dropped upstream, use git-credential-libsecret instead * git-add--interactive was removed upstream in favor of built in implementation, which was already the default in SLE. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3037=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-3037=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-3037=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-3037=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3037=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3037=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3037=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3037=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3037=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3037=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3037=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3037=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3037=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3037=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3037=1 * SUSE Manager Proxy 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-3037=1 * SUSE Manager Retail Branch Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-LTS-2025-3037=1 ## Package List: * SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64) * git-core-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-core-debuginfo-2.43.7-150300.10.51.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Enterprise Storage 7.1 (noarch) * git-doc-2.43.7-150300.10.51.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * git-credential-libsecret-2.43.7-150300.10.51.1 * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * git-p4-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-credential-libsecret-debuginfo-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * openSUSE Leap 15.3 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * git-core-debuginfo-2.43.7-150300.10.51.1 * git-svn-2.43.7-150300.10.51.1 * git-web-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * gitk-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-2.43.7-150300.10.51.1 * git-gui-2.43.7-150300.10.51.1 * git-cvs-2.43.7-150300.10.51.1 * git-daemon-2.43.7-150300.10.51.1 * git-core-2.43.7-150300.10.51.1 * git-daemon-debuginfo-2.43.7-150300.10.51.1 * git-arch-2.43.7-150300.10.51.1 * git-email-2.43.7-150300.10.51.1 * perl-Git-2.43.7-150300.10.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * git-doc-2.43.7-150300.10.51.1 * SUSE Manager Proxy 4.3 LTS (x86_64) * git-core-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-core-debuginfo-2.43.7-150300.10.51.1 * SUSE Manager Retail Branch Server 4.3 LTS (x86_64) * git-core-2.43.7-150300.10.51.1 * git-debuginfo-2.43.7-150300.10.51.1 * git-debugsource-2.43.7-150300.10.51.1 * git-core-debuginfo-2.43.7-150300.10.51.1 ## References: * https://www.suse.com/security/cve/CVE-2025-27613.html * https://www.suse.com/security/cve/CVE-2025-27614.html * https://www.suse.com/security/cve/CVE-2025-46835.html * https://www.suse.com/security/cve/CVE-2025-48384.html * https://www.suse.com/security/cve/CVE-2025-48385.html * https://bugzilla.suse.com/show_bug.cgi?id=1245938 * https://bugzilla.suse.com/show_bug.cgi?id=1245939 * https://bugzilla.suse.com/show_bug.cgi?id=1245942 * https://bugzilla.suse.com/show_bug.cgi?id=1245943 * https://bugzilla.suse.com/show_bug.cgi?id=1245946 * https://jira.suse.com/browse/PED-13447 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 2 12:30:07 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 02 Sep 2025 12:30:07 -0000 Subject: SUSE-SU-2025:03046-1: moderate: Security update for govulncheck-vulndb Message-ID: <175681620797.11230.9216069666236493643@smelt2.prg2.suse.org> # Security update for govulncheck-vulndb Announcement ID: SUSE-SU-2025:03046-1 Release Date: 2025-09-02T11:12:43Z Rating: moderate References: * jsc#PED-11136 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that contains one feature can now be installed. ## Description: This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20250829T154226 2025-08-29T15:42:26Z (jsc#PED-11136). Go CVE Numbering Authority IDs added or updated with aliases: * GO-2025-3884 * GO-2025-3892 * GO-2025-3893 * GO-2025-3894 * GO-2025-3895 * GO-2025-3896 * GO-2025-3897 * GO-2025-3900 * GO-2025-3901 * GO-2025-3902 * GO-2025-3903 * GO-2025-3904 * GO-2025-3905 * GO-2025-3906 * GO-2025-3907 * GO-2025-3909 * GO-2025-3910 * GO-2025-3911 * GO-2025-3912 * GO-2025-3913 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3046=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3046=1 ## Package List: * openSUSE Leap 15.6 (noarch) * govulncheck-vulndb-0.0.20250829T154226-150000.1.104.1 * SUSE Package Hub 15 15-SP6 (noarch) * govulncheck-vulndb-0.0.20250829T154226-150000.1.104.1 ## References: * https://jira.suse.com/browse/PED-11136 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 2 16:30:05 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 02 Sep 2025 16:30:05 -0000 Subject: SUSE-SU-2025:03051-1: moderate: Security update for python-eventlet Message-ID: <175683060510.10940.15069682311165388005@smelt2.prg2.suse.org> # Security update for python-eventlet Announcement ID: SUSE-SU-2025:03051-1 Release Date: 2025-09-02T15:38:59Z Rating: moderate References: * bsc#1248994 Cross-References: * CVE-2025-58068 CVSS scores: * CVE-2025-58068 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-58068 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-58068 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-eventlet fixes the following issues: * CVE-2025-58068: improper handling of HTTP trailer sections in WSGI parser leads to HTTP request smuggling (bsc#1248994). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3051=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-3051=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3051=1 ## Package List: * SUSE Package Hub 15 15-SP7 (noarch) * python3-eventlet-0.26.1-150300.3.3.1 * openSUSE Leap 15.3 (noarch) * python3-eventlet-0.26.1-150300.3.3.1 * python2-eventlet-0.26.1-150300.3.3.1 * SUSE Package Hub 15 15-SP6 (noarch) * python3-eventlet-0.26.1-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-58068.html * https://bugzilla.suse.com/show_bug.cgi?id=1248994 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 2 16:30:11 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 02 Sep 2025 16:30:11 -0000 Subject: SUSE-SU-2025:03049-1: important: Security update for python-future Message-ID: <175683061123.10940.5973571435127929315@smelt2.prg2.suse.org> # Security update for python-future Announcement ID: SUSE-SU-2025:03049-1 Release Date: 2025-09-02T15:31:49Z Rating: important References: * bsc#1248124 Cross-References: * CVE-2025-50817 CVSS scores: * CVE-2025-50817 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-50817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-50817 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 LTS * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Retail Branch Server 4.3 LTS * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 LTS An update that solves one vulnerability can now be installed. ## Description: This update for python-future fixes the following issues: * CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py (bsc#1248124) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-3049=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-3049=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-3049=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-3049=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-3049=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-3049=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3049=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3049=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3049=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3049=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3049=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3049=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3049=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3049=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3049=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3049=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3049=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3049=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3049=1 * SUSE Manager Proxy 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-3049=1 * SUSE Manager Retail Branch Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-LTS-2025-3049=1 * SUSE Manager Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3049=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-3049=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-3049=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-3049=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-3049=1 ## Package List: * openSUSE Leap 15.3 (noarch) * python3-future-0.18.2-150300.3.6.1 * python2-future-0.18.2-150300.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-future-0.18.2-150300.3.6.1 * Basesystem Module 15-SP6 (noarch) * python3-future-0.18.2-150300.3.6.1 * Basesystem Module 15-SP7 (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Manager Proxy 4.3 LTS (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Manager Retail Branch Server 4.3 LTS (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Manager Server 4.3 LTS (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Enterprise Storage 7.1 (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-future-0.18.2-150300.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-future-0.18.2-150300.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-50817.html * https://bugzilla.suse.com/show_bug.cgi?id=1248124 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 2 20:30:04 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 02 Sep 2025 20:30:04 -0000 Subject: SUSE-SU-2025:03053-1: important: Security update for ucode-intel Message-ID: <175684500436.9957.12831850912564962995@smelt2.prg2.suse.org> # Security update for ucode-intel Announcement ID: SUSE-SU-2025:03053-1 Release Date: 2025-09-02T17:42:28Z Rating: important References: * bsc#1248438 Cross-References: * CVE-2025-20053 * CVE-2025-20109 * CVE-2025-22839 * CVE-2025-22840 * CVE-2025-22889 * CVE-2025-26403 * CVE-2025-32086 CVSS scores: * CVE-2025-20053 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-20053 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-20053 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-20053 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-20109 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-20109 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-20109 ( NVD ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-20109 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-22839 ( SUSE ): 7.3 CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22839 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2025-22839 ( NVD ): 7.3 CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22839 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2025-22840 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22840 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L * CVE-2025-22840 ( NVD ): 5.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22840 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L * CVE-2025-22889 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22889 ( SUSE ): 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-22889 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22889 ( NVD ): 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-26403 ( SUSE ): 4.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-26403 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-26403 ( NVD ): 4.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-26403 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-32086 ( SUSE ): 4.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-32086 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-32086 ( NVD ): 4.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-32086 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 LTS * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Retail Branch Server 4.3 LTS * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 LTS An update that solves seven vulnerabilities can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Intel CPU Microcode was updated to the 20250812 release (bsc#1248438) * CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access. * CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access * CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. * CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processor with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. * CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. * CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. * CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. * Update for functional issues. * Updated Platforms: Processor Stepping F-M-S/PI Old Ver New Ver Products ARL-H A1 06-c5-02/82 00000118 00000119 Core Ultra Processor (Series 2) ARL-S/HX (8P) B0 06-c6-02/82 00000118 00000119 Core Ultra Processor (Series 2) EMR-SP A1 06-cf-02/87 210002a9 210002b3 Xeon Scalable Gen5 GNR-AP/SP B0 06-ad-01/95 010003a2 010003d0 Xeon Scalable Gen6 GNR-AP/SP H0 06-ad-01/20 0a0000d1 0a000100 Xeon Scalable Gen6 ICL-D B0 06-6c-01/10 010002d0 010002e0 Xeon D-17xx, D-27xx ICX-SP Dx/M1 06-6a-06/87 0d000404 0d000410 Xeon Scalable Gen3 LNL B0 06-bd-01/80 0000011f 00000123 Core Ultra 200 V Series Processor MTL C0 06-aa-04/e6 00000024 00000025 Core? Ultra Processor RPL-H/P/PX 6+8 J0 06-ba-02/e0 00004128 00004129 Core Gen13 RPL-U 2+8 Q0 06-ba-03/e0 00004128 00004129 Core Gen13 SPR-HBM Bx 06-8f-08/10 2c0003f7 2c000401 Xeon Max SPR-SP E4/S2 06-8f-07/87 2b000639 2b000643 Xeon Scalable Gen4 SPR-SP E5/S3 06-8f-08/87 2b000639 2b000643 Xeon Scalable Gen4 SRF-SP C0 06-af-03/01 03000341 03000362 Xeon 6700-Series Processors with E-Cores New Disclosures Updated in Prior Releases: All ADL, RPL, SPR, EMR, MTL, ARL Microcode patches previously released in May 2025. ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3053=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-3053=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-3053=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-3053=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-3053=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-3053=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3053=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3053=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3053=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3053=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3053=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3053=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3053=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3053=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3053=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3053=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3053=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3053=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3053=1 * SUSE Manager Proxy 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-3053=1 * SUSE Manager Retail Branch Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-LTS-2025-3053=1 * SUSE Manager Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3053=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-3053=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-3053=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-3053=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-3053=1 ## Package List: * openSUSE Leap 15.6 (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * ucode-intel-20250812-150200.59.1 * Basesystem Module 15-SP6 (x86_64) * ucode-intel-20250812-150200.59.1 * Basesystem Module 15-SP7 (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Manager Proxy 4.3 LTS (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Manager Retail Branch Server 4.3 LTS (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Manager Server 4.3 LTS (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Enterprise Storage 7.1 (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * ucode-intel-20250812-150200.59.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * ucode-intel-20250812-150200.59.1 ## References: * https://www.suse.com/security/cve/CVE-2025-20053.html * https://www.suse.com/security/cve/CVE-2025-20109.html * https://www.suse.com/security/cve/CVE-2025-22839.html * https://www.suse.com/security/cve/CVE-2025-22840.html * https://www.suse.com/security/cve/CVE-2025-22889.html * https://www.suse.com/security/cve/CVE-2025-26403.html * https://www.suse.com/security/cve/CVE-2025-32086.html * https://bugzilla.suse.com/show_bug.cgi?id=1248438 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 2 20:30:08 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 02 Sep 2025 20:30:08 -0000 Subject: SUSE-SU-2025:03052-1: important: Security update for ucode-intel Message-ID: <175684500810.9957.732937683075035693@smelt2.prg2.suse.org> # Security update for ucode-intel Announcement ID: SUSE-SU-2025:03052-1 Release Date: 2025-09-02T17:41:11Z Rating: important References: * bsc#1248438 Cross-References: * CVE-2025-20053 * CVE-2025-20109 * CVE-2025-22839 * CVE-2025-22840 * CVE-2025-22889 * CVE-2025-26403 * CVE-2025-32086 CVSS scores: * CVE-2025-20053 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-20053 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-20053 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-20053 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-20109 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-20109 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-20109 ( NVD ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-20109 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-22839 ( SUSE ): 7.3 CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22839 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2025-22839 ( NVD ): 7.3 CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22839 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2025-22840 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22840 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L * CVE-2025-22840 ( NVD ): 5.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22840 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L * CVE-2025-22889 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22889 ( SUSE ): 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-22889 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22889 ( NVD ): 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-26403 ( SUSE ): 4.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-26403 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-26403 ( NVD ): 4.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-26403 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-32086 ( SUSE ): 4.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-32086 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-32086 ( NVD ): 4.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-32086 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Intel CPU Microcode was updated to the 20250812 release (bsc#1248438) * CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access. * CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access * CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. * CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processor with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. * CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. * CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. * CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. * Update for functional issues. * Updated Platforms: Processor Stepping F-M-S/PI Old Ver New Ver Products ARL-H A1 06-c5-02/82 00000118 00000119 Core Ultra Processor (Series 2) ARL-S/HX (8P) B0 06-c6-02/82 00000118 00000119 Core Ultra Processor (Series 2) EMR-SP A1 06-cf-02/87 210002a9 210002b3 Xeon Scalable Gen5 GNR-AP/SP B0 06-ad-01/95 010003a2 010003d0 Xeon Scalable Gen6 GNR-AP/SP H0 06-ad-01/20 0a0000d1 0a000100 Xeon Scalable Gen6 ICL-D B0 06-6c-01/10 010002d0 010002e0 Xeon D-17xx, D-27xx ICX-SP Dx/M1 06-6a-06/87 0d000404 0d000410 Xeon Scalable Gen3 LNL B0 06-bd-01/80 0000011f 00000123 Core Ultra 200 V Series Processor MTL C0 06-aa-04/e6 00000024 00000025 Core? Ultra Processor RPL-H/P/PX 6+8 J0 06-ba-02/e0 00004128 00004129 Core Gen13 RPL-U 2+8 Q0 06-ba-03/e0 00004128 00004129 Core Gen13 SPR-HBM Bx 06-8f-08/10 2c0003f7 2c000401 Xeon Max SPR-SP E4/S2 06-8f-07/87 2b000639 2b000643 Xeon Scalable Gen4 SPR-SP E5/S3 06-8f-08/87 2b000639 2b000643 Xeon Scalable Gen4 SRF-SP C0 06-af-03/01 03000341 03000362 Xeon 6700-Series Processors with E-Cores New Disclosures Updated in Prior Releases: All ADL, RPL, SPR, EMR, MTL, ARL Microcode patches previously released in May 2025. ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3052=1 * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-3052=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * ucode-intel-20250812-155.1 * ucode-intel-debugsource-20250812-155.1 * ucode-intel-debuginfo-20250812-155.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (x86_64) * ucode-intel-20250812-155.1 * ucode-intel-debugsource-20250812-155.1 * ucode-intel-debuginfo-20250812-155.1 ## References: * https://www.suse.com/security/cve/CVE-2025-20053.html * https://www.suse.com/security/cve/CVE-2025-20109.html * https://www.suse.com/security/cve/CVE-2025-22839.html * https://www.suse.com/security/cve/CVE-2025-22840.html * https://www.suse.com/security/cve/CVE-2025-22889.html * https://www.suse.com/security/cve/CVE-2025-26403.html * https://www.suse.com/security/cve/CVE-2025-32086.html * https://bugzilla.suse.com/show_bug.cgi?id=1248438 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 3 12:30:04 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 03 Sep 2025 12:30:04 -0000 Subject: SUSE-SU-2025:03056-1: moderate: Security update for munge Message-ID: <175690260448.10940.16573213643128051471@smelt2.prg2.suse.org> # Security update for munge Announcement ID: SUSE-SU-2025:03056-1 Release Date: 2025-09-03T10:48:34Z Rating: moderate References: * bsc#1246088 Affected Products: * HPC Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that has one security fix can now be installed. ## Description: This update for munge fixes the following issues: * Make `logrotate` work on log as user `munge` to prevent local privilege escalation (bsc#1246088). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 15-SP7 zypper in -t patch SUSE-SLE-Module-HPC-15-SP7-2025-3056=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3056=1 ## Package List: * HPC Module 15-SP7 (aarch64 x86_64) * munge-0.5.16-150700.3.3.1 * libmunge2-debuginfo-0.5.16-150700.3.3.1 * munge-debuginfo-0.5.16-150700.3.3.1 * munge-devel-0.5.16-150700.3.3.1 * libmunge2-0.5.16-150700.3.3.1 * munge-debugsource-0.5.16-150700.3.3.1 * SUSE Package Hub 15 15-SP7 (ppc64le s390x) * munge-0.5.16-150700.3.3.1 * libmunge2-debuginfo-0.5.16-150700.3.3.1 * munge-debuginfo-0.5.16-150700.3.3.1 * munge-devel-0.5.16-150700.3.3.1 * libmunge2-0.5.16-150700.3.3.1 * munge-debugsource-0.5.16-150700.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1246088 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 3 16:30:03 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 03 Sep 2025 16:30:03 -0000 Subject: SUSE-SU-2025:03061-1: moderate: Security update for munge Message-ID: <175691700388.25622.298529008617571268@smelt2.prg2.suse.org> # Security update for munge Announcement ID: SUSE-SU-2025:03061-1 Release Date: 2025-09-03T15:51:45Z Rating: moderate References: * bsc#1246088 Affected Products: * HPC Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that has one security fix can now be installed. ## Description: This update for munge fixes the following issues: * Make `logrotate` work on log as user `munge` to prevent local privilege escalation (bsc#1246088). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3061=1 openSUSE-SLE-15.6-2025-3061=1 * HPC Module 15-SP6 zypper in -t patch SUSE-SLE-Module-HPC-15-SP6-2025-3061=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3061=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libmunge2-0.5.15-150600.25.3.1 * munge-debuginfo-0.5.15-150600.25.3.1 * libmunge2-debuginfo-0.5.15-150600.25.3.1 * munge-debugsource-0.5.15-150600.25.3.1 * munge-0.5.15-150600.25.3.1 * munge-devel-0.5.15-150600.25.3.1 * openSUSE Leap 15.6 (x86_64) * libmunge2-32bit-debuginfo-0.5.15-150600.25.3.1 * munge-devel-32bit-0.5.15-150600.25.3.1 * libmunge2-32bit-0.5.15-150600.25.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * munge-devel-64bit-0.5.15-150600.25.3.1 * libmunge2-64bit-debuginfo-0.5.15-150600.25.3.1 * libmunge2-64bit-0.5.15-150600.25.3.1 * HPC Module 15-SP6 (aarch64 x86_64) * libmunge2-0.5.15-150600.25.3.1 * munge-debuginfo-0.5.15-150600.25.3.1 * libmunge2-debuginfo-0.5.15-150600.25.3.1 * munge-debugsource-0.5.15-150600.25.3.1 * munge-0.5.15-150600.25.3.1 * munge-devel-0.5.15-150600.25.3.1 * SUSE Package Hub 15 15-SP6 (ppc64le s390x) * libmunge2-0.5.15-150600.25.3.1 * munge-debuginfo-0.5.15-150600.25.3.1 * libmunge2-debuginfo-0.5.15-150600.25.3.1 * munge-debugsource-0.5.15-150600.25.3.1 * munge-0.5.15-150600.25.3.1 * munge-devel-0.5.15-150600.25.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1246088 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 3 16:30:09 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 03 Sep 2025 16:30:09 -0000 Subject: SUSE-SU-2025:03018-2: important: Security update for postgresql15 Message-ID: <175691700966.25622.18288717374212254683@smelt2.prg2.suse.org> # Security update for postgresql15 Announcement ID: SUSE-SU-2025:03018-2 Release Date: 2025-09-03T14:29:44Z Rating: important References: * bsc#1248119 * bsc#1248120 * bsc#1248122 Cross-References: * CVE-2025-8713 * CVE-2025-8714 * CVE-2025-8715 CVSS scores: * CVE-2025-8713 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-8713 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-8713 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-8714 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-8714 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-8714 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-8715 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-8715 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-8715 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Legacy Module 15-SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for postgresql15 fixes the following issues: Upgrade to 15.14: * CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table (bsc#1248120). * CVE-2025-8714: untrusted data inclusion in `pg_dump` lets superuser of origin server execute arbitrary code in psql client (bsc#1248122). * CVE-2025-8715: improper neutralization of newlines in `pg_dump` allows execution of arbitrary code in psql client and in restore target server (bsc#1248119). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Legacy Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2025-3018=1 ## Package List: * Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64) * postgresql15-plperl-15.14-150600.16.20.1 * postgresql15-server-debuginfo-15.14-150600.16.20.1 * postgresql15-pltcl-debuginfo-15.14-150600.16.20.1 * postgresql15-15.14-150600.16.20.1 * postgresql15-contrib-15.14-150600.16.20.1 * postgresql15-devel-debuginfo-15.14-150600.16.20.1 * postgresql15-pltcl-15.14-150600.16.20.1 * postgresql15-plpython-debuginfo-15.14-150600.16.20.1 * postgresql15-server-devel-debuginfo-15.14-150600.16.20.1 * postgresql15-devel-15.14-150600.16.20.1 * postgresql15-contrib-debuginfo-15.14-150600.16.20.1 * postgresql15-debugsource-15.14-150600.16.20.1 * postgresql15-plperl-debuginfo-15.14-150600.16.20.1 * postgresql15-server-15.14-150600.16.20.1 * postgresql15-plpython-15.14-150600.16.20.1 * postgresql15-debuginfo-15.14-150600.16.20.1 * postgresql15-server-devel-15.14-150600.16.20.1 ## References: * https://www.suse.com/security/cve/CVE-2025-8713.html * https://www.suse.com/security/cve/CVE-2025-8714.html * https://www.suse.com/security/cve/CVE-2025-8715.html * https://bugzilla.suse.com/show_bug.cgi?id=1248119 * https://bugzilla.suse.com/show_bug.cgi?id=1248120 * https://bugzilla.suse.com/show_bug.cgi?id=1248122 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 3 16:30:16 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 03 Sep 2025 16:30:16 -0000 Subject: SUSE-SU-2025:03057-1: low: Security update for python-aiohttp Message-ID: <175691701661.25622.14737225620522536354@smelt2.prg2.suse.org> # Security update for python-aiohttp Announcement ID: SUSE-SU-2025:03057-1 Release Date: 2025-09-03T12:48:52Z Rating: low References: * bsc#1246517 Cross-References: * CVE-2025-53643 CVSS scores: * CVE-2025-53643 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-53643 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2025-53643 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-53643 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Python 3 Module 15-SP6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-aiohttp fixes the following issues: * CVE-2025-53643: Fixed request smuggling due to incorrect parsing of chunked trailer section (bsc#1246517) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3057=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2025-3057=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-3057=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2025-3057=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3057=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python-aiohttp-debugsource-3.9.3-150400.10.33.1 * python311-aiohttp-3.9.3-150400.10.33.1 * python311-aiohttp-debuginfo-3.9.3-150400.10.33.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python311-aiohttp-3.9.3-150400.10.33.1 * Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64) * python-aiohttp-debugsource-3.9.3-150400.10.33.1 * python311-aiohttp-3.9.3-150400.10.33.1 * python311-aiohttp-debuginfo-3.9.3-150400.10.33.1 * Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python-aiohttp-debugsource-3.9.3-150400.10.33.1 * python311-aiohttp-3.9.3-150400.10.33.1 * python311-aiohttp-debuginfo-3.9.3-150400.10.33.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python-aiohttp-debugsource-3.9.3-150400.10.33.1 * python311-aiohttp-3.9.3-150400.10.33.1 * python311-aiohttp-debuginfo-3.9.3-150400.10.33.1 ## References: * https://www.suse.com/security/cve/CVE-2025-53643.html * https://bugzilla.suse.com/show_bug.cgi?id=1246517 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 3 20:30:16 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 03 Sep 2025 20:30:16 -0000 Subject: SUSE-SU-2025:03062-1: important: Security update for nvidia-open-driver-G06-signed Message-ID: <175693141657.25430.10868304254083741497@smelt2.prg2.suse.org> # Security update for nvidia-open-driver-G06-signed Announcement ID: SUSE-SU-2025:03062-1 Release Date: 2025-09-03T16:06:55Z Rating: important References: * bsc#1236191 * bsc#1236658 * bsc#1236746 * bsc#1237308 * bsc#1237585 * bsc#1239139 * bsc#1239653 * bsc#1241231 * bsc#1242054 * bsc#1243192 * bsc#1244614 * bsc#1246010 * bsc#1246327 * bsc#1247528 * bsc#1247529 * bsc#1247530 * bsc#1247531 * bsc#1247532 Cross-References: * CVE-2025-23277 * CVE-2025-23278 * CVE-2025-23279 * CVE-2025-23283 * CVE-2025-23286 CVSS scores: * CVE-2025-23277 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-23277 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-23278 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-23278 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-23279 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-23279 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-23283 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-23283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-23286 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2025-23286 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities and has 13 security fixes can now be installed. ## Description: This update for nvidia-open-driver-G06-signed fixes the following issues: Updated CUDA variant to 580.65.06: * CVE-2025-23277: Fixed access memory outside bounds permitted under normal use cases in NVIDIA Display Driver (bsc#1247528) * CVE-2025-23278: Fixed improper index validation by issuing a call with crafted parameters in NVIDIA Display Driver (bsc#1247529) * CVE-2025-23286: Fixed invalid memory read in NVIDIA GPU Display Driver (bsc#1247530) * CVE-2025-23283: Fixed stack buffer overflow triggerable by a malicious guest in Virtual GPU Manager in NVIDIA vGPU software (bsc#1247531) * CVE-2025-23279: Fixed race condition that lead to privileges escalations in NVIDIA .run Installer (bsc#1247532) Updated non-CUDA variant to 570.172.08 (bsc#1246327) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-3062=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-3062=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3062=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3062=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3062=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3062=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-570.172.08_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-kmp-default-580.65.06_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-default-devel-570.172.08-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-default-devel-580.65.06-150500.3.73.7 * nvidia-open-driver-G06-signed-debugsource-570.172.08-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-580.65.06_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-debugsource-580.65.06-150500.3.73.7 * nv-prefer-signed-open-driver-580.65.06-150500.3.73.7 * nvidia-open-driver-G06-signed-kmp-default-570.172.08_k5.14.21_150500.55.116-150500.3.73.7 * openSUSE Leap 15.5 (aarch64) * nvidia-open-driver-G06-signed-cuda-kmp-64kb-580.65.06_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-kmp-64kb-debuginfo-580.65.06_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-64kb-devel-580.65.06-150500.3.73.7 * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-570.172.08_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-64kb-devel-570.172.08-150500.3.73.7 * nvidia-open-driver-G06-signed-kmp-64kb-570.172.08_k5.14.21_150500.55.116-150500.3.73.7 * SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-570.172.08_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-kmp-default-580.65.06_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-debugsource-570.172.08-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-580.65.06_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-debugsource-580.65.06-150500.3.73.7 * nv-prefer-signed-open-driver-580.65.06-150500.3.73.7 * nvidia-open-driver-G06-signed-kmp-default-570.172.08_k5.14.21_150500.55.116-150500.3.73.7 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-570.172.08_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-kmp-default-580.65.06_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-default-devel-580.65.06-150500.3.73.7 * nvidia-open-driver-G06-signed-default-devel-570.172.08-150500.3.73.7 * nvidia-open-driver-G06-signed-debugsource-570.172.08-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-580.65.06_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-debugsource-580.65.06-150500.3.73.7 * nv-prefer-signed-open-driver-580.65.06-150500.3.73.7 * nvidia-open-driver-G06-signed-kmp-default-570.172.08_k5.14.21_150500.55.116-150500.3.73.7 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64) * nvidia-open-driver-G06-signed-cuda-kmp-64kb-580.65.06_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-kmp-64kb-debuginfo-580.65.06_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-64kb-devel-580.65.06-150500.3.73.7 * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-570.172.08_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-64kb-devel-570.172.08-150500.3.73.7 * nvidia-open-driver-G06-signed-kmp-64kb-570.172.08_k5.14.21_150500.55.116-150500.3.73.7 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-570.172.08_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-kmp-default-580.65.06_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-default-devel-580.65.06-150500.3.73.7 * nvidia-open-driver-G06-signed-default-devel-570.172.08-150500.3.73.7 * nvidia-open-driver-G06-signed-debugsource-570.172.08-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-580.65.06_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-debugsource-580.65.06-150500.3.73.7 * nv-prefer-signed-open-driver-580.65.06-150500.3.73.7 * nvidia-open-driver-G06-signed-kmp-default-570.172.08_k5.14.21_150500.55.116-150500.3.73.7 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64) * nvidia-open-driver-G06-signed-cuda-kmp-64kb-580.65.06_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-kmp-64kb-debuginfo-580.65.06_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-64kb-devel-580.65.06-150500.3.73.7 * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-570.172.08_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-64kb-devel-570.172.08-150500.3.73.7 * nvidia-open-driver-G06-signed-kmp-64kb-570.172.08_k5.14.21_150500.55.116-150500.3.73.7 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-570.172.08_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-kmp-default-580.65.06_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-default-devel-580.65.06-150500.3.73.7 * nvidia-open-driver-G06-signed-default-devel-570.172.08-150500.3.73.7 * nvidia-open-driver-G06-signed-debugsource-570.172.08-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-580.65.06_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-debugsource-580.65.06-150500.3.73.7 * nv-prefer-signed-open-driver-580.65.06-150500.3.73.7 * nvidia-open-driver-G06-signed-kmp-default-570.172.08_k5.14.21_150500.55.116-150500.3.73.7 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64) * nvidia-open-driver-G06-signed-cuda-kmp-64kb-580.65.06_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-kmp-64kb-debuginfo-580.65.06_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-64kb-devel-580.65.06-150500.3.73.7 * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-570.172.08_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-64kb-devel-570.172.08-150500.3.73.7 * nvidia-open-driver-G06-signed-kmp-64kb-570.172.08_k5.14.21_150500.55.116-150500.3.73.7 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-570.172.08_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-kmp-default-580.65.06_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-default-devel-580.65.06-150500.3.73.7 * nvidia-open-driver-G06-signed-default-devel-570.172.08-150500.3.73.7 * nvidia-open-driver-G06-signed-debugsource-570.172.08-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-580.65.06_k5.14.21_150500.55.116-150500.3.73.7 * nvidia-open-driver-G06-signed-cuda-debugsource-580.65.06-150500.3.73.7 * nv-prefer-signed-open-driver-580.65.06-150500.3.73.7 * nvidia-open-driver-G06-signed-kmp-default-570.172.08_k5.14.21_150500.55.116-150500.3.73.7 ## References: * https://www.suse.com/security/cve/CVE-2025-23277.html * https://www.suse.com/security/cve/CVE-2025-23278.html * https://www.suse.com/security/cve/CVE-2025-23279.html * https://www.suse.com/security/cve/CVE-2025-23283.html * https://www.suse.com/security/cve/CVE-2025-23286.html * https://bugzilla.suse.com/show_bug.cgi?id=1236191 * https://bugzilla.suse.com/show_bug.cgi?id=1236658 * https://bugzilla.suse.com/show_bug.cgi?id=1236746 * https://bugzilla.suse.com/show_bug.cgi?id=1237308 * https://bugzilla.suse.com/show_bug.cgi?id=1237585 * https://bugzilla.suse.com/show_bug.cgi?id=1239139 * https://bugzilla.suse.com/show_bug.cgi?id=1239653 * https://bugzilla.suse.com/show_bug.cgi?id=1241231 * https://bugzilla.suse.com/show_bug.cgi?id=1242054 * https://bugzilla.suse.com/show_bug.cgi?id=1243192 * https://bugzilla.suse.com/show_bug.cgi?id=1244614 * https://bugzilla.suse.com/show_bug.cgi?id=1246010 * https://bugzilla.suse.com/show_bug.cgi?id=1246327 * https://bugzilla.suse.com/show_bug.cgi?id=1247528 * https://bugzilla.suse.com/show_bug.cgi?id=1247529 * https://bugzilla.suse.com/show_bug.cgi?id=1247530 * https://bugzilla.suse.com/show_bug.cgi?id=1247531 * https://bugzilla.suse.com/show_bug.cgi?id=1247532 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 4 12:30:06 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 04 Sep 2025 12:30:06 -0000 Subject: SUSE-SU-2025:03077-1: moderate: Security update for rav1e Message-ID: <175698900692.21815.13101699951947742019@smelt2.prg2.suse.org> # Security update for rav1e Announcement ID: SUSE-SU-2025:03077-1 Release Date: 2025-09-04T10:55:03Z Rating: moderate References: * bsc#1230028 * bsc#1247207 Cross-References: * CVE-2024-58266 CVSS scores: * CVE-2024-58266 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-58266 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-58266 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2024-58266 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for rav1e fixes the following issues: * CVE-2024-58266: shlex: Fixed certain bytes allowed to appear unquoted and unescaped in command arguments (bsc#1247207) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3077=1 SUSE-2025-3077=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3077=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3077=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * librav1e0_6-debuginfo-0.6.6-150600.3.6.1 * rav1e-debuginfo-0.6.6-150600.3.6.1 * librav1e0_6-0.6.6-150600.3.6.1 * rav1e-devel-0.6.6-150600.3.6.1 * rav1e-0.6.6-150600.3.6.1 * rav1e-debugsource-0.6.6-150600.3.6.1 * openSUSE Leap 15.6 (x86_64) * librav1e0_6-32bit-0.6.6-150600.3.6.1 * librav1e0_6-32bit-debuginfo-0.6.6-150600.3.6.1 * openSUSE Leap 15.6 (aarch64_ilp32) * librav1e0_6-64bit-0.6.6-150600.3.6.1 * librav1e0_6-64bit-debuginfo-0.6.6-150600.3.6.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * rav1e-debuginfo-0.6.6-150600.3.6.1 * rav1e-debugsource-0.6.6-150600.3.6.1 * librav1e0_6-0.6.6-150600.3.6.1 * librav1e0_6-debuginfo-0.6.6-150600.3.6.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * rav1e-debuginfo-0.6.6-150600.3.6.1 * rav1e-debugsource-0.6.6-150600.3.6.1 * librav1e0_6-0.6.6-150600.3.6.1 * librav1e0_6-debuginfo-0.6.6-150600.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-58266.html * https://bugzilla.suse.com/show_bug.cgi?id=1230028 * https://bugzilla.suse.com/show_bug.cgi?id=1247207 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 4 12:30:10 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 04 Sep 2025 12:30:10 -0000 Subject: SUSE-SU-2025:03076-1: important: Security update for ovmf Message-ID: <175698901029.21815.8289913141432757966@smelt2.prg2.suse.org> # Security update for ovmf Announcement ID: SUSE-SU-2025:03076-1 Release Date: 2025-09-04T10:51:25Z Rating: important References: * bsc#1218879 * bsc#1218880 Cross-References: * CVE-2023-45229 * CVE-2023-45230 CVSS scores: * CVE-2023-45229 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-45229 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-45230 ( SUSE ): 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H * CVE-2023-45230 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45230 ( NVD ): 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for ovmf fixes the following issues: * CVE-2023-45229: Fixed integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message (bsc#1218879) * CVE-2023-45230: Fixed buffer overflow in the DHCPv6 client via a long Server ID option (bsc#1218880) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-3076=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3076=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 x86_64) * ovmf-tools-2017+git1510945757.b2662641d5-3.46.1 * ovmf-2017+git1510945757.b2662641d5-3.46.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.46.1 * qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.46.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * ovmf-tools-2017+git1510945757.b2662641d5-3.46.1 * ovmf-2017+git1510945757.b2662641d5-3.46.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.46.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45229.html * https://www.suse.com/security/cve/CVE-2023-45230.html * https://bugzilla.suse.com/show_bug.cgi?id=1218879 * https://bugzilla.suse.com/show_bug.cgi?id=1218880 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 4 12:30:13 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 04 Sep 2025 12:30:13 -0000 Subject: SUSE-SU-2025:03075-1: important: Security update for gimp Message-ID: <175698901341.21815.9674888512731621766@smelt2.prg2.suse.org> # Security update for gimp Announcement ID: SUSE-SU-2025:03075-1 Release Date: 2025-09-04T10:48:32Z Rating: important References: * bsc#1241690 Cross-References: * CVE-2025-2760 CVSS scores: * CVE-2025-2760 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2025-2760 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-2760 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for gimp fixes the following issues: * CVE-2025-2760: lack of proper validation of user-supplied data in DDS parser can lead to integer overflow and remote code execution (bsc#1241690). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3075=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3075=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3075=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3075=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-3075=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2025-3075=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gimp-plugin-aa-2.10.30-150400.3.26.1 * libgimpui-2_0-0-2.10.30-150400.3.26.1 * gimp-2.10.30-150400.3.26.1 * gimp-devel-2.10.30-150400.3.26.1 * libgimp-2_0-0-2.10.30-150400.3.26.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.26.1 * gimp-devel-debuginfo-2.10.30-150400.3.26.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.26.1 * gimp-debuginfo-2.10.30-150400.3.26.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.26.1 * gimp-debugsource-2.10.30-150400.3.26.1 * openSUSE Leap 15.4 (noarch) * gimp-lang-2.10.30-150400.3.26.1 * openSUSE Leap 15.4 (x86_64) * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.26.1 * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.26.1 * libgimpui-2_0-0-32bit-2.10.30-150400.3.26.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.26.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgimp-2_0-0-64bit-2.10.30-150400.3.26.1 * libgimp-2_0-0-64bit-debuginfo-2.10.30-150400.3.26.1 * libgimpui-2_0-0-64bit-debuginfo-2.10.30-150400.3.26.1 * libgimpui-2_0-0-64bit-2.10.30-150400.3.26.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * gimp-plugin-aa-2.10.30-150400.3.26.1 * libgimpui-2_0-0-2.10.30-150400.3.26.1 * gimp-2.10.30-150400.3.26.1 * gimp-devel-2.10.30-150400.3.26.1 * libgimp-2_0-0-2.10.30-150400.3.26.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.26.1 * gimp-devel-debuginfo-2.10.30-150400.3.26.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.26.1 * gimp-debuginfo-2.10.30-150400.3.26.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.26.1 * gimp-debugsource-2.10.30-150400.3.26.1 * openSUSE Leap 15.6 (noarch) * gimp-lang-2.10.30-150400.3.26.1 * openSUSE Leap 15.6 (x86_64) * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.26.1 * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.26.1 * libgimpui-2_0-0-32bit-2.10.30-150400.3.26.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.26.1 * SUSE Package Hub 15 15-SP6 (aarch64) * gimp-plugin-aa-2.10.30-150400.3.26.1 * gimp-2.10.30-150400.3.26.1 * gimp-devel-2.10.30-150400.3.26.1 * gimp-devel-debuginfo-2.10.30-150400.3.26.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.26.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x) * libgimpui-2_0-0-2.10.30-150400.3.26.1 * libgimp-2_0-0-2.10.30-150400.3.26.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.26.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.26.1 * gimp-debuginfo-2.10.30-150400.3.26.1 * gimp-debugsource-2.10.30-150400.3.26.1 * SUSE Package Hub 15 15-SP6 (noarch) * gimp-lang-2.10.30-150400.3.26.1 * SUSE Package Hub 15 15-SP7 (aarch64) * gimp-plugin-aa-2.10.30-150400.3.26.1 * gimp-2.10.30-150400.3.26.1 * gimp-devel-2.10.30-150400.3.26.1 * gimp-devel-debuginfo-2.10.30-150400.3.26.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.26.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * libgimpui-2_0-0-2.10.30-150400.3.26.1 * libgimp-2_0-0-2.10.30-150400.3.26.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.26.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.26.1 * gimp-debuginfo-2.10.30-150400.3.26.1 * gimp-debugsource-2.10.30-150400.3.26.1 * SUSE Package Hub 15 15-SP7 (noarch) * gimp-lang-2.10.30-150400.3.26.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * libgimpui-2_0-0-2.10.30-150400.3.26.1 * gimp-2.10.30-150400.3.26.1 * gimp-devel-2.10.30-150400.3.26.1 * libgimp-2_0-0-2.10.30-150400.3.26.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.26.1 * gimp-devel-debuginfo-2.10.30-150400.3.26.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.26.1 * gimp-debuginfo-2.10.30-150400.3.26.1 * gimp-debugsource-2.10.30-150400.3.26.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (noarch) * gimp-lang-2.10.30-150400.3.26.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * libgimpui-2_0-0-2.10.30-150400.3.26.1 * gimp-2.10.30-150400.3.26.1 * gimp-devel-2.10.30-150400.3.26.1 * libgimp-2_0-0-2.10.30-150400.3.26.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.26.1 * gimp-devel-debuginfo-2.10.30-150400.3.26.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.26.1 * gimp-debuginfo-2.10.30-150400.3.26.1 * gimp-debugsource-2.10.30-150400.3.26.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * gimp-lang-2.10.30-150400.3.26.1 ## References: * https://www.suse.com/security/cve/CVE-2025-2760.html * https://bugzilla.suse.com/show_bug.cgi?id=1241690 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 4 12:30:16 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 04 Sep 2025 12:30:16 -0000 Subject: SUSE-SU-2025:03074-1: important: Security update for python-Django Message-ID: <175698901639.21815.13195727125024753235@smelt2.prg2.suse.org> # Security update for python-Django Announcement ID: SUSE-SU-2025:03074-1 Release Date: 2025-09-04T10:46:31Z Rating: important References: * bsc#1248810 Cross-References: * CVE-2025-57833 CVSS scores: * CVE-2025-57833 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-57833 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-Django fixes the following issues: * CVE-2025-57833: Fixed potential SQL injection in FilteredRelation column aliases (bsc#1248810) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3074=1 openSUSE-SLE-15.6-2025-3074=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3074=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3074=1 ## Package List: * openSUSE Leap 15.6 (noarch) * python311-Django-4.2.11-150600.3.30.1 * SUSE Package Hub 15 15-SP6 (noarch) * python311-Django-4.2.11-150600.3.30.1 * SUSE Package Hub 15 15-SP7 (noarch) * python311-Django-4.2.11-150600.3.30.1 ## References: * https://www.suse.com/security/cve/CVE-2025-57833.html * https://bugzilla.suse.com/show_bug.cgi?id=1248810 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 4 12:30:19 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 04 Sep 2025 12:30:19 -0000 Subject: SUSE-SU-2025:02814-2: moderate: Security update for ruby2.5 Message-ID: <175698901909.21815.7238879832572545561@smelt2.prg2.suse.org> # Security update for ruby2.5 Announcement ID: SUSE-SU-2025:02814-2 Release Date: 2025-09-04T09:16:59Z Rating: moderate References: * bsc#1225905 Cross-References: * CVE-2024-35221 CVSS scores: * CVE-2024-35221 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 LTS * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Retail Branch Server 4.3 LTS * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 LTS An update that solves one vulnerability can now be installed. ## Description: This update for ruby2.5 fixes the following issues: * CVE-2024-35221: Fixed remote denial of service via YAML manifest (bsc#1225905) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Retail Branch Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-LTS-2025-2814=1 * SUSE Manager Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-2814=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-2814=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2814=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2814=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2814=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2814=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2814=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2814=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2814=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2814=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2814=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2814=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2814=1 * SUSE Manager Proxy 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-2814=1 ## Package List: * SUSE Manager Retail Branch Server 4.3 LTS (x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.49.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-stdlib-2.5.9-150000.4.49.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-devel-2.5.9-150000.4.49.1 * ruby2.5-2.5.9-150000.4.49.1 * libruby2_5-2_5-2.5.9-150000.4.49.1 * ruby2.5-debugsource-2.5.9-150000.4.49.1 * SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.49.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-stdlib-2.5.9-150000.4.49.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-devel-2.5.9-150000.4.49.1 * ruby2.5-2.5.9-150000.4.49.1 * libruby2_5-2_5-2.5.9-150000.4.49.1 * ruby2.5-debugsource-2.5.9-150000.4.49.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.49.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-stdlib-2.5.9-150000.4.49.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-devel-2.5.9-150000.4.49.1 * ruby2.5-2.5.9-150000.4.49.1 * libruby2_5-2_5-2.5.9-150000.4.49.1 * ruby2.5-debugsource-2.5.9-150000.4.49.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.49.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-stdlib-2.5.9-150000.4.49.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-devel-2.5.9-150000.4.49.1 * ruby2.5-2.5.9-150000.4.49.1 * libruby2_5-2_5-2.5.9-150000.4.49.1 * ruby2.5-debugsource-2.5.9-150000.4.49.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.49.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-stdlib-2.5.9-150000.4.49.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-devel-2.5.9-150000.4.49.1 * ruby2.5-2.5.9-150000.4.49.1 * libruby2_5-2_5-2.5.9-150000.4.49.1 * ruby2.5-debugsource-2.5.9-150000.4.49.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.49.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-stdlib-2.5.9-150000.4.49.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-devel-2.5.9-150000.4.49.1 * ruby2.5-2.5.9-150000.4.49.1 * libruby2_5-2_5-2.5.9-150000.4.49.1 * ruby2.5-debugsource-2.5.9-150000.4.49.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.49.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-stdlib-2.5.9-150000.4.49.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-devel-2.5.9-150000.4.49.1 * ruby2.5-2.5.9-150000.4.49.1 * libruby2_5-2_5-2.5.9-150000.4.49.1 * ruby2.5-debugsource-2.5.9-150000.4.49.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.49.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-stdlib-2.5.9-150000.4.49.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-devel-2.5.9-150000.4.49.1 * ruby2.5-2.5.9-150000.4.49.1 * libruby2_5-2_5-2.5.9-150000.4.49.1 * ruby2.5-debugsource-2.5.9-150000.4.49.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.49.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-stdlib-2.5.9-150000.4.49.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-devel-2.5.9-150000.4.49.1 * ruby2.5-2.5.9-150000.4.49.1 * libruby2_5-2_5-2.5.9-150000.4.49.1 * ruby2.5-debugsource-2.5.9-150000.4.49.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.49.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-stdlib-2.5.9-150000.4.49.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-devel-2.5.9-150000.4.49.1 * ruby2.5-2.5.9-150000.4.49.1 * libruby2_5-2_5-2.5.9-150000.4.49.1 * ruby2.5-debugsource-2.5.9-150000.4.49.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.49.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-stdlib-2.5.9-150000.4.49.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-devel-2.5.9-150000.4.49.1 * ruby2.5-2.5.9-150000.4.49.1 * libruby2_5-2_5-2.5.9-150000.4.49.1 * ruby2.5-debugsource-2.5.9-150000.4.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.49.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-stdlib-2.5.9-150000.4.49.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-devel-2.5.9-150000.4.49.1 * ruby2.5-2.5.9-150000.4.49.1 * libruby2_5-2_5-2.5.9-150000.4.49.1 * ruby2.5-debugsource-2.5.9-150000.4.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.49.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-stdlib-2.5.9-150000.4.49.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-devel-2.5.9-150000.4.49.1 * ruby2.5-2.5.9-150000.4.49.1 * libruby2_5-2_5-2.5.9-150000.4.49.1 * ruby2.5-debugsource-2.5.9-150000.4.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.49.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-stdlib-2.5.9-150000.4.49.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-devel-2.5.9-150000.4.49.1 * ruby2.5-2.5.9-150000.4.49.1 * libruby2_5-2_5-2.5.9-150000.4.49.1 * ruby2.5-debugsource-2.5.9-150000.4.49.1 * SUSE Manager Proxy 4.3 LTS (x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.49.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-stdlib-2.5.9-150000.4.49.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-devel-2.5.9-150000.4.49.1 * ruby2.5-2.5.9-150000.4.49.1 * libruby2_5-2_5-2.5.9-150000.4.49.1 * ruby2.5-debugsource-2.5.9-150000.4.49.1 ## References: * https://www.suse.com/security/cve/CVE-2024-35221.html * https://bugzilla.suse.com/show_bug.cgi?id=1225905 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 4 12:30:21 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 04 Sep 2025 12:30:21 -0000 Subject: SUSE-SU-2025:03073-1: important: Security update for redis Message-ID: <175698902195.21815.8461444049019928935@smelt2.prg2.suse.org> # Security update for redis Announcement ID: SUSE-SU-2025:03073-1 Release Date: 2025-09-04T08:52:39Z Rating: important References: * bsc#1246058 * bsc#1246059 Cross-References: * CVE-2025-32023 * CVE-2025-48367 CVSS scores: * CVE-2025-32023 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-32023 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-32023 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-48367 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-48367 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-48367 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for redis fixes the following issues: * CVE-2025-32023: Fixed out-of-bounds write when working with HyperLogLog commands can lead to remote code execution. (bsc#1246059) * CVE-2025-48367: Fixed unauthenticated connection causing repeated IP protocol erros can lead to client starvation and DoS. (bsc#1246058) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3073=1 openSUSE-SLE-15.6-2025-3073=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-3073=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * redis-7.2.4-150600.3.15.1 * redis-debuginfo-7.2.4-150600.3.15.1 * redis-debugsource-7.2.4-150600.3.15.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * redis-7.2.4-150600.3.15.1 * redis-debuginfo-7.2.4-150600.3.15.1 * redis-debugsource-7.2.4-150600.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2025-32023.html * https://www.suse.com/security/cve/CVE-2025-48367.html * https://bugzilla.suse.com/show_bug.cgi?id=1246058 * https://bugzilla.suse.com/show_bug.cgi?id=1246059 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 4 16:30:04 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 04 Sep 2025 16:30:04 -0000 Subject: SUSE-SU-2025:00614-1: important: Security update for postgresql15 Message-ID: <175700340488.25622.3834939772948078062@smelt2.prg2.suse.org> # Security update for postgresql15 Announcement ID: SUSE-SU-2025:00614-1 Release Date: 2025-09-04T13:26:20Z Rating: important References: * bsc#1237093 Cross-References: * CVE-2025-1094 CVSS scores: * CVE-2025-1094 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-1094 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-1094 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Legacy Module 15-SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for postgresql15 fixes the following issues: Upgrade to 15.12: * CVE-2025-1094: Harden PQescapeString and allied functions against invalidly- encoded input strings (bsc#1237093). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Legacy Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2025-614=1 ## Package List: * Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64) * postgresql15-contrib-15.12-150600.16.14.1 * postgresql15-devel-15.12-150600.16.14.1 * postgresql15-pltcl-debuginfo-15.12-150600.16.14.1 * postgresql15-15.12-150600.16.14.1 * postgresql15-plperl-15.12-150600.16.14.1 * postgresql15-plpython-15.12-150600.16.14.1 * postgresql15-server-debuginfo-15.12-150600.16.14.1 * postgresql15-plpython-debuginfo-15.12-150600.16.14.1 * postgresql15-server-devel-15.12-150600.16.14.1 * postgresql15-debuginfo-15.12-150600.16.14.1 * postgresql15-server-devel-debuginfo-15.12-150600.16.14.1 * postgresql15-pltcl-15.12-150600.16.14.1 * postgresql15-contrib-debuginfo-15.12-150600.16.14.1 * postgresql15-plperl-debuginfo-15.12-150600.16.14.1 * postgresql15-server-15.12-150600.16.14.1 * postgresql15-debugsource-15.12-150600.16.14.1 * postgresql15-devel-debuginfo-15.12-150600.16.14.1 ## References: * https://www.suse.com/security/cve/CVE-2025-1094.html * https://bugzilla.suse.com/show_bug.cgi?id=1237093 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 5 12:30:07 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 05 Sep 2025 12:30:07 -0000 Subject: SUSE-SU-2025:03089-1: moderate: Security update for nginx Message-ID: <175707540768.25622.2598096823139149644@smelt2.prg2.suse.org> # Security update for nginx Announcement ID: SUSE-SU-2025:03089-1 Release Date: 2025-09-05T10:39:06Z Rating: moderate References: * bsc#1236851 * bsc#1248070 Cross-References: * CVE-2025-23419 * CVE-2025-53859 CVSS scores: * CVE-2025-23419 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-23419 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-23419 ( NVD ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-23419 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-53859 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-53859 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2025-53859 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-53859 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for nginx fixes the following issues: * CVE-2025-53859: the server side may leak arbitrary bytes during the NGINX SMTP authentication process (bsc#1248070). * CVE-2025-23419: session resumption can bypass client certificate authentication requirements using TLSv1.3 (bsc#1236851). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-3089=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * nginx-1.19.8-150300.3.18.1 * nginx-debuginfo-1.19.8-150300.3.18.1 * nginx-debugsource-1.19.8-150300.3.18.1 * openSUSE Leap 15.3 (noarch) * vim-plugin-nginx-1.19.8-150300.3.18.1 * nginx-source-1.19.8-150300.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2025-23419.html * https://www.suse.com/security/cve/CVE-2025-53859.html * https://bugzilla.suse.com/show_bug.cgi?id=1236851 * https://bugzilla.suse.com/show_bug.cgi?id=1248070 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 5 12:30:10 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 05 Sep 2025 12:30:10 -0000 Subject: SUSE-SU-2025:03088-1: moderate: Security update for perl-Authen-SASL, perl-Crypt-URandom Message-ID: <175707541058.25622.1914399175500151655@smelt2.prg2.suse.org> # Security update for perl-Authen-SASL, perl-Crypt-URandom Announcement ID: SUSE-SU-2025:03088-1 Release Date: 2025-09-05T10:36:30Z Rating: moderate References: * bsc#1246623 Cross-References: * CVE-2025-40918 CVSS scores: * CVE-2025-40918 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-40918 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-40918 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for perl-Authen-SASL, perl-Crypt-URandom fixes the following issues: Changes in perl-Authen-SASL: * CVE-2025-40918: insecurely generated client nonce (bsc#1246623) Changes in perl-Crypt-URandom: Shipped in version 0.540.0 (0.54). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-3088=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3088=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * perl-Authen-SASL-2.16-5.3.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * perl-Crypt-URandom-0.540.0-1.3.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * perl-Authen-SASL-2.16-5.3.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * perl-Crypt-URandom-0.540.0-1.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40918.html * https://bugzilla.suse.com/show_bug.cgi?id=1246623 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 5 12:30:13 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 05 Sep 2025 12:30:13 -0000 Subject: SUSE-SU-2025:03087-1: moderate: Security update for perl-Authen-SASL, perl-Crypt-URandom Message-ID: <175707541365.25622.1174378164653601348@smelt2.prg2.suse.org> # Security update for perl-Authen-SASL, perl-Crypt-URandom Announcement ID: SUSE-SU-2025:03087-1 Release Date: 2025-09-05T10:34:04Z Rating: moderate References: * bsc#1246623 * jsc#PED-13306 Cross-References: * CVE-2025-40918 CVSS scores: * CVE-2025-40918 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-40918 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-40918 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Development Tools Module 15-SP6 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for perl-Authen-SASL, perl-Crypt-URandom fixes the following issues: Changes in perl-Authen-SASL: * CVE-2025-40918: Fixed insecurely generated client nonce (bsc#1246623) Changes in perl-Crypt-URandom: * Included 0.540.0 for use by perl-Authen-SASL in SLE-15 (jsc#PED-13306 / bsc#1246623). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3087=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-3087=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-3087=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3087=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3087=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3087=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3087=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3087=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3087=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3087=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3087=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3087=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3087=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3087=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-3087=1 ## Package List: * openSUSE Leap 15.6 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * Development Tools Module 15-SP6 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * Development Tools Module 15-SP7 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Enterprise Storage 7.1 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40918.html * https://bugzilla.suse.com/show_bug.cgi?id=1246623 * https://jira.suse.com/browse/PED-13306 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 5 12:30:33 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 05 Sep 2025 12:30:33 -0000 Subject: SUSE-SU-2025:03082-1: low: Security update for python-maturin Message-ID: <175707543364.25622.7827769126139329609@smelt2.prg2.suse.org> # Security update for python-maturin Announcement ID: SUSE-SU-2025:03082-1 Release Date: 2025-09-05T08:27:45Z Rating: low References: * bsc#1249011 Cross-References: * CVE-2025-58160 CVSS scores: * CVE-2025-58160 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-58160 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2025-58160 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for python-maturin fixes the following issues: * CVE-2025-58160: terminal escape injection via ANSI sequences from untrusted input (bsc#1249011). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3082=1 openSUSE-SLE-15.6-2025-3082=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python311-maturin-1.4.0-150600.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2025-58160.html * https://bugzilla.suse.com/show_bug.cgi?id=1249011 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 5 16:30:04 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 05 Sep 2025 16:30:04 -0000 Subject: SUSE-SU-2025:03091-1: low: Security update for libsoup2 Message-ID: <175708980435.25430.16894655274051749481@smelt2.prg2.suse.org> # Security update for libsoup2 Announcement ID: SUSE-SU-2025:03091-1 Release Date: 2025-09-05T13:29:47Z Rating: low References: * bsc#1243314 Cross-References: * CVE-2025-4945 CVSS scores: * CVE-2025-4945 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-4945 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2025-4945 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for libsoup2 fixes the following issues: * CVE-2025-4945: Fixed Integer Overflow in Cookie Expiration Date Handling in libsoup (bsc#1243314). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3091=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-3091=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-3091=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-3091=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-3091=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-3091=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.12.1 * libsoup2-debugsource-2.74.2-150400.3.12.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.12.1 * libsoup-2_4-1-2.74.2-150400.3.12.1 * libsoup2-devel-2.74.2-150400.3.12.1 * openSUSE Leap 15.4 (x86_64) * libsoup2-devel-32bit-2.74.2-150400.3.12.1 * libsoup-2_4-1-32bit-2.74.2-150400.3.12.1 * libsoup-2_4-1-32bit-debuginfo-2.74.2-150400.3.12.1 * openSUSE Leap 15.4 (noarch) * libsoup2-lang-2.74.2-150400.3.12.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libsoup-2_4-1-64bit-2.74.2-150400.3.12.1 * libsoup-2_4-1-64bit-debuginfo-2.74.2-150400.3.12.1 * libsoup2-devel-64bit-2.74.2-150400.3.12.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libsoup-2_4-1-2.74.2-150400.3.12.1 * libsoup2-debugsource-2.74.2-150400.3.12.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.12.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libsoup-2_4-1-2.74.2-150400.3.12.1 * libsoup2-debugsource-2.74.2-150400.3.12.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.12.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libsoup-2_4-1-2.74.2-150400.3.12.1 * libsoup2-debugsource-2.74.2-150400.3.12.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.12.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libsoup-2_4-1-2.74.2-150400.3.12.1 * libsoup2-debugsource-2.74.2-150400.3.12.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.12.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libsoup-2_4-1-2.74.2-150400.3.12.1 * libsoup2-debugsource-2.74.2-150400.3.12.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2025-4945.html * https://bugzilla.suse.com/show_bug.cgi?id=1243314 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 5 20:30:07 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 05 Sep 2025 20:30:07 -0000 Subject: SUSE-SU-2025:03092-1: moderate: Security update for rav1e Message-ID: <175710420778.10415.9165680935887030486@smelt2.prg2.suse.org> # Security update for rav1e Announcement ID: SUSE-SU-2025:03092-1 Release Date: 2025-09-05T17:20:55Z Rating: moderate References: * bsc#1230028 * bsc#1247207 Cross-References: * CVE-2024-58266 CVSS scores: * CVE-2024-58266 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-58266 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-58266 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2024-58266 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for rav1e fixes the following issues: * Update crate shlex to 1.3.0: * CVE-2024-58266: Fixed command injection (bsc#1247207) * RUSTSEC-2024-0006: Fixed multiple issues involving quote API (bsc#1230028) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3092=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * librav1e0-debuginfo-0.5.1+0-150400.3.3.1 * rav1e-debuginfo-0.5.1+0-150400.3.3.1 * rav1e-0.5.1+0-150400.3.3.1 * rav1e-debugsource-0.5.1+0-150400.3.3.1 * librav1e0-0.5.1+0-150400.3.3.1 * rav1e-devel-0.5.1+0-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * librav1e0-32bit-debuginfo-0.5.1+0-150400.3.3.1 * librav1e0-32bit-0.5.1+0-150400.3.3.1 * openSUSE Leap 15.4 (aarch64_ilp32) * librav1e0-64bit-0.5.1+0-150400.3.3.1 * librav1e0-64bit-debuginfo-0.5.1+0-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-58266.html * https://bugzilla.suse.com/show_bug.cgi?id=1230028 * https://bugzilla.suse.com/show_bug.cgi?id=1247207 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 8 16:30:03 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 08 Sep 2025 16:30:03 -0000 Subject: SUSE-SU-2025:03095-1: important: Security update for firebird Message-ID: <175734900391.29468.1508925033075153676@smelt2.prg2.suse.org> # Security update for firebird Announcement ID: SUSE-SU-2025:03095-1 Release Date: 2025-09-08T13:38:56Z Rating: important References: * bsc#1087421 Cross-References: * CVE-2017-11509 CVSS scores: * CVE-2017-11509 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2017-11509 ( SUSE ): 9.9 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2017-11509 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for firebird fixes the following issues: * CVE-2017-11509: authenticated remote code execution via the definition external functions that don't match the original definition of the entry point (bsc#1087421). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3095=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3095=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3095=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * firebird-utils-debuginfo-3.0.4.33054-150200.3.6.1 * firebird-debugsource-3.0.4.33054-150200.3.6.1 * firebird-examples-3.0.4.33054-150200.3.6.1 * libfbclient2-3.0.4.33054-150200.3.6.1 * libib_util-debuginfo-3.0.4.33054-150200.3.6.1 * firebird-server-3.0.4.33054-150200.3.6.1 * libib_util-3.0.4.33054-150200.3.6.1 * libfbclient-devel-3.0.4.33054-150200.3.6.1 * firebird-3.0.4.33054-150200.3.6.1 * firebird-debuginfo-3.0.4.33054-150200.3.6.1 * firebird-utils-3.0.4.33054-150200.3.6.1 * firebird-server-debuginfo-3.0.4.33054-150200.3.6.1 * libib_util-devel-3.0.4.33054-150200.3.6.1 * libfbclient2-debuginfo-3.0.4.33054-150200.3.6.1 * openSUSE Leap 15.6 (noarch) * firebird-doc-3.0.4.33054-150200.3.6.1 * openSUSE Leap 15.6 (x86_64) * libib_util-32bit-3.0.4.33054-150200.3.6.1 * libfbclient2-32bit-3.0.4.33054-150200.3.6.1 * libfbclient2-32bit-debuginfo-3.0.4.33054-150200.3.6.1 * libib_util-32bit-debuginfo-3.0.4.33054-150200.3.6.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * firebird-utils-debuginfo-3.0.4.33054-150200.3.6.1 * firebird-debugsource-3.0.4.33054-150200.3.6.1 * firebird-examples-3.0.4.33054-150200.3.6.1 * libfbclient2-3.0.4.33054-150200.3.6.1 * libib_util-debuginfo-3.0.4.33054-150200.3.6.1 * firebird-server-3.0.4.33054-150200.3.6.1 * libib_util-3.0.4.33054-150200.3.6.1 * libfbclient-devel-3.0.4.33054-150200.3.6.1 * firebird-3.0.4.33054-150200.3.6.1 * firebird-debuginfo-3.0.4.33054-150200.3.6.1 * firebird-utils-3.0.4.33054-150200.3.6.1 * firebird-server-debuginfo-3.0.4.33054-150200.3.6.1 * libib_util-devel-3.0.4.33054-150200.3.6.1 * libfbclient2-debuginfo-3.0.4.33054-150200.3.6.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * firebird-utils-debuginfo-3.0.4.33054-150200.3.6.1 * firebird-debugsource-3.0.4.33054-150200.3.6.1 * firebird-examples-3.0.4.33054-150200.3.6.1 * libfbclient2-3.0.4.33054-150200.3.6.1 * libib_util-debuginfo-3.0.4.33054-150200.3.6.1 * firebird-server-3.0.4.33054-150200.3.6.1 * libib_util-3.0.4.33054-150200.3.6.1 * libfbclient-devel-3.0.4.33054-150200.3.6.1 * firebird-3.0.4.33054-150200.3.6.1 * firebird-debuginfo-3.0.4.33054-150200.3.6.1 * firebird-utils-3.0.4.33054-150200.3.6.1 * firebird-server-debuginfo-3.0.4.33054-150200.3.6.1 * libib_util-devel-3.0.4.33054-150200.3.6.1 * libfbclient2-debuginfo-3.0.4.33054-150200.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2017-11509.html * https://bugzilla.suse.com/show_bug.cgi?id=1087421 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 8 20:30:04 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 08 Sep 2025 20:30:04 -0000 Subject: SUSE-SU-2025:03096-1: important: Security update for ovmf Message-ID: <175736340481.29649.16646316216543644316@smelt2.prg2.suse.org> # Security update for ovmf Announcement ID: SUSE-SU-2025:03096-1 Release Date: 2025-09-08T16:09:37Z Rating: important References: * bsc#1218879 * bsc#1218880 Cross-References: * CVE-2023-45229 * CVE-2023-45230 CVSS scores: * CVE-2023-45229 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-45229 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-45230 ( SUSE ): 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H * CVE-2023-45230 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45230 ( NVD ): 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H Affected Products: * Confidential Computing Module 15-SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for ovmf fixes the following issues: * CVE-2023-45229: Fixed integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message (bsc#1218879) * CVE-2023-45230: Fixed buffer overflow in the DHCPv6 client via a long Server ID option (bsc#1218880) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Confidential Computing Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Confidential-Computing-15-SP6-2025-3096=1 ## Package List: * Confidential Computing Module 15-SP6 (x86_64) * qemu-ovmf-x86_64-debug-202308-15061.8.coco15sp6.1 * ovmf-tools-202308-15061.8.coco15sp6.1 * ovmf-202308-15061.8.coco15sp6.1 * Confidential Computing Module 15-SP6 (noarch) * qemu-ovmf-x86_64-202308-15061.8.coco15sp6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45229.html * https://www.suse.com/security/cve/CVE-2023-45230.html * https://bugzilla.suse.com/show_bug.cgi?id=1218879 * https://bugzilla.suse.com/show_bug.cgi?id=1218880 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 9 08:30:15 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 09 Sep 2025 08:30:15 -0000 Subject: SUSE-SU-2025:03106-1: important: Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP7) Message-ID: <175740661535.29649.12810394982022516096@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP7) Announcement ID: SUSE-SU-2025:03106-1 Release Date: 2025-09-08T21:13:22Z Rating: important References: * bsc#1244235 * bsc#1245505 * bsc#1245775 * bsc#1245791 * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38087 * CVE-2025-38212 CVSS scores: * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38087 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150700_5 fixes several issues. The following security issues were fixed: * CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier (bsc#1245504). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2025-3106=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-SLE15-SP7-RT_Update_0-debugsource-3-150700.3.1 * kernel-livepatch-6_4_0-150700_5-rt-debuginfo-3-150700.3.1 * kernel-livepatch-6_4_0-150700_5-rt-3-150700.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38087.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245505 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 9 08:30:18 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 09 Sep 2025 08:30:18 -0000 Subject: SUSE-SU-2025:03105-1: important: Security update for the Linux Kernel RT (Live Patch 13 for SLE 15 SP6) Message-ID: <175740661852.29649.7460833340000201829@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 13 for SLE 15 SP6) Announcement ID: SUSE-SU-2025:03105-1 Release Date: 2025-09-08T21:13:18Z Rating: important References: * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2025-38212 CVSS scores: * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_10_44 fixes several issues. The following security issue was fixed: * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3105=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-6_4_0-150600_10_44-rt-3-150600.2.1 * kernel-livepatch-SLE15-SP6-RT_Update_13-debugsource-3-150600.2.1 * kernel-livepatch-6_4_0-150600_10_44-rt-debuginfo-3-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 9 08:30:26 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 09 Sep 2025 08:30:26 -0000 Subject: SUSE-SU-2025:03104-1: important: Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP7) Message-ID: <175740662641.29649.1587935999768581547@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP7) Announcement ID: SUSE-SU-2025:03104-1 Release Date: 2025-09-08T21:13:26Z Rating: important References: * bsc#1244235 * bsc#1245505 * bsc#1245775 * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38087 * CVE-2025-38212 CVSS scores: * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38087 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves four vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150700_7_3 fixes several issues. The following security issues were fixed: * CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier (bsc#1245504). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3104=1 * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2025-3107=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-SLE15-SP6-RT_Update_11-debugsource-4-150600.2.1 * kernel-livepatch-6_4_0-150600_10_39-rt-4-150600.2.1 * kernel-livepatch-6_4_0-150600_10_39-rt-debuginfo-4-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_7_3-rt-debuginfo-3-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_1-debugsource-3-150700.2.1 * kernel-livepatch-6_4_0-150700_7_3-rt-3-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38087.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245505 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 9 08:30:35 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 09 Sep 2025 08:30:35 -0000 Subject: SUSE-SU-2025:03100-1: important: Security update for the Linux Kernel RT (Live Patch 9 for SLE 15 SP6) Message-ID: <175740663544.29649.16280678749487392637@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 9 for SLE 15 SP6) Announcement ID: SUSE-SU-2025:03100-1 Release Date: 2025-09-08T21:13:08Z Rating: important References: * bsc#1236207 * bsc#1242579 * bsc#1244235 * bsc#1245505 * bsc#1245775 * bsc#1245791 * bsc#1245805 * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2025-21659 * CVE-2025-21701 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38087 * CVE-2025-38212 CVSS scores: * CVE-2025-21659 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-21659 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38087 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves eight vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_10_29 fixes several issues. The following security issues were fixed: * CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier (bsc#1245504). * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236207). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3100=1 SUSE-SLE- Module-Live-Patching-15-SP6-2025-3102=1 SUSE-SLE-Module-Live- Patching-15-SP6-2025-3103=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-6_4_0-150600_10_20-rt-11-150600.2.1 * kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource-11-150600.2.1 * kernel-livepatch-6_4_0-150600_10_29-rt-6-150600.2.1 * kernel-livepatch-6_4_0-150600_10_29-rt-debuginfo-6-150600.2.1 * kernel-livepatch-6_4_0-150600_10_26-rt-6-150600.2.1 * kernel-livepatch-SLE15-SP6-RT_Update_8-debugsource-6-150600.2.1 * kernel-livepatch-6_4_0-150600_10_26-rt-debuginfo-6-150600.2.1 * kernel-livepatch-SLE15-SP6-RT_Update_9-debugsource-6-150600.2.1 * kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo-11-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21659.html * https://www.suse.com/security/cve/CVE-2025-21701.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38087.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1236207 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245505 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1245805 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 9 08:30:46 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 09 Sep 2025 08:30:46 -0000 Subject: SUSE-SU-2025:03097-1: important: Security update for the Linux Kernel RT (Live Patch 4 for SLE 15 SP6) Message-ID: <175740664616.29649.17170337615085070986@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 4 for SLE 15 SP6) Announcement ID: SUSE-SU-2025:03097-1 Release Date: 2025-09-08T21:12:58Z Rating: important References: * bsc#1231676 * bsc#1231943 * bsc#1232271 * bsc#1236207 * bsc#1242579 * bsc#1244235 * bsc#1245505 * bsc#1245775 * bsc#1245791 * bsc#1245805 * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2024-47674 * CVE-2024-47706 * CVE-2024-49867 * CVE-2025-21659 * CVE-2025-21701 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38087 * CVE-2025-38212 CVSS scores: * CVE-2024-47674 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47706 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49867 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21659 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-21659 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38087 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 11 vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_10_14 fixes several issues. The following security issues were fixed: * CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier (bsc#1245504). * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232271). * CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236207). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231676). * CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805). * CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231943). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3097=1 SUSE-SLE- Module-Live-Patching-15-SP6-2025-3098=1 SUSE-SLE-Module-Live- Patching-15-SP6-2025-3099=1 SUSE-SLE-Module-Live-Patching-15-SP6-2025-3101=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-6_4_0-150600_10_8-rt-debuginfo-16-150600.2.1 * kernel-livepatch-6_4_0-150600_10_5-rt-20-150600.2.1 * kernel-livepatch-6_4_0-150600_10_14-rt-15-150600.2.1 * kernel-livepatch-SLE15-SP6-RT_Update_4-debugsource-15-150600.2.1 * kernel-livepatch-SLE15-SP6-RT_Update_3-debugsource-16-150600.2.1 * kernel-livepatch-SLE15-SP6-RT_Update_2-debugsource-16-150600.2.1 * kernel-livepatch-6_4_0-150600_10_11-rt-16-150600.2.1 * kernel-livepatch-SLE15-SP6-RT_Update_1-debugsource-20-150600.2.1 * kernel-livepatch-6_4_0-150600_10_5-rt-debuginfo-20-150600.2.1 * kernel-livepatch-6_4_0-150600_10_11-rt-debuginfo-16-150600.2.1 * kernel-livepatch-6_4_0-150600_10_8-rt-16-150600.2.1 * kernel-livepatch-6_4_0-150600_10_14-rt-debuginfo-15-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47674.html * https://www.suse.com/security/cve/CVE-2024-47706.html * https://www.suse.com/security/cve/CVE-2024-49867.html * https://www.suse.com/security/cve/CVE-2025-21659.html * https://www.suse.com/security/cve/CVE-2025-21701.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38087.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1231676 * https://bugzilla.suse.com/show_bug.cgi?id=1231943 * https://bugzilla.suse.com/show_bug.cgi?id=1232271 * https://bugzilla.suse.com/show_bug.cgi?id=1236207 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245505 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1245805 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 9 12:30:13 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 09 Sep 2025 12:30:13 -0000 Subject: SUSE-SU-2025:03111-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP6) Message-ID: <175742101373.29615.5164120827542702402@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP6) Announcement ID: SUSE-SU-2025:03111-1 Release Date: 2025-09-09T08:04:04Z Rating: important References: * bsc#1236207 * bsc#1242579 * bsc#1244235 * bsc#1245505 * bsc#1245775 * bsc#1245791 * bsc#1245805 * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2025-21659 * CVE-2025-21701 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38087 * CVE-2025-38212 CVSS scores: * CVE-2025-21659 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-21659 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38087 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves eight vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_10_23 fixes several issues. The following security issues were fixed: * CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier (bsc#1245504). * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236207). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3111=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-SLE15-SP6-RT_Update_7-debugsource-11-150600.2.1 * kernel-livepatch-6_4_0-150600_10_23-rt-debuginfo-11-150600.2.1 * kernel-livepatch-6_4_0-150600_10_23-rt-11-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21659.html * https://www.suse.com/security/cve/CVE-2025-21701.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38087.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1236207 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245505 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1245805 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 9 12:30:16 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 09 Sep 2025 12:30:16 -0000 Subject: SUSE-SU-2025:03110-1: important: Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP7) Message-ID: <175742101689.29615.9796858314105245949@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP7) Announcement ID: SUSE-SU-2025:03110-1 Release Date: 2025-09-09T07:34:03Z Rating: important References: * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2025-38212 CVSS scores: * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150700_7_8 fixes several issues. The following security issue was fixed: * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2025-3110=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_7_8-rt-3-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_2-debugsource-3-150700.2.1 * kernel-livepatch-6_4_0-150700_7_8-rt-debuginfo-3-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 9 12:30:23 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 09 Sep 2025 12:30:23 -0000 Subject: SUSE-SU-2025:03109-1: important: Security update for the Linux Kernel RT (Live Patch 10 for SLE 15 SP6) Message-ID: <175742102397.29615.7611240579131881016@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 10 for SLE 15 SP6) Announcement ID: SUSE-SU-2025:03109-1 Release Date: 2025-09-09T07:33:59Z Rating: important References: * bsc#1242579 * bsc#1244235 * bsc#1245505 * bsc#1245775 * bsc#1245791 * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38087 * CVE-2025-38212 CVSS scores: * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38087 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves six vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_10_34 fixes several issues. The following security issues were fixed: * CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier (bsc#1245504). * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3109=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-6_4_0-150600_10_34-rt-debuginfo-5-150600.2.1 * kernel-livepatch-6_4_0-150600_10_34-rt-5-150600.2.1 * kernel-livepatch-SLE15-SP6-RT_Update_10-debugsource-5-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38087.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245505 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 9 12:30:37 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 09 Sep 2025 12:30:37 -0000 Subject: SUSE-SU-2025:03116-1: important: Security update for microcode_ctl Message-ID: <175742103752.29615.9330309577958284050@smelt2.prg2.suse.org> # Security update for microcode_ctl Announcement ID: SUSE-SU-2025:03116-1 Release Date: 2025-09-09T10:57:16Z Rating: important References: * bsc#1248438 Cross-References: * CVE-2025-20053 * CVE-2025-20109 * CVE-2025-22839 * CVE-2025-22840 * CVE-2025-22889 * CVE-2025-26403 * CVE-2025-32086 CVSS scores: * CVE-2025-20053 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-20053 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-20053 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-20053 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-20109 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-20109 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-20109 ( NVD ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-20109 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-22839 ( SUSE ): 7.3 CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22839 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2025-22839 ( NVD ): 7.3 CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22839 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2025-22840 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22840 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L * CVE-2025-22840 ( NVD ): 5.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22840 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L * CVE-2025-22889 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22889 ( SUSE ): 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-22889 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22889 ( NVD ): 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-26403 ( SUSE ): 4.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-26403 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-26403 ( NVD ): 4.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-26403 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-32086 ( SUSE ): 4.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-32086 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-32086 ( NVD ): 4.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-32086 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE An update that solves seven vulnerabilities can now be installed. ## Description: This update for microcode_ctl fixes the following issues: * Intel CPU Microcode was updated to the 20250812 release (bsc#1248438) * CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access. * CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access * CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. * CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processor with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. * CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. * CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. * CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. * Update for functional issues. * Updated Platforms: Processor Stepping F-M-S/PI Old Ver New Ver Products ARL-H A1 06-c5-02/82 00000118 00000119 Core Ultra Processor (Series 2) ARL-S/HX (8P) B0 06-c6-02/82 00000118 00000119 Core Ultra Processor (Series 2) EMR-SP A1 06-cf-02/87 210002a9 210002b3 Xeon Scalable Gen5 GNR-AP/SP B0 06-ad-01/95 010003a2 010003d0 Xeon Scalable Gen6 GNR-AP/SP H0 06-ad-01/20 0a0000d1 0a000100 Xeon Scalable Gen6 ICL-D B0 06-6c-01/10 010002d0 010002e0 Xeon D-17xx, D-27xx ICX-SP Dx/M1 06-6a-06/87 0d000404 0d000410 Xeon Scalable Gen3 LNL B0 06-bd-01/80 0000011f 00000123 Core Ultra 200 V Series Processor MTL C0 06-aa-04/e6 00000024 00000025 Core? Ultra Processor RPL-H/P/PX 6+8 J0 06-ba-02/e0 00004128 00004129 Core Gen13 RPL-U 2+8 Q0 06-ba-03/e0 00004128 00004129 Core Gen13 SPR-HBM Bx 06-8f-08/10 2c0003f7 2c000401 Xeon Max SPR-SP E4/S2 06-8f-07/87 2b000639 2b000643 Xeon Scalable Gen4 SPR-SP E5/S3 06-8f-08/87 2b000639 2b000643 Xeon Scalable Gen4 SRF-SP C0 06-af-03/01 03000341 03000362 Xeon 6700-Series Processors with E-Cores New Disclosures Updated in Prior Releases: All ADL, RPL, SPR, EMR, MTL, ARL Microcode patches previously released in May 2025. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2025-3116=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2025-3116=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (x86_64) * microcode_ctl-1.17-102.83.87.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * microcode_ctl-1.17-102.83.87.1 ## References: * https://www.suse.com/security/cve/CVE-2025-20053.html * https://www.suse.com/security/cve/CVE-2025-20109.html * https://www.suse.com/security/cve/CVE-2025-22839.html * https://www.suse.com/security/cve/CVE-2025-22840.html * https://www.suse.com/security/cve/CVE-2025-22889.html * https://www.suse.com/security/cve/CVE-2025-26403.html * https://www.suse.com/security/cve/CVE-2025-32086.html * https://bugzilla.suse.com/show_bug.cgi?id=1248438 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 9 12:30:53 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 09 Sep 2025 12:30:53 -0000 Subject: SUSE-SU-2025:03114-1: important: Security update for netty, netty-tcnative Message-ID: <175742105365.29615.3605124802503773834@smelt2.prg2.suse.org> # Security update for netty, netty-tcnative Announcement ID: SUSE-SU-2025:03114-1 Release Date: 2025-09-09T10:36:11Z Rating: important References: * bsc#1247991 * bsc#1249116 * bsc#1249134 Cross-References: * CVE-2025-55163 * CVE-2025-58056 * CVE-2025-58057 CVSS scores: * CVE-2025-55163 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-55163 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-55163 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-58056 ( NVD ): 2.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-58056 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-58057 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-58057 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-58057 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-58057 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP6 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for netty, netty-tcnative fixes the following issues: Upgrade to upstream version 4.1.126. Security issues fixed: * CVE-2025-58057: decompression codecs allocating a large number of buffers after processing specially crafted input can cause a denial of service (bsc#1249134). * CVE-2025-58056: incorrect parsing of chunk extensions can lead to request smuggling (bsc#1249116). * CVE-2025-55163: "MadeYouReset" denial of serivce attack in the HTTP/2 protocol (bsc#1247991). Other issues fixed: * Fixes from version 4.1.126 * Fix IllegalReferenceCountException on invalid upgrade response. * Drop unknown frame on missing stream. * Don't try to handle incomplete upgrade request. * Update to netty-tcnative 2.0.73Final. * Fixes from version 4.1.124 * Fix NPE and AssertionErrors when many tasks are scheduled and cancelled. * HTTP2: Http2ConnectionHandler should always use Http2ConnectionEncoder. * Epoll: Correctly handle UDP packets with source port of 0. * Fix netty-common OSGi Import-Package header. * MqttConnectPayload.toString() includes password. * Fixes from version 4.1.123 * Fix chunk reuse bug in adaptive allocator. * More accurate adaptive memory usage accounting. * Introduce size-classes for the adaptive allocator. * Reduce magazine proliferation eagerness. * Fix concurrent ByteBuffer access issue in AdaptiveByteBuf.getBytes. * Fix possible buffer corruption caused by incorrect setCharSequence(...) implementation. * AdaptiveByteBuf: Fix AdaptiveByteBuf.maxFastWritableBytes() to take writerIndex() into account. * Optimize capacity bumping for adaptive ByteBufs. * AbstractDnsRecord: equals() and hashCode() to ignore name field's case. * Backport Unsafe guards. * Guard recomputed offset access with hasUnsafe. * HTTP2: Always produce a RST frame on stream exception. * Correct what artifacts included in netty-bom. * Fixes from version 4.1.122 * DirContextUtils.addNameServer(...) should just catch Exception internally. * Make public API specify explicit maxAllocation to prevent OOM. * Fix concurrent ByteBuf write access bug in adaptive allocator. * Fix transport-native-kqueue Bundle-SymbolicNames. * Fix resolver-dns-native-macos Bundle-SymbolicNames. * Always correctly calculate the memory address of the ByteBuf even if sun.misc.Unsafe is not usable. * Upgrade lz4 dependencies as the old version did not correctly handle ByteBuffer that have an arrayOffset > 0. * Optimize ByteBuf.setCharSequence for adaptive allocator. * Kqueue: Fix registration failure when fd is reused. * Make JdkZlibEncoder accept Deflater.DEFAULT_COMPRESSION as level. * Ensure OpenSsl.availableJavaCipherSuites does not contain null values. * Always prefer direct buffers for pooled allocators if not explicit disabled. * Update to netty-tcnative 2.0.72.Final. * Re-enable sun.misc.Unsafe by default on Java 24+. * Kqueue: Delay removal from registration map to fix noisy warnings. * Fixes from version 4.1.121 * Epoll.isAvailable() returns false on Ubuntu 20.04/22.04 arch amd64. * Fix transport-native-epoll Bundle-SymbolicNames. * Fixes from version 4.1.120 * Fix flawed termination condition check in HttpPostRequestEncoder#encodeNextChunkUrlEncoded(int) for current InterfaceHttpData. * Exposed decoderEnforceMaxConsecutiveEmptyDataFrames and decoderEnforceMaxRstFramesPerWindow. * ThreadExecutorMap must restore old EventExecutor. * Make Recycler virtual thread friendly. * Disable sun.misc.Unsafe by default on Java 24+. * Adaptive: Correctly enforce leak detection when using AdaptiveByteBufAllocator. * Add suppressed exception to original cause when calling Future.sync*. * Add SETTINGS_ENABLE_CONNECT_PROTOCOL to the default HTTP/2 settings. * Correct computation for suboptimal chunk retirement probability. * Fix bug in method AdaptivePoolingAllocator.allocateWithoutLock(...). * Fix a Bytebuf leak in TcpDnsQueryDecoder. * SSL: Clear native error if named group is not supported. * WebSocketClientCompressionHandler shouldn't claim window bits support when jzlib is not available. * Fix the assignment error of maxQoS parameter in ConnAck Properties. * Fixes from version 4.1.119 * Replace SSL assertion with explicit record length check. * Fix NPE when upgrade message fails to aggregate. * SslHandler: Fix possible NPE when executor is used for delegating. * Consistently add channel info in HTTP/2 logs. * Add QueryStringDecoder option to leave '+' alone. * Use initialized BouncyCastle providers when available. * Fix pom.xml errors that will be fatal with Maven 4 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3114=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3114=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3114=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3114=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3114=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3114=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3114=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3114=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-3114=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3114=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-3114=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-3114=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3114=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3114=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3114=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3114=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3114=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * netty-tcnative-2.0.73-150200.3.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * netty-tcnative-2.0.73-150200.3.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.73-150200.3.30.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.73-150200.3.30.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.73-150200.3.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * netty-tcnative-2.0.73-150200.3.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * netty-tcnative-2.0.73-150200.3.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * netty-tcnative-2.0.73-150200.3.30.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * netty-tcnative-2.0.73-150200.3.30.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * netty-4.1.126-150200.4.34.1 * netty-tcnative-2.0.73-150200.3.30.1 * openSUSE Leap 15.6 (noarch) * netty-tcnative-javadoc-2.0.73-150200.3.30.1 * netty-javadoc-4.1.126-150200.4.34.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.73-150200.3.30.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * netty-tcnative-debugsource-2.0.73-150200.3.30.1 * netty-tcnative-2.0.73-150200.3.30.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * netty-4.1.126-150200.4.34.1 * SUSE Package Hub 15 15-SP6 (noarch) * netty-javadoc-4.1.126-150200.4.34.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * netty-4.1.126-150200.4.34.1 * SUSE Package Hub 15 15-SP7 (noarch) * netty-javadoc-4.1.126-150200.4.34.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * netty-tcnative-2.0.73-150200.3.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * netty-tcnative-2.0.73-150200.3.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * netty-tcnative-2.0.73-150200.3.30.1 ## References: * https://www.suse.com/security/cve/CVE-2025-55163.html * https://www.suse.com/security/cve/CVE-2025-58056.html * https://www.suse.com/security/cve/CVE-2025-58057.html * https://bugzilla.suse.com/show_bug.cgi?id=1247991 * https://bugzilla.suse.com/show_bug.cgi?id=1249116 * https://bugzilla.suse.com/show_bug.cgi?id=1249134 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 9 12:30:34 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 09 Sep 2025 12:30:34 -0000 Subject: SUSE-SU-2025:03108-1: important: Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6) Message-ID: <175742103484.29615.7788212862250161931@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6) Announcement ID: SUSE-SU-2025:03108-1 Release Date: 2025-09-09T07:33:52Z Rating: important References: * bsc#1231676 * bsc#1231943 * bsc#1232271 * bsc#1236207 * bsc#1242579 * bsc#1244235 * bsc#1245505 * bsc#1245775 * bsc#1245791 * bsc#1245805 * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2024-47674 * CVE-2024-47706 * CVE-2024-49867 * CVE-2025-21659 * CVE-2025-21701 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38087 * CVE-2025-38212 CVSS scores: * CVE-2024-47674 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47706 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49867 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21659 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-21659 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38087 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 11 vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_8 fixes several issues. The following security issues were fixed: * CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier (bsc#1245504) . * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232271). * CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236207). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231676). * CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805). * CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231943). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3108=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-6_4_0-150600_8-rt-debuginfo-21-150600.3.1 * kernel-livepatch-SLE15-SP6-RT_Update_0-debugsource-21-150600.3.1 * kernel-livepatch-6_4_0-150600_8-rt-21-150600.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47674.html * https://www.suse.com/security/cve/CVE-2024-47706.html * https://www.suse.com/security/cve/CVE-2024-49867.html * https://www.suse.com/security/cve/CVE-2025-21659.html * https://www.suse.com/security/cve/CVE-2025-21701.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38087.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1231676 * https://bugzilla.suse.com/show_bug.cgi?id=1231943 * https://bugzilla.suse.com/show_bug.cgi?id=1232271 * https://bugzilla.suse.com/show_bug.cgi?id=1236207 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245505 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1245805 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 9 12:31:03 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 09 Sep 2025 12:31:03 -0000 Subject: SUSE-SU-2025:03113-1: important: Security update for ImageMagick Message-ID: <175742106300.29615.2993671706930807148@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2025:03113-1 Release Date: 2025-09-09T10:25:20Z Rating: important References: * bsc#1248076 * bsc#1248077 * bsc#1248078 * bsc#1248079 * bsc#1248767 * bsc#1248780 * bsc#1248784 Cross-References: * CVE-2025-55004 * CVE-2025-55005 * CVE-2025-55154 * CVE-2025-55160 * CVE-2025-55212 * CVE-2025-55298 * CVE-2025-57803 CVSS scores: * CVE-2025-55004 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-55004 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-55004 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L * CVE-2025-55004 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-55005 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-55005 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-55005 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-55154 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-55154 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-55154 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-55154 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-55160 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-55160 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-55160 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-55160 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L * CVE-2025-55212 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-55212 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-55212 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-55298 ( SUSE ): 9.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-55298 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-55298 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-57803 ( SUSE ): 9.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-57803 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-57803 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP7 * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves seven vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate alpha channels (bsc#1248076). * CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077). * CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage can lead to out-of-bounds write (bsc#1248078). * CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079). * CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing only a colon to `montage -geometry` (bsc#1248767). * CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780). * CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-3113=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-3113=1 ## Package List: * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ImageMagick-config-7-upstream-secure-7.1.1.43-150700.3.13.1 * libMagick++-devel-7.1.1.43-150700.3.13.1 * libMagickCore-7_Q16HDRI10-7.1.1.43-150700.3.13.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.43-150700.3.13.1 * ImageMagick-7.1.1.43-150700.3.13.1 * ImageMagick-config-7-SUSE-7.1.1.43-150700.3.13.1 * ImageMagick-devel-7.1.1.43-150700.3.13.1 * ImageMagick-debuginfo-7.1.1.43-150700.3.13.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.43-150700.3.13.1 * ImageMagick-config-7-upstream-limited-7.1.1.43-150700.3.13.1 * ImageMagick-config-7-upstream-open-7.1.1.43-150700.3.13.1 * libMagick++-7_Q16HDRI5-7.1.1.43-150700.3.13.1 * ImageMagick-config-7-upstream-websafe-7.1.1.43-150700.3.13.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.43-150700.3.13.1 * libMagickWand-7_Q16HDRI10-7.1.1.43-150700.3.13.1 * ImageMagick-debugsource-7.1.1.43-150700.3.13.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * perl-PerlMagick-debuginfo-7.1.1.43-150700.3.13.1 * ImageMagick-debugsource-7.1.1.43-150700.3.13.1 * perl-PerlMagick-7.1.1.43-150700.3.13.1 * ImageMagick-debuginfo-7.1.1.43-150700.3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2025-55004.html * https://www.suse.com/security/cve/CVE-2025-55005.html * https://www.suse.com/security/cve/CVE-2025-55154.html * https://www.suse.com/security/cve/CVE-2025-55160.html * https://www.suse.com/security/cve/CVE-2025-55212.html * https://www.suse.com/security/cve/CVE-2025-55298.html * https://www.suse.com/security/cve/CVE-2025-57803.html * https://bugzilla.suse.com/show_bug.cgi?id=1248076 * https://bugzilla.suse.com/show_bug.cgi?id=1248077 * https://bugzilla.suse.com/show_bug.cgi?id=1248078 * https://bugzilla.suse.com/show_bug.cgi?id=1248079 * https://bugzilla.suse.com/show_bug.cgi?id=1248767 * https://bugzilla.suse.com/show_bug.cgi?id=1248780 * https://bugzilla.suse.com/show_bug.cgi?id=1248784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 9 12:30:47 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 09 Sep 2025 12:30:47 -0000 Subject: SUSE-SU-2025:03115-1: important: Security update for go1.25-openssl Message-ID: <175742104719.29615.5141346813259595311@smelt2.prg2.suse.org> # Security update for go1.25-openssl Announcement ID: SUSE-SU-2025:03115-1 Release Date: 2025-09-09T10:37:53Z Rating: important References: * bsc#1244485 * bsc#1246118 * bsc#1247719 * bsc#1247720 * bsc#1247816 * bsc#1248082 * jsc#SLE-18320 Cross-References: * CVE-2025-4674 * CVE-2025-47906 * CVE-2025-47907 CVSS scores: * CVE-2025-4674 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-4674 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-4674 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-47906 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-47906 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2025-47907 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-47907 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2025-47907 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities, contains one feature and has three security fixes can now be installed. ## Description: This update for go1.25-openssl fixes the following issues: Update to version 1.25.0 cut from the go1.25-fips-release branch at the revision tagged go1.25.0-1-openssl-fips. ( jsc#SLE-18320 ) * Rebase to 1.25.0 * Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length buffer of zeros. go1.25 (released 2025-08-12) is a major release of Go. go1.25.x minor releases will be provided through August 2026. https://github.com/golang/go/wiki/Go- Release-Cycle go1.25 arrives six months after Go 1.24. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. ( bsc#1244485 go1.25 release tracking ) * Language changes: There are no languages changes that affect Go programs in Go 1.25. However, in the language specification the notion of core types has been removed in favor of dedicated prose. See the respective blog post for more information. * go command: The go build -asan option now defaults to doing leak detection at program exit. This will report an error if memory allocated by C is not freed and is not referenced by any other memory allocated by either C or Go. These new error reports may be disabled by setting ASAN_OPTIONS=detect_leaks=0 in the environment when running the program. * go command: The Go distribution will include fewer prebuilt tool binaries. Core toolchain binaries such as the compiler and linker will still be included, but tools not invoked by build or test operations will be built and run by go tool as needed. * go command: The new go.mod ignore directive can be used to specify directories the go command should ignore. Files in these directories and their subdirectories will be ignored by the go command when matching package patterns, such as all or ./..., but will still be included in module zip files. * go command: The new go doc -http option will start a documentation server showing documentation for the requested object, and open the documentation in a browser window. * go command: The new go version -m -json option will print the JSON encodings of the runtime/debug.BuildInfo structures embedded in the given Go binary files. * go command: The go command now supports using a subdirectory of a repository as the path for a module root, when resolving a module path using the syntax to indicate that the root-path corresponds to the subdir of the repo-url with version control system vcs. * go command: The new work package pattern matches all packages in the work (formerly called main) modules: either the single work module in module mode or the set of workspace modules in workspace mode. * go command: When the go command updates the go line in a go.mod or go.work file, it no longer adds a toolchain line specifying the command?s current version. * go vet: The go vet command includes new analyzers: * go vet: waitgroup reports misplaced calls to sync.WaitGroup.Add; * go vet: hostport reports uses of fmt.Sprintf("%s:%d", host, port) to construct addresses for net.Dial, as these will not work with IPv6; instead it suggests using net.JoinHostPort. * Runtime: Container-aware GOMAXPROCS. The default behavior of the GOMAXPROCS has changed. In prior versions of Go, GOMAXPROCS defaults to the number of logical CPUs available at startup (runtime.NumCPU). Go 1.25 introduces two changes: On Linux, the runtime considers the CPU bandwidth limit of the cgroup containing the process, if any. If the CPU bandwidth limit is lower than the number of logical CPUs available, GOMAXPROCS will default to the lower limit. In container runtime systems like Kubernetes, cgroup CPU bandwidth limits generally correspond to the ?CPU limit? option. The Go runtime does not consider the ?CPU requests? option. On all OSes, the runtime periodically updates GOMAXPROCS if the number of logical CPUs available or the cgroup CPU bandwidth limit change. Both of these behaviors are automatically disabled if GOMAXPROCS is set manually via the GOMAXPROCS environment variable or a call to runtime.GOMAXPROCS. They can also be disabled explicitly with the GODEBUG settings containermaxprocs=0 and updatemaxprocs=0, respectively. In order to support reading updated cgroup limits, the runtime will keep cached file descriptors for the cgroup files for the duration of the process lifetime. * Runtime: garbage collector: A new garbage collector is now available as an experiment. This garbage collector?s design improves the performance of marking and scanning small objects through better locality and CPU scalability. Benchmark result vary, but we expect somewhere between a 10?40% reduction in garbage collection overhead in real-world programs that heavily use the garbage collector. The new garbage collector may be enabled by setting GOEXPERIMENT=greenteagc at build time. We expect the design to continue to evolve and improve. To that end, we encourage Go developers to try it out and report back their experiences. See the GitHub issue for more details on the design and instructions for sharing feedback. * Runtime: trace flight recorder: Runtime execution traces have long provided a powerful, but expensive way to understand and debug the low-level behavior of an application. Unfortunately, because of their size and the cost of continuously writing an execution trace, they were generally impractical for debugging rare events. The new runtime/trace.FlightRecorder API provides a lightweight way to capture a runtime execution trace by continuously recording the trace into an in-memory ring buffer. When a significant event occurs, a program can call FlightRecorder.WriteTo to snapshot the last few seconds of the trace to a file. This approach produces a much smaller trace by enabling applications to capture only the traces that matter. The length of time and amount of data captured by a FlightRecorder may be configured within the FlightRecorderConfig. * Runtime: Change to unhandled panic output: The message printed when a program exits due to an unhandled panic that was recovered and repanicked no longer repeats the text of the panic value. * Runtime: VMA names on Linux: On Linux systems with kernel support for anonymous virtual memory area (VMA) names (CONFIG_ANON_VMA_NAME), the Go runtime will annotate anonymous memory mappings with context about their purpose. e.g., [anon: Go: heap] for heap memory. This can be disabled with the GODEBUG setting decoratemappings=0. * Compiler: nil pointer bug: This release fixes a compiler bug, introduced in Go 1.21, that could incorrectly delay nil pointer checks. * Compiler: DWARF5 support: The compiler and linker in Go 1.25 now generate debug information using DWARF version 5. The newer DWARF version reduces the space required for debugging information in Go binaries, and reduces the time for linking, especially for large Go binaries. DWARF 5 generation can be disabled by setting the environment variable GOEXPERIMENT=nodwarf5 at build time (this fallback may be removed in a future Go release). * Compiler: Faster slices: The compiler can now allocate the backing store for slices on the stack in more situations, which improves performance. This change has the potential to amplify the effects of incorrect unsafe.Pointer usage, see for example issue 73199. In order to track down these problems, the bisect tool can be used to find the allocation causing trouble using the -compile=variablemake flag. All such new stack allocations can also be turned off using -gcflags=all=-d=variablemakehash=n. * Linker: The linker now accepts a -funcalign=N command line option, which specifies the alignment of function entries. The default value is platform- dependent, and is unchanged in this release. * Standard library: testing/synctest: The new testing/synctest package provides support for testing concurrent code. This package was first available in Go 1.24 under GOEXPERIMENT=synctest, with a slightly different API. The experiment has now graduated to general availability. The old API is still present if GOEXPERIMENT=synctest is set, but will be removed in Go 1.26. * Standard library: testing/synctest: The Test function runs a test function in an isolated ?bubble?. Within the bubble, time is virtualized: time package functions operate on a fake clock and the clock moves forward instantaneously if all goroutines in the bubble are blocked. * Standard library: testing/synctest: The Wait function waits for all goroutines in the current bubble to block. * Standard library: encoding/json/v2: Go 1.25 includes a new, experimental JSON implementation, which can be enabled by setting the environment variable GOEXPERIMENT=jsonv2 at build time. When enabled, two new packages are available: The encoding/json/v2 package is a major revision of the encoding/json package. The encoding/json/jsontext package provides lower- level processing of JSON syntax. In addition, when the ?jsonv2? GOEXPERIMENT is enabled: The encoding/json package uses the new JSON implementation. Marshaling and unmarshaling behavior is unaffected, but the text of errors returned by package function may change. The encoding/json package contains a number of new options which may be used to configure the marshaler and unmarshaler. The new implementation performs substantially better than the existing one under many scenarios. In general, encoding performance is at parity between the implementations and decoding is substantially faster in the new one. See the github.com/go-json-experiment/jsonbench repository for more detailed analysis. We encourage users of encoding/json to test their programs with GOEXPERIMENT=jsonv2 enabled to help detect any compatibility issues with the new implementation. We expect the design of encoding/json/v2 to continue to evolve. We encourage developers to try out the new API and provide feedback on the proposal issue. * archive/tar: The Writer.AddFS implementation now supports symbolic links for filesystems that implement io/fs.ReadLinkFS. * encoding/asn1: Unmarshal and UnmarshalWithParams now parse the ASN.1 types T61String and BMPString more consistently. This may result in some previously accepted malformed encodings now being rejected. * crypto: MessageSigner is a new signing interface that can be implemented by signers that wish to hash the message to be signed themselves. A new function is also introduced, SignMessage, which attempts to upgrade a Signer interface to MessageSigner, using the MessageSigner.SignMessage method if successful, and Signer.Sign if not. This can be used when code wishes to support both Signer and MessageSigner. * crypto: Changing the fips140 GODEBUG setting after the program has started is now a no-op. Previously, it was documented as not allowed, and could cause a panic if changed. * crypto: SHA-1, SHA-256, and SHA-512 are now slower on amd64 when AVX2 instructions are not available. All server processors (and most others) produced since 2015 support AVX2. * crypto/ecdsa: The new ParseRawPrivateKey, ParseUncompressedPublicKey, PrivateKey.Bytes, and PublicKey.Bytes functions and methods implement low- level encodings, replacing the need to use crypto/elliptic or math/big functions and methods. * crypto/ecdsa: When FIPS 140-3 mode is enabled, signing is now four times faster, matching the performance of non-FIPS mode. * crypto/ed25519: When FIPS 140-3 mode is enabled, signing is now four times faster, matching the performance of non-FIPS mode. * crypto/elliptic: The hidden and undocumented Inverse and CombinedMult methods on some Curve implementations have been removed. * crypto/rsa: PublicKey no longer claims that the modulus value is treated as secret. VerifyPKCS1v15 and VerifyPSS already warned that all inputs are public and could be leaked, and there are mathematical attacks that can recover the modulus from other public values. * crypto/rsa: Key generation is now three times faster. * crypto/sha1: Hashing is now two times faster on amd64 when SHA-NI instructions are available. * crypto/sha3: The new SHA3.Clone method implements hash.Cloner. * crypto/sha3: Hashing is now two times faster on Apple M processors. * crypto/tls: The new ConnectionState.CurveID field exposes the key exchange mechanism used to establish the connection. * crypto/tls: The new Config.GetEncryptedClientHelloKeys callback can be used to set the EncryptedClientHelloKeys for a server to use when a client sends an Encrypted Client Hello extension. * crypto/tls: SHA-1 signature algorithms are now disallowed in TLS 1.2 handshakes, per RFC 9155. They can be re-enabled with the GODEBUG setting tlssha1=1. * crypto/tls: When FIPS 140-3 mode is enabled, Extended Master Secret is now required in TLS 1.2, and Ed25519 and X25519MLKEM768 are now allowed. * crypto/tls: TLS servers now prefer the highest supported protocol version, even if it isn?t the client?s most preferred protocol version. * crypto/tls: Both TLS clients and servers are now stricter in following the specifications and in rejecting off-spec behavior. Connections with compliant peers should be unaffected. * crypto/x509: CreateCertificate, CreateCertificateRequest, and CreateRevocationList can now accept a crypto.MessageSigner signing interface as well as crypto.Signer. This allows these functions to use signers which implement ?one-shot? signing interfaces, where hashing is done as part of the signing operation, instead of by the caller. * crypto/x509: CreateCertificate now uses truncated SHA-256 to populate the SubjectKeyId if it is missing. The GODEBUG setting x509sha256skid=0 reverts to SHA-1. * crypto/x509: ParseCertificate now rejects certificates which contain a BasicConstraints extension that contains a negative pathLenConstraint. * crypto/x509: ParseCertificate now handles strings encoded with the ASN.1 T61String and BMPString types more consistently. This may result in some previously accepted malformed encodings now being rejected. * debug/elf: The debug/elf package adds two new constants: PT_RISCV_ATTRIBUTES and SHT_RISCV_ATTRIBUTES for RISC-V ELF parsing. * go/ast: The FilterPackage, PackageExports, and MergePackageFiles functions, and the MergeMode type and its constants, are all deprecated, as they are for use only with the long-deprecated Object and Package machinery. * go/ast: The new PreorderStack function, like Inspect, traverses a syntax tree and provides control over descent into subtrees, but as a convenience it also provides the stack of enclosing nodes at each point. * go/parser: The ParseDir function is deprecated. * go/token: The new FileSet.AddExistingFiles method enables existing Files to be added to a FileSet, or a FileSet to be constructed for an arbitrary set of Files, alleviating the problems associated with a single global FileSet in long-lived applications. * go/types: Var now has a Var.Kind method that classifies the variable as one of: package-level, receiver, parameter, result, local variable, or a struct field. * go/types: The new LookupSelection function looks up the field or method of a given name and receiver type, like the existing LookupFieldOrMethod function, but returns the result in the form of a Selection. * hash: The new XOF interface can be implemented by ?extendable output functions?, which are hash functions with arbitrary or unlimited output length such as SHAKE. * hash: Hashes implementing the new Cloner interface can return a copy of their state. All standard library Hash implementations now implement Cloner. * hash/maphash: The new Hash.Clone method implements hash.Cloner. * io/fs: A new ReadLinkFS interface provides the ability to read symbolic links in a filesystem. * log/slog: GroupAttrs creates a group Attr from a slice of Attr values. * log/slog: Record now has a Source method, returning its source location or nil if unavailable. * mime/multipart: The new helper function FileContentDisposition builds multipart Content-Disposition header fields. * net: LookupMX and Resolver.LookupMX now return DNS names that look like valid IP address, as well as valid domain names. Previously if a name server returned an IP address as a DNS name, LookupMX would discard it, as required by the RFCs. However, name servers in practice do sometimes return IP addresses. * net: On Windows, ListenMulticastUDP now supports IPv6 addresses. * net: On Windows, it is now possible to convert between an os.File and a network connection. Specifcally, the FileConn, FilePacketConn, and FileListener functions are now implemented, and return a network connection or listener corresponding to an open file. Similarly, the File methods of TCPConn, UDPConn, UnixConn, IPConn, TCPListener, and UnixListener are now implemented, and return the underlying os.File of a network connection. * net/http: The new CrossOriginProtection implements protections against Cross-Site Request Forgery (CSRF) by rejecting non-safe cross-origin browser requests. It uses modern browser Fetch metadata, doesn?t require tokens or cookies, and supports origin-based and pattern-based bypasses. * os: On Windows, NewFile now supports handles opened for asynchronous I/O (that is, syscall.FILE_FLAG_OVERLAPPED is specified in the syscall.CreateFile call). These handles are associated with the Go runtime?s I/O completion port, which provides the following benefits for the resulting File: I/O methods (File.Read, File.Write, File.ReadAt, and File.WriteAt) do not block an OS thread. Deadline methods (File.SetDeadline, File.SetReadDeadline, and File.SetWriteDeadline) are supported. This enhancement is especially beneficial for applications that communicate via named pipes on Windows. Note that a handle can only be associated with one completion port at a time. If the handle provided to NewFile is already associated with a completion port, the returned File is downgraded to synchronous I/O mode. In this case, I/O methods will block an OS thread, and the deadline methods have no effect. * os: The filesystems returned by DirFS and Root.FS implement the new io/fs.ReadLinkFS interface. CopyFS supports symlinks when copying filesystems that implement io/fs.ReadLinkFS. The Root type supports the following additional methods: Root.Chmod, Root.Chown, Root.Chtimes, Root.Lchown, Root.Link, Root.MkdirAll, Root.ReadFile, Root.Readlink, Root.RemoveAll, Root.Rename, Root.Symlink, and Root.WriteFile. * reflect: The new TypeAssert function permits converting a Value directly to a Go value of the given type. This is like using a type assertion on the result of Value.Interface, but avoids unnecessary memory allocations. * regexp/syntax: The \p{name} and \P{name} character class syntaxes now accept the names Any, ASCII, Assigned, Cn, and LC, as well as Unicode category aliases like \p{Letter} for \pL. Following Unicode TR18, they also now use case-insensitive name lookups, ignoring spaces, underscores, and hyphens. * runtime: Cleanup functions scheduled by AddCleanup are now executed concurrently and in parallel, making cleanups more viable for heavy use like the unique package. Note that individual cleanups should still shunt their work to a new goroutine if they must execute or block for a long time to avoid blocking the cleanup queue. * runtime: A new GODEBUG=checkfinalizers=1 setting helps find common issues with finalizers and cleanups, such as those described in the GC guide. In this mode, the runtime runs diagnostics on each garbage collection cycle, and will also regularly report the finalizer and cleanup queue lengths to stderr to help identify issues with long-running finalizers and/or cleanups. See the GODEBUG documentation for more details. * runtime: The new SetDefaultGOMAXPROCS function sets GOMAXPROCS to the runtime default value, as if the GOMAXPROCS environment variable is not set. This is useful for enabling the new GOMAXPROCS default if it has been disabled by the GOMAXPROCS environment variable or a prior call to GOMAXPROCS. * runtime/pprof: The mutex profile for contention on runtime-internal locks now correctly points to the end of the critical section that caused the delay. This matches the profile?s behavior for contention on sync.Mutex values. The runtimecontentionstacks setting for GODEBUG, which allowed opting in to the unusual behavior of Go 1.22 through 1.24 for this part of the profile, is now gone. * sync: The new WaitGroup.Go method makes the common pattern of creating and counting goroutines more convenient. * testing: The new methods T.Attr, B.Attr, and F.Attr emit an attribute to the test log. An attribute is an arbitrary key and value associated with a test. * testing: With the -json flag, attributes appear as a new ?attr? action. * testing: The new Output method of T, B and F provides an io.Writer that writes to the same test output stream as TB.Log. Like TB.Log, the output is indented, but it does not include the file and line number. * testing: The AllocsPerRun function now panics if parallel tests are running. The result of AllocsPerRun is inherently flaky if other tests are running. The new panicking behavior helps catch such bugs. * testing/fstest: MapFS implements the new io/fs.ReadLinkFS interface. TestFS will verify the functionality of the io/fs.ReadLinkFS interface if implemented. TestFS will no longer follow symlinks to avoid unbounded recursion. * unicode: The new CategoryAliases map provides access to category alias names, such as ?Letter? for ?L?. * unicode: The new categories Cn and LC define unassigned codepoints and cased letters, respectively. These have always been defined by Unicode but were inadvertently omitted in earlier versions of Go. The C category now includes Cn, meaning it has added all unassigned code points. * unique: The unique package now reclaims interned values more eagerly, more efficiently, and in parallel. As a consequence, applications using Make are now less likely to experience memory blow-up when lots of truly unique values are interned. * unique: Values passed to Make containing Handles previously required multiple garbage collection cycles to collect, proportional to the depth of the chain of Handle values. Now, once unused, they are collected promptly in a single cycle. * Darwin port: As announced in the Go 1.24 release notes, Go 1.25 requires macOS 12 Monterey or later. Support for previous versions has been discontinued. * Windows port: Go 1.25 is the last release that contains the broken 32-bit windows/arm port (GOOS=windows GOARCH=arm). It will be removed in Go 1.26. * Loong64 port: The linux/loong64 port now supports the race detector, gathering traceback information from C code using runtime.SetCgoTraceback, and linking cgo programs with the internal link mode. * RISC-V port: The linux/riscv64 port now supports the plugin build mode. * RISC-V port: The GORISCV64 environment variable now accepts a new value rva23u64, which selects the RVA23U64 user-mode application profile. Fixed during development: * go#74466 bsc#1247719 security: fix CVE-2025-47906 os/exec: LookPath bug: incorrect expansion of "", "." and ".." in some PATH configurations * go#74831 bsc#1247720 security: fix CVE-2025-47907 database/sql: incorrect results returned from Rows.Scan CVE-2025-4674 * go#74380 bsc#1246118 security: fix CVE-2025-4674 cmd/go: disable support for multiple vcs in one module ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3115=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3115=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3115=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3115=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3115=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3115=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3115=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3115=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3115=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3115=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3115=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-3115=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * go1.25-openssl-1.25.0-150000.1.3.1 * go1.25-openssl-doc-1.25.0-150000.1.3.1 * go1.25-openssl-race-1.25.0-150000.1.3.1 * go1.25-openssl-debuginfo-1.25.0-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * go1.25-openssl-1.25.0-150000.1.3.1 * go1.25-openssl-doc-1.25.0-150000.1.3.1 * go1.25-openssl-race-1.25.0-150000.1.3.1 * go1.25-openssl-debuginfo-1.25.0-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * go1.25-openssl-1.25.0-150000.1.3.1 * go1.25-openssl-doc-1.25.0-150000.1.3.1 * go1.25-openssl-race-1.25.0-150000.1.3.1 * go1.25-openssl-debuginfo-1.25.0-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * go1.25-openssl-1.25.0-150000.1.3.1 * go1.25-openssl-doc-1.25.0-150000.1.3.1 * go1.25-openssl-race-1.25.0-150000.1.3.1 * go1.25-openssl-debuginfo-1.25.0-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * go1.25-openssl-1.25.0-150000.1.3.1 * go1.25-openssl-doc-1.25.0-150000.1.3.1 * go1.25-openssl-race-1.25.0-150000.1.3.1 * go1.25-openssl-debuginfo-1.25.0-150000.1.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-openssl-1.25.0-150000.1.3.1 * go1.25-openssl-doc-1.25.0-150000.1.3.1 * go1.25-openssl-race-1.25.0-150000.1.3.1 * go1.25-openssl-debuginfo-1.25.0-150000.1.3.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-openssl-1.25.0-150000.1.3.1 * go1.25-openssl-doc-1.25.0-150000.1.3.1 * go1.25-openssl-race-1.25.0-150000.1.3.1 * go1.25-openssl-debuginfo-1.25.0-150000.1.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-openssl-1.25.0-150000.1.3.1 * go1.25-openssl-doc-1.25.0-150000.1.3.1 * go1.25-openssl-race-1.25.0-150000.1.3.1 * go1.25-openssl-debuginfo-1.25.0-150000.1.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * go1.25-openssl-1.25.0-150000.1.3.1 * go1.25-openssl-doc-1.25.0-150000.1.3.1 * go1.25-openssl-race-1.25.0-150000.1.3.1 * go1.25-openssl-debuginfo-1.25.0-150000.1.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * go1.25-openssl-1.25.0-150000.1.3.1 * go1.25-openssl-doc-1.25.0-150000.1.3.1 * go1.25-openssl-race-1.25.0-150000.1.3.1 * go1.25-openssl-debuginfo-1.25.0-150000.1.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * go1.25-openssl-1.25.0-150000.1.3.1 * go1.25-openssl-doc-1.25.0-150000.1.3.1 * go1.25-openssl-race-1.25.0-150000.1.3.1 * go1.25-openssl-debuginfo-1.25.0-150000.1.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * go1.25-openssl-1.25.0-150000.1.3.1 * go1.25-openssl-doc-1.25.0-150000.1.3.1 * go1.25-openssl-race-1.25.0-150000.1.3.1 * go1.25-openssl-debuginfo-1.25.0-150000.1.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-4674.html * https://www.suse.com/security/cve/CVE-2025-47906.html * https://www.suse.com/security/cve/CVE-2025-47907.html * https://bugzilla.suse.com/show_bug.cgi?id=1244485 * https://bugzilla.suse.com/show_bug.cgi?id=1246118 * https://bugzilla.suse.com/show_bug.cgi?id=1247719 * https://bugzilla.suse.com/show_bug.cgi?id=1247720 * https://bugzilla.suse.com/show_bug.cgi?id=1247816 * https://bugzilla.suse.com/show_bug.cgi?id=1248082 * https://jira.suse.com/browse/SLE-18320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 9 16:30:09 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 09 Sep 2025 16:30:09 -0000 Subject: SUSE-SU-2025:03120-1: important: Security update for java-1_8_0-openjdk Message-ID: <175743540960.29468.2363696887789657215@smelt2.prg2.suse.org> # Security update for java-1_8_0-openjdk Announcement ID: SUSE-SU-2025:03120-1 Release Date: 2025-09-09T15:10:05Z Rating: important References: * bsc#1246580 * bsc#1246584 * bsc#1246595 * bsc#1246598 * bsc#1246806 Cross-References: * CVE-2025-30749 * CVE-2025-30754 * CVE-2025-30761 * CVE-2025-50106 CVSS scores: * CVE-2025-30749 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-30749 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-30749 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-30754 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-30754 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-30754 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-30761 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-30761 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-50106 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-50106 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities and has one security fix can now be installed. ## Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u462 (icedtea-3.36.0). Security issues fixed: * CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java applications that load and run untrusted code (bsc#1246595). * CVE-2025-30754: incomplete handshake allows unauthenticated attacker with network access via TLS to gain unauthorized update, insert, delete and read access to sensitive data (bsc#1246598). * CVE-2025-30761: issue in Scripting component allows unauthenticated attacker with network access to gain unauthorized creation, deletion or modification access to critical data (bsc#1246580). * CVE-2025-50106: Glyph out-of-memory access allows unauthenticated attacker with network access to compromise and takeover Java applications that load and run untrusted code (bsc#1246584). Other issues fixed: * Import of OpenJDK 8 u462 build 08 * JDK-8026976: ECParameters, Point does not match field size. * JDK-8071996: split_if accesses NULL region of ConstraintCast. * JDK-8186143: keytool -ext option doesn't accept wildcards for DNS subject alternative names. * JDK-8186787: clang-4.0 SIGSEGV in Unsafe_PutByte. * JDK-8248001: javadoc generates invalid HTML pages whose ftp:// links are broken. * JDK-8278472: Invalid value set to CANDIDATEFORM structure. * JDK-8293107: GHA: Bump to Ubuntu 22.04. * JDK-8303770: Remove Baltimore root certificate expiring in May 2025. * JDK-8309841: Jarsigner should print a warning if an entry is removed. * JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract. * JDK-8345625: Better HTTP connections. * JDK-8346887: DrawFocusRect() may cause an assertion failure. * JDK-8349111: Enhance Swing supports. * JDK-8350498: Remove two Camerfirma root CA certificates. * JDK-8352716: (tz) Update Timezone Data to 2025b. * JDK-8353433: XCG currency code not recognized in JDK 8u. * JDK-8356096: ISO 4217 Amendment 179 Update. * JDK-8359170: Add 2 TLS and 2 CS Sectigo roots. * Backports * JDK-8358538: Update GHA Windows runner to 2025. * JDK-8354941: Build failure with glibc 2.42 due to uabs() name collision. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-3120=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3120=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-debugsource-1.8.0.462-27.117.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-27.117.1 * java-1_8_0-openjdk-demo-1.8.0.462-27.117.1 * java-1_8_0-openjdk-debuginfo-1.8.0.462-27.117.1 * java-1_8_0-openjdk-devel-1.8.0.462-27.117.1 * java-1_8_0-openjdk-1.8.0.462-27.117.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-27.117.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-27.117.1 * java-1_8_0-openjdk-headless-1.8.0.462-27.117.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * java-1_8_0-openjdk-debugsource-1.8.0.462-27.117.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-27.117.1 * java-1_8_0-openjdk-demo-1.8.0.462-27.117.1 * java-1_8_0-openjdk-debuginfo-1.8.0.462-27.117.1 * java-1_8_0-openjdk-devel-1.8.0.462-27.117.1 * java-1_8_0-openjdk-1.8.0.462-27.117.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-27.117.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-27.117.1 * java-1_8_0-openjdk-headless-1.8.0.462-27.117.1 ## References: * https://www.suse.com/security/cve/CVE-2025-30749.html * https://www.suse.com/security/cve/CVE-2025-30754.html * https://www.suse.com/security/cve/CVE-2025-30761.html * https://www.suse.com/security/cve/CVE-2025-50106.html * https://bugzilla.suse.com/show_bug.cgi?id=1246580 * https://bugzilla.suse.com/show_bug.cgi?id=1246584 * https://bugzilla.suse.com/show_bug.cgi?id=1246595 * https://bugzilla.suse.com/show_bug.cgi?id=1246598 * https://bugzilla.suse.com/show_bug.cgi?id=1246806 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 9 16:30:12 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 09 Sep 2025 16:30:12 -0000 Subject: SUSE-SU-2025:03119-1: critical: Security update for regionServiceClientConfigGCE Message-ID: <175743541291.29468.6232486953089732893@smelt2.prg2.suse.org> # Security update for regionServiceClientConfigGCE Announcement ID: SUSE-SU-2025:03119-1 Release Date: 2025-09-09T12:59:59Z Rating: critical References: * bsc#1242063 * bsc#1246995 Affected Products: * openSUSE Leap 15.6 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * Public Cloud Module 15-SP6 * Public Cloud Module 15-SP7 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has two security fixes can now be installed. ## Description: This update for regionServiceClientConfigGCE contains the following fixes: * Update to version 5.0.0 (bsc#1246995) * SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16 when it gets released. * Update conditional to handle name change of metadata package in SLE 16. (bsc#1242063) * Add noipv6 patch ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3119=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-3119=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-3119=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-3119=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-3119=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-3119=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2025-3119=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2025-3119=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2025-3119=1 * Public Cloud Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2025-3119=1 * Public Cloud Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2025-3119=1 ## Package List: * openSUSE Leap 15.6 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 * Public Cloud Module 15-SP3 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 * Public Cloud Module 15-SP4 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 * Public Cloud Module 15-SP5 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 * Public Cloud Module 15-SP6 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 * Public Cloud Module 15-SP7 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1242063 * https://bugzilla.suse.com/show_bug.cgi?id=1246995 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 9 16:30:16 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 09 Sep 2025 16:30:16 -0000 Subject: SUSE-SU-2025:03118-1: critical: Security update for regionServiceClientConfigEC2 Message-ID: <175743541627.29468.7768934288820155818@smelt2.prg2.suse.org> # Security update for regionServiceClientConfigEC2 Announcement ID: SUSE-SU-2025:03118-1 Release Date: 2025-09-09T12:59:06Z Rating: critical References: * bsc#1243419 * bsc#1246995 Affected Products: * openSUSE Leap 15.6 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * Public Cloud Module 15-SP6 * Public Cloud Module 15-SP7 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has two security fixes can now be installed. ## Description: This update for regionServiceClientConfigEC2 contains the following fixes: * Update to version 5.0.0. (bsc#1246995) * SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16 when it gets released. * Update dependency to accomodate metadata binary package name change in SLE 16. (bsc#1243419) * New 4096 certificate for rgnsrv-ec2-us-east1 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3118=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-3118=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-3118=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-3118=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-3118=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-3118=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2025-3118=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2025-3118=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2025-3118=1 * Public Cloud Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2025-3118=1 * Public Cloud Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2025-3118=1 ## Package List: * openSUSE Leap 15.6 (noarch) * regionServiceClientConfigEC2-5.0.0-150000.3.38.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * regionServiceClientConfigEC2-5.0.0-150000.3.38.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * regionServiceClientConfigEC2-5.0.0-150000.3.38.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * regionServiceClientConfigEC2-5.0.0-150000.3.38.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * regionServiceClientConfigEC2-5.0.0-150000.3.38.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * regionServiceClientConfigEC2-5.0.0-150000.3.38.1 * Public Cloud Module 15-SP3 (noarch) * regionServiceClientConfigEC2-5.0.0-150000.3.38.1 * Public Cloud Module 15-SP4 (noarch) * regionServiceClientConfigEC2-5.0.0-150000.3.38.1 * Public Cloud Module 15-SP5 (noarch) * regionServiceClientConfigEC2-5.0.0-150000.3.38.1 * Public Cloud Module 15-SP6 (noarch) * regionServiceClientConfigEC2-5.0.0-150000.3.38.1 * Public Cloud Module 15-SP7 (noarch) * regionServiceClientConfigEC2-5.0.0-150000.3.38.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1243419 * https://bugzilla.suse.com/show_bug.cgi?id=1246995 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 9 16:30:19 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 09 Sep 2025 16:30:19 -0000 Subject: SUSE-SU-2025:03117-1: critical: Security update for regionServiceClientConfigAzure Message-ID: <175743541928.29468.6740827121536059751@smelt2.prg2.suse.org> # Security update for regionServiceClientConfigAzure Announcement ID: SUSE-SU-2025:03117-1 Release Date: 2025-09-09T12:58:06Z Rating: critical References: * bsc#1243419 * bsc#1246995 Affected Products: * openSUSE Leap 15.6 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * Public Cloud Module 15-SP6 * Public Cloud Module 15-SP7 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has two security fixes can now be installed. ## Description: This update for regionServiceClientConfigAzure contains the following fixes: * Update to version 3.0.0.(bsc#1246995) * SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16 when it gets released. * Update dependency name for metadata package, name change in SLE 16. (bsc#1243419) * Replacing certificate for rgnsrv-azure-southeastasia to get rid of weird chain cert ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2025-3117=1 * Public Cloud Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2025-3117=1 * Public Cloud Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2025-3117=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3117=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-3117=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-3117=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-3117=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-3117=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-3117=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2025-3117=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2025-3117=1 ## Package List: * Public Cloud Module 15-SP5 (noarch) * regionServiceClientConfigAzure-3.0.0-150000.3.28.1 * Public Cloud Module 15-SP6 (noarch) * regionServiceClientConfigAzure-3.0.0-150000.3.28.1 * Public Cloud Module 15-SP7 (noarch) * regionServiceClientConfigAzure-3.0.0-150000.3.28.1 * openSUSE Leap 15.6 (noarch) * regionServiceClientConfigAzure-3.0.0-150000.3.28.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * regionServiceClientConfigAzure-3.0.0-150000.3.28.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * regionServiceClientConfigAzure-3.0.0-150000.3.28.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * regionServiceClientConfigAzure-3.0.0-150000.3.28.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * regionServiceClientConfigAzure-3.0.0-150000.3.28.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * regionServiceClientConfigAzure-3.0.0-150000.3.28.1 * Public Cloud Module 15-SP3 (noarch) * regionServiceClientConfigAzure-3.0.0-150000.3.28.1 * Public Cloud Module 15-SP4 (noarch) * regionServiceClientConfigAzure-3.0.0-150000.3.28.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1243419 * https://bugzilla.suse.com/show_bug.cgi?id=1246995 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 9 20:30:10 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 09 Sep 2025 20:30:10 -0000 Subject: SUSE-SU-2025:03124-1: important: Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3) Message-ID: <175744981004.29468.15369741055987993958@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3) Announcement ID: SUSE-SU-2025:03124-1 Release Date: 2025-09-09T19:33:51Z Rating: important References: * bsc#1231676 * bsc#1231943 * bsc#1232271 * bsc#1237930 * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1246030 Cross-References: * CVE-2022-49053 * CVE-2024-47674 * CVE-2024-47706 * CVE-2024-49867 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2022-49053 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47706 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49867 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves nine vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_179 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232271). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231676). * CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231943). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-3124=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3124=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_49-debugsource-15-150300.2.1 * kernel-livepatch-5_3_18-150300_59_179-default-15-150300.2.1 * kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-15-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_179-preempt-debuginfo-15-150300.2.1 * kernel-livepatch-5_3_18-150300_59_179-preempt-15-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_49-debugsource-15-150300.2.1 * kernel-livepatch-5_3_18-150300_59_179-default-15-150300.2.1 * kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-15-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49053.html * https://www.suse.com/security/cve/CVE-2024-47674.html * https://www.suse.com/security/cve/CVE-2024-47706.html * https://www.suse.com/security/cve/CVE-2024-49867.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1231676 * https://bugzilla.suse.com/show_bug.cgi?id=1231943 * https://bugzilla.suse.com/show_bug.cgi?id=1232271 * https://bugzilla.suse.com/show_bug.cgi?id=1237930 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Sep 9 20:30:18 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 09 Sep 2025 20:30:18 -0000 Subject: SUSE-SU-2025:03123-1: important: Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6) Message-ID: <175744981817.29468.4486462475741740806@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6) Announcement ID: SUSE-SU-2025:03123-1 Release Date: 2025-09-09T17:04:00Z Rating: important References: * bsc#1236207 * bsc#1242579 * bsc#1244235 * bsc#1245505 * bsc#1245775 * bsc#1245791 * bsc#1245805 * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2025-21659 * CVE-2025-21701 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38087 * CVE-2025-38212 CVSS scores: * CVE-2025-21659 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-21659 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38087 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves eight vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_10_17 fixes several issues. The following security issues were fixed: * CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier (bsc#1245504). * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236207). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3123=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-6_4_0-150600_10_17-rt-14-150600.2.1 * kernel-livepatch-6_4_0-150600_10_17-rt-debuginfo-14-150600.2.1 * kernel-livepatch-SLE15-SP6-RT_Update_5-debugsource-14-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21659.html * https://www.suse.com/security/cve/CVE-2025-21701.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38087.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1236207 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245505 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1245805 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 08:30:10 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 08:30:10 -0000 Subject: SUSE-SU-2025:03126-1: important: Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3) Message-ID: <175749301081.30749.8402248233718543774@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3) Announcement ID: SUSE-SU-2025:03126-1 Release Date: 2025-09-09T22:43:42Z Rating: important References: * bsc#1237930 * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1246030 Cross-References: * CVE-2022-49053 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2022-49053 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_188 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-3126=1 SUSE-2025-3125=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3126=1 SUSE-SLE- Module-Live-Patching-15-SP3-2025-3125=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_52-debugsource-10-150300.2.1 * kernel-livepatch-5_3_18-150300_59_188-default-debuginfo-10-150300.2.1 * kernel-livepatch-5_3_18-150300_59_185-default-debuginfo-11-150300.2.1 * kernel-livepatch-5_3_18-150300_59_185-default-11-150300.2.1 * kernel-livepatch-5_3_18-150300_59_188-default-10-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_51-debugsource-11-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_185-preempt-debuginfo-11-150300.2.1 * kernel-livepatch-5_3_18-150300_59_188-preempt-debuginfo-10-150300.2.1 * kernel-livepatch-5_3_18-150300_59_188-preempt-10-150300.2.1 * kernel-livepatch-5_3_18-150300_59_185-preempt-11-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_185-default-11-150300.2.1 * kernel-livepatch-5_3_18-150300_59_188-default-10-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49053.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1237930 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:30:11 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:30:11 -0000 Subject: SUSE-SU-2025:03129-1: important: Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3) Message-ID: <175750741108.29615.16395501617444675548@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3) Announcement ID: SUSE-SU-2025:03129-1 Release Date: 2025-09-10T10:04:29Z Rating: important References: * bsc#1237930 * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1246030 Cross-References: * CVE-2022-49053 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2022-49053 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_195 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-3129=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3129=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_195-default-debuginfo-7-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_54-debugsource-7-150300.2.1 * kernel-livepatch-5_3_18-150300_59_195-default-7-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_195-preempt-7-150300.2.1 * kernel-livepatch-5_3_18-150300_59_195-preempt-debuginfo-7-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_195-default-7-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49053.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1237930 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:30:21 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:30:21 -0000 Subject: SUSE-SU-2025:03130-1: important: Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3) Message-ID: <175750742189.29615.8074122146368612602@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3) Announcement ID: SUSE-SU-2025:03130-1 Release Date: 2025-09-10T11:33:55Z Rating: important References: * bsc#1231676 * bsc#1231943 * bsc#1232271 * bsc#1237930 * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1246030 Cross-References: * CVE-2022-49053 * CVE-2024-47674 * CVE-2024-47706 * CVE-2024-49867 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2022-49053 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47706 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49867 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves nine vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_174 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232271). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231676). * CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231943). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-3130=1 SUSE-2025-3128=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3130=1 SUSE-SLE- Module-Live-Patching-15-SP3-2025-3128=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_174-default-16-150300.2.1 * kernel-livepatch-5_3_18-150300_59_170-default-17-150300.2.1 * kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-17-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_47-debugsource-17-150300.2.1 * kernel-livepatch-5_3_18-150300_59_174-default-debuginfo-16-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_48-debugsource-16-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_170-preempt-17-150300.2.1 * kernel-livepatch-5_3_18-150300_59_174-preempt-debuginfo-16-150300.2.1 * kernel-livepatch-5_3_18-150300_59_174-preempt-16-150300.2.1 * kernel-livepatch-5_3_18-150300_59_170-preempt-debuginfo-17-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_174-default-16-150300.2.1 * kernel-livepatch-5_3_18-150300_59_170-default-17-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_47-debugsource-17-150300.2.1 * kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-17-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49053.html * https://www.suse.com/security/cve/CVE-2024-47674.html * https://www.suse.com/security/cve/CVE-2024-47706.html * https://www.suse.com/security/cve/CVE-2024-49867.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1231676 * https://bugzilla.suse.com/show_bug.cgi?id=1231943 * https://bugzilla.suse.com/show_bug.cgi?id=1232271 * https://bugzilla.suse.com/show_bug.cgi?id=1237930 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:30:32 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:30:32 -0000 Subject: SUSE-SU-2025:20658-1: important: Security update for iperf Message-ID: <175750743226.29615.17970665389864212406@smelt2.prg2.suse.org> # Security update for iperf Announcement ID: SUSE-SU-2025:20658-1 Release Date: 2025-09-05T12:57:05Z Rating: important References: * bsc#1247519 * bsc#1247520 * bsc#1247522 Cross-References: * CVE-2025-54349 * CVE-2025-54350 * CVE-2025-54351 CVSS scores: * CVE-2025-54349 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-54349 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-54349 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2025-54350 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-54350 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-54350 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-54351 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-54351 ( NVD ): 8.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2025-54351 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro Extras 6.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for iperf fixes the following issues: Update to 3.19.1: * CVE-2025-54349: Fixed off-by-one error and resultant heap-based buffer overflow (bsc#1247519). * CVE-2025-54350: Fixed Base64Decode assertion failure and application exit upon a malformed authentication attempt (bsc#1247520). * CVE-2025-54351: Fixed buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv) (bsc#1247522). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-448=1 ## Package List: * SUSE Linux Micro Extras 6.0 (aarch64 s390x x86_64) * iperf-debuginfo-3.19.1-1.1 * libiperf0-3.19.1-1.1 * iperf-debugsource-3.19.1-1.1 * iperf-3.19.1-1.1 * libiperf0-debuginfo-3.19.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-54349.html * https://www.suse.com/security/cve/CVE-2025-54350.html * https://www.suse.com/security/cve/CVE-2025-54351.html * https://bugzilla.suse.com/show_bug.cgi?id=1247519 * https://bugzilla.suse.com/show_bug.cgi?id=1247520 * https://bugzilla.suse.com/show_bug.cgi?id=1247522 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:30:28 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:30:28 -0000 Subject: SUSE-SU-2025:03127-1: critical: Security update for python-deepdiff Message-ID: <175750742837.29615.7252648931662300603@smelt2.prg2.suse.org> # Security update for python-deepdiff Announcement ID: SUSE-SU-2025:03127-1 Release Date: 2025-09-10T08:49:39Z Rating: critical References: * bsc#1249347 Cross-References: * CVE-2025-58367 CVSS scores: * CVE-2025-58367 ( SUSE ): 10.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-58367 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-58367 ( NVD ): 10.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for python-deepdiff fixes the following issues: * CVE-2025-58367: class pollution via the `Delta` class constructor can lead to denial-of-service and remote code execution (bsc#1249347). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3127=1 openSUSE-SLE-15.6-2025-3127=1 ## Package List: * openSUSE Leap 15.6 (noarch) * python311-deepdiff-6.3.0-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-58367.html * https://bugzilla.suse.com/show_bug.cgi?id=1249347 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:30:34 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:30:34 -0000 Subject: SUSE-SU-2025:20657-1: moderate: Security update for aide Message-ID: <175750743497.29615.5570453521679232453@smelt2.prg2.suse.org> # Security update for aide Announcement ID: SUSE-SU-2025:20657-1 Release Date: 2025-09-05T12:55:51Z Rating: moderate References: * bsc#1247884 * bsc#1247885 Cross-References: * CVE-2025-54389 * CVE-2025-54409 CVSS scores: * CVE-2025-54389 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-54389 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-54389 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-54389 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2025-54409 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-54409 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for aide fixes the following issues: * CVE-2025-54389: Escape control characters in report and log output (bsc#1247884). * CVE-2025-54409: Fix null pointer dereference after reading incorrectly encoded xattr attributes from database (bsc#1247885). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-449=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * aide-debuginfo-0.18.6-2.1 * aide-debugsource-0.18.6-2.1 * aide-0.18.6-2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-54389.html * https://www.suse.com/security/cve/CVE-2025-54409.html * https://bugzilla.suse.com/show_bug.cgi?id=1247884 * https://bugzilla.suse.com/show_bug.cgi?id=1247885 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:30:41 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:30:41 -0000 Subject: SUSE-SU-2025:20656-1: important: Security update for cloud-init Message-ID: <175750744111.29615.3483804175028550526@smelt2.prg2.suse.org> # Security update for cloud-init Announcement ID: SUSE-SU-2025:20656-1 Release Date: 2025-09-05T12:55:50Z Rating: important References: * bsc#1228414 * bsc#1233649 * bsc#1236720 * bsc#1237764 * bsc#1239715 * bsc#1245403 * jsc#PED-8680 * jsc#PM-2335 * jsc#PM-3175 * jsc#PM-3181 Cross-References: * CVE-2023-1786 * CVE-2024-11584 * CVE-2024-6174 CVSS scores: * CVE-2023-1786 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1786 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-11584 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-11584 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-11584 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-11584 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-6174 ( SUSE ): 7.7 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-6174 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-6174 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves three vulnerabilities, contains four features and has three fixes can now be installed. ## Description: This update for cloud-init fixes the following issues: Update to version 25.1.3: * CVE-2024-6174: Unpriveleged user could trigger hotplug-hook commands (bsc#1245403). None security fixes: * Rebase cloud-init to 24.4 or higher (bsc#1239715, jsc#PED-8680). * Fixed cloud-init --debug status (bsc#1228414). * Using ssh_pwauth: True in cloud-init breaks ssh for root (bsc#1237764). * Fixed FileNotFoundError (bsc#1236720). * Fixed python 3.13 support (bsc#1233649). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-447=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * cloud-init-config-suse-25.1.3-1.1 * cloud-init-25.1.3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1786.html * https://www.suse.com/security/cve/CVE-2024-11584.html * https://www.suse.com/security/cve/CVE-2024-6174.html * https://bugzilla.suse.com/show_bug.cgi?id=1228414 * https://bugzilla.suse.com/show_bug.cgi?id=1233649 * https://bugzilla.suse.com/show_bug.cgi?id=1236720 * https://bugzilla.suse.com/show_bug.cgi?id=1237764 * https://bugzilla.suse.com/show_bug.cgi?id=1239715 * https://bugzilla.suse.com/show_bug.cgi?id=1245403 * https://jira.suse.com/browse/PED-8680 * https://jira.suse.com/browse/PM-2335 * https://jira.suse.com/browse/PM-3175 * https://jira.suse.com/browse/PM-3181 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:30:45 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:30:45 -0000 Subject: SUSE-SU-2025:20655-1: moderate: Security update for jq Message-ID: <175750744519.29615.12027751477037194728@smelt2.prg2.suse.org> # Security update for jq Announcement ID: SUSE-SU-2025:20655-1 Release Date: 2025-09-05T12:55:50Z Rating: moderate References: * bsc#1244116 Cross-References: * CVE-2025-48060 CVSS scores: * CVE-2025-48060 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-48060 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-48060 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-48060 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for jq fixes the following issues: * CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt) (bsc#1244116). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-446=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * jq-debuginfo-1.6-5.1 * libjq1-1.6-5.1 * jq-debugsource-1.6-5.1 * libjq1-debuginfo-1.6-5.1 * jq-1.6-5.1 ## References: * https://www.suse.com/security/cve/CVE-2025-48060.html * https://bugzilla.suse.com/show_bug.cgi?id=1244116 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:30:47 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:30:47 -0000 Subject: SUSE-SU-2025:20654-1: moderate: Security update for grub2 Message-ID: <175750744726.29615.15043065128011092999@smelt2.prg2.suse.org> # Security update for grub2 Announcement ID: SUSE-SU-2025:20654-1 Release Date: 2025-09-05T12:55:50Z Rating: moderate References: * bsc#1234959 Cross-References: * CVE-2024-56738 CVSS scores: * CVE-2024-56738 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-56738 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-56738 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for grub2 fixes the following issues: * CVE-2024-56738: Side-channel attack due to not constant-timealgorithm in grub_crypto_memcmp (bsc#1234959). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-445=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * grub2-2.12~rc1-7.1 * grub2-debugsource-2.12~rc1-7.1 * grub2-debuginfo-2.12~rc1-7.1 * SUSE Linux Micro 6.0 (noarch) * grub2-x86_64-efi-2.12~rc1-7.1 * grub2-i386-pc-2.12~rc1-7.1 * grub2-arm64-efi-2.12~rc1-7.1 * grub2-snapper-plugin-2.12~rc1-7.1 * grub2-x86_64-xen-2.12~rc1-7.1 * SUSE Linux Micro 6.0 (s390x) * grub2-s390x-emu-2.12~rc1-7.1 ## References: * https://www.suse.com/security/cve/CVE-2024-56738.html * https://bugzilla.suse.com/show_bug.cgi?id=1234959 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:36:28 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:36:28 -0000 Subject: SUSE-SU-2025:20648-1: important: Security update for kernel-livepatch-MICRO-6-0-RT_Update_3 Message-ID: <175750778861.20766.5934686573259774928@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_3 Announcement ID: SUSE-SU-2025:20648-1 Release Date: 2025-09-01T10:50:22Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_3 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-98=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-11-rt-debuginfo-10-1.2 * kernel-livepatch-6_4_0-11-rt-10-1.2 * kernel-livepatch-MICRO-6-0-RT_Update_3-debugsource-10-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:36:14 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:36:14 -0000 Subject: SUSE-SU-2025:20653-1: important: Security update for the Linux Kernel Message-ID: <175750777489.20766.8720630468824275966@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2025:20653-1 Release Date: 2025-09-05T10:12:01Z Rating: important References: * bsc#1012628 * bsc#1213545 * bsc#1215199 * bsc#1221858 * bsc#1222323 * bsc#1230557 * bsc#1230708 * bsc#1233120 * bsc#1240708 * bsc#1240890 * bsc#1242034 * bsc#1242754 * bsc#1244734 * bsc#1244930 * bsc#1245663 * bsc#1245710 * bsc#1245767 * bsc#1245780 * bsc#1245815 * bsc#1245956 * bsc#1245973 * bsc#1245977 * bsc#1246005 * bsc#1246012 * bsc#1246181 * bsc#1246193 * bsc#1247057 * bsc#1247078 * bsc#1247112 * bsc#1247116 * bsc#1247119 * bsc#1247155 * bsc#1247162 * bsc#1247167 * bsc#1247229 * bsc#1247243 * bsc#1247280 * bsc#1247313 * bsc#1247712 * bsc#1247976 * bsc#1248088 * bsc#1248108 * bsc#1248164 * bsc#1248166 * bsc#1248178 * bsc#1248179 * bsc#1248180 * bsc#1248183 * bsc#1248186 * bsc#1248194 * bsc#1248196 * bsc#1248198 * bsc#1248205 * bsc#1248206 * bsc#1248208 * bsc#1248209 * bsc#1248212 * bsc#1248213 * bsc#1248214 * bsc#1248216 * bsc#1248217 * bsc#1248223 * bsc#1248227 * bsc#1248228 * bsc#1248229 * bsc#1248240 * bsc#1248255 * bsc#1248297 * bsc#1248306 * bsc#1248312 * bsc#1248333 * bsc#1248337 * bsc#1248338 * bsc#1248340 * bsc#1248341 * bsc#1248345 * bsc#1248349 * bsc#1248350 * bsc#1248354 * bsc#1248355 * bsc#1248361 * bsc#1248363 * bsc#1248368 * bsc#1248374 * bsc#1248377 * bsc#1248386 * bsc#1248390 * bsc#1248395 * bsc#1248399 * bsc#1248401 * bsc#1248511 * bsc#1248573 * bsc#1248575 * bsc#1248577 * bsc#1248609 * bsc#1248614 * bsc#1248617 * bsc#1248621 * bsc#1248636 * bsc#1248643 * bsc#1248648 * bsc#1248652 * bsc#1248655 * bsc#1248666 * bsc#1248669 * bsc#1248746 * bsc#1248748 * bsc#1249022 * jsc#PED-13343 * jsc#PED-13345 Cross-References: * CVE-2023-3867 * CVE-2023-4130 * CVE-2023-4515 * CVE-2024-26661 * CVE-2024-46733 * CVE-2024-58238 * CVE-2024-58239 * CVE-2025-38006 * CVE-2025-38075 * CVE-2025-38103 * CVE-2025-38125 * CVE-2025-38146 * CVE-2025-38160 * CVE-2025-38184 * CVE-2025-38185 * CVE-2025-38190 * CVE-2025-38201 * CVE-2025-38205 * CVE-2025-38208 * CVE-2025-38245 * CVE-2025-38251 * CVE-2025-38360 * CVE-2025-38439 * CVE-2025-38441 * CVE-2025-38444 * CVE-2025-38445 * CVE-2025-38458 * CVE-2025-38459 * CVE-2025-38464 * CVE-2025-38472 * CVE-2025-38490 * CVE-2025-38491 * CVE-2025-38499 * CVE-2025-38500 * CVE-2025-38503 * CVE-2025-38506 * CVE-2025-38510 * CVE-2025-38512 * CVE-2025-38513 * CVE-2025-38515 * CVE-2025-38516 * CVE-2025-38520 * CVE-2025-38524 * CVE-2025-38528 * CVE-2025-38529 * CVE-2025-38530 * CVE-2025-38531 * CVE-2025-38535 * CVE-2025-38537 * CVE-2025-38538 * CVE-2025-38540 * CVE-2025-38541 * CVE-2025-38543 * CVE-2025-38546 * CVE-2025-38548 * CVE-2025-38550 * CVE-2025-38553 * CVE-2025-38555 * CVE-2025-38560 * CVE-2025-38563 * CVE-2025-38565 * CVE-2025-38566 * CVE-2025-38568 * CVE-2025-38571 * CVE-2025-38572 * CVE-2025-38576 * CVE-2025-38581 * CVE-2025-38582 * CVE-2025-38583 * CVE-2025-38585 * CVE-2025-38587 * CVE-2025-38588 * CVE-2025-38591 * CVE-2025-38601 * CVE-2025-38602 * CVE-2025-38604 * CVE-2025-38608 * CVE-2025-38609 * CVE-2025-38610 * CVE-2025-38612 * CVE-2025-38617 * CVE-2025-38618 * CVE-2025-38621 * CVE-2025-38624 * CVE-2025-38630 * CVE-2025-38632 * CVE-2025-38634 * CVE-2025-38635 * CVE-2025-38644 * CVE-2025-38646 * CVE-2025-38650 * CVE-2025-38656 * CVE-2025-38663 * CVE-2025-38665 * CVE-2025-38670 * CVE-2025-38671 CVSS scores: * CVE-2023-4130 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2023-4130 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4515 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2023-4515 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26661 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26661 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46733 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-58238 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-58238 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-58239 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-58239 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38006 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38006 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-38075 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38075 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38103 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-38103 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-38125 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38125 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38146 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38146 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38160 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38160 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38184 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38184 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38185 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38185 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38190 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38190 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38205 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38205 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38208 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38208 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38245 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38245 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38251 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38251 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38360 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38360 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38439 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-38439 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-38441 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38441 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-38444 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38444 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38445 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38445 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38458 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38458 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38459 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38459 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38464 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38464 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-38472 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38472 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38490 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38490 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38491 ( SUSE ): 2.3 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-38491 ( SUSE ): 5.0 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-38499 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H * CVE-2025-38499 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H * CVE-2025-38500 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38500 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38503 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38503 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38506 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-38506 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-38510 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38510 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38512 ( SUSE ): 6.9 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-38512 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-38513 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38513 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38515 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38515 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38516 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38516 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38520 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38520 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38524 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38524 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38528 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-38528 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-38529 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38529 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2025-38530 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38530 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2025-38531 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38531 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-38535 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38535 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38537 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38537 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38538 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38538 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38540 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38540 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38541 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38541 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38543 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38543 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38546 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38546 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38548 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38548 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38550 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38550 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38553 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38553 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38555 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38560 ( SUSE ): 5.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2025-38560 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2025-38563 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2025-38565 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-38565 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-38566 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38566 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38568 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38568 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-38571 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38571 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38572 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38572 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38576 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38576 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38581 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38581 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38582 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38582 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-38583 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38583 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38585 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38585 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38587 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38587 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38588 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38588 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38591 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-38591 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2025-38601 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38601 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38602 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38602 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38604 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38604 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-38608 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38608 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-38609 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38609 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38610 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38610 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38612 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38612 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38617 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38617 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38618 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38618 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38621 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38621 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38624 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38624 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38630 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38630 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38632 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38632 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38634 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38634 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38635 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38635 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38644 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38644 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38646 ( SUSE ): 6.0 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38646 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38650 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38656 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38656 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38663 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38665 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38670 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38671 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro Extras 6.0 An update that solves 96 vulnerabilities, contains two features and has 12 fixes can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-46733: btrfs: fix qgroup reserve leaks in cow_file_range (bsc#1230708). * CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930). * CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734). * CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663). * CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710). * CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767). * CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780). * CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). * CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012). * CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973). * CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977). * CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005). * CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815). * CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193). * CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181). * CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078). * CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155). * CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167). * CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162). * CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229). * CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116). * CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119). * CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112). * CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313). * CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243). * CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280). * CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). * CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088). * CVE-2025-38506: KVM: Allow CPU to reschedule while setting per-page memory attributes (bsc#1248186). * CVE-2025-38520: drm/amdkfd: Do not call mmput from MMU notifier callback (bsc#1248217). * CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194). * CVE-2025-38528: bpf: Reject %p% format string in bprintf-like helpers (bsc#1248198). * CVE-2025-38531: iio: common: st_sensors: Fix use of uninitialize device structs (bsc#1248205). * CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). * CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). * CVE-2025-38585: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (bsc#1248355). * CVE-2025-38591: bpf: Reject narrower access to pointer ctx fields (bsc#1248363). * CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). * CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). The following non-security bugs were fixed: * ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes). * ACPI: pfr_update: Fix the driver update version check (git-fixes). * ACPI: processor: fix acpi_object initialization (stable-fixes). * ACPI: processor: perflib: Move problematic pr->performance check (git- fixes). * ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes). * ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes). * ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes). * ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes). * ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes). * ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes). * ALSA: hda: Disable jack polling at shutdown (stable-fixes). * ALSA: hda: Handle the jack polling always via a work (stable-fixes). * ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable- fixes). * ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable- fixes). * ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes). * ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable- fixes). * ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes). * ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git- fixes). * ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes). * ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes). * ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes). * ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes). * ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes). * ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes). * ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes). * ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes). * ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable- fixes). * ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable- fixes). * ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes). * Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes). * Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git- fixes). * Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git- fixes). * Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes). * Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git- fixes). * Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes). * Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable- fixes). * Bluetooth: hci_sync: fix set_local_name race condition (git-fixes). * HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes). * HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git- fixes). * Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108). * PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git- fixes). * PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes). * PCI: Add ACS quirk for Loongson PCIe (git-fixes). * PCI: Support Immediate Readiness on devices without PM capabilities (git- fixes). * PCI: apple: Fix missing OF node reference in apple_pcie_setup_port (git- fixes). * PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes). * PCI: imx6: Delay link start until configfs 'start' written (git-fixes). * PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes). * PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199). * PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199). * PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git- fixes). * PCI: rockchip: Use standard PCIe definitions (git-fixes). * PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes). * PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable- fixes). * PM: sleep: console: Fix the black screen issue (stable-fixes). * RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034). * RAS/AMD/FMPM: Get masked address (bsc#1242034). * RAS/AMD/FMPM: Use atl internal.h for INVALID_SPA (bsc#1242034). * RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes) * RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes) * RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes) * RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes) * RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes) * RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes) * RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes) * RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes) * Revert "gpio: mlxbf3: only get IRQ for device instance 0" (git-fixes). * USB: serial: option: add Foxconn T99W709 (stable-fixes). * USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes). * USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes). * aoe: defer rexmit timer downdev work to workqueue (git-fixes). * arch/powerpc: Remove .interp section in vmlinux (bsc#1215199). * arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 (git- fixes) * arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes) * arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes) * arm64: Add support for HIP09 Spectre-BHB mitigation (git-fixes) * arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes) * arm64: Restrict pagetable teardown to avoid false warning (git-fixes) * arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes) * arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes) * arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes) * arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes) * arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git- fixes) * arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git- fixes) * arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git- fixes) * arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git- fixes) * arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git- fixes) * arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes) * arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes) * arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git- fixes) * arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes) * arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes) * arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes) * arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes) * arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes) * arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes) * ata: libata-scsi: Fix CDL control (git-fixes). * block: fix kobject leak in blk_unregister_queue (git-fixes). * block: mtip32xx: Fix usage of dma_map_sg() (git-fixes). * bpf: fix kfunc btf caching for modules (git-fixes). * bpf: use kvzmalloc to allocate BPF verifier environment (git-fixes). * btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes). * btrfs: correctly escape subvol in btrfs_show_options() (git-fixes). * btrfs: fix adding block group to a reclaim list and the unused list during reclaim (git-fixes). * btrfs: fix bitmap leak when loading free space cache on duplicate entry (git-fixes). * btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes). * btrfs: fix the length of reserved qgroup to free (bsc#1240708) * btrfs: retry block group reclaim without infinite loop (git-fixes). * btrfs: return accurate error code on open failure in open_fs_devices() (bsc#1233120) * btrfs: run delayed iputs when flushing delalloc (git-fixes). * btrfs: update target inode's ctime on unlink (git-fixes). * cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes). * char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes). * comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes). * comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes). * comedi: fix race between polling and detaching (git-fixes). * comedi: pcl726: Prevent invalid irq number (git-fixes). * crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes). * crypto: jitter - fix intermediary handling (stable-fixes). * crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes). * crypto: qat - lower priority for skcipher and aead algorithms (stable- fixes). * drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes). * drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes). * drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes). * drm/amd/display: Avoid a NULL pointer dereference (stable-fixes). * drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes). * drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes). * drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes). * drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes). * drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes). * drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes). * drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes). * drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git- fixes). * drm/amd/display: Only finalize atomic_obj if it was initialized (stable- fixes). * drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes). * drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes). * drm/amd: Restore cached power limit during resume (stable-fixes). * drm/amdgpu: Avoid extra evict-restore process (stable-fixes). * drm/amdgpu: fix incorrect vm flags to map bo (git-fixes). * drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes). * drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes). * drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes). * drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes). * drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes). * drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes). * drm/msm/kms: move snapshot init earlier in KMS init (git-fixes). * drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes). * drm/msm: use trylock for debugfs (stable-fixes). * drm/nouveau/disp: Always accept linear modifier (git-fixes). * drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes). * drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes). * drm/nouveau: fix typos in comments (git-fixes). * drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes). * drm/nouveau: remove unused memory target test (git-fixes). * drm/ttm: Respect the shrinker core free target (stable-fixes). * drm/ttm: Should to return the evict error (stable-fixes). * et131x: Add missing check after DMA map (stable-fixes). * exfat: add cluster chain loop check for dir (git-fixes). * fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes). * fbdev: fix potential buffer overflow in do_register_framebuffer() (stable- fixes). * fs/mnt_idmapping.c: Return -EINVAL when no map is written (bsc#1233120) * fs/orangefs: use snprintf() instead of sprintf() (git-fixes). * gpio: mlxbf3: use platform_get_irq_optional() (git-fixes). * gpio: tps65912: check the return value of regmap_update_bits() (stable- fixes). * gpio: wcd934x: check the return value of regmap_update_bits() (stable- fixes). * hfs: fix not erasing deleted b-tree node issue (git-fixes). * hfs: fix slab-out-of-bounds in hfs_bnode_read() (git-fixes). * hfsplus: do not use BUG_ON() in hfsplus_create_attributes_file() (git- fixes). * hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (git-fixes). * hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). * hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes). * i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes). * i3c: do not fail if GETHDRCAP is unsupported (stable-fixes). * i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes). * ice, irdma: fix an off by one in error handling code (bsc#1247712). * ice, irdma: move interrupts code to irdma (bsc#1247712). * ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712). * ice: count combined queues using Rx/Tx count (bsc#1247712). * ice: devlink PF MSI-X max and min parameter (bsc#1247712). * ice: enable_rdma devlink param (bsc#1247712). * ice: get rid of num_lan_msix field (bsc#1247712). * ice: init flow director before RDMA (bsc#1247712). * ice: remove splitting MSI-X between features (bsc#1247712). * ice: simplify VF MSI-X managing (bsc#1247712). * ice: treat dyn_allowed only as suggestion (bsc#1247712). * iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable- fixes). * iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes). * iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes). * iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes). * iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes). * iio: proximity: isl29501: fix buffered read on big-endian systems (git- fixes). * integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343). * iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes). * ipmi: Fix strcpy source and destination the same (stable-fixes). * ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable- fixes). * irdma: free iwdev->rf after removing MSI-X (bsc#1247712). * jfs: Regular file corruption check (git-fixes). * jfs: truncate good inode pages when hard link is 0 (git-fixes). * jfs: upper bound check of tree index in dbAllocAG (git-fixes). * kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git- fixes). * kselftest/arm64: Fix check for setting new VLs in sve-ptrace (git-fixes). * leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes). * loop: use kiocb helpers to fix lockdep warning (git-fixes). * mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes). * md/md-cluster: handle REMOVE message earlier (bsc#1247057). * md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes). * md: allow removing faulty rdev during resync (git-fixes). * md: make rdev_addable usable for rcu mode (git-fixes). * media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes). * media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes). * media: tc358743: Check I2C succeeded during probe (stable-fixes). * media: tc358743: Increase FIFO trigger level to 374 (stable-fixes). * media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes). * media: usb: hdpvr: disable zero-length read messages (stable-fixes). * media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes). * media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes). * mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes). * memstick: Fix deadlock by moving removing flag earlier (git-fixes). * mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes) * mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes). * mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable- fixes). * mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes). * most: core: Drop device reference after usage in get_channel() (git-fixes). * mptcp: fallback when MPTCP opts are dropped after 1st data (git-fixes). * mptcp: reset when MPTCP opts are dropped after join (git-fixes). * net: phy: micrel: Add ksz9131_resume() (stable-fixes). * net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes). * net: thunderbolt: Enable end-to-end flow control also in transmit (stable- fixes). * net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes). * net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes). * net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes). * pNFS: Fix disk addr range check in block/scsi layout (git-fixes). * pNFS: Fix stripe mapping in block/scsi layout (git-fixes). * pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes). * pNFS: Handle RPC size limit for layoutcommits (git-fixes). * phy: mscc: Fix parsing of unicast frames (git-fixes). * phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable- fixes). * pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes). * pinctrl: stm32: Manage irq affinity settings (stable-fixes). * platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable- fixes). * platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable- fixes). * pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes). * power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes). * powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199). * powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199). * powerpc/eeh: Rely on dev->link_active_reporting (bsc#1215199). * powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199). * powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343). * powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343). * powerpc: do not build ppc_save_regs.o always (bsc#1215199). * pwm: mediatek: Fix duty and period setting (git-fixes). * pwm: mediatek: Handle hardware enable and clock enable separately (stable- fixes). * reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes). * rpm/config.sh: Update Leap project * rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes). * rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable- fixes). * samples/bpf: Fix compilation errors with cf-protection option (git-fixes). * scsi: Revert "scsi: iscsi: Fix HW conn removal use after free" (git-fixes). * scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes). * scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes). * scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes). * scsi: isci: Fix dma_unmap_sg() nents value (git-fixes). * scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes). * scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes). * scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git- fixes). * scsi: mpt3sas: Fix a fw_event memory leak (git-fixes). * scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes). * scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes). * selftests/bpf: fexit_sleep: Fix stack allocation for arm64 (git-fixes). * selftests/tracing: Fix false failure of subsystem event test (git-fixes). * selftests: Fix errno checking in syscall_user_dispatch test (git-fixes). * selftests: rtnetlink.sh: remove esp4_offload after test (git-fixes). * serial: 8250: fix panic due to PSLVERR (git-fixes). * slab: Decouple slab_debug and no_hash_pointers (bsc#1249022). * smb: client: fix parsing of device numbers (git-fixes). * soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes). * soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes). * squashfs: fix memory leak in squashfs_fill_super (git-fixes). * sunrpc: fix handling of server side tls alerts (git-fixes). * sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes). * thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes). * thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes). * ublk: sanity check add_dev input for underflow (git-fixes). * ublk: use vmalloc for ublk_device's __queues (git-fixes). * usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes). * usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes). * usb: core: usb_submit_urb: downgrade type check (stable-fixes). * usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git- fixes). * usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable- fixes). * usb: dwc3: core: Fix system suspend on TI AM62 platforms (git-fixes). * usb: dwc3: fix fault at system suspend if device was already runtime suspended (git-fixes). * usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes). * usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes). * usb: renesas-xhci: Fix External ROM access timeouts (git-fixes). * usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git- fixes). * usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable- fixes). * usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes). * usb: xhci: Avoid showing errors during surprise removal (stable-fixes). * usb: xhci: Avoid showing warnings for dying controller (stable-fixes). * usb: xhci: Fix slot_id resource race conflict (git-fixes). * usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes). * usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes). * vfs: Add a sysctl for automated deletion of dentry (bsc#1240890). * watchdog: dw_wdt: Fix default timeout (stable-fixes). * watchdog: iTCO_wdt: Report error if timeout configuration fails (stable- fixes). * watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes). * wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes). * wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes). * wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable- fixes). * wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes). * wifi: cfg80211: Fix interface type validation (stable-fixes). * wifi: cfg80211: reject HTC bit for management frames (stable-fixes). * wifi: iwlegacy: Check rate_idx range after addition (stable-fixes). * wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable- fixes). * wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable- fixes). * wifi: iwlwifi: mvm: fix scan request validation (stable-fixes). * wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes). * wifi: mac80211: do not complete management TX on SAE commit (stable-fixes). * wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes). * wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes). * wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes). * wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes). * wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes). * wifi: rtw89: Disable deep power saving for USB/SDIO (stable-fixes). * wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes). * wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable- fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-101=1 * SUSE Linux Micro Extras 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-101=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * kernel-source-6.4.0-34.1 * kernel-devel-6.4.0-34.1 * kernel-macros-6.4.0-34.1 * SUSE Linux Micro 6.0 (aarch64 nosrc s390x x86_64) * kernel-default-6.4.0-34.1 * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * kernel-default-debuginfo-6.4.0-34.1 * kernel-default-debugsource-6.4.0-34.1 * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-default-livepatch-6.4.0-34.1 * SUSE Linux Micro 6.0 (nosrc x86_64) * kernel-kvmsmall-6.4.0-34.1 * SUSE Linux Micro 6.0 (x86_64) * kernel-kvmsmall-debuginfo-6.4.0-34.1 * kernel-kvmsmall-debugsource-6.4.0-34.1 * SUSE Linux Micro 6.0 (aarch64 x86_64) * kernel-default-base-6.4.0-34.1.21.11 * SUSE Linux Micro Extras 6.0 (nosrc) * kernel-default-6.4.0-34.1 * kernel-64kb-6.4.0-34.1 * SUSE Linux Micro Extras 6.0 (aarch64) * kernel-64kb-devel-6.4.0-34.1 * kernel-64kb-debugsource-6.4.0-34.1 * SUSE Linux Micro Extras 6.0 (aarch64 s390x x86_64) * kernel-syms-6.4.0-34.1 * kernel-default-debugsource-6.4.0-34.1 * kernel-default-devel-6.4.0-34.1 * kernel-obs-build-6.4.0-34.1 * kernel-obs-build-debugsource-6.4.0-34.1 * SUSE Linux Micro Extras 6.0 (x86_64) * kernel-default-devel-debuginfo-6.4.0-34.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3867.html * https://www.suse.com/security/cve/CVE-2023-4130.html * https://www.suse.com/security/cve/CVE-2023-4515.html * https://www.suse.com/security/cve/CVE-2024-26661.html * https://www.suse.com/security/cve/CVE-2024-46733.html * https://www.suse.com/security/cve/CVE-2024-58238.html * https://www.suse.com/security/cve/CVE-2024-58239.html * https://www.suse.com/security/cve/CVE-2025-38006.html * https://www.suse.com/security/cve/CVE-2025-38075.html * https://www.suse.com/security/cve/CVE-2025-38103.html * https://www.suse.com/security/cve/CVE-2025-38125.html * https://www.suse.com/security/cve/CVE-2025-38146.html * https://www.suse.com/security/cve/CVE-2025-38160.html * https://www.suse.com/security/cve/CVE-2025-38184.html * https://www.suse.com/security/cve/CVE-2025-38185.html * https://www.suse.com/security/cve/CVE-2025-38190.html * https://www.suse.com/security/cve/CVE-2025-38201.html * https://www.suse.com/security/cve/CVE-2025-38205.html * https://www.suse.com/security/cve/CVE-2025-38208.html * https://www.suse.com/security/cve/CVE-2025-38245.html * https://www.suse.com/security/cve/CVE-2025-38251.html * https://www.suse.com/security/cve/CVE-2025-38360.html * https://www.suse.com/security/cve/CVE-2025-38439.html * https://www.suse.com/security/cve/CVE-2025-38441.html * https://www.suse.com/security/cve/CVE-2025-38444.html * https://www.suse.com/security/cve/CVE-2025-38445.html * https://www.suse.com/security/cve/CVE-2025-38458.html * https://www.suse.com/security/cve/CVE-2025-38459.html * https://www.suse.com/security/cve/CVE-2025-38464.html * https://www.suse.com/security/cve/CVE-2025-38472.html * https://www.suse.com/security/cve/CVE-2025-38490.html * https://www.suse.com/security/cve/CVE-2025-38491.html * https://www.suse.com/security/cve/CVE-2025-38499.html * https://www.suse.com/security/cve/CVE-2025-38500.html * https://www.suse.com/security/cve/CVE-2025-38503.html * https://www.suse.com/security/cve/CVE-2025-38506.html * https://www.suse.com/security/cve/CVE-2025-38510.html * https://www.suse.com/security/cve/CVE-2025-38512.html * https://www.suse.com/security/cve/CVE-2025-38513.html * https://www.suse.com/security/cve/CVE-2025-38515.html * https://www.suse.com/security/cve/CVE-2025-38516.html * https://www.suse.com/security/cve/CVE-2025-38520.html * https://www.suse.com/security/cve/CVE-2025-38524.html * https://www.suse.com/security/cve/CVE-2025-38528.html * https://www.suse.com/security/cve/CVE-2025-38529.html * https://www.suse.com/security/cve/CVE-2025-38530.html * https://www.suse.com/security/cve/CVE-2025-38531.html * https://www.suse.com/security/cve/CVE-2025-38535.html * https://www.suse.com/security/cve/CVE-2025-38537.html * https://www.suse.com/security/cve/CVE-2025-38538.html * https://www.suse.com/security/cve/CVE-2025-38540.html * https://www.suse.com/security/cve/CVE-2025-38541.html * https://www.suse.com/security/cve/CVE-2025-38543.html * https://www.suse.com/security/cve/CVE-2025-38546.html * https://www.suse.com/security/cve/CVE-2025-38548.html * https://www.suse.com/security/cve/CVE-2025-38550.html * https://www.suse.com/security/cve/CVE-2025-38553.html * https://www.suse.com/security/cve/CVE-2025-38555.html * https://www.suse.com/security/cve/CVE-2025-38560.html * https://www.suse.com/security/cve/CVE-2025-38563.html * https://www.suse.com/security/cve/CVE-2025-38565.html * https://www.suse.com/security/cve/CVE-2025-38566.html * https://www.suse.com/security/cve/CVE-2025-38568.html * https://www.suse.com/security/cve/CVE-2025-38571.html * https://www.suse.com/security/cve/CVE-2025-38572.html * https://www.suse.com/security/cve/CVE-2025-38576.html * https://www.suse.com/security/cve/CVE-2025-38581.html * https://www.suse.com/security/cve/CVE-2025-38582.html * https://www.suse.com/security/cve/CVE-2025-38583.html * https://www.suse.com/security/cve/CVE-2025-38585.html * https://www.suse.com/security/cve/CVE-2025-38587.html * https://www.suse.com/security/cve/CVE-2025-38588.html * https://www.suse.com/security/cve/CVE-2025-38591.html * https://www.suse.com/security/cve/CVE-2025-38601.html * https://www.suse.com/security/cve/CVE-2025-38602.html * https://www.suse.com/security/cve/CVE-2025-38604.html * https://www.suse.com/security/cve/CVE-2025-38608.html * https://www.suse.com/security/cve/CVE-2025-38609.html * https://www.suse.com/security/cve/CVE-2025-38610.html * https://www.suse.com/security/cve/CVE-2025-38612.html * https://www.suse.com/security/cve/CVE-2025-38617.html * https://www.suse.com/security/cve/CVE-2025-38618.html * https://www.suse.com/security/cve/CVE-2025-38621.html * https://www.suse.com/security/cve/CVE-2025-38624.html * https://www.suse.com/security/cve/CVE-2025-38630.html * https://www.suse.com/security/cve/CVE-2025-38632.html * https://www.suse.com/security/cve/CVE-2025-38634.html * https://www.suse.com/security/cve/CVE-2025-38635.html * https://www.suse.com/security/cve/CVE-2025-38644.html * https://www.suse.com/security/cve/CVE-2025-38646.html * https://www.suse.com/security/cve/CVE-2025-38650.html * https://www.suse.com/security/cve/CVE-2025-38656.html * https://www.suse.com/security/cve/CVE-2025-38663.html * https://www.suse.com/security/cve/CVE-2025-38665.html * https://www.suse.com/security/cve/CVE-2025-38670.html * https://www.suse.com/security/cve/CVE-2025-38671.html * https://bugzilla.suse.com/show_bug.cgi?id=1012628 * https://bugzilla.suse.com/show_bug.cgi?id=1213545 * https://bugzilla.suse.com/show_bug.cgi?id=1215199 * https://bugzilla.suse.com/show_bug.cgi?id=1221858 * https://bugzilla.suse.com/show_bug.cgi?id=1222323 * https://bugzilla.suse.com/show_bug.cgi?id=1230557 * https://bugzilla.suse.com/show_bug.cgi?id=1230708 * https://bugzilla.suse.com/show_bug.cgi?id=1233120 * https://bugzilla.suse.com/show_bug.cgi?id=1240708 * https://bugzilla.suse.com/show_bug.cgi?id=1240890 * https://bugzilla.suse.com/show_bug.cgi?id=1242034 * https://bugzilla.suse.com/show_bug.cgi?id=1242754 * https://bugzilla.suse.com/show_bug.cgi?id=1244734 * https://bugzilla.suse.com/show_bug.cgi?id=1244930 * https://bugzilla.suse.com/show_bug.cgi?id=1245663 * https://bugzilla.suse.com/show_bug.cgi?id=1245710 * https://bugzilla.suse.com/show_bug.cgi?id=1245767 * https://bugzilla.suse.com/show_bug.cgi?id=1245780 * https://bugzilla.suse.com/show_bug.cgi?id=1245815 * https://bugzilla.suse.com/show_bug.cgi?id=1245956 * https://bugzilla.suse.com/show_bug.cgi?id=1245973 * https://bugzilla.suse.com/show_bug.cgi?id=1245977 * https://bugzilla.suse.com/show_bug.cgi?id=1246005 * https://bugzilla.suse.com/show_bug.cgi?id=1246012 * https://bugzilla.suse.com/show_bug.cgi?id=1246181 * https://bugzilla.suse.com/show_bug.cgi?id=1246193 * https://bugzilla.suse.com/show_bug.cgi?id=1247057 * https://bugzilla.suse.com/show_bug.cgi?id=1247078 * https://bugzilla.suse.com/show_bug.cgi?id=1247112 * https://bugzilla.suse.com/show_bug.cgi?id=1247116 * https://bugzilla.suse.com/show_bug.cgi?id=1247119 * https://bugzilla.suse.com/show_bug.cgi?id=1247155 * https://bugzilla.suse.com/show_bug.cgi?id=1247162 * https://bugzilla.suse.com/show_bug.cgi?id=1247167 * https://bugzilla.suse.com/show_bug.cgi?id=1247229 * https://bugzilla.suse.com/show_bug.cgi?id=1247243 * https://bugzilla.suse.com/show_bug.cgi?id=1247280 * https://bugzilla.suse.com/show_bug.cgi?id=1247313 * https://bugzilla.suse.com/show_bug.cgi?id=1247712 * https://bugzilla.suse.com/show_bug.cgi?id=1247976 * https://bugzilla.suse.com/show_bug.cgi?id=1248088 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 * https://bugzilla.suse.com/show_bug.cgi?id=1248164 * https://bugzilla.suse.com/show_bug.cgi?id=1248166 * https://bugzilla.suse.com/show_bug.cgi?id=1248178 * https://bugzilla.suse.com/show_bug.cgi?id=1248179 * https://bugzilla.suse.com/show_bug.cgi?id=1248180 * https://bugzilla.suse.com/show_bug.cgi?id=1248183 * https://bugzilla.suse.com/show_bug.cgi?id=1248186 * https://bugzilla.suse.com/show_bug.cgi?id=1248194 * https://bugzilla.suse.com/show_bug.cgi?id=1248196 * https://bugzilla.suse.com/show_bug.cgi?id=1248198 * https://bugzilla.suse.com/show_bug.cgi?id=1248205 * https://bugzilla.suse.com/show_bug.cgi?id=1248206 * https://bugzilla.suse.com/show_bug.cgi?id=1248208 * https://bugzilla.suse.com/show_bug.cgi?id=1248209 * https://bugzilla.suse.com/show_bug.cgi?id=1248212 * https://bugzilla.suse.com/show_bug.cgi?id=1248213 * https://bugzilla.suse.com/show_bug.cgi?id=1248214 * https://bugzilla.suse.com/show_bug.cgi?id=1248216 * https://bugzilla.suse.com/show_bug.cgi?id=1248217 * https://bugzilla.suse.com/show_bug.cgi?id=1248223 * https://bugzilla.suse.com/show_bug.cgi?id=1248227 * https://bugzilla.suse.com/show_bug.cgi?id=1248228 * https://bugzilla.suse.com/show_bug.cgi?id=1248229 * https://bugzilla.suse.com/show_bug.cgi?id=1248240 * https://bugzilla.suse.com/show_bug.cgi?id=1248255 * https://bugzilla.suse.com/show_bug.cgi?id=1248297 * https://bugzilla.suse.com/show_bug.cgi?id=1248306 * https://bugzilla.suse.com/show_bug.cgi?id=1248312 * https://bugzilla.suse.com/show_bug.cgi?id=1248333 * https://bugzilla.suse.com/show_bug.cgi?id=1248337 * https://bugzilla.suse.com/show_bug.cgi?id=1248338 * https://bugzilla.suse.com/show_bug.cgi?id=1248340 * https://bugzilla.suse.com/show_bug.cgi?id=1248341 * https://bugzilla.suse.com/show_bug.cgi?id=1248345 * https://bugzilla.suse.com/show_bug.cgi?id=1248349 * https://bugzilla.suse.com/show_bug.cgi?id=1248350 * https://bugzilla.suse.com/show_bug.cgi?id=1248354 * https://bugzilla.suse.com/show_bug.cgi?id=1248355 * https://bugzilla.suse.com/show_bug.cgi?id=1248361 * https://bugzilla.suse.com/show_bug.cgi?id=1248363 * https://bugzilla.suse.com/show_bug.cgi?id=1248368 * https://bugzilla.suse.com/show_bug.cgi?id=1248374 * https://bugzilla.suse.com/show_bug.cgi?id=1248377 * https://bugzilla.suse.com/show_bug.cgi?id=1248386 * https://bugzilla.suse.com/show_bug.cgi?id=1248390 * https://bugzilla.suse.com/show_bug.cgi?id=1248395 * https://bugzilla.suse.com/show_bug.cgi?id=1248399 * https://bugzilla.suse.com/show_bug.cgi?id=1248401 * https://bugzilla.suse.com/show_bug.cgi?id=1248511 * https://bugzilla.suse.com/show_bug.cgi?id=1248573 * https://bugzilla.suse.com/show_bug.cgi?id=1248575 * https://bugzilla.suse.com/show_bug.cgi?id=1248577 * https://bugzilla.suse.com/show_bug.cgi?id=1248609 * https://bugzilla.suse.com/show_bug.cgi?id=1248614 * https://bugzilla.suse.com/show_bug.cgi?id=1248617 * https://bugzilla.suse.com/show_bug.cgi?id=1248621 * https://bugzilla.suse.com/show_bug.cgi?id=1248636 * https://bugzilla.suse.com/show_bug.cgi?id=1248643 * https://bugzilla.suse.com/show_bug.cgi?id=1248648 * https://bugzilla.suse.com/show_bug.cgi?id=1248652 * https://bugzilla.suse.com/show_bug.cgi?id=1248655 * https://bugzilla.suse.com/show_bug.cgi?id=1248666 * https://bugzilla.suse.com/show_bug.cgi?id=1248669 * https://bugzilla.suse.com/show_bug.cgi?id=1248746 * https://bugzilla.suse.com/show_bug.cgi?id=1248748 * https://bugzilla.suse.com/show_bug.cgi?id=1249022 * https://jira.suse.com/browse/PED-13343 * https://jira.suse.com/browse/PED-13345 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:36:34 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:36:34 -0000 Subject: SUSE-SU-2025:20647-1: important: Security update for kernel-livepatch-MICRO-6-0-RT_Update_9 Message-ID: <175750779430.20766.18086522299997249125@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_9 Announcement ID: SUSE-SU-2025:20647-1 Release Date: 2025-09-01T10:48:51Z Rating: important References: * bsc#1244337 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves three vulnerabilities and has one fix can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_9 fixes the following issues: * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-99=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-33-rt-2-1.2 * kernel-livepatch-MICRO-6-0-RT_Update_9-debugsource-2-1.2 * kernel-livepatch-6_4_0-33-rt-debuginfo-2-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1244337 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:36:43 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:36:43 -0000 Subject: SUSE-SU-2025:20645-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_2 Message-ID: <175750780342.20766.6168231305260575691@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0_Update_2 Announcement ID: SUSE-SU-2025:20645-1 Release Date: 2025-09-01T10:44:19Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_2 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-97=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-19-default-10-1.1 * kernel-livepatch-6_4_0-19-default-debuginfo-10-1.1 * kernel-livepatch-MICRO-6-0_Update_2-debugsource-10-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:36:52 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:36:52 -0000 Subject: SUSE-SU-2025:20643-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_7 Message-ID: <175750781271.20766.10857511910378581737@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0_Update_7 Announcement ID: SUSE-SU-2025:20643-1 Release Date: 2025-08-29T14:48:33Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_7 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-95=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-29-default-debuginfo-3-1.2 * kernel-livepatch-MICRO-6-0_Update_7-debugsource-3-1.2 * kernel-livepatch-6_4_0-29-default-3-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:37:23 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:37:23 -0000 Subject: SUSE-SU-2025:20638-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_3 Message-ID: <175750784319.20766.16043457748676642837@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0_Update_3 Announcement ID: SUSE-SU-2025:20638-1 Release Date: 2025-08-29T14:25:27Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_3 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-90=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-20-default-debuginfo-10-1.2 * kernel-livepatch-6_4_0-20-default-10-1.2 * kernel-livepatch-MICRO-6-0_Update_3-debugsource-10-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:36:38 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:36:38 -0000 Subject: SUSE-SU-2025:20646-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_9 Message-ID: <175750779864.20766.8461099216699941457@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0_Update_9 Announcement ID: SUSE-SU-2025:20646-1 Release Date: 2025-09-01T10:47:50Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_9 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-100=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_9-debugsource-3-1.2 * kernel-livepatch-6_4_0-31-default-3-1.2 * kernel-livepatch-6_4_0-31-default-debuginfo-3-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:37:41 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:37:41 -0000 Subject: SUSE-SU-2025:20634-1: important: Security update for kernel-livepatch-MICRO-6-0-RT_Update_4 Message-ID: <175750786180.20766.3189430075624319794@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_4 Announcement ID: SUSE-SU-2025:20634-1 Release Date: 2025-08-29T13:36:25Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_4 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-86=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_4-debugsource-7-1.1 * kernel-livepatch-6_4_0-22-rt-debuginfo-7-1.1 * kernel-livepatch-6_4_0-22-rt-7-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:37:16 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:37:16 -0000 Subject: SUSE-SU-2025:20639-1: important: Security update for kernel-livepatch-MICRO-6-0-RT_Update_7 Message-ID: <175750783614.20766.6929842305428190130@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_7 Announcement ID: SUSE-SU-2025:20639-1 Release Date: 2025-08-29T14:48:32Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_7 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-91=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_7-debugsource-4-1.3 * kernel-livepatch-6_4_0-30-rt-debuginfo-4-1.3 * kernel-livepatch-6_4_0-30-rt-4-1.3 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:36:47 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:36:47 -0000 Subject: SUSE-SU-2025:20644-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_8 Message-ID: <175750780791.20766.3283634672388762300@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0_Update_8 Announcement ID: SUSE-SU-2025:20644-1 Release Date: 2025-08-29T14:48:33Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_8 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-96=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-30-default-debuginfo-3-1.2 * kernel-livepatch-6_4_0-30-default-3-1.2 * kernel-livepatch-MICRO-6-0_Update_8-debugsource-3-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:36:57 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:36:57 -0000 Subject: SUSE-SU-2025:20642-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_6 Message-ID: <175750781737.20766.16555974526501054525@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0_Update_6 Announcement ID: SUSE-SU-2025:20642-1 Release Date: 2025-08-29T14:48:33Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_6 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-94=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-28-default-4-3.1 * kernel-livepatch-6_4_0-28-default-debuginfo-4-3.1 * kernel-livepatch-MICRO-6-0_Update_6-debugsource-4-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:37:06 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:37:06 -0000 Subject: SUSE-SU-2025:20640-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_4 Message-ID: <175750782640.20766.14464721960075495782@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0_Update_4 Announcement ID: SUSE-SU-2025:20640-1 Release Date: 2025-08-29T14:48:32Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_4 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-92=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_4-debugsource-8-1.2 * kernel-livepatch-6_4_0-24-default-debuginfo-8-1.2 * kernel-livepatch-6_4_0-24-default-8-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:37:46 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:37:46 -0000 Subject: SUSE-SU-2025:20633-1: important: Security update for kernel-livepatch-MICRO-6-0-RT_Update_2 Message-ID: <175750786624.20766.8465779031397820224@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_2 Announcement ID: SUSE-SU-2025:20633-1 Release Date: 2025-08-29T13:31:00Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_2 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-85=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_2-debugsource-10-1.1 * kernel-livepatch-6_4_0-10-rt-10-1.1 * kernel-livepatch-6_4_0-10-rt-debuginfo-10-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:37:27 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:37:27 -0000 Subject: SUSE-SU-2025:20637-1: important: Security update for kernel-livepatch-MICRO-6-0-RT_Update_8 Message-ID: <175750784725.20766.11907632425696392200@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_8 Announcement ID: SUSE-SU-2025:20637-1 Release Date: 2025-08-29T14:01:57Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_8 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-89=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-31-rt-3-1.2 * kernel-livepatch-MICRO-6-0-RT_Update_8-debugsource-3-1.2 * kernel-livepatch-6_4_0-31-rt-debuginfo-3-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:37:02 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:37:02 -0000 Subject: SUSE-SU-2025:20641-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_5 Message-ID: <175750782221.20766.3828485044610628017@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0_Update_5 Announcement ID: SUSE-SU-2025:20641-1 Release Date: 2025-08-29T14:48:32Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_5 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-93=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_5-debugsource-6-1.2 * kernel-livepatch-6_4_0-25-default-debuginfo-6-1.2 * kernel-livepatch-6_4_0-25-default-6-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:37:32 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:37:32 -0000 Subject: SUSE-SU-2025:20636-1: important: Security update for kernel-livepatch-MICRO-6-0-RT_Update_6 Message-ID: <175750785273.20766.13237447767299149356@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_6 Announcement ID: SUSE-SU-2025:20636-1 Release Date: 2025-08-29T13:42:59Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_6 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-88=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-28-rt-debuginfo-4-3.1 * kernel-livepatch-MICRO-6-0-RT_Update_6-debugsource-4-3.1 * kernel-livepatch-6_4_0-28-rt-4-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:37:37 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:37:37 -0000 Subject: SUSE-SU-2025:20635-1: important: Security update for kernel-livepatch-MICRO-6-0-RT_Update_5 Message-ID: <175750785760.20766.8363673711108438919@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_5 Announcement ID: SUSE-SU-2025:20635-1 Release Date: 2025-08-29T13:42:59Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_5 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-87=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-25-rt-6-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_5-debugsource-6-1.1 * kernel-livepatch-6_4_0-25-rt-debuginfo-6-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 12:37:51 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 12:37:51 -0000 Subject: SUSE-SU-2025:20631-1: important: Security update for python311 Message-ID: <175750787167.20766.1487602906939167408@smelt2.prg2.suse.org> # Security update for python311 Announcement ID: SUSE-SU-2025:20631-1 Release Date: 2025-08-27T10:28:07Z Rating: important References: * bsc#1247249 Cross-References: * CVE-2025-8194 CVSS scores: * CVE-2025-8194 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-8194 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-8194 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for python311 fixes the following issues: * CVE-2025-8194: Fixed infinite loop and deadlock caused by tar archives with negative offsets (bsc#1247249) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-438=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * python311-3.11.13-2.1 * python311-curses-3.11.13-2.1 * python311-core-debugsource-3.11.13-2.1 * python311-debuginfo-3.11.13-2.1 * libpython3_11-1_0-debuginfo-3.11.13-2.1 * python311-base-3.11.13-2.1 * python311-curses-debuginfo-3.11.13-2.1 * python311-debugsource-3.11.13-2.1 * python311-base-debuginfo-3.11.13-2.1 * libpython3_11-1_0-3.11.13-2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-8194.html * https://bugzilla.suse.com/show_bug.cgi?id=1247249 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 16:30:07 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 16:30:07 -0000 Subject: SUSE-SU-2025:03148-1: important: Security update for the Linux Kernel (Live Patch 57 for SLE 15 SP3) Message-ID: <175752180762.11092.8055396508775199529@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 57 for SLE 15 SP3) Announcement ID: SUSE-SU-2025:03148-1 Release Date: 2025-09-10T15:33:54Z Rating: important References: * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1246030 Cross-References: * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_204 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-3148=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3148=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_57-debugsource-5-150300.2.1 * kernel-livepatch-5_3_18-150300_59_204-default-debuginfo-5-150300.2.1 * kernel-livepatch-5_3_18-150300_59_204-default-5-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_204-preempt-5-150300.2.1 * kernel-livepatch-5_3_18-150300_59_204-preempt-debuginfo-5-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_57-debugsource-5-150300.2.1 * kernel-livepatch-5_3_18-150300_59_204-default-debuginfo-5-150300.2.1 * kernel-livepatch-5_3_18-150300_59_204-default-5-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 16:30:10 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 16:30:10 -0000 Subject: SUSE-SU-2025:03146-1: important: Security update for the Linux Kernel (Live Patch 70 for SLE 12 SP5) Message-ID: <175752181006.11092.12988560201316572292@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 70 for SLE 12 SP5) Announcement ID: SUSE-SU-2025:03146-1 Release Date: 2025-09-10T12:35:51Z Rating: important References: * bsc#1246030 Cross-References: * CVE-2025-38212 CVSS scores: * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_266 fixes one issue. The following security issue was fixed: * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2025-3146=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_266-default-3-2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 16:30:13 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 16:30:13 -0000 Subject: SUSE-SU-2025:03143-1: important: Security update for the Linux Kernel (Live Patch 69 for SLE 12 SP5) Message-ID: <175752181353.11092.18365926136380913104@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 69 for SLE 12 SP5) Announcement ID: SUSE-SU-2025:03143-1 Release Date: 2025-09-10T12:35:41Z Rating: important References: * bsc#1245775 * bsc#1246030 Cross-References: * CVE-2025-38000 * CVE-2025-38212 CVSS scores: * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_261 fixes several issues. The following security issues were fixed: * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2025-3144=1 SUSE-SLE-Live- Patching-12-SP5-2025-3145=1 SUSE-SLE-Live-Patching-12-SP5-2025-3143=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_261-default-3-2.1 * kgraft-patch-4_12_14-122_255-default-6-2.1 * kgraft-patch-4_12_14-122_258-default-4-2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 16:30:17 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 16:30:17 -0000 Subject: SUSE-SU-2025:03138-1: important: Security update for the Linux Kernel (Live Patch 66 for SLE 12 SP5) Message-ID: <175752181712.11092.10513601640250372374@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 66 for SLE 12 SP5) Announcement ID: SUSE-SU-2025:03138-1 Release Date: 2025-09-10T12:35:11Z Rating: important References: * bsc#1237930 * bsc#1245775 * bsc#1246030 Cross-References: * CVE-2022-49053 * CVE-2025-38000 * CVE-2025-38212 CVSS scores: * CVE-2022-49053 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_250 fixes several issues. The following security issues were fixed: * CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2025-3138=1 SUSE-SLE-Live- Patching-12-SP5-2025-3139=1 SUSE-SLE-Live-Patching-12-SP5-2025-3140=1 SUSE-SLE- Live-Patching-12-SP5-2025-3141=1 SUSE-SLE-Live-Patching-12-SP5-2025-3142=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_244-default-9-2.1 * kgraft-patch-4_12_14-122_247-default-7-2.1 * kgraft-patch-4_12_14-122_237-default-10-2.1 * kgraft-patch-4_12_14-122_234-default-14-2.1 * kgraft-patch-4_12_14-122_250-default-7-2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49053.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1237930 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 16:30:22 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 16:30:22 -0000 Subject: SUSE-SU-2025:03135-1: important: Security update for the Linux Kernel (Live Patch 61 for SLE 12 SP5) Message-ID: <175752182249.11092.2938529309140291961@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 61 for SLE 12 SP5) Announcement ID: SUSE-SU-2025:03135-1 Release Date: 2025-09-10T12:34:12Z Rating: important References: * bsc#1231676 * bsc#1231943 * bsc#1237930 * bsc#1245775 * bsc#1246030 Cross-References: * CVE-2022-49053 * CVE-2024-47674 * CVE-2024-47706 * CVE-2025-38000 * CVE-2025-38212 CVSS scores: * CVE-2022-49053 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47706 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_231 fixes several issues. The following security issues were fixed: * CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231676). * CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231943). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2025-3136=1 SUSE-SLE-Live- Patching-12-SP5-2025-3137=1 SUSE-SLE-Live-Patching-12-SP5-2025-3135=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_231-default-14-2.1 * kgraft-patch-4_12_14-122_228-default-15-2.1 * kgraft-patch-4_12_14-122_225-default-16-2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49053.html * https://www.suse.com/security/cve/CVE-2024-47674.html * https://www.suse.com/security/cve/CVE-2024-47706.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1231676 * https://bugzilla.suse.com/show_bug.cgi?id=1231943 * https://bugzilla.suse.com/show_bug.cgi?id=1237930 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 16:30:28 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 16:30:28 -0000 Subject: SUSE-SU-2025:03133-1: important: Security update for the Linux Kernel (Live Patch 55 for SLE 15 SP3) Message-ID: <175752182831.11092.13233284377040611493@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 55 for SLE 15 SP3) Announcement ID: SUSE-SU-2025:03133-1 Release Date: 2025-09-10T13:33:57Z Rating: important References: * bsc#1237930 * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1246030 Cross-References: * CVE-2022-49053 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2022-49053 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_198 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-3133=1 SUSE-2025-3147=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3133=1 SUSE-SLE- Module-Live-Patching-15-SP3-2025-3147=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_182-default-debuginfo-13-150300.2.1 * kernel-livepatch-5_3_18-150300_59_198-default-7-150300.2.1 * kernel-livepatch-5_3_18-150300_59_198-default-debuginfo-7-150300.2.1 * kernel-livepatch-5_3_18-150300_59_182-default-13-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_50-debugsource-13-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_55-debugsource-7-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_182-preempt-debuginfo-13-150300.2.1 * kernel-livepatch-5_3_18-150300_59_198-preempt-7-150300.2.1 * kernel-livepatch-5_3_18-150300_59_182-preempt-13-150300.2.1 * kernel-livepatch-5_3_18-150300_59_198-preempt-debuginfo-7-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_198-default-7-150300.2.1 * kernel-livepatch-5_3_18-150300_59_182-default-13-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49053.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1237930 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:30:07 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:30:07 -0000 Subject: SUSE-SU-2025:03154-1: important: Security update for the Linux Kernel (Live Patch 58 for SLE 15 SP3) Message-ID: <175753620769.10185.8419037961185304319@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 58 for SLE 15 SP3) Announcement ID: SUSE-SU-2025:03154-1 Release Date: 2025-09-10T18:34:57Z Rating: important References: * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1246030 Cross-References: * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_207 fixes several issues. The following security issues were fixed: * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-3154=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3154=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_207-default-debuginfo-4-150300.2.1 * kernel-livepatch-5_3_18-150300_59_207-default-4-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_58-debugsource-4-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_207-preempt-debuginfo-4-150300.2.1 * kernel-livepatch-5_3_18-150300_59_207-preempt-4-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_207-default-debuginfo-4-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_58-debugsource-4-150300.2.1 * kernel-livepatch-5_3_18-150300_59_207-default-4-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:30:13 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:30:13 -0000 Subject: SUSE-SU-2025:03153-1: important: Security update for the Linux Kernel (Live Patch 56 for SLE 15 SP3) Message-ID: <175753621314.10185.18393696989850552749@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 56 for SLE 15 SP3) Announcement ID: SUSE-SU-2025:03153-1 Release Date: 2025-09-10T18:34:45Z Rating: important References: * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1246030 Cross-References: * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_201 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-3153=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3153=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_56-debugsource-5-150300.2.1 * kernel-livepatch-5_3_18-150300_59_201-default-5-150300.2.1 * kernel-livepatch-5_3_18-150300_59_201-default-debuginfo-5-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_201-preempt-5-150300.2.1 * kernel-livepatch-5_3_18-150300_59_201-preempt-debuginfo-5-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_56-debugsource-5-150300.2.1 * kernel-livepatch-5_3_18-150300_59_201-default-5-150300.2.1 * kernel-livepatch-5_3_18-150300_59_201-default-debuginfo-5-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:30:15 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:30:15 -0000 Subject: SUSE-SU-2025:03149-1: important: Security update for the Linux Kernel (Live Patch 59 for SLE 15 SP3) Message-ID: <175753621589.10185.12544160625633390596@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 59 for SLE 15 SP3) Announcement ID: SUSE-SU-2025:03149-1 Release Date: 2025-09-10T16:34:03Z Rating: important References: * bsc#1246030 Cross-References: * CVE-2025-38212 CVSS scores: * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_211 fixes one issue. The following security issue was fixed: * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3149=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-3149=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_59-debugsource-4-150300.2.1 * kernel-livepatch-5_3_18-150300_59_211-default-debuginfo-4-150300.2.1 * kernel-livepatch-5_3_18-150300_59_211-default-4-150300.2.1 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_59-debugsource-4-150300.2.1 * kernel-livepatch-5_3_18-150300_59_211-default-debuginfo-4-150300.2.1 * kernel-livepatch-5_3_18-150300_59_211-default-4-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_211-preempt-4-150300.2.1 * kernel-livepatch-5_3_18-150300_59_211-preempt-debuginfo-4-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:30:24 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:30:24 -0000 Subject: SUSE-SU-2025:03152-1: important: Security update for ImageMagick Message-ID: <175753622414.10185.5567580343113566188@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2025:03152-1 Release Date: 2025-09-10T18:04:39Z Rating: important References: * bsc#1247475 * bsc#1248076 * bsc#1248077 * bsc#1248078 * bsc#1248079 * bsc#1248767 * bsc#1248780 * bsc#1248784 Cross-References: * CVE-2025-55004 * CVE-2025-55005 * CVE-2025-55154 * CVE-2025-55160 * CVE-2025-55212 * CVE-2025-55298 * CVE-2025-57803 CVSS scores: * CVE-2025-55004 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-55004 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-55004 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L * CVE-2025-55004 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-55005 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-55005 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-55005 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-55154 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-55154 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-55154 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-55154 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-55160 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-55160 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-55160 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-55160 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L * CVE-2025-55212 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-55212 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-55212 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-55298 ( SUSE ): 9.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-55298 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-55298 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-57803 ( SUSE ): 9.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-57803 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-57803 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP6 * Desktop Applications Module 15-SP7 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves seven vulnerabilities and has one security fix can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate alpha channels (bsc#1248076). * CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077). * CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage (bsc#1248078). * CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079). * CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing only a colon to `montage -geometry` (bsc#1248767). * CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780). * CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784). Other fixes: * Fixed output file placeholders (bsc#1247475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3152=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-3152=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-3152=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3152=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3152=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3152=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3152=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3152=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3152=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3152=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3152=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * ImageMagick-debugsource-7.1.0.9-150400.6.40.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.40.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.40.1 * perl-PerlMagick-7.1.0.9-150400.6.40.1 * ImageMagick-extra-7.1.0.9-150400.6.40.1 * libMagick++-devel-7.1.0.9-150400.6.40.1 * ImageMagick-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.40.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.40.1 * ImageMagick-devel-7.1.0.9-150400.6.40.1 * ImageMagick-extra-debuginfo-7.1.0.9-150400.6.40.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1 * openSUSE Leap 15.4 (x86_64) * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.40.1 * ImageMagick-devel-32bit-7.1.0.9-150400.6.40.1 * libMagick++-devel-32bit-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.40.1 * openSUSE Leap 15.4 (noarch) * ImageMagick-doc-7.1.0.9-150400.6.40.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libMagickCore-7_Q16HDRI10-64bit-7.1.0.9-150400.6.40.1 * libMagick++-devel-64bit-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-64bit-7.1.0.9-150400.6.40.1 * ImageMagick-devel-64bit-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-64bit-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.40.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.40.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.40.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.40.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.40.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.40.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.40.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.40.1 * perl-PerlMagick-7.1.0.9-150400.6.40.1 * libMagick++-devel-7.1.0.9-150400.6.40.1 * ImageMagick-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.40.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.40.1 * ImageMagick-devel-7.1.0.9-150400.6.40.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.40.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.40.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.40.1 * perl-PerlMagick-7.1.0.9-150400.6.40.1 * libMagick++-devel-7.1.0.9-150400.6.40.1 * ImageMagick-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.40.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.40.1 * ImageMagick-devel-7.1.0.9-150400.6.40.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.40.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.40.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.40.1 * perl-PerlMagick-7.1.0.9-150400.6.40.1 * libMagick++-devel-7.1.0.9-150400.6.40.1 * ImageMagick-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.40.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.40.1 * ImageMagick-devel-7.1.0.9-150400.6.40.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.40.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.40.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.40.1 * perl-PerlMagick-7.1.0.9-150400.6.40.1 * libMagick++-devel-7.1.0.9-150400.6.40.1 * ImageMagick-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.40.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.40.1 * ImageMagick-devel-7.1.0.9-150400.6.40.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.40.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.40.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.40.1 * perl-PerlMagick-7.1.0.9-150400.6.40.1 * libMagick++-devel-7.1.0.9-150400.6.40.1 * ImageMagick-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.40.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.40.1 * ImageMagick-devel-7.1.0.9-150400.6.40.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.40.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.40.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.40.1 * perl-PerlMagick-7.1.0.9-150400.6.40.1 * libMagick++-devel-7.1.0.9-150400.6.40.1 * ImageMagick-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.40.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.40.1 * ImageMagick-devel-7.1.0.9-150400.6.40.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.40.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.40.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.40.1 * perl-PerlMagick-7.1.0.9-150400.6.40.1 * libMagick++-devel-7.1.0.9-150400.6.40.1 * ImageMagick-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.40.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.40.1 * ImageMagick-devel-7.1.0.9-150400.6.40.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.40.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.40.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.40.1 * perl-PerlMagick-7.1.0.9-150400.6.40.1 * libMagick++-devel-7.1.0.9-150400.6.40.1 * ImageMagick-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.40.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.40.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.40.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.40.1 * ImageMagick-devel-7.1.0.9-150400.6.40.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1 ## References: * https://www.suse.com/security/cve/CVE-2025-55004.html * https://www.suse.com/security/cve/CVE-2025-55005.html * https://www.suse.com/security/cve/CVE-2025-55154.html * https://www.suse.com/security/cve/CVE-2025-55160.html * https://www.suse.com/security/cve/CVE-2025-55212.html * https://www.suse.com/security/cve/CVE-2025-55298.html * https://www.suse.com/security/cve/CVE-2025-57803.html * https://bugzilla.suse.com/show_bug.cgi?id=1247475 * https://bugzilla.suse.com/show_bug.cgi?id=1248076 * https://bugzilla.suse.com/show_bug.cgi?id=1248077 * https://bugzilla.suse.com/show_bug.cgi?id=1248078 * https://bugzilla.suse.com/show_bug.cgi?id=1248079 * https://bugzilla.suse.com/show_bug.cgi?id=1248767 * https://bugzilla.suse.com/show_bug.cgi?id=1248780 * https://bugzilla.suse.com/show_bug.cgi?id=1248784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:30:30 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:30:30 -0000 Subject: SUSE-SU-2025:03151-1: important: Security update for ImageMagick Message-ID: <175753623076.10185.2110264606286218984@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2025:03151-1 Release Date: 2025-09-10T18:01:37Z Rating: important References: * bsc#1248076 * bsc#1248077 * bsc#1248078 * bsc#1248079 * bsc#1248767 * bsc#1248780 * bsc#1248784 Cross-References: * CVE-2025-55004 * CVE-2025-55005 * CVE-2025-55154 * CVE-2025-55160 * CVE-2025-55212 * CVE-2025-55298 * CVE-2025-57803 CVSS scores: * CVE-2025-55004 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-55004 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-55004 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L * CVE-2025-55004 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-55005 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-55005 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-55005 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-55154 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-55154 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-55154 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-55154 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-55160 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-55160 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-55160 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-55160 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L * CVE-2025-55212 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-55212 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-55212 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-55298 ( SUSE ): 9.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-55298 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-55298 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-57803 ( SUSE ): 9.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-57803 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-57803 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves seven vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate alpha channels (bsc#1248076). * CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077). * CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage (bsc#1248078). * CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079). * CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing only a colon to `montage -geometry` (bsc#1248767). * CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780). * CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3151=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3151=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3151=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-3151=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.62.1 * perl-PerlMagick-debuginfo-7.0.7.34-150200.10.62.1 * libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.62.1 * libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.62.1 * ImageMagick-config-7-upstream-7.0.7.34-150200.10.62.1 * ImageMagick-config-7-SUSE-7.0.7.34-150200.10.62.1 * ImageMagick-7.0.7.34-150200.10.62.1 * libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.62.1 * libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.62.1 * ImageMagick-debuginfo-7.0.7.34-150200.10.62.1 * libMagick++-devel-7.0.7.34-150200.10.62.1 * libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.62.1 * ImageMagick-devel-7.0.7.34-150200.10.62.1 * perl-PerlMagick-7.0.7.34-150200.10.62.1 * ImageMagick-debugsource-7.0.7.34-150200.10.62.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.62.1 * perl-PerlMagick-debuginfo-7.0.7.34-150200.10.62.1 * libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.62.1 * libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.62.1 * ImageMagick-config-7-upstream-7.0.7.34-150200.10.62.1 * ImageMagick-config-7-SUSE-7.0.7.34-150200.10.62.1 * ImageMagick-7.0.7.34-150200.10.62.1 * libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.62.1 * libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.62.1 * ImageMagick-debuginfo-7.0.7.34-150200.10.62.1 * libMagick++-devel-7.0.7.34-150200.10.62.1 * libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.62.1 * ImageMagick-devel-7.0.7.34-150200.10.62.1 * perl-PerlMagick-7.0.7.34-150200.10.62.1 * ImageMagick-debugsource-7.0.7.34-150200.10.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.62.1 * perl-PerlMagick-debuginfo-7.0.7.34-150200.10.62.1 * libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.62.1 * libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.62.1 * ImageMagick-config-7-upstream-7.0.7.34-150200.10.62.1 * ImageMagick-config-7-SUSE-7.0.7.34-150200.10.62.1 * ImageMagick-7.0.7.34-150200.10.62.1 * libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.62.1 * libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.62.1 * ImageMagick-debuginfo-7.0.7.34-150200.10.62.1 * libMagick++-devel-7.0.7.34-150200.10.62.1 * libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.62.1 * ImageMagick-devel-7.0.7.34-150200.10.62.1 * perl-PerlMagick-7.0.7.34-150200.10.62.1 * ImageMagick-debugsource-7.0.7.34-150200.10.62.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.62.1 * perl-PerlMagick-debuginfo-7.0.7.34-150200.10.62.1 * libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.62.1 * libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.62.1 * ImageMagick-config-7-upstream-7.0.7.34-150200.10.62.1 * ImageMagick-config-7-SUSE-7.0.7.34-150200.10.62.1 * ImageMagick-7.0.7.34-150200.10.62.1 * libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.62.1 * libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.62.1 * ImageMagick-debuginfo-7.0.7.34-150200.10.62.1 * libMagick++-devel-7.0.7.34-150200.10.62.1 * libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.62.1 * ImageMagick-devel-7.0.7.34-150200.10.62.1 * perl-PerlMagick-7.0.7.34-150200.10.62.1 * ImageMagick-debugsource-7.0.7.34-150200.10.62.1 ## References: * https://www.suse.com/security/cve/CVE-2025-55004.html * https://www.suse.com/security/cve/CVE-2025-55005.html * https://www.suse.com/security/cve/CVE-2025-55154.html * https://www.suse.com/security/cve/CVE-2025-55160.html * https://www.suse.com/security/cve/CVE-2025-55212.html * https://www.suse.com/security/cve/CVE-2025-55298.html * https://www.suse.com/security/cve/CVE-2025-57803.html * https://bugzilla.suse.com/show_bug.cgi?id=1248076 * https://bugzilla.suse.com/show_bug.cgi?id=1248077 * https://bugzilla.suse.com/show_bug.cgi?id=1248078 * https://bugzilla.suse.com/show_bug.cgi?id=1248079 * https://bugzilla.suse.com/show_bug.cgi?id=1248767 * https://bugzilla.suse.com/show_bug.cgi?id=1248780 * https://bugzilla.suse.com/show_bug.cgi?id=1248784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:30:38 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:30:38 -0000 Subject: SUSE-SU-2025:20691-1: important: Security update for ucode-intel Message-ID: <175753623864.10185.16946968262739501637@smelt2.prg2.suse.org> # Security update for ucode-intel Announcement ID: SUSE-SU-2025:20691-1 Release Date: 2025-09-09T10:18:48Z Rating: important References: * bsc#1248438 Cross-References: * CVE-2025-20053 * CVE-2025-20109 * CVE-2025-22839 * CVE-2025-22840 * CVE-2025-22889 * CVE-2025-26403 * CVE-2025-32086 CVSS scores: * CVE-2025-20053 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-20053 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-20053 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-20053 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-20109 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-20109 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-20109 ( NVD ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-20109 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-22839 ( SUSE ): 7.3 CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22839 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2025-22839 ( NVD ): 7.3 CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22839 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2025-22840 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22840 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L * CVE-2025-22840 ( NVD ): 5.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22840 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L * CVE-2025-22889 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22889 ( SUSE ): 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-22889 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-22889 ( NVD ): 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-26403 ( SUSE ): 4.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-26403 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-26403 ( NVD ): 4.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-26403 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-32086 ( SUSE ): 4.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-32086 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-32086 ( NVD ): 4.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-32086 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves seven vulnerabilities can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Intel CPU Microcode was updated to the 20250812 release (bsc#1248438) * CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access. * CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access * CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. * CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processor with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. * CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. * CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. * CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. * Update for functional issues. * Updated Platforms: Processor Stepping F-M-S/PI Old Ver New Ver Products ARL-H A1 06-c5-02/82 00000118 00000119 Core Ultra Processor (Series 2) ARL-S/HX (8P) B0 06-c6-02/82 00000118 00000119 Core Ultra Processor (Series 2) EMR-SP A1 06-cf-02/87 210002a9 210002b3 Xeon Scalable Gen5 GNR-AP/SP B0 06-ad-01/95 010003a2 010003d0 Xeon Scalable Gen6 GNR-AP/SP H0 06-ad-01/20 0a0000d1 0a000100 Xeon Scalable Gen6 ICL-D B0 06-6c-01/10 010002d0 010002e0 Xeon D-17xx, D-27xx ICX-SP Dx/M1 06-6a-06/87 0d000404 0d000410 Xeon Scalable Gen3 LNL B0 06-bd-01/80 0000011f 00000123 Core Ultra 200 V Series Processor MTL C0 06-aa-04/e6 00000024 00000025 Core? Ultra Processor RPL-H/P/PX 6+8 J0 06-ba-02/e0 00004128 00004129 Core Gen13 RPL-U 2+8 Q0 06-ba-03/e0 00004128 00004129 Core Gen13 SPR-HBM Bx 06-8f-08/10 2c0003f7 2c000401 Xeon Max SPR-SP E4/S2 06-8f-07/87 2b000639 2b000643 Xeon Scalable Gen4 SPR-SP E5/S3 06-8f-08/87 2b000639 2b000643 Xeon Scalable Gen4 SRF-SP C0 06-af-03/01 03000341 03000362 Xeon 6700-Series Processors with E-Cores New Disclosures Updated in Prior Releases: All ADL, RPL, SPR, EMR, MTL, ARL Microcode patches previously released in May 2025. ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-255=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * ucode-intel-20250812-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-20053.html * https://www.suse.com/security/cve/CVE-2025-20109.html * https://www.suse.com/security/cve/CVE-2025-22839.html * https://www.suse.com/security/cve/CVE-2025-22840.html * https://www.suse.com/security/cve/CVE-2025-22889.html * https://www.suse.com/security/cve/CVE-2025-26403.html * https://www.suse.com/security/cve/CVE-2025-32086.html * https://bugzilla.suse.com/show_bug.cgi?id=1248438 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:30:36 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:30:36 -0000 Subject: SUSE-SU-2025:03150-1: important: Security update for ImageMagick Message-ID: <175753623631.10185.14159983297131677557@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2025:03150-1 Release Date: 2025-09-10T17:58:53Z Rating: important References: * bsc#1248077 * bsc#1248078 * bsc#1248079 * bsc#1248767 * bsc#1248780 * bsc#1248784 Cross-References: * CVE-2025-55005 * CVE-2025-55154 * CVE-2025-55160 * CVE-2025-55212 * CVE-2025-55298 * CVE-2025-57803 CVSS scores: * CVE-2025-55005 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-55005 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-55005 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-55154 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-55154 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-55154 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-55154 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-55160 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-55160 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-55160 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-55160 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L * CVE-2025-55212 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-55212 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-55212 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-55298 ( SUSE ): 9.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-55298 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-55298 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-57803 ( SUSE ): 9.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-57803 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-57803 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077). * CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage (bsc#1248078). * CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079). * CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing only a colon to `montage -geometry` (bsc#1248767). * CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780). * CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-3150=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3150=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * ImageMagick-debugsource-6.8.8.1-71.212.1 * libMagickWand-6_Q16-1-6.8.8.1-71.212.1 * libMagickCore-6_Q16-1-6.8.8.1-71.212.1 * ImageMagick-devel-6.8.8.1-71.212.1 * libMagick++-devel-6.8.8.1-71.212.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.212.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.212.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.212.1 * ImageMagick-debuginfo-6.8.8.1-71.212.1 * ImageMagick-config-6-upstream-6.8.8.1-71.212.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * ImageMagick-debugsource-6.8.8.1-71.212.1 * libMagickWand-6_Q16-1-6.8.8.1-71.212.1 * libMagickCore-6_Q16-1-6.8.8.1-71.212.1 * ImageMagick-devel-6.8.8.1-71.212.1 * libMagick++-devel-6.8.8.1-71.212.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.212.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.212.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.212.1 * ImageMagick-debuginfo-6.8.8.1-71.212.1 * ImageMagick-config-6-upstream-6.8.8.1-71.212.1 ## References: * https://www.suse.com/security/cve/CVE-2025-55005.html * https://www.suse.com/security/cve/CVE-2025-55154.html * https://www.suse.com/security/cve/CVE-2025-55160.html * https://www.suse.com/security/cve/CVE-2025-55212.html * https://www.suse.com/security/cve/CVE-2025-55298.html * https://www.suse.com/security/cve/CVE-2025-57803.html * https://bugzilla.suse.com/show_bug.cgi?id=1248077 * https://bugzilla.suse.com/show_bug.cgi?id=1248078 * https://bugzilla.suse.com/show_bug.cgi?id=1248079 * https://bugzilla.suse.com/show_bug.cgi?id=1248767 * https://bugzilla.suse.com/show_bug.cgi?id=1248780 * https://bugzilla.suse.com/show_bug.cgi?id=1248784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:30:47 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:30:47 -0000 Subject: SUSE-SU-2025:20689-1: important: Security update for kernel-livepatch-MICRO-6-0-RT_Update_7 Message-ID: <175753624773.10185.15983242900415664643@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_7 Announcement ID: SUSE-SU-2025:20689-1 Release Date: 2025-08-29T14:48:32Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_7 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-91=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_7-debugsource-4-1.3 * kernel-livepatch-6_4_0-30-rt-debuginfo-4-1.3 * kernel-livepatch-6_4_0-30-rt-4-1.3 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:30:43 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:30:43 -0000 Subject: SUSE-SU-2025:20690-1: important: Security update for kernel-livepatch-MICRO-6-0-RT_Update_9 Message-ID: <175753624340.10185.2119477772982735463@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_9 Announcement ID: SUSE-SU-2025:20690-1 Release Date: 2025-09-01T10:48:51Z Rating: important References: * bsc#1244337 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves three vulnerabilities and has one fix can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_9 fixes the following issues: * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-99=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-33-rt-2-1.2 * kernel-livepatch-MICRO-6-0-RT_Update_9-debugsource-2-1.2 * kernel-livepatch-6_4_0-33-rt-debuginfo-2-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1244337 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:30:52 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:30:52 -0000 Subject: SUSE-SU-2025:20688-1: important: Security update for kernel-livepatch-MICRO-6-0-RT_Update_8 Message-ID: <175753625249.10185.7727872385844205263@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_8 Announcement ID: SUSE-SU-2025:20688-1 Release Date: 2025-08-29T14:01:57Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_8 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-89=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-31-rt-3-1.2 * kernel-livepatch-MICRO-6-0-RT_Update_8-debugsource-3-1.2 * kernel-livepatch-6_4_0-31-rt-debuginfo-3-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:30:56 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:30:56 -0000 Subject: SUSE-SU-2025:20687-1: important: Security update for kernel-livepatch-MICRO-6-0-RT_Update_6 Message-ID: <175753625666.10185.15738208454138381721@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_6 Announcement ID: SUSE-SU-2025:20687-1 Release Date: 2025-08-29T13:42:59Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_6 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-88=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-28-rt-debuginfo-4-3.1 * kernel-livepatch-MICRO-6-0-RT_Update_6-debugsource-4-3.1 * kernel-livepatch-6_4_0-28-rt-4-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:31:05 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:31:05 -0000 Subject: SUSE-SU-2025:20686-1: important: Security update for kernel-livepatch-MICRO-6-0-RT_Update_5 Message-ID: <175753626572.10185.6366380082338376744@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_5 Announcement ID: SUSE-SU-2025:20686-1 Release Date: 2025-08-29T13:42:59Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_5 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-87=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-25-rt-6-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_5-debugsource-6-1.1 * kernel-livepatch-6_4_0-25-rt-debuginfo-6-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:31:10 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:31:10 -0000 Subject: SUSE-SU-2025:20685-1: important: Security update for kernel-livepatch-MICRO-6-0-RT_Update_4 Message-ID: <175753627023.10185.10728970460901753330@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_4 Announcement ID: SUSE-SU-2025:20685-1 Release Date: 2025-08-29T13:36:25Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_4 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-86=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_4-debugsource-7-1.1 * kernel-livepatch-6_4_0-22-rt-debuginfo-7-1.1 * kernel-livepatch-6_4_0-22-rt-7-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:31:25 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:31:25 -0000 Subject: SUSE-SU-2025:20682-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_9 Message-ID: <175753628522.10185.9170562959381315780@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0_Update_9 Announcement ID: SUSE-SU-2025:20682-1 Release Date: 2025-09-01T10:48:27Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_9 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-100=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_9-debugsource-3-1.2 * kernel-livepatch-6_4_0-31-default-3-1.2 * kernel-livepatch-6_4_0-31-default-debuginfo-3-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:31:14 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:31:14 -0000 Subject: SUSE-SU-2025:20684-1: important: Security update for kernel-livepatch-MICRO-6-0-RT_Update_2 Message-ID: <175753627460.10185.4904086361100979863@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_2 Announcement ID: SUSE-SU-2025:20684-1 Release Date: 2025-08-29T13:31:00Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_2 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-85=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_2-debugsource-10-1.1 * kernel-livepatch-6_4_0-10-rt-10-1.1 * kernel-livepatch-6_4_0-10-rt-debuginfo-10-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:31:29 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:31:29 -0000 Subject: SUSE-SU-2025:20681-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_2 Message-ID: <175753628950.10185.13674847164405173594@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0_Update_2 Announcement ID: SUSE-SU-2025:20681-1 Release Date: 2025-09-01T10:42:59Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_2 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-97=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-19-default-10-1.1 * kernel-livepatch-6_4_0-19-default-debuginfo-10-1.1 * kernel-livepatch-MICRO-6-0_Update_2-debugsource-10-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:31:33 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:31:33 -0000 Subject: SUSE-SU-2025:20680-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_7 Message-ID: <175753629382.10185.9575134492085561410@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0_Update_7 Announcement ID: SUSE-SU-2025:20680-1 Release Date: 2025-08-29T14:27:08Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_7 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-95=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-29-default-debuginfo-3-1.2 * kernel-livepatch-MICRO-6-0_Update_7-debugsource-3-1.2 * kernel-livepatch-6_4_0-29-default-3-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:31:38 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:31:38 -0000 Subject: SUSE-SU-2025:20679-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_6 Message-ID: <175753629849.10185.3896938754576741164@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0_Update_6 Announcement ID: SUSE-SU-2025:20679-1 Release Date: 2025-08-29T14:27:08Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_6 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-94=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-28-default-4-3.1 * kernel-livepatch-6_4_0-28-default-debuginfo-4-3.1 * kernel-livepatch-MICRO-6-0_Update_6-debugsource-4-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:31:51 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:31:51 -0000 Subject: SUSE-SU-2025:20676-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_8 Message-ID: <175753631174.10185.6247437063632401654@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0_Update_8 Announcement ID: SUSE-SU-2025:20676-1 Release Date: 2025-08-29T14:26:41Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_8 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-96=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-30-default-debuginfo-3-1.2 * kernel-livepatch-6_4_0-30-default-3-1.2 * kernel-livepatch-MICRO-6-0_Update_8-debugsource-3-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:31:47 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:31:47 -0000 Subject: SUSE-SU-2025:20677-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_4 Message-ID: <175753630719.10185.15250139586186977273@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0_Update_4 Announcement ID: SUSE-SU-2025:20677-1 Release Date: 2025-08-29T14:27:08Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_4 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-92=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_4-debugsource-8-1.2 * kernel-livepatch-6_4_0-24-default-debuginfo-8-1.2 * kernel-livepatch-6_4_0-24-default-8-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:31:42 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:31:42 -0000 Subject: SUSE-SU-2025:20678-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_5 Message-ID: <175753630269.10185.11879654894029952620@smelt2.prg2.suse.org> # Security update for kernel-livepatch-MICRO-6-0_Update_5 Announcement ID: SUSE-SU-2025:20678-1 Release Date: 2025-08-29T14:27:08Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves four vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_5 fixes the following issues: * CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218) * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350) * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350) * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-93=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_5-debugsource-6-1.2 * kernel-livepatch-6_4_0-25-default-debuginfo-6-1.2 * kernel-livepatch-6_4_0-25-default-6-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:34:56 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:34:56 -0000 Subject: SUSE-SU-2025:20675-1: important: Security update for curl Message-ID: <175753649654.10185.7653094341492239034@smelt2.prg2.suse.org> # Security update for curl Announcement ID: SUSE-SU-2025:20675-1 Release Date: 2025-09-09T10:22:04Z Rating: important References: * bsc#1243397 * bsc#1243706 * bsc#1243933 * bsc#1246197 * jsc#PED-13055 * jsc#PED-13056 Cross-References: * CVE-2025-4947 * CVE-2025-5025 * CVE-2025-5399 CVSS scores: * CVE-2025-4947 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-4947 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2025-4947 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-5025 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-5025 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2025-5025 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-5399 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-5399 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-5399 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves three vulnerabilities, contains two features and has one fix can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2025-5399: libcurl can possibly get trapped in an endless busy-loop when processing specially crafted packets (bsc#1243933). * CVE-2025-5025: No QUIC certificate pinning with wolfSSL (bsc#1243706). * CVE-2025-4947: QUIC certificate check skip with wolfSSL (bsc#1243397). Other bugfixes: * Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-254=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * curl-debuginfo-8.14.1-slfo.1.1_1.1 * curl-debugsource-8.14.1-slfo.1.1_1.1 * curl-8.14.1-slfo.1.1_1.1 * libcurl4-8.14.1-slfo.1.1_1.1 * libcurl4-debuginfo-8.14.1-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-4947.html * https://www.suse.com/security/cve/CVE-2025-5025.html * https://www.suse.com/security/cve/CVE-2025-5399.html * https://bugzilla.suse.com/show_bug.cgi?id=1243397 * https://bugzilla.suse.com/show_bug.cgi?id=1243706 * https://bugzilla.suse.com/show_bug.cgi?id=1243933 * https://bugzilla.suse.com/show_bug.cgi?id=1246197 * https://jira.suse.com/browse/PED-13055 * https://jira.suse.com/browse/PED-13056 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:35:00 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:35:00 -0000 Subject: SUSE-SU-2025:20674-1: important: Security update for sqlite3 Message-ID: <175753650019.10185.359250206157837804@smelt2.prg2.suse.org> # Security update for sqlite3 Announcement ID: SUSE-SU-2025:20674-1 Release Date: 2025-09-09T10:20:07Z Rating: important References: * bsc#1246597 Cross-References: * CVE-2025-6965 CVSS scores: * CVE-2025-6965 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L * CVE-2025-6965 ( NVD ): 7.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green * CVE-2025-6965 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for sqlite3 fixes the following issues: * CVE-2025-6965: Fixed integer truncation (bsc#1246597). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-253=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libsqlite3-0-debuginfo-3.50.2-slfo.1.1_1.1 * sqlite3-debugsource-3.50.2-slfo.1.1_1.1 * libsqlite3-0-3.50.2-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-6965.html * https://bugzilla.suse.com/show_bug.cgi?id=1246597 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:35:02 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:35:02 -0000 Subject: SUSE-SU-2025:20673-1: important: Security update for glib2 Message-ID: <175753650244.10185.10874593274746012379@smelt2.prg2.suse.org> # Security update for glib2 Announcement ID: SUSE-SU-2025:20673-1 Release Date: 2025-09-05T12:22:34Z Rating: important References: * bsc#1244596 Cross-References: * CVE-2025-6052 CVSS scores: * CVE-2025-6052 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-6052 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-6052 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-6052 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for glib2 fixes the following issues: * CVE-2025-6052: Fix overflow check when expanding a GString (bsc#1244596). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-247=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libgio-2_0-0-2.78.6-slfo.1.1_4.1 * libgmodule-2_0-0-debuginfo-2.78.6-slfo.1.1_4.1 * glib2-tools-debuginfo-2.78.6-slfo.1.1_4.1 * libglib-2_0-0-2.78.6-slfo.1.1_4.1 * glib2-debugsource-2.78.6-slfo.1.1_4.1 * libglib-2_0-0-debuginfo-2.78.6-slfo.1.1_4.1 * libgobject-2_0-0-debuginfo-2.78.6-slfo.1.1_4.1 * glib2-tools-2.78.6-slfo.1.1_4.1 * libgio-2_0-0-debuginfo-2.78.6-slfo.1.1_4.1 * libgobject-2_0-0-2.78.6-slfo.1.1_4.1 * libgmodule-2_0-0-2.78.6-slfo.1.1_4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-6052.html * https://bugzilla.suse.com/show_bug.cgi?id=1244596 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:35:08 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:35:08 -0000 Subject: SUSE-SU-2025:20672-1: important: Security update for protobuf Message-ID: <175753650816.10185.10035225502753252054@smelt2.prg2.suse.org> # Security update for protobuf Announcement ID: SUSE-SU-2025:20672-1 Release Date: 2025-09-05T12:17:44Z Rating: important References: * bsc#1223947 * bsc#1230778 * bsc#1244663 Cross-References: * CVE-2024-2410 * CVE-2024-7254 * CVE-2025-4565 CVSS scores: * CVE-2024-2410 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2024-2410 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2024-2410 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-7254 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-7254 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-7254 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-4565 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-4565 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-4565 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-4565 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.1 An update that solves three vulnerabilities can now be installed. ## Description: This update for protobuf fixes the following issues: * CVE-2024-2410: Use after free when parsing JSON from a stream (bsc#1223947). * CVE-2024-7254: StackOverflow vulnerability in Protocol Buffers (bsc#1230778). * CVE-2025-4565: Parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages can lead to crash due to RecursionError (bsc#1244663). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-250=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * protobuf-debugsource-23.4-slfo.1.1_2.1 * libprotobuf23_4_0-23.4-slfo.1.1_2.1 * libprotobuf23_4_0-debuginfo-23.4-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-2410.html * https://www.suse.com/security/cve/CVE-2024-7254.html * https://www.suse.com/security/cve/CVE-2025-4565.html * https://bugzilla.suse.com/show_bug.cgi?id=1223947 * https://bugzilla.suse.com/show_bug.cgi?id=1230778 * https://bugzilla.suse.com/show_bug.cgi?id=1244663 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:35:15 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:35:15 -0000 Subject: SUSE-SU-2025:20671-1: moderate: Security update for opensc Message-ID: <175753651509.10185.15833980839056324406@smelt2.prg2.suse.org> # Security update for opensc Announcement ID: SUSE-SU-2025:20671-1 Release Date: 2025-09-05T12:16:07Z Rating: moderate References: * bsc#1219386 * bsc#1230071 * bsc#1230072 * bsc#1230073 * bsc#1230074 * bsc#1230075 * bsc#1230076 * bsc#1230364 Cross-References: * CVE-2023-5992 * CVE-2024-45615 * CVE-2024-45616 * CVE-2024-45617 * CVE-2024-45618 * CVE-2024-45619 * CVE-2024-45620 * CVE-2024-8443 CVSS scores: * CVE-2023-5992 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2023-5992 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N * CVE-2023-5992 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5992 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45615 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-45615 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45615 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45615 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45616 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-45616 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45616 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45616 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45617 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-45617 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45617 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45617 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45618 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-45618 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45618 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45618 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45619 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-45619 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45619 ( NVD ): 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45619 ( NVD ): 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45620 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-45620 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45620 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45620 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-8443 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-8443 ( SUSE ): 3.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-8443 ( NVD ): 2.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-8443 ( NVD ): 2.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for opensc fixes the following issues: * CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1 padding (bsc#1219386). * CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key (bsc#1230364). * CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init (bsc#1230076). * CVE-2024-45619: Incorrect handling length of buffers or files in libopensc (bsc#1230075). * CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init (bsc#1230074). * CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc (bsc#1230073). * CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc (bsc#1230072). * CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init (bsc#1230071). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-248=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * opensc-0.24.0-slfo.1.1_2.1 * opensc-debugsource-0.24.0-slfo.1.1_2.1 * opensc-debuginfo-0.24.0-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5992.html * https://www.suse.com/security/cve/CVE-2024-45615.html * https://www.suse.com/security/cve/CVE-2024-45616.html * https://www.suse.com/security/cve/CVE-2024-45617.html * https://www.suse.com/security/cve/CVE-2024-45618.html * https://www.suse.com/security/cve/CVE-2024-45619.html * https://www.suse.com/security/cve/CVE-2024-45620.html * https://www.suse.com/security/cve/CVE-2024-8443.html * https://bugzilla.suse.com/show_bug.cgi?id=1219386 * https://bugzilla.suse.com/show_bug.cgi?id=1230071 * https://bugzilla.suse.com/show_bug.cgi?id=1230072 * https://bugzilla.suse.com/show_bug.cgi?id=1230073 * https://bugzilla.suse.com/show_bug.cgi?id=1230074 * https://bugzilla.suse.com/show_bug.cgi?id=1230075 * https://bugzilla.suse.com/show_bug.cgi?id=1230076 * https://bugzilla.suse.com/show_bug.cgi?id=1230364 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:35:18 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:35:18 -0000 Subject: SUSE-SU-2025:20670-1: moderate: Security update for dpkg Message-ID: <175753651860.10185.17423992408436364272@smelt2.prg2.suse.org> # Security update for dpkg Announcement ID: SUSE-SU-2025:20670-1 Release Date: 2025-09-05T12:14:12Z Rating: moderate References: * bsc#1245573 Cross-References: * CVE-2025-6297 CVSS scores: * CVE-2025-6297 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-6297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-6297 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for dpkg fixes the following issues: * CVE-2025-6297: Fixed cleanup for control member with restricted directories (bsc#1245573). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-249=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * update-alternatives-debugsource-1.22.0-slfo.1.1_2.1 * update-alternatives-1.22.0-slfo.1.1_2.1 * update-alternatives-debuginfo-1.22.0-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-6297.html * https://bugzilla.suse.com/show_bug.cgi?id=1245573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:36:38 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:36:38 -0000 Subject: SUSE-SU-2025:20669-1: important: Security update for the Linux Kernel Message-ID: <175753659890.10185.6669691525836946114@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2025:20669-1 Release Date: 2025-09-05T12:02:35Z Rating: important References: * bsc#1012628 * bsc#1213545 * bsc#1215199 * bsc#1221858 * bsc#1222323 * bsc#1230557 * bsc#1230708 * bsc#1233120 * bsc#1240708 * bsc#1240890 * bsc#1242034 * bsc#1242754 * bsc#1244734 * bsc#1244930 * bsc#1245663 * bsc#1245710 * bsc#1245767 * bsc#1245780 * bsc#1245815 * bsc#1245956 * bsc#1245973 * bsc#1245977 * bsc#1246005 * bsc#1246012 * bsc#1246181 * bsc#1246193 * bsc#1247057 * bsc#1247078 * bsc#1247112 * bsc#1247116 * bsc#1247119 * bsc#1247155 * bsc#1247162 * bsc#1247167 * bsc#1247229 * bsc#1247243 * bsc#1247280 * bsc#1247313 * bsc#1247712 * bsc#1247976 * bsc#1248088 * bsc#1248108 * bsc#1248164 * bsc#1248166 * bsc#1248178 * bsc#1248179 * bsc#1248180 * bsc#1248183 * bsc#1248186 * bsc#1248194 * bsc#1248196 * bsc#1248198 * bsc#1248205 * bsc#1248206 * bsc#1248208 * bsc#1248209 * bsc#1248212 * bsc#1248213 * bsc#1248214 * bsc#1248216 * bsc#1248217 * bsc#1248223 * bsc#1248227 * bsc#1248228 * bsc#1248229 * bsc#1248240 * bsc#1248255 * bsc#1248297 * bsc#1248306 * bsc#1248312 * bsc#1248333 * bsc#1248337 * bsc#1248338 * bsc#1248340 * bsc#1248341 * bsc#1248345 * bsc#1248349 * bsc#1248350 * bsc#1248354 * bsc#1248355 * bsc#1248361 * bsc#1248363 * bsc#1248368 * bsc#1248374 * bsc#1248377 * bsc#1248386 * bsc#1248390 * bsc#1248395 * bsc#1248399 * bsc#1248401 * bsc#1248511 * bsc#1248573 * bsc#1248575 * bsc#1248577 * bsc#1248609 * bsc#1248614 * bsc#1248617 * bsc#1248621 * bsc#1248636 * bsc#1248643 * bsc#1248648 * bsc#1248652 * bsc#1248655 * bsc#1248666 * bsc#1248669 * bsc#1248746 * bsc#1248748 * bsc#1249022 * jsc#PED-13343 * jsc#PED-13345 Cross-References: * CVE-2023-3867 * CVE-2023-4130 * CVE-2023-4515 * CVE-2024-26661 * CVE-2024-46733 * CVE-2024-58238 * CVE-2024-58239 * CVE-2025-38006 * CVE-2025-38075 * CVE-2025-38103 * CVE-2025-38125 * CVE-2025-38146 * CVE-2025-38160 * CVE-2025-38184 * CVE-2025-38185 * CVE-2025-38190 * CVE-2025-38201 * CVE-2025-38205 * CVE-2025-38208 * CVE-2025-38245 * CVE-2025-38251 * CVE-2025-38360 * CVE-2025-38439 * CVE-2025-38441 * CVE-2025-38444 * CVE-2025-38445 * CVE-2025-38458 * CVE-2025-38459 * CVE-2025-38464 * CVE-2025-38472 * CVE-2025-38490 * CVE-2025-38491 * CVE-2025-38499 * CVE-2025-38500 * CVE-2025-38503 * CVE-2025-38506 * CVE-2025-38510 * CVE-2025-38512 * CVE-2025-38513 * CVE-2025-38515 * CVE-2025-38516 * CVE-2025-38520 * CVE-2025-38524 * CVE-2025-38528 * CVE-2025-38529 * CVE-2025-38530 * CVE-2025-38531 * CVE-2025-38535 * CVE-2025-38537 * CVE-2025-38538 * CVE-2025-38540 * CVE-2025-38541 * CVE-2025-38543 * CVE-2025-38546 * CVE-2025-38548 * CVE-2025-38550 * CVE-2025-38553 * CVE-2025-38555 * CVE-2025-38560 * CVE-2025-38563 * CVE-2025-38565 * CVE-2025-38566 * CVE-2025-38568 * CVE-2025-38571 * CVE-2025-38572 * CVE-2025-38576 * CVE-2025-38581 * CVE-2025-38582 * CVE-2025-38583 * CVE-2025-38585 * CVE-2025-38587 * CVE-2025-38588 * CVE-2025-38591 * CVE-2025-38601 * CVE-2025-38602 * CVE-2025-38604 * CVE-2025-38608 * CVE-2025-38609 * CVE-2025-38610 * CVE-2025-38612 * CVE-2025-38617 * CVE-2025-38618 * CVE-2025-38621 * CVE-2025-38624 * CVE-2025-38630 * CVE-2025-38632 * CVE-2025-38634 * CVE-2025-38635 * CVE-2025-38644 * CVE-2025-38646 * CVE-2025-38650 * CVE-2025-38656 * CVE-2025-38663 * CVE-2025-38665 * CVE-2025-38670 * CVE-2025-38671 CVSS scores: * CVE-2023-4130 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2023-4130 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4515 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2023-4515 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26661 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26661 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46733 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-58238 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-58238 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-58239 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-58239 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38006 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38006 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-38075 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38075 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38103 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-38103 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-38125 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38125 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38146 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38146 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38160 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38160 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38184 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38184 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38185 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38185 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38190 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38190 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38205 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38205 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38208 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38208 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38245 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38245 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38251 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38251 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38360 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38360 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38439 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-38439 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-38441 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38441 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-38444 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38444 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38445 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38445 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38458 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38458 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38459 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38459 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38464 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38464 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-38472 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38472 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38490 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38490 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38491 ( SUSE ): 2.3 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-38491 ( SUSE ): 5.0 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-38499 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H * CVE-2025-38499 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H * CVE-2025-38500 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38500 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38503 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38503 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38506 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-38506 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-38510 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38510 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38512 ( SUSE ): 6.9 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-38512 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-38513 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38513 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38515 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38515 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38516 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38516 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38520 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38520 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38524 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38524 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38528 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-38528 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-38529 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38529 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2025-38530 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38530 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2025-38531 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38531 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-38535 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38535 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38537 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38537 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38538 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38538 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38540 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38540 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38541 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38541 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38543 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38543 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38546 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38546 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38548 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38548 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38550 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38550 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38553 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38553 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38555 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38560 ( SUSE ): 5.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2025-38560 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2025-38563 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2025-38565 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-38565 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-38566 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38566 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38568 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38568 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-38571 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38571 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38572 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38572 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38576 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38576 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38581 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38581 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38582 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38582 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-38583 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38583 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38585 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38585 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38587 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38587 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38588 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38588 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38591 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-38591 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2025-38601 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38601 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38602 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38602 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38604 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38604 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-38608 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38608 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-38609 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38609 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38610 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38610 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38612 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38612 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38617 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38617 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38618 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38618 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38621 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38621 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38624 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38624 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38630 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38630 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38632 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38632 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38634 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38634 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38635 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38635 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38644 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38644 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38646 ( SUSE ): 6.0 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38646 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38650 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38656 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38656 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38663 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38665 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38670 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38671 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves 96 vulnerabilities, contains two features and has 12 fixes can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-46733: btrfs: fix qgroup reserve leaks in cow_file_range (bsc#1230708). * CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930). * CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734). * CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663). * CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710). * CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767). * CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780). * CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). * CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012). * CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973). * CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977). * CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005). * CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815). * CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193). * CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181). * CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078). * CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155). * CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167). * CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162). * CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229). * CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116). * CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119). * CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112). * CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313). * CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243). * CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280). * CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). * CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088). * CVE-2025-38506: KVM: Allow CPU to reschedule while setting per-page memory attributes (bsc#1248186). * CVE-2025-38520: drm/amdkfd: Do not call mmput from MMU notifier callback (bsc#1248217). * CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194). * CVE-2025-38528: bpf: Reject %p% format string in bprintf-like helpers (bsc#1248198). * CVE-2025-38531: iio: common: st_sensors: Fix use of uninitialize device structs (bsc#1248205). * CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). * CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). * CVE-2025-38585: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (bsc#1248355). * CVE-2025-38591: bpf: Reject narrower access to pointer ctx fields (bsc#1248363). * CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). * CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). The following non-security bugs were fixed: * ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes). * ACPI: pfr_update: Fix the driver update version check (git-fixes). * ACPI: processor: fix acpi_object initialization (stable-fixes). * ACPI: processor: perflib: Move problematic pr->performance check (git- fixes). * ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes). * ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes). * ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes). * ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes). * ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes). * ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes). * ALSA: hda: Disable jack polling at shutdown (stable-fixes). * ALSA: hda: Handle the jack polling always via a work (stable-fixes). * ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable- fixes). * ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable- fixes). * ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes). * ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable- fixes). * ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes). * ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git- fixes). * ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes). * ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes). * ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes). * ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes). * ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes). * ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes). * ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes). * ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes). * ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable- fixes). * ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable- fixes). * ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes). * Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes). * Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git- fixes). * Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git- fixes). * Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes). * Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git- fixes). * Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes). * Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable- fixes). * Bluetooth: hci_sync: fix set_local_name race condition (git-fixes). * HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes). * HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git- fixes). * Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108). * PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git- fixes). * PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes). * PCI: Add ACS quirk for Loongson PCIe (git-fixes). * PCI: Support Immediate Readiness on devices without PM capabilities (git- fixes). * PCI: apple: Fix missing OF node reference in apple_pcie_setup_port (git- fixes). * PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes). * PCI: imx6: Delay link start until configfs 'start' written (git-fixes). * PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes). * PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199). * PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199). * PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git- fixes). * PCI: rockchip: Use standard PCIe definitions (git-fixes). * PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes). * PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable- fixes). * PM: sleep: console: Fix the black screen issue (stable-fixes). * RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034). * RAS/AMD/FMPM: Get masked address (bsc#1242034). * RAS/AMD/FMPM: Use atl internal.h for INVALID_SPA (bsc#1242034). * RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes) * RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes) * RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes) * RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes) * RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes) * RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes) * RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes) * RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes) * Revert "gpio: mlxbf3: only get IRQ for device instance 0" (git-fixes). * USB: serial: option: add Foxconn T99W709 (stable-fixes). * USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes). * USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes). * aoe: defer rexmit timer downdev work to workqueue (git-fixes). * arch/powerpc: Remove .interp section in vmlinux (bsc#1215199). * arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 (git- fixes) * arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes) * arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes) * arm64: Add support for HIP09 Spectre-BHB mitigation (git-fixes) * arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes) * arm64: Restrict pagetable teardown to avoid false warning (git-fixes) * arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes) * arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes) * arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes) * arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes) * arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git- fixes) * arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git- fixes) * arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git- fixes) * arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git- fixes) * arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git- fixes) * arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes) * arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes) * arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git- fixes) * arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes) * arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes) * arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes) * arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes) * arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes) * arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes) * ata: libata-scsi: Fix CDL control (git-fixes). * block: fix kobject leak in blk_unregister_queue (git-fixes). * block: mtip32xx: Fix usage of dma_map_sg() (git-fixes). * bpf: fix kfunc btf caching for modules (git-fixes). * bpf: use kvzmalloc to allocate BPF verifier environment (git-fixes). * btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes). * btrfs: correctly escape subvol in btrfs_show_options() (git-fixes). * btrfs: fix adding block group to a reclaim list and the unused list during reclaim (git-fixes). * btrfs: fix bitmap leak when loading free space cache on duplicate entry (git-fixes). * btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes). * btrfs: fix the length of reserved qgroup to free (bsc#1240708) * btrfs: retry block group reclaim without infinite loop (git-fixes). * btrfs: return accurate error code on open failure in open_fs_devices() (bsc#1233120) * btrfs: run delayed iputs when flushing delalloc (git-fixes). * btrfs: update target inode's ctime on unlink (git-fixes). * cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes). * char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes). * comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes). * comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes). * comedi: fix race between polling and detaching (git-fixes). * comedi: pcl726: Prevent invalid irq number (git-fixes). * crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes). * crypto: jitter - fix intermediary handling (stable-fixes). * crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes). * crypto: qat - lower priority for skcipher and aead algorithms (stable- fixes). * drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes). * drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes). * drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes). * drm/amd/display: Avoid a NULL pointer dereference (stable-fixes). * drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes). * drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes). * drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes). * drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes). * drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes). * drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes). * drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes). * drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git- fixes). * drm/amd/display: Only finalize atomic_obj if it was initialized (stable- fixes). * drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes). * drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes). * drm/amd: Restore cached power limit during resume (stable-fixes). * drm/amdgpu: Avoid extra evict-restore process (stable-fixes). * drm/amdgpu: fix incorrect vm flags to map bo (git-fixes). * drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes). * drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes). * drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes). * drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes). * drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes). * drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes). * drm/msm/kms: move snapshot init earlier in KMS init (git-fixes). * drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes). * drm/msm: use trylock for debugfs (stable-fixes). * drm/nouveau/disp: Always accept linear modifier (git-fixes). * drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes). * drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes). * drm/nouveau: fix typos in comments (git-fixes). * drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes). * drm/nouveau: remove unused memory target test (git-fixes). * drm/ttm: Respect the shrinker core free target (stable-fixes). * drm/ttm: Should to return the evict error (stable-fixes). * et131x: Add missing check after DMA map (stable-fixes). * exfat: add cluster chain loop check for dir (git-fixes). * fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes). * fbdev: fix potential buffer overflow in do_register_framebuffer() (stable- fixes). * fs/mnt_idmapping.c: Return -EINVAL when no map is written (bsc#1233120) * fs/orangefs: use snprintf() instead of sprintf() (git-fixes). * gpio: mlxbf3: use platform_get_irq_optional() (git-fixes). * gpio: tps65912: check the return value of regmap_update_bits() (stable- fixes). * gpio: wcd934x: check the return value of regmap_update_bits() (stable- fixes). * hfs: fix not erasing deleted b-tree node issue (git-fixes). * hfs: fix slab-out-of-bounds in hfs_bnode_read() (git-fixes). * hfsplus: do not use BUG_ON() in hfsplus_create_attributes_file() (git- fixes). * hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (git-fixes). * hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). * hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes). * i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes). * i3c: do not fail if GETHDRCAP is unsupported (stable-fixes). * i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes). * ice, irdma: fix an off by one in error handling code (bsc#1247712). * ice, irdma: move interrupts code to irdma (bsc#1247712). * ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712). * ice: count combined queues using Rx/Tx count (bsc#1247712). * ice: devlink PF MSI-X max and min parameter (bsc#1247712). * ice: enable_rdma devlink param (bsc#1247712). * ice: get rid of num_lan_msix field (bsc#1247712). * ice: init flow director before RDMA (bsc#1247712). * ice: remove splitting MSI-X between features (bsc#1247712). * ice: simplify VF MSI-X managing (bsc#1247712). * ice: treat dyn_allowed only as suggestion (bsc#1247712). * iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable- fixes). * iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes). * iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes). * iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes). * iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes). * iio: proximity: isl29501: fix buffered read on big-endian systems (git- fixes). * integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343). * iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes). * ipmi: Fix strcpy source and destination the same (stable-fixes). * ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable- fixes). * irdma: free iwdev->rf after removing MSI-X (bsc#1247712). * jfs: Regular file corruption check (git-fixes). * jfs: truncate good inode pages when hard link is 0 (git-fixes). * jfs: upper bound check of tree index in dbAllocAG (git-fixes). * kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git- fixes). * kselftest/arm64: Fix check for setting new VLs in sve-ptrace (git-fixes). * leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes). * loop: use kiocb helpers to fix lockdep warning (git-fixes). * mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes). * md/md-cluster: handle REMOVE message earlier (bsc#1247057). * md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes). * md: allow removing faulty rdev during resync (git-fixes). * md: make rdev_addable usable for rcu mode (git-fixes). * media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes). * media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes). * media: tc358743: Check I2C succeeded during probe (stable-fixes). * media: tc358743: Increase FIFO trigger level to 374 (stable-fixes). * media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes). * media: usb: hdpvr: disable zero-length read messages (stable-fixes). * media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes). * media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes). * mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes). * memstick: Fix deadlock by moving removing flag earlier (git-fixes). * mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes) * mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes). * mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable- fixes). * mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes). * most: core: Drop device reference after usage in get_channel() (git-fixes). * mptcp: fallback when MPTCP opts are dropped after 1st data (git-fixes). * mptcp: reset when MPTCP opts are dropped after join (git-fixes). * net: phy: micrel: Add ksz9131_resume() (stable-fixes). * net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes). * net: thunderbolt: Enable end-to-end flow control also in transmit (stable- fixes). * net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes). * net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes). * net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes). * pNFS: Fix disk addr range check in block/scsi layout (git-fixes). * pNFS: Fix stripe mapping in block/scsi layout (git-fixes). * pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes). * pNFS: Handle RPC size limit for layoutcommits (git-fixes). * phy: mscc: Fix parsing of unicast frames (git-fixes). * phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable- fixes). * pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes). * pinctrl: stm32: Manage irq affinity settings (stable-fixes). * platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable- fixes). * platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable- fixes). * pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes). * power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes). * powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199). * powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199). * powerpc/eeh: Rely on dev->link_active_reporting (bsc#1215199). * powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199). * powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343). * powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343). * powerpc: do not build ppc_save_regs.o always (bsc#1215199). * pwm: mediatek: Fix duty and period setting (git-fixes). * pwm: mediatek: Handle hardware enable and clock enable separately (stable- fixes). * reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes). * rpm/config.sh: Update Leap project * rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes). * rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable- fixes). * samples/bpf: Fix compilation errors with cf-protection option (git-fixes). * scsi: Revert "scsi: iscsi: Fix HW conn removal use after free" (git-fixes). * scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes). * scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes). * scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes). * scsi: isci: Fix dma_unmap_sg() nents value (git-fixes). * scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes). * scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes). * scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git- fixes). * scsi: mpt3sas: Fix a fw_event memory leak (git-fixes). * scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes). * scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes). * selftests/bpf: fexit_sleep: Fix stack allocation for arm64 (git-fixes). * selftests/tracing: Fix false failure of subsystem event test (git-fixes). * selftests: Fix errno checking in syscall_user_dispatch test (git-fixes). * selftests: rtnetlink.sh: remove esp4_offload after test (git-fixes). * serial: 8250: fix panic due to PSLVERR (git-fixes). * slab: Decouple slab_debug and no_hash_pointers (bsc#1249022). * smb: client: fix parsing of device numbers (git-fixes). * soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes). * soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes). * squashfs: fix memory leak in squashfs_fill_super (git-fixes). * sunrpc: fix handling of server side tls alerts (git-fixes). * sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes). * thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes). * thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes). * ublk: sanity check add_dev input for underflow (git-fixes). * ublk: use vmalloc for ublk_device's __queues (git-fixes). * usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes). * usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes). * usb: core: usb_submit_urb: downgrade type check (stable-fixes). * usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git- fixes). * usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable- fixes). * usb: dwc3: core: Fix system suspend on TI AM62 platforms (git-fixes). * usb: dwc3: fix fault at system suspend if device was already runtime suspended (git-fixes). * usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes). * usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes). * usb: renesas-xhci: Fix External ROM access timeouts (git-fixes). * usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git- fixes). * usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable- fixes). * usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes). * usb: xhci: Avoid showing errors during surprise removal (stable-fixes). * usb: xhci: Avoid showing warnings for dying controller (stable-fixes). * usb: xhci: Fix slot_id resource race conflict (git-fixes). * usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes). * usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes). * vfs: Add a sysctl for automated deletion of dentry (bsc#1240890). * watchdog: dw_wdt: Fix default timeout (stable-fixes). * watchdog: iTCO_wdt: Report error if timeout configuration fails (stable- fixes). * watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes). * wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes). * wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes). * wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable- fixes). * wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes). * wifi: cfg80211: Fix interface type validation (stable-fixes). * wifi: cfg80211: reject HTC bit for management frames (stable-fixes). * wifi: iwlegacy: Check rate_idx range after addition (stable-fixes). * wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable- fixes). * wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable- fixes). * wifi: iwlwifi: mvm: fix scan request validation (stable-fixes). * wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes). * wifi: mac80211: do not complete management TX on SAE commit (stable-fixes). * wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes). * wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes). * wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes). * wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes). * wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes). * wifi: rtw89: Disable deep power saving for USB/SDIO (stable-fixes). * wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes). * wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable- fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-101=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * kernel-source-6.4.0-34.1 * kernel-devel-6.4.0-34.1 * kernel-macros-6.4.0-34.1 * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.4.0-34.1 * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-6.4.0-34.1 * kernel-default-devel-6.4.0-34.1 * kernel-default-debugsource-6.4.0-34.1 * SUSE Linux Micro 6.1 (aarch64 ppc64le x86_64) * kernel-default-base-6.4.0-34.1.21.11 * SUSE Linux Micro 6.1 (ppc64le x86_64) * kernel-default-devel-debuginfo-6.4.0-34.1 * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-default-livepatch-6.4.0-34.1 * SUSE Linux Micro 6.1 (nosrc x86_64) * kernel-kvmsmall-6.4.0-34.1 * SUSE Linux Micro 6.1 (x86_64) * kernel-kvmsmall-debuginfo-6.4.0-34.1 * kernel-kvmsmall-debugsource-6.4.0-34.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3867.html * https://www.suse.com/security/cve/CVE-2023-4130.html * https://www.suse.com/security/cve/CVE-2023-4515.html * https://www.suse.com/security/cve/CVE-2024-26661.html * https://www.suse.com/security/cve/CVE-2024-46733.html * https://www.suse.com/security/cve/CVE-2024-58238.html * https://www.suse.com/security/cve/CVE-2024-58239.html * https://www.suse.com/security/cve/CVE-2025-38006.html * https://www.suse.com/security/cve/CVE-2025-38075.html * https://www.suse.com/security/cve/CVE-2025-38103.html * https://www.suse.com/security/cve/CVE-2025-38125.html * https://www.suse.com/security/cve/CVE-2025-38146.html * https://www.suse.com/security/cve/CVE-2025-38160.html * https://www.suse.com/security/cve/CVE-2025-38184.html * https://www.suse.com/security/cve/CVE-2025-38185.html * https://www.suse.com/security/cve/CVE-2025-38190.html * https://www.suse.com/security/cve/CVE-2025-38201.html * https://www.suse.com/security/cve/CVE-2025-38205.html * https://www.suse.com/security/cve/CVE-2025-38208.html * https://www.suse.com/security/cve/CVE-2025-38245.html * https://www.suse.com/security/cve/CVE-2025-38251.html * https://www.suse.com/security/cve/CVE-2025-38360.html * https://www.suse.com/security/cve/CVE-2025-38439.html * https://www.suse.com/security/cve/CVE-2025-38441.html * https://www.suse.com/security/cve/CVE-2025-38444.html * https://www.suse.com/security/cve/CVE-2025-38445.html * https://www.suse.com/security/cve/CVE-2025-38458.html * https://www.suse.com/security/cve/CVE-2025-38459.html * https://www.suse.com/security/cve/CVE-2025-38464.html * https://www.suse.com/security/cve/CVE-2025-38472.html * https://www.suse.com/security/cve/CVE-2025-38490.html * https://www.suse.com/security/cve/CVE-2025-38491.html * https://www.suse.com/security/cve/CVE-2025-38499.html * https://www.suse.com/security/cve/CVE-2025-38500.html * https://www.suse.com/security/cve/CVE-2025-38503.html * https://www.suse.com/security/cve/CVE-2025-38506.html * https://www.suse.com/security/cve/CVE-2025-38510.html * https://www.suse.com/security/cve/CVE-2025-38512.html * https://www.suse.com/security/cve/CVE-2025-38513.html * https://www.suse.com/security/cve/CVE-2025-38515.html * https://www.suse.com/security/cve/CVE-2025-38516.html * https://www.suse.com/security/cve/CVE-2025-38520.html * https://www.suse.com/security/cve/CVE-2025-38524.html * https://www.suse.com/security/cve/CVE-2025-38528.html * https://www.suse.com/security/cve/CVE-2025-38529.html * https://www.suse.com/security/cve/CVE-2025-38530.html * https://www.suse.com/security/cve/CVE-2025-38531.html * https://www.suse.com/security/cve/CVE-2025-38535.html * https://www.suse.com/security/cve/CVE-2025-38537.html * https://www.suse.com/security/cve/CVE-2025-38538.html * https://www.suse.com/security/cve/CVE-2025-38540.html * https://www.suse.com/security/cve/CVE-2025-38541.html * https://www.suse.com/security/cve/CVE-2025-38543.html * https://www.suse.com/security/cve/CVE-2025-38546.html * https://www.suse.com/security/cve/CVE-2025-38548.html * https://www.suse.com/security/cve/CVE-2025-38550.html * https://www.suse.com/security/cve/CVE-2025-38553.html * https://www.suse.com/security/cve/CVE-2025-38555.html * https://www.suse.com/security/cve/CVE-2025-38560.html * https://www.suse.com/security/cve/CVE-2025-38563.html * https://www.suse.com/security/cve/CVE-2025-38565.html * https://www.suse.com/security/cve/CVE-2025-38566.html * https://www.suse.com/security/cve/CVE-2025-38568.html * https://www.suse.com/security/cve/CVE-2025-38571.html * https://www.suse.com/security/cve/CVE-2025-38572.html * https://www.suse.com/security/cve/CVE-2025-38576.html * https://www.suse.com/security/cve/CVE-2025-38581.html * https://www.suse.com/security/cve/CVE-2025-38582.html * https://www.suse.com/security/cve/CVE-2025-38583.html * https://www.suse.com/security/cve/CVE-2025-38585.html * https://www.suse.com/security/cve/CVE-2025-38587.html * https://www.suse.com/security/cve/CVE-2025-38588.html * https://www.suse.com/security/cve/CVE-2025-38591.html * https://www.suse.com/security/cve/CVE-2025-38601.html * https://www.suse.com/security/cve/CVE-2025-38602.html * https://www.suse.com/security/cve/CVE-2025-38604.html * https://www.suse.com/security/cve/CVE-2025-38608.html * https://www.suse.com/security/cve/CVE-2025-38609.html * https://www.suse.com/security/cve/CVE-2025-38610.html * https://www.suse.com/security/cve/CVE-2025-38612.html * https://www.suse.com/security/cve/CVE-2025-38617.html * https://www.suse.com/security/cve/CVE-2025-38618.html * https://www.suse.com/security/cve/CVE-2025-38621.html * https://www.suse.com/security/cve/CVE-2025-38624.html * https://www.suse.com/security/cve/CVE-2025-38630.html * https://www.suse.com/security/cve/CVE-2025-38632.html * https://www.suse.com/security/cve/CVE-2025-38634.html * https://www.suse.com/security/cve/CVE-2025-38635.html * https://www.suse.com/security/cve/CVE-2025-38644.html * https://www.suse.com/security/cve/CVE-2025-38646.html * https://www.suse.com/security/cve/CVE-2025-38650.html * https://www.suse.com/security/cve/CVE-2025-38656.html * https://www.suse.com/security/cve/CVE-2025-38663.html * https://www.suse.com/security/cve/CVE-2025-38665.html * https://www.suse.com/security/cve/CVE-2025-38670.html * https://www.suse.com/security/cve/CVE-2025-38671.html * https://bugzilla.suse.com/show_bug.cgi?id=1012628 * https://bugzilla.suse.com/show_bug.cgi?id=1213545 * https://bugzilla.suse.com/show_bug.cgi?id=1215199 * https://bugzilla.suse.com/show_bug.cgi?id=1221858 * https://bugzilla.suse.com/show_bug.cgi?id=1222323 * https://bugzilla.suse.com/show_bug.cgi?id=1230557 * https://bugzilla.suse.com/show_bug.cgi?id=1230708 * https://bugzilla.suse.com/show_bug.cgi?id=1233120 * https://bugzilla.suse.com/show_bug.cgi?id=1240708 * https://bugzilla.suse.com/show_bug.cgi?id=1240890 * https://bugzilla.suse.com/show_bug.cgi?id=1242034 * https://bugzilla.suse.com/show_bug.cgi?id=1242754 * https://bugzilla.suse.com/show_bug.cgi?id=1244734 * https://bugzilla.suse.com/show_bug.cgi?id=1244930 * https://bugzilla.suse.com/show_bug.cgi?id=1245663 * https://bugzilla.suse.com/show_bug.cgi?id=1245710 * https://bugzilla.suse.com/show_bug.cgi?id=1245767 * https://bugzilla.suse.com/show_bug.cgi?id=1245780 * https://bugzilla.suse.com/show_bug.cgi?id=1245815 * https://bugzilla.suse.com/show_bug.cgi?id=1245956 * https://bugzilla.suse.com/show_bug.cgi?id=1245973 * https://bugzilla.suse.com/show_bug.cgi?id=1245977 * https://bugzilla.suse.com/show_bug.cgi?id=1246005 * https://bugzilla.suse.com/show_bug.cgi?id=1246012 * https://bugzilla.suse.com/show_bug.cgi?id=1246181 * https://bugzilla.suse.com/show_bug.cgi?id=1246193 * https://bugzilla.suse.com/show_bug.cgi?id=1247057 * https://bugzilla.suse.com/show_bug.cgi?id=1247078 * https://bugzilla.suse.com/show_bug.cgi?id=1247112 * https://bugzilla.suse.com/show_bug.cgi?id=1247116 * https://bugzilla.suse.com/show_bug.cgi?id=1247119 * https://bugzilla.suse.com/show_bug.cgi?id=1247155 * https://bugzilla.suse.com/show_bug.cgi?id=1247162 * https://bugzilla.suse.com/show_bug.cgi?id=1247167 * https://bugzilla.suse.com/show_bug.cgi?id=1247229 * https://bugzilla.suse.com/show_bug.cgi?id=1247243 * https://bugzilla.suse.com/show_bug.cgi?id=1247280 * https://bugzilla.suse.com/show_bug.cgi?id=1247313 * https://bugzilla.suse.com/show_bug.cgi?id=1247712 * https://bugzilla.suse.com/show_bug.cgi?id=1247976 * https://bugzilla.suse.com/show_bug.cgi?id=1248088 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 * https://bugzilla.suse.com/show_bug.cgi?id=1248164 * https://bugzilla.suse.com/show_bug.cgi?id=1248166 * https://bugzilla.suse.com/show_bug.cgi?id=1248178 * https://bugzilla.suse.com/show_bug.cgi?id=1248179 * https://bugzilla.suse.com/show_bug.cgi?id=1248180 * https://bugzilla.suse.com/show_bug.cgi?id=1248183 * https://bugzilla.suse.com/show_bug.cgi?id=1248186 * https://bugzilla.suse.com/show_bug.cgi?id=1248194 * https://bugzilla.suse.com/show_bug.cgi?id=1248196 * https://bugzilla.suse.com/show_bug.cgi?id=1248198 * https://bugzilla.suse.com/show_bug.cgi?id=1248205 * https://bugzilla.suse.com/show_bug.cgi?id=1248206 * https://bugzilla.suse.com/show_bug.cgi?id=1248208 * https://bugzilla.suse.com/show_bug.cgi?id=1248209 * https://bugzilla.suse.com/show_bug.cgi?id=1248212 * https://bugzilla.suse.com/show_bug.cgi?id=1248213 * https://bugzilla.suse.com/show_bug.cgi?id=1248214 * https://bugzilla.suse.com/show_bug.cgi?id=1248216 * https://bugzilla.suse.com/show_bug.cgi?id=1248217 * https://bugzilla.suse.com/show_bug.cgi?id=1248223 * https://bugzilla.suse.com/show_bug.cgi?id=1248227 * https://bugzilla.suse.com/show_bug.cgi?id=1248228 * https://bugzilla.suse.com/show_bug.cgi?id=1248229 * https://bugzilla.suse.com/show_bug.cgi?id=1248240 * https://bugzilla.suse.com/show_bug.cgi?id=1248255 * https://bugzilla.suse.com/show_bug.cgi?id=1248297 * https://bugzilla.suse.com/show_bug.cgi?id=1248306 * https://bugzilla.suse.com/show_bug.cgi?id=1248312 * https://bugzilla.suse.com/show_bug.cgi?id=1248333 * https://bugzilla.suse.com/show_bug.cgi?id=1248337 * https://bugzilla.suse.com/show_bug.cgi?id=1248338 * https://bugzilla.suse.com/show_bug.cgi?id=1248340 * https://bugzilla.suse.com/show_bug.cgi?id=1248341 * https://bugzilla.suse.com/show_bug.cgi?id=1248345 * https://bugzilla.suse.com/show_bug.cgi?id=1248349 * https://bugzilla.suse.com/show_bug.cgi?id=1248350 * https://bugzilla.suse.com/show_bug.cgi?id=1248354 * https://bugzilla.suse.com/show_bug.cgi?id=1248355 * https://bugzilla.suse.com/show_bug.cgi?id=1248361 * https://bugzilla.suse.com/show_bug.cgi?id=1248363 * https://bugzilla.suse.com/show_bug.cgi?id=1248368 * https://bugzilla.suse.com/show_bug.cgi?id=1248374 * https://bugzilla.suse.com/show_bug.cgi?id=1248377 * https://bugzilla.suse.com/show_bug.cgi?id=1248386 * https://bugzilla.suse.com/show_bug.cgi?id=1248390 * https://bugzilla.suse.com/show_bug.cgi?id=1248395 * https://bugzilla.suse.com/show_bug.cgi?id=1248399 * https://bugzilla.suse.com/show_bug.cgi?id=1248401 * https://bugzilla.suse.com/show_bug.cgi?id=1248511 * https://bugzilla.suse.com/show_bug.cgi?id=1248573 * https://bugzilla.suse.com/show_bug.cgi?id=1248575 * https://bugzilla.suse.com/show_bug.cgi?id=1248577 * https://bugzilla.suse.com/show_bug.cgi?id=1248609 * https://bugzilla.suse.com/show_bug.cgi?id=1248614 * https://bugzilla.suse.com/show_bug.cgi?id=1248617 * https://bugzilla.suse.com/show_bug.cgi?id=1248621 * https://bugzilla.suse.com/show_bug.cgi?id=1248636 * https://bugzilla.suse.com/show_bug.cgi?id=1248643 * https://bugzilla.suse.com/show_bug.cgi?id=1248648 * https://bugzilla.suse.com/show_bug.cgi?id=1248652 * https://bugzilla.suse.com/show_bug.cgi?id=1248655 * https://bugzilla.suse.com/show_bug.cgi?id=1248666 * https://bugzilla.suse.com/show_bug.cgi?id=1248669 * https://bugzilla.suse.com/show_bug.cgi?id=1248746 * https://bugzilla.suse.com/show_bug.cgi?id=1248748 * https://bugzilla.suse.com/show_bug.cgi?id=1249022 * https://jira.suse.com/browse/PED-13343 * https://jira.suse.com/browse/PED-13345 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:36:52 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:36:52 -0000 Subject: SUSE-SU-2025:20665-1: important: Security update for gnutls Message-ID: <175753661223.10185.5791559716140378454@smelt2.prg2.suse.org> # Security update for gnutls Announcement ID: SUSE-SU-2025:20665-1 Release Date: 2025-08-29T09:13:16Z Rating: important References: * bsc#1246232 * bsc#1246233 * bsc#1246267 * bsc#1246299 Cross-References: * CVE-2025-32988 * CVE-2025-32989 * CVE-2025-32990 * CVE-2025-6395 CVSS scores: * CVE-2025-32988 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-32988 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-32988 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2025-32988 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2025-32989 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32989 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2025-32989 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2025-32990 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-32990 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2025-32990 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2025-32990 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2025-6395 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-6395 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-6395 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves four vulnerabilities can now be installed. ## Description: This update for gnutls fixes the following issues: * CVE-2025-32988: Fixed double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232). * CVE-2025-32989: Fixed heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233). * CVE-2025-32990: Fixed 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267). * CVE-2025-6395: Fixed NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-243=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * gnutls-debuginfo-3.8.3-slfo.1.1_4.1 * libgnutls30-debuginfo-3.8.3-slfo.1.1_4.1 * gnutls-3.8.3-slfo.1.1_4.1 * gnutls-debugsource-3.8.3-slfo.1.1_4.1 * libgnutls30-3.8.3-slfo.1.1_4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-32988.html * https://www.suse.com/security/cve/CVE-2025-32989.html * https://www.suse.com/security/cve/CVE-2025-32990.html * https://www.suse.com/security/cve/CVE-2025-6395.html * https://bugzilla.suse.com/show_bug.cgi?id=1246232 * https://bugzilla.suse.com/show_bug.cgi?id=1246233 * https://bugzilla.suse.com/show_bug.cgi?id=1246267 * https://bugzilla.suse.com/show_bug.cgi?id=1246299 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:36:56 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:36:56 -0000 Subject: SUSE-SU-2025:20664-1: moderate: Security update for Mesa Message-ID: <175753661628.10185.5582635549793693776@smelt2.prg2.suse.org> # Security update for Mesa Announcement ID: SUSE-SU-2025:20664-1 Release Date: 2025-08-29T09:09:41Z Rating: moderate References: * bsc#1222040 * bsc#1222041 * bsc#1222042 Cross-References: * CVE-2023-45913 * CVE-2023-45919 * CVE-2023-45922 CVSS scores: * CVE-2023-45913 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2023-45913 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45919 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:H * CVE-2023-45919 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45922 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2023-45922 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves three vulnerabilities can now be installed. ## Description: This update for Mesa fixes the following issues: * CVE-2023-45913: NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId() (bsc#1222040). * CVE-2023-45919: Buffer over-read in glXQueryServerString() (bsc#1222041). * CVE-2023-45922: Segmentation violation in __glXGetDrawableAttribute() (bsc#1222042). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-241=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * Mesa-dri-debuginfo-23.3.4-slfo.1.1_2.1 * Mesa-debugsource-23.3.4-slfo.1.1_2.1 * Mesa-libglapi0-23.3.4-slfo.1.1_2.1 * Mesa-libglapi0-debuginfo-23.3.4-slfo.1.1_2.1 * Mesa-dri-23.3.4-slfo.1.1_2.1 * Mesa-drivers-debugsource-23.3.4-slfo.1.1_2.1 * Mesa-libGL1-debuginfo-23.3.4-slfo.1.1_2.1 * Mesa-libGL1-23.3.4-slfo.1.1_2.1 * Mesa-libEGL1-23.3.4-slfo.1.1_2.1 * libgbm1-debuginfo-23.3.4-slfo.1.1_2.1 * libgbm1-23.3.4-slfo.1.1_2.1 * Mesa-libEGL1-debuginfo-23.3.4-slfo.1.1_2.1 * Mesa-23.3.4-slfo.1.1_2.1 * SUSE Linux Micro 6.1 (aarch64 ppc64le x86_64) * Mesa-gallium-debuginfo-23.3.4-slfo.1.1_2.1 * Mesa-gallium-23.3.4-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45913.html * https://www.suse.com/security/cve/CVE-2023-45919.html * https://www.suse.com/security/cve/CVE-2023-45922.html * https://bugzilla.suse.com/show_bug.cgi?id=1222040 * https://bugzilla.suse.com/show_bug.cgi?id=1222041 * https://bugzilla.suse.com/show_bug.cgi?id=1222042 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:37:08 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:37:08 -0000 Subject: SUSE-SU-2025:20660-1: moderate: Security update for coreutils Message-ID: <175753662862.10185.5281189603759768970@smelt2.prg2.suse.org> # Security update for coreutils Announcement ID: SUSE-SU-2025:20660-1 Release Date: 2025-08-28T15:15:06Z Rating: moderate References: * bsc#1243767 Cross-References: * CVE-2025-5278 CVSS scores: * CVE-2025-5278 ( SUSE ): 2.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-5278 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2025-5278 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for coreutils fixes the following issues: * CVE-2025-5278: Sort with key character offsets of SIZE_MAX, could induce a read of 1 byte before an allocated heap buffer (bsc#1243767). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-238=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * coreutils-debugsource-9.4-slfo.1.1_2.1 * coreutils-debuginfo-9.4-slfo.1.1_2.1 * coreutils-9.4-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-5278.html * https://bugzilla.suse.com/show_bug.cgi?id=1243767 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:36:59 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:36:59 -0000 Subject: SUSE-SU-2025:20663-1: moderate: Security update for jbigkit Message-ID: <175753661919.10185.12227819210364227833@smelt2.prg2.suse.org> # Security update for jbigkit Announcement ID: SUSE-SU-2025:20663-1 Release Date: 2025-08-29T09:09:41Z Rating: moderate References: * bsc#1198146 Cross-References: * CVE-2022-1210 CVSS scores: * CVE-2022-1210 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-1210 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for jbigkit fixes the following issues: * CVE-2022-1210: Malicious file leads to a denial of service in TIFF File Handler (bsc#1198146). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-242=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libjbig2-2.1-slfo.1.1_2.1 * libjbig2-debuginfo-2.1-slfo.1.1_2.1 * jbigkit-debugsource-2.1-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-1210.html * https://bugzilla.suse.com/show_bug.cgi?id=1198146 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:37:01 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:37:01 -0000 Subject: SUSE-SU-2025:20662-1: important: Security update for polkit Message-ID: <175753662166.10185.13478734781685547675@smelt2.prg2.suse.org> # Security update for polkit Announcement ID: SUSE-SU-2025:20662-1 Release Date: 2025-08-29T07:50:36Z Rating: important References: * bsc#1246472 Cross-References: * CVE-2025-7519 CVSS scores: * CVE-2025-7519 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-7519 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-7519 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for polkit fixes the following issues: * CVE-2025-7519: Fixed that a XML policy file with a large number of nested elements may lead to out-of-bounds write (bsc#1246472). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-240=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libpolkit-gobject-1-0-debuginfo-121-slfo.1.1_2.1 * libpolkit-gobject-1-0-121-slfo.1.1_2.1 * libpolkit-agent-1-0-121-slfo.1.1_2.1 * polkit-121-slfo.1.1_2.1 * polkit-debuginfo-121-slfo.1.1_2.1 * libpolkit-agent-1-0-debuginfo-121-slfo.1.1_2.1 * polkit-debugsource-121-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-7519.html * https://bugzilla.suse.com/show_bug.cgi?id=1246472 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Sep 10 20:37:04 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 10 Sep 2025 20:37:04 -0000 Subject: SUSE-SU-2025:20661-1: important: Security update for libxslt Message-ID: <175753662492.10185.7212282501415276665@smelt2.prg2.suse.org> # Security update for libxslt Announcement ID: SUSE-SU-2025:20661-1 Release Date: 2025-08-29T07:49:21Z Rating: important References: * bsc#1246360 Cross-References: * CVE-2025-7424 CVSS scores: * CVE-2025-7424 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H * CVE-2025-7424 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H * CVE-2025-7424 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for libxslt fixes the following issues: * CVE-2025-7424: Type confusion in xmlNode.psvi between stylesheet and source nodes [bsc#1246360] ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-239=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libxslt-debugsource-1.1.38-slfo.1.1_4.1 * libxslt1-debuginfo-1.1.38-slfo.1.1_4.1 * libxslt1-1.1.38-slfo.1.1_4.1 * libexslt0-debuginfo-1.1.38-slfo.1.1_4.1 * libexslt0-1.1.38-slfo.1.1_4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-7424.html * https://bugzilla.suse.com/show_bug.cgi?id=1246360 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 11 08:30:10 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 11 Sep 2025 08:30:10 -0000 Subject: SUSE-SU-2025:03160-1: important: Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP4) Message-ID: <175757941059.29468.16501153904644756157@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP4) Announcement ID: SUSE-SU-2025:03160-1 Release Date: 2025-09-11T05:03:56Z Rating: important References: * bsc#1237930 * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1246030 Cross-References: * CVE-2022-49053 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2022-49053 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_158 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3160=1 SUSE-2025-3157=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3160=1 SUSE-SLE- Module-Live-Patching-15-SP4-2025-3157=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_150-default-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_158-default-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_150-default-debuginfo-6-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_38-debugsource-5-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_36-debugsource-6-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_150-default-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_158-default-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_150-default-debuginfo-6-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_38-debugsource-5-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_36-debugsource-6-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49053.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1237930 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 11 08:30:21 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 11 Sep 2025 08:30:21 -0000 Subject: SUSE-SU-2025:03156-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP4) Message-ID: <175757942140.29468.17703230558494616643@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP4) Announcement ID: SUSE-SU-2025:03156-1 Release Date: 2025-09-10T22:26:58Z Rating: important References: * bsc#1231676 * bsc#1231943 * bsc#1232271 * bsc#1237930 * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1246030 Cross-References: * CVE-2022-49053 * CVE-2024-47674 * CVE-2024-47706 * CVE-2024-49867 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2022-49053 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47706 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49867 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves nine vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_133 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232271). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231676). * CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231943). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3156=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3156=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_133-default-14-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_31-debugsource-14-150400.2.1 * kernel-livepatch-5_14_21-150400_24_133-default-debuginfo-14-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_133-default-14-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_31-debugsource-14-150400.2.1 * kernel-livepatch-5_14_21-150400_24_133-default-debuginfo-14-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49053.html * https://www.suse.com/security/cve/CVE-2024-47674.html * https://www.suse.com/security/cve/CVE-2024-47706.html * https://www.suse.com/security/cve/CVE-2024-49867.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1231676 * https://bugzilla.suse.com/show_bug.cgi?id=1231943 * https://bugzilla.suse.com/show_bug.cgi?id=1232271 * https://bugzilla.suse.com/show_bug.cgi?id=1237930 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 11 08:30:37 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 11 Sep 2025 08:30:37 -0000 Subject: SUSE-SU-2025:03159-1: important: Security update for go1.23-openssl Message-ID: <175757943744.29468.12827804403263468531@smelt2.prg2.suse.org> # Security update for go1.23-openssl Announcement ID: SUSE-SU-2025:03159-1 Release Date: 2025-09-11T03:05:08Z Rating: important References: * bsc#1229122 * bsc#1236045 * bsc#1236046 * bsc#1236801 * bsc#1238572 * bsc#1240550 * bsc#1244156 * bsc#1244157 * bsc#1246118 * bsc#1247719 * bsc#1247720 * bsc#1247816 * jsc#SLE-18320 Cross-References: * CVE-2024-45336 * CVE-2024-45341 * CVE-2025-0913 * CVE-2025-22866 * CVE-2025-22870 * CVE-2025-22871 * CVE-2025-4673 * CVE-2025-4674 * CVE-2025-47906 * CVE-2025-47907 CVSS scores: * CVE-2024-45336 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-45336 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-45341 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-45341 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-0913 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-0913 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2025-0913 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2025-22866 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-22866 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-22866 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2025-22870 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-22870 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2025-22870 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2025-22871 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N * CVE-2025-22871 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-22871 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-4673 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2025-4673 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2025-4673 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2025-4674 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-4674 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-4674 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-47906 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-47906 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2025-47907 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-47907 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2025-47907 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L Affected Products: * Development Tools Module 15-SP6 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 10 vulnerabilities, contains one feature and has two security fixes can now be installed. ## Description: This update for go1.23-openssl fixes the following issues: Update to version 1.23.12 cut from the go1.23-fips-release branch at the revision tagged go1.23.12-1-openssl-fips. ( jsc#SLE-18320) * Rebase to 1.23.12 * Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length buffer of zeros. Packaging improvements: * Update go_bootstrap_version to go1.21 from go1.20 to shorten the bootstrap chain. go1.21 can optionally be bootstrapped with gccgo and serve as the inital version of go1.x. * Refs boo#1247816 bootstrap go1.21 with gccgo go1.23.12 (released 2025-08-06) includes security fixes to the database/sql and os/exec packages, as well as bug fixes to the runtime. CVE-2025-47906 CVE-2025-47907: * go#74803 go#74466 boo#1247719 security: fix CVE-2025-47906 os/exec: LookPath bug: incorrect expansion of "", "." and ".." in some PATH configurations * go#74832 go#74831 boo#1247720 security: fix CVE-2025-47907 database/sql: incorrect results returned from Rows.Scan * go#74415 runtime: use-after-free of allpSnapshot in findRunnable * go#74693 runtime: segfaults in runtime.(*unwinder).next * go#74721 cmd/go: TestScript/build_trimpath_cgo fails to decode dwarf on release-branch.go1.23 * go#74726 cmd/cgo/internal/testsanitizers: failures with signal: segmentation fault or exit status 66 go1.23.11 (released 2025-07-08) includes security fixes to the go command, as well as bug fixes to the compiler, the linker, and the runtime. CVE-2025-4674: * go#74382 go#74380 boo#1246118 security: fix CVE-2025-4674 cmd/go: disable support for multiple vcs in one module * go#73907 runtime: bad frame pointer during panic during duffcopy * go#74289 runtime: heap mspan limit is set too late, causing data race between span allocation and conservative scanning * go#74293 internal/trace: stress tests triggering suspected deadlock in tracer * go#74362 runtime/pprof: crash "cannot read stack of running goroutine" in goroutine profile * go#74402 cmd/link: duplicated definition of symbol github.com/ebitengine/purego.syscall15XABI0 when running with ASAN go1.23.10 (released 2025-06-05) includes security fixes to the net/http and os packages, as well as bug fixes to the linker. (boo#1229122 go1.23 release tracking) CVE-2025-0913 CVE-2025-4673: * go#73719 go#73612 boo#1244157 security: fix CVE-2025-0913 os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows * go#73905 go#73816 boo#1244156 security: fix CVE-2025-4673 net/http: sensitive headers not cleared on cross-origin redirect * go#73677 runtime/debug: BuildSetting does not document DefaultGODEBUG * go#73831 cmd/link: Go 1.24.3 and 1.23.9 regression - duplicated definition of symbol dlopen go1.23.9 (released 2025-05-06) includes fixes to the runtime and the linker. (boo#1229122 go1.23 release tracking) * go#73091 cmd/link: linkname directive on userspace variable can override runtime variable * go#73380 runtime, x/sys/unix: Connectx is broken on darwin/amd64 go1.23.8 (released 2025-04-01) includes security fixes to the net/http package, as well as bug fixes to the runtime and the go command. CVE-2025-22871: * go#72010 go#71988 boo#1240550 security: fix CVE-2025-22871 net/http: reject bare LF in chunked encoding * go#72114 runtime: process hangs for mips hardware * go#72871 runtime: cgo callback on extra M treated as external code after nested cgo callback returns * go#72937 internal/godebugs: winsymlink and winreadlinkvolume have incorrect defaults for Go 1.22 go1.23.7 (released 2025-03-04) includes security fixes to the net/http package, as well as bug fixes to cgo, the compiler, and the reflect, runtime, and syscall packages. CVE-2025-22870: * go#71985 go#71984 boo#1238572 security: fix CVE-2025-22870 net/http, x/net/proxy, x/net/http/httpproxy: proxy bypass using IPv6 zone IDs * go#71727 runtime: usleep computes wrong tv_nsec on s390x * go#71839 runtime: recover added in range-over-func loop body doesn't stop panic propagation / segfaults printing error * go#71848 os: spurious SIGCHILD on running child process * go#71875 reflect: Value.Seq panicking on functional iterator methods * go#71915 reflect: Value.Seq iteration value types not matching the type of given int types * go#71962 runtime/cgo: does not build with -Wdeclaration-after-statement go1.23.6 (released 2025-02-04) includes security fixes to the crypto/elliptic package, as well as bug fixes to the compiler and the go command. CVE-2025-22866 * go#71423 go#71383 boo#1236801 security: fix CVE-2025-22866 crypto/internal/fips140/nistec: p256NegCond is variable time on ppc64le * go#71263 cmd/go/internal/modfetch/codehost: test fails with git 2.47.1 * go#71230 cmd/compile: broken write barrier go1.23.5 (released 2025-01-16) includes security fixes to the crypto/x509 and net/http packages, as well as bug fixes to the compiler, the runtime, and the net package. CVE-2024-45341 CVE-2024-45336: * go#71208 go#71156 boo#1236045 security: fix CVE-2024-45341 crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints * go#71211 go#70530 boo#1236046 security: fix CVE-2024-45336 net/http: sensitive headers incorrectly sent after cross-domain redirect * go#69988 runtime: severe performance drop for cgo calls in go1.22.5 * go#70517 cmd/compile/internal/importer: flip enable alias to true * go#70789 os: io.Copy(net.Conn, os.Stdin) on MacOS terminate immediately without waiting for input * go#71104 crypto/tls: TestVerifyConnection/TLSv12 failures * go#71147 internal/trace: TestTraceCPUProfile/Stress failures go1.23.4 (released 2024-12-03) includes fixes to the compiler, the runtime, the trace command, and the syscall package. * go#70644 crypto/rsa: new key generation prohibitively slow under race detector * go#70645 proposal: go/types: add Scope.Node convenience getter * go#70646 x/tools/gopls: unimported completion corrupts import decl (client=BBEdit) * go#70648 crypto/tls: TestHandshakeClientECDHEECDSAAESGCM/TLSv12 failures * go#70649 x/benchmarks/sweet/cmd/sweet: TestSweetEndToEnd failures * go#70650 crypto/tls: TestGetClientCertificate/TLSv13 failures * go#70651 x/tools/go/gcexportdata: simplify implementation assuming go >= 1.21 * go#70654 cmd/go: Incorrect output from go list * go#70655 x/build/cmd/relui: add workflows for some remaining manual recurring Go major release cycle tasks * go#70657 proposal: bufio: Scanner.IterText/Scanner.IterBytes * go#70658 x/net/http2: stuck extended CONNECT requests * go#70659 os: TestRootDirFS failures on linux-mips64 and linux-mips64le arch- mips * go#70660 crypto/ecdsa: TestRFC6979 failures on s390x * go#70664 x/mobile: target maccatalyst cannot find OpenGLES header * go#70665 x/tools/gopls: refactor.extract.variable fails at package level * go#70666 x/tools/gopls: panic in GetIfaceStubInfo * go#70667 proposal: crypto/x509: support extracting X25519 public keys from certificates * go#70668 proposal: x/mobile: better support for unrecovered panics * go#70669 cmd/go: local failure in TestScript/build_trimpath_cgo * go#70670 cmd/link: unused functions aren't getting deadcoded from the binary * go#70674 x/pkgsite: package removal request for https://pkg.go.dev/github.com/uisdevsquad/go-test/debugmate * go#70675 cmd/go/internal/lockedfile: mountrpc flake in TestTransform on plan9 * go#70677 all: remote file server I/O flakiness with "Bad fid" errors on plan9 * go#70678 internal/poll: deadlock on 'Intel(R) Xeon(R) Platinum' when an FD is closed * go#70679 mime/multipart: With go 1.23.3, mime/multipart does not link Update to version 1.23.2.3 cut from the go1.23-fips-release branch at the revision tagged go1.23.2-3-openssl-fips. ( jsc#SLE-18320) * Add negative tests for openssl (#243) go1.23.3 (released 2024-11-06) includes fixes to the linker, the runtime, and the net/http, os, and syscall packages. * go#69258 runtime: corrupted GoroutineProfile stack traces * go#69259 runtime: multi-arch build via qemu fails to exec go binary * go#69640 os: os.checkPidfd() crashes with SIGSYS * go#69746 runtime: TestGdbAutotmpTypes failures * go#69848 cmd/compile: syscall.Syscall15: nosplit stack over 792 byte limit * go#69865 runtime: MutexProfile missing root frames in go1.23 * go#69882 time,runtime: too many concurrent timer firings for short time.Ticker * go#69978 time,runtime: too many concurrent timer firings for short, fast- resetting time.Timer * go#69992 cmd/link: LC_UUID not generated by go linker, resulting in failure to access local network on macOS 15 * go#70001 net/http/pprof: coroutines + pprof makes the program panic * go#70020 net/http: short writes with FileServer on macos ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3159=1 openSUSE-SLE-15.6-2025-3159=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-3159=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-3159=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * go1.23-openssl-1.23.12-150600.13.9.1 * go1.23-openssl-doc-1.23.12-150600.13.9.1 * go1.23-openssl-debuginfo-1.23.12-150600.13.9.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * go1.23-openssl-race-1.23.12-150600.13.9.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * go1.23-openssl-1.23.12-150600.13.9.1 * go1.23-openssl-doc-1.23.12-150600.13.9.1 * go1.23-openssl-race-1.23.12-150600.13.9.1 * go1.23-openssl-debuginfo-1.23.12-150600.13.9.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * go1.23-openssl-1.23.12-150600.13.9.1 * go1.23-openssl-doc-1.23.12-150600.13.9.1 * go1.23-openssl-race-1.23.12-150600.13.9.1 * go1.23-openssl-debuginfo-1.23.12-150600.13.9.1 ## References: * https://www.suse.com/security/cve/CVE-2024-45336.html * https://www.suse.com/security/cve/CVE-2024-45341.html * https://www.suse.com/security/cve/CVE-2025-0913.html * https://www.suse.com/security/cve/CVE-2025-22866.html * https://www.suse.com/security/cve/CVE-2025-22870.html * https://www.suse.com/security/cve/CVE-2025-22871.html * https://www.suse.com/security/cve/CVE-2025-4673.html * https://www.suse.com/security/cve/CVE-2025-4674.html * https://www.suse.com/security/cve/CVE-2025-47906.html * https://www.suse.com/security/cve/CVE-2025-47907.html * https://bugzilla.suse.com/show_bug.cgi?id=1229122 * https://bugzilla.suse.com/show_bug.cgi?id=1236045 * https://bugzilla.suse.com/show_bug.cgi?id=1236046 * https://bugzilla.suse.com/show_bug.cgi?id=1236801 * https://bugzilla.suse.com/show_bug.cgi?id=1238572 * https://bugzilla.suse.com/show_bug.cgi?id=1240550 * https://bugzilla.suse.com/show_bug.cgi?id=1244156 * https://bugzilla.suse.com/show_bug.cgi?id=1244157 * https://bugzilla.suse.com/show_bug.cgi?id=1246118 * https://bugzilla.suse.com/show_bug.cgi?id=1247719 * https://bugzilla.suse.com/show_bug.cgi?id=1247720 * https://bugzilla.suse.com/show_bug.cgi?id=1247816 * https://jira.suse.com/browse/SLE-18320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 11 08:30:47 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 11 Sep 2025 08:30:47 -0000 Subject: SUSE-SU-2025:03158-1: important: Security update for go1.24-openssl Message-ID: <175757944729.29468.17470367720341040210@smelt2.prg2.suse.org> # Security update for go1.24-openssl Announcement ID: SUSE-SU-2025:03158-1 Release Date: 2025-09-11T03:04:54Z Rating: important References: * bsc#1236217 * bsc#1244156 * bsc#1244157 * bsc#1244158 * bsc#1246118 * bsc#1247719 * bsc#1247720 * jsc#SLE-18320 Cross-References: * CVE-2025-0913 * CVE-2025-22874 * CVE-2025-4673 * CVE-2025-4674 * CVE-2025-47906 * CVE-2025-47907 CVSS scores: * CVE-2025-0913 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-0913 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2025-0913 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2025-22874 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-22874 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-22874 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-4673 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2025-4673 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2025-4673 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2025-4674 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-4674 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-4674 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-47906 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-47906 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2025-47907 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-47907 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2025-47907 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L Affected Products: * Development Tools Module 15-SP6 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves six vulnerabilities, contains one feature and has one security fix can now be installed. ## Description: This security update of go1.24-openssl fixes the following issues: Update to version 1.24.6 cut from the go1.24-fips-release branch at the revision tagged go1.24.6-1-openssl-fips. Refs jsc#SLE-18320 * Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length buffer of zeros. go1.24.6 (released 2025-08-06) includes security fixes to the database/sql and os/exec packages, as well as bug fixes to the runtime. ( boo#1236217 go1.24 release tracking) CVE-2025-47906 CVE-2025-47907: * go#74804 go#74466 boo#1247719 security: fix CVE-2025-47906 os/exec: LookPath bug: incorrect expansion of "", "." and ".." in some PATH configurations * go#74833 go#74831 boo#1247720 security: fix CVE-2025-47907 database/sql: incorrect results returned from Rows.Scan * go#73800 runtime: RSS seems to have increased in Go 1.24 while the runtime accounting has not * go#74416 runtime: use-after-free of allpSnapshot in findRunnable * go#74694 runtime: segfaults in runtime.(*unwinder).next * go#74760 os/user:nolibgcc: TestGroupIdsTestUser failures go1.24.5 (released 2025-07-08) includes security fixes to the go command, as well as bug fixes to the compiler, the linker, the , and the go command. ( boo#1236217 go1.24 release tracking) j CVE-2025-4674: * go#74381 go#74380 boo#1246118 security: fix CVE-2025-4674 cmd/go: disable support for multiple vcs in one module * go#73908 runtime: bad frame pointer during panic during duffcopy * go#74098 cmd/compile: regression on ppc64le bit operations * go#74113 cmd/go: crash on unknown GOEXPERIMENT during toolchain selection * go#74290 runtime: heap mspan limit is set too late, causing data race between span allocation and conservative scanning * go#74294 internal/trace: stress tests triggering suspected deadlock in tracer * go#74346 runtime: memlock not unlocked in all control flow paths in sysReserveAlignedSbrk * go#74363 runtime/pprof: crash "cannot read stack of running goroutine" in goroutine profile * go#74403 cmd/link: duplicated definition of symbol github.com/ebitengine/purego.syscall15XABI0 when running with ASAN go1.24.4 (released 2025-06-05) includes security fixes to the crypto/x509, net/http, and os packages, as well as bug fixes to the linker, the go command, and the hash/maphash and os packages. ( boo#1236217 go1.24 release tracking) CVE-2025-22874 CVE-2025-0913 CVE-2025-4673 * go#73700 go#73702 boo#1244158 security: fix CVE-2025-22874 crypto/x509: ExtKeyUsageAny bypasses policy validation * go#73720 go#73612 boo#1244157 security: fix CVE-2025-0913 os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows * go#73906 go#73816 boo#1244156 security: fix CVE-2025-4673 net/http: sensitive headers not cleared on cross-origin redirect * go#73570 os: Root.Mkdir creates directories with zero permissions on OpenBSD * go#73669 hash/maphash: hashing channels with purego impl. of maphash.Comparable panics * go#73678 runtime/debug: BuildSetting does not document DefaultGODEBUG * go#73809 cmd/go: add fips140 module selection mechanism * go#73832 cmd/link: Go 1.24.3 and 1.23.9 regression - duplicated definition of symbol dlopen ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-3158=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-3158=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3158=1 openSUSE-SLE-15.6-2025-3158=1 ## Package List: * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * go1.24-openssl-race-1.24.6-150600.13.9.1 * go1.24-openssl-doc-1.24.6-150600.13.9.1 * go1.24-openssl-1.24.6-150600.13.9.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * go1.24-openssl-race-1.24.6-150600.13.9.1 * go1.24-openssl-debuginfo-1.24.6-150600.13.9.1 * go1.24-openssl-doc-1.24.6-150600.13.9.1 * go1.24-openssl-1.24.6-150600.13.9.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * go1.24-openssl-debuginfo-1.24.6-150600.13.9.1 * go1.24-openssl-doc-1.24.6-150600.13.9.1 * go1.24-openssl-1.24.6-150600.13.9.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * go1.24-openssl-race-1.24.6-150600.13.9.1 ## References: * https://www.suse.com/security/cve/CVE-2025-0913.html * https://www.suse.com/security/cve/CVE-2025-22874.html * https://www.suse.com/security/cve/CVE-2025-4673.html * https://www.suse.com/security/cve/CVE-2025-4674.html * https://www.suse.com/security/cve/CVE-2025-47906.html * https://www.suse.com/security/cve/CVE-2025-47907.html * https://bugzilla.suse.com/show_bug.cgi?id=1236217 * https://bugzilla.suse.com/show_bug.cgi?id=1244156 * https://bugzilla.suse.com/show_bug.cgi?id=1244157 * https://bugzilla.suse.com/show_bug.cgi?id=1244158 * https://bugzilla.suse.com/show_bug.cgi?id=1246118 * https://bugzilla.suse.com/show_bug.cgi?id=1247719 * https://bugzilla.suse.com/show_bug.cgi?id=1247720 * https://jira.suse.com/browse/SLE-18320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 11 12:30:13 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 11 Sep 2025 12:30:13 -0000 Subject: SUSE-SU-2025:03164-1: important: Security update for ImageMagick Message-ID: <175759381340.24344.16769461505816084478@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2025:03164-1 Release Date: 2025-09-11T11:06:46Z Rating: important References: * bsc#1247475 * bsc#1248076 * bsc#1248077 * bsc#1248078 * bsc#1248079 * bsc#1248767 * bsc#1248780 * bsc#1248784 Cross-References: * CVE-2025-55004 * CVE-2025-55005 * CVE-2025-55154 * CVE-2025-55160 * CVE-2025-55212 * CVE-2025-55298 * CVE-2025-57803 CVSS scores: * CVE-2025-55004 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-55004 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-55004 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L * CVE-2025-55004 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-55005 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-55005 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-55005 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-55154 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-55154 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-55154 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-55154 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-55160 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-55160 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-55160 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-55160 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L * CVE-2025-55212 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-55212 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-55212 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-55298 ( SUSE ): 9.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-55298 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-55298 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-57803 ( SUSE ): 9.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-57803 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-57803 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP6 * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves seven vulnerabilities and has one security fix can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate alpha channels (bsc#1248076). * CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077). * CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage (bsc#1248078). * CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079). * CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing only a colon to `montage -geometry` (bsc#1248767). * CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780). * CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784). Other fixes: * Fixed output file placeholders (bsc#1247475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3164=1 openSUSE-SLE-15.6-2025-3164=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-3164=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-3164=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.20.1 * ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.20.1 * ImageMagick-debugsource-7.1.1.21-150600.3.20.1 * ImageMagick-devel-7.1.1.21-150600.3.20.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.20.1 * ImageMagick-config-7-SUSE-7.1.1.21-150600.3.20.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.20.1 * libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.20.1 * perl-PerlMagick-debuginfo-7.1.1.21-150600.3.20.1 * libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.20.1 * perl-PerlMagick-7.1.1.21-150600.3.20.1 * ImageMagick-extra-7.1.1.21-150600.3.20.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.20.1 * ImageMagick-extra-debuginfo-7.1.1.21-150600.3.20.1 * libMagick++-devel-7.1.1.21-150600.3.20.1 * ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.20.1 * ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.20.1 * libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.20.1 * ImageMagick-7.1.1.21-150600.3.20.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.20.1 * openSUSE Leap 15.6 (x86_64) * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.20.1 * libMagick++-devel-32bit-7.1.1.21-150600.3.20.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.1.21-150600.3.20.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.1.21-150600.3.20.1 * libMagick++-7_Q16HDRI5-32bit-7.1.1.21-150600.3.20.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.20.1 * ImageMagick-devel-32bit-7.1.1.21-150600.3.20.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.1.21-150600.3.20.1 * openSUSE Leap 15.6 (noarch) * ImageMagick-doc-7.1.1.21-150600.3.20.1 * openSUSE Leap 15.6 (aarch64_ilp32) * ImageMagick-devel-64bit-7.1.1.21-150600.3.20.1 * libMagick++-7_Q16HDRI5-64bit-7.1.1.21-150600.3.20.1 * libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.20.1 * libMagickCore-7_Q16HDRI10-64bit-7.1.1.21-150600.3.20.1 * libMagickWand-7_Q16HDRI10-64bit-7.1.1.21-150600.3.20.1 * libMagick++-devel-64bit-7.1.1.21-150600.3.20.1 * libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.1.21-150600.3.20.1 * libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.20.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.20.1 * ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.20.1 * ImageMagick-debugsource-7.1.1.21-150600.3.20.1 * ImageMagick-devel-7.1.1.21-150600.3.20.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.20.1 * ImageMagick-config-7-SUSE-7.1.1.21-150600.3.20.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.20.1 * libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.20.1 * libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.20.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.20.1 * libMagick++-devel-7.1.1.21-150600.3.20.1 * ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.20.1 * ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.20.1 * libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.20.1 * ImageMagick-7.1.1.21-150600.3.20.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.20.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * perl-PerlMagick-7.1.1.21-150600.3.20.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.20.1 * ImageMagick-debugsource-7.1.1.21-150600.3.20.1 * perl-PerlMagick-debuginfo-7.1.1.21-150600.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2025-55004.html * https://www.suse.com/security/cve/CVE-2025-55005.html * https://www.suse.com/security/cve/CVE-2025-55154.html * https://www.suse.com/security/cve/CVE-2025-55160.html * https://www.suse.com/security/cve/CVE-2025-55212.html * https://www.suse.com/security/cve/CVE-2025-55298.html * https://www.suse.com/security/cve/CVE-2025-57803.html * https://bugzilla.suse.com/show_bug.cgi?id=1247475 * https://bugzilla.suse.com/show_bug.cgi?id=1248076 * https://bugzilla.suse.com/show_bug.cgi?id=1248077 * https://bugzilla.suse.com/show_bug.cgi?id=1248078 * https://bugzilla.suse.com/show_bug.cgi?id=1248079 * https://bugzilla.suse.com/show_bug.cgi?id=1248767 * https://bugzilla.suse.com/show_bug.cgi?id=1248780 * https://bugzilla.suse.com/show_bug.cgi?id=1248784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 11 12:30:20 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 11 Sep 2025 12:30:20 -0000 Subject: SUSE-SU-2025:03005-2: important: Security update for postgresql16 Message-ID: <175759382024.24344.1619417831016751604@smelt2.prg2.suse.org> # Security update for postgresql16 Announcement ID: SUSE-SU-2025:03005-2 Release Date: 2025-09-11T10:22:01Z Rating: important References: * bsc#1248119 * bsc#1248120 * bsc#1248122 Cross-References: * CVE-2025-8713 * CVE-2025-8714 * CVE-2025-8715 CVSS scores: * CVE-2025-8713 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-8713 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-8713 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-8714 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-8714 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-8714 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-8715 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-8715 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-8715 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * Legacy Module 15-SP7 * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for postgresql16 fixes the following issues: Upgraded to 16.10: * CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table (bsc#1248120) * CVE-2025-8714: Fixed untrusted data inclusion in pg_dump allows superuser of origin server to execute arbitrary code in psql client (bsc#1248122) * CVE-2025-8715: Fixed improper neutralization of newlines in pg_dump leading to arbitrary code execution in the psql client and in the restore target server (bsc#1248119) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3005=1 openSUSE-SLE-15.6-2025-3005=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3005=1 * Legacy Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2025-3005=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3005=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3005=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-3005=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-3005=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * postgresql16-test-16.10-150600.16.21.1 * postgresql16-pltcl-debuginfo-16.10-150600.16.21.1 * postgresql16-llvmjit-devel-16.10-150600.16.21.1 * postgresql16-plperl-debuginfo-16.10-150600.16.21.1 * postgresql16-plpython-debuginfo-16.10-150600.16.21.1 * postgresql16-llvmjit-debuginfo-16.10-150600.16.21.1 * postgresql16-pltcl-16.10-150600.16.21.1 * postgresql16-server-debuginfo-16.10-150600.16.21.1 * postgresql16-server-devel-16.10-150600.16.21.1 * postgresql16-debuginfo-16.10-150600.16.21.1 * postgresql16-llvmjit-16.10-150600.16.21.1 * postgresql16-16.10-150600.16.21.1 * postgresql16-contrib-16.10-150600.16.21.1 * postgresql16-server-16.10-150600.16.21.1 * postgresql16-plperl-16.10-150600.16.21.1 * postgresql16-plpython-16.10-150600.16.21.1 * postgresql16-debugsource-16.10-150600.16.21.1 * postgresql16-devel-debuginfo-16.10-150600.16.21.1 * postgresql16-server-devel-debuginfo-16.10-150600.16.21.1 * postgresql16-contrib-debuginfo-16.10-150600.16.21.1 * postgresql16-devel-16.10-150600.16.21.1 * openSUSE Leap 15.6 (noarch) * postgresql16-docs-16.10-150600.16.21.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * postgresql16-debugsource-16.10-150600.16.21.1 * postgresql16-16.10-150600.16.21.1 * postgresql16-debuginfo-16.10-150600.16.21.1 * Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64) * postgresql16-debugsource-16.10-150600.16.21.1 * postgresql16-devel-debuginfo-16.10-150600.16.21.1 * postgresql16-contrib-debuginfo-16.10-150600.16.21.1 * postgresql16-devel-16.10-150600.16.21.1 * postgresql16-debuginfo-16.10-150600.16.21.1 * postgresql16-contrib-16.10-150600.16.21.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * postgresql16-debugsource-16.10-150600.16.21.1 * postgresql16-test-16.10-150600.16.21.1 * postgresql16-debuginfo-16.10-150600.16.21.1 * postgresql16-llvmjit-debuginfo-16.10-150600.16.21.1 * postgresql16-llvmjit-16.10-150600.16.21.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * postgresql16-debugsource-16.10-150600.16.21.1 * postgresql16-llvmjit-devel-16.10-150600.16.21.1 * postgresql16-test-16.10-150600.16.21.1 * postgresql16-debuginfo-16.10-150600.16.21.1 * postgresql16-llvmjit-debuginfo-16.10-150600.16.21.1 * postgresql16-llvmjit-16.10-150600.16.21.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * postgresql16-plpython-16.10-150600.16.21.1 * postgresql16-debugsource-16.10-150600.16.21.1 * postgresql16-devel-debuginfo-16.10-150600.16.21.1 * postgresql16-server-devel-debuginfo-16.10-150600.16.21.1 * postgresql16-contrib-debuginfo-16.10-150600.16.21.1 * postgresql16-pltcl-16.10-150600.16.21.1 * postgresql16-server-debuginfo-16.10-150600.16.21.1 * postgresql16-server-devel-16.10-150600.16.21.1 * postgresql16-devel-16.10-150600.16.21.1 * postgresql16-debuginfo-16.10-150600.16.21.1 * postgresql16-plperl-debuginfo-16.10-150600.16.21.1 * postgresql16-pltcl-debuginfo-16.10-150600.16.21.1 * postgresql16-plpython-debuginfo-16.10-150600.16.21.1 * postgresql16-contrib-16.10-150600.16.21.1 * postgresql16-server-16.10-150600.16.21.1 * postgresql16-plperl-16.10-150600.16.21.1 * Server Applications Module 15-SP6 (noarch) * postgresql16-docs-16.10-150600.16.21.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * postgresql16-debugsource-16.10-150600.16.21.1 * postgresql16-server-debuginfo-16.10-150600.16.21.1 * postgresql16-server-devel-16.10-150600.16.21.1 * postgresql16-debuginfo-16.10-150600.16.21.1 * postgresql16-16.10-150600.16.21.1 * postgresql16-server-16.10-150600.16.21.1 ## References: * https://www.suse.com/security/cve/CVE-2025-8713.html * https://www.suse.com/security/cve/CVE-2025-8714.html * https://www.suse.com/security/cve/CVE-2025-8715.html * https://bugzilla.suse.com/show_bug.cgi?id=1248119 * https://bugzilla.suse.com/show_bug.cgi?id=1248120 * https://bugzilla.suse.com/show_bug.cgi?id=1248122 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 11 12:30:22 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 11 Sep 2025 12:30:22 -0000 Subject: SUSE-SU-2025:03162-1: moderate: Security update for ffmpeg-4 Message-ID: <175759382280.24344.4982402645019384643@smelt2.prg2.suse.org> # Security update for ffmpeg-4 Announcement ID: SUSE-SU-2025:03162-1 Release Date: 2025-09-11T09:16:33Z Rating: moderate References: * bsc#1246790 Cross-References: * CVE-2025-7700 CVSS scores: * CVE-2025-7700 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-7700 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for ffmpeg-4 fixes the following issues: * CVE-2025-7700: Fixed NULL Pointer Dereference in FFmpeg ALS Decoder (bsc#1246790). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3162=1 openSUSE-SLE-15.6-2025-3162=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3162=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3162=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-3162=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2025-3162=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libavfilter7_110-4.4.6-150600.13.30.1 * libswresample3_9-debuginfo-4.4.6-150600.13.30.1 * ffmpeg-4-libswscale-devel-4.4.6-150600.13.30.1 * ffmpeg-4-debuginfo-4.4.6-150600.13.30.1 * ffmpeg-4-libpostproc-devel-4.4.6-150600.13.30.1 * ffmpeg-4-libavcodec-devel-4.4.6-150600.13.30.1 * ffmpeg-4-debugsource-4.4.6-150600.13.30.1 * libswscale5_9-4.4.6-150600.13.30.1 * libpostproc55_9-debuginfo-4.4.6-150600.13.30.1 * ffmpeg-4-libavdevice-devel-4.4.6-150600.13.30.1 * libavdevice58_13-debuginfo-4.4.6-150600.13.30.1 * ffmpeg-4-libavformat-devel-4.4.6-150600.13.30.1 * ffmpeg-4-4.4.6-150600.13.30.1 * libavdevice58_13-4.4.6-150600.13.30.1 * libavformat58_76-debuginfo-4.4.6-150600.13.30.1 * libswresample3_9-4.4.6-150600.13.30.1 * libavutil56_70-debuginfo-4.4.6-150600.13.30.1 * libavcodec58_134-4.4.6-150600.13.30.1 * libavutil56_70-4.4.6-150600.13.30.1 * libavformat58_76-4.4.6-150600.13.30.1 * libavfilter7_110-debuginfo-4.4.6-150600.13.30.1 * libpostproc55_9-4.4.6-150600.13.30.1 * libavresample4_0-4.4.6-150600.13.30.1 * libavresample4_0-debuginfo-4.4.6-150600.13.30.1 * ffmpeg-4-libavutil-devel-4.4.6-150600.13.30.1 * ffmpeg-4-libavfilter-devel-4.4.6-150600.13.30.1 * ffmpeg-4-libswresample-devel-4.4.6-150600.13.30.1 * ffmpeg-4-libavresample-devel-4.4.6-150600.13.30.1 * libavcodec58_134-debuginfo-4.4.6-150600.13.30.1 * libswscale5_9-debuginfo-4.4.6-150600.13.30.1 * ffmpeg-4-private-devel-4.4.6-150600.13.30.1 * openSUSE Leap 15.6 (x86_64) * libpostproc55_9-32bit-debuginfo-4.4.6-150600.13.30.1 * libavresample4_0-32bit-4.4.6-150600.13.30.1 * libavfilter7_110-32bit-debuginfo-4.4.6-150600.13.30.1 * libavutil56_70-32bit-4.4.6-150600.13.30.1 * libavformat58_76-32bit-debuginfo-4.4.6-150600.13.30.1 * libpostproc55_9-32bit-4.4.6-150600.13.30.1 * libswscale5_9-32bit-4.4.6-150600.13.30.1 * libavcodec58_134-32bit-4.4.6-150600.13.30.1 * libavformat58_76-32bit-4.4.6-150600.13.30.1 * libavresample4_0-32bit-debuginfo-4.4.6-150600.13.30.1 * libswscale5_9-32bit-debuginfo-4.4.6-150600.13.30.1 * libavutil56_70-32bit-debuginfo-4.4.6-150600.13.30.1 * libavdevice58_13-32bit-4.4.6-150600.13.30.1 * libswresample3_9-32bit-debuginfo-4.4.6-150600.13.30.1 * libavdevice58_13-32bit-debuginfo-4.4.6-150600.13.30.1 * libswresample3_9-32bit-4.4.6-150600.13.30.1 * libavcodec58_134-32bit-debuginfo-4.4.6-150600.13.30.1 * libavfilter7_110-32bit-4.4.6-150600.13.30.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libavdevice58_13-64bit-debuginfo-4.4.6-150600.13.30.1 * libswresample3_9-64bit-debuginfo-4.4.6-150600.13.30.1 * libavformat58_76-64bit-debuginfo-4.4.6-150600.13.30.1 * libswresample3_9-64bit-4.4.6-150600.13.30.1 * libavcodec58_134-64bit-4.4.6-150600.13.30.1 * libavresample4_0-64bit-debuginfo-4.4.6-150600.13.30.1 * libavfilter7_110-64bit-debuginfo-4.4.6-150600.13.30.1 * libavformat58_76-64bit-4.4.6-150600.13.30.1 * libavfilter7_110-64bit-4.4.6-150600.13.30.1 * libavdevice58_13-64bit-4.4.6-150600.13.30.1 * libpostproc55_9-64bit-4.4.6-150600.13.30.1 * libswscale5_9-64bit-debuginfo-4.4.6-150600.13.30.1 * libavutil56_70-64bit-debuginfo-4.4.6-150600.13.30.1 * libavutil56_70-64bit-4.4.6-150600.13.30.1 * libavcodec58_134-64bit-debuginfo-4.4.6-150600.13.30.1 * libswscale5_9-64bit-4.4.6-150600.13.30.1 * libavresample4_0-64bit-4.4.6-150600.13.30.1 * libpostproc55_9-64bit-debuginfo-4.4.6-150600.13.30.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * libavfilter7_110-4.4.6-150600.13.30.1 * libswresample3_9-debuginfo-4.4.6-150600.13.30.1 * ffmpeg-4-libswscale-devel-4.4.6-150600.13.30.1 * ffmpeg-4-debuginfo-4.4.6-150600.13.30.1 * ffmpeg-4-libpostproc-devel-4.4.6-150600.13.30.1 * ffmpeg-4-libavcodec-devel-4.4.6-150600.13.30.1 * ffmpeg-4-debugsource-4.4.6-150600.13.30.1 * libswscale5_9-4.4.6-150600.13.30.1 * libpostproc55_9-debuginfo-4.4.6-150600.13.30.1 * ffmpeg-4-libavdevice-devel-4.4.6-150600.13.30.1 * libavdevice58_13-debuginfo-4.4.6-150600.13.30.1 * ffmpeg-4-libavformat-devel-4.4.6-150600.13.30.1 * ffmpeg-4-4.4.6-150600.13.30.1 * libavdevice58_13-4.4.6-150600.13.30.1 * libavformat58_76-debuginfo-4.4.6-150600.13.30.1 * libswresample3_9-4.4.6-150600.13.30.1 * libavutil56_70-debuginfo-4.4.6-150600.13.30.1 * libavcodec58_134-4.4.6-150600.13.30.1 * libavutil56_70-4.4.6-150600.13.30.1 * libavformat58_76-4.4.6-150600.13.30.1 * libavfilter7_110-debuginfo-4.4.6-150600.13.30.1 * libpostproc55_9-4.4.6-150600.13.30.1 * libavresample4_0-4.4.6-150600.13.30.1 * libavresample4_0-debuginfo-4.4.6-150600.13.30.1 * ffmpeg-4-libavutil-devel-4.4.6-150600.13.30.1 * ffmpeg-4-libavfilter-devel-4.4.6-150600.13.30.1 * ffmpeg-4-libswresample-devel-4.4.6-150600.13.30.1 * ffmpeg-4-libavresample-devel-4.4.6-150600.13.30.1 * libavcodec58_134-debuginfo-4.4.6-150600.13.30.1 * libswscale5_9-debuginfo-4.4.6-150600.13.30.1 * ffmpeg-4-private-devel-4.4.6-150600.13.30.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * libavfilter7_110-4.4.6-150600.13.30.1 * libswresample3_9-debuginfo-4.4.6-150600.13.30.1 * ffmpeg-4-libswscale-devel-4.4.6-150600.13.30.1 * ffmpeg-4-debuginfo-4.4.6-150600.13.30.1 * ffmpeg-4-libpostproc-devel-4.4.6-150600.13.30.1 * ffmpeg-4-libavcodec-devel-4.4.6-150600.13.30.1 * ffmpeg-4-debugsource-4.4.6-150600.13.30.1 * libswscale5_9-4.4.6-150600.13.30.1 * libpostproc55_9-debuginfo-4.4.6-150600.13.30.1 * ffmpeg-4-libavdevice-devel-4.4.6-150600.13.30.1 * libavdevice58_13-debuginfo-4.4.6-150600.13.30.1 * ffmpeg-4-libavformat-devel-4.4.6-150600.13.30.1 * ffmpeg-4-4.4.6-150600.13.30.1 * libavdevice58_13-4.4.6-150600.13.30.1 * libavformat58_76-debuginfo-4.4.6-150600.13.30.1 * libswresample3_9-4.4.6-150600.13.30.1 * libavutil56_70-debuginfo-4.4.6-150600.13.30.1 * libavcodec58_134-4.4.6-150600.13.30.1 * libavutil56_70-4.4.6-150600.13.30.1 * libavformat58_76-4.4.6-150600.13.30.1 * libavfilter7_110-debuginfo-4.4.6-150600.13.30.1 * libpostproc55_9-4.4.6-150600.13.30.1 * libavresample4_0-4.4.6-150600.13.30.1 * libavresample4_0-debuginfo-4.4.6-150600.13.30.1 * ffmpeg-4-libavutil-devel-4.4.6-150600.13.30.1 * ffmpeg-4-libavfilter-devel-4.4.6-150600.13.30.1 * ffmpeg-4-libswresample-devel-4.4.6-150600.13.30.1 * ffmpeg-4-libavresample-devel-4.4.6-150600.13.30.1 * libavcodec58_134-debuginfo-4.4.6-150600.13.30.1 * libswscale5_9-debuginfo-4.4.6-150600.13.30.1 * ffmpeg-4-private-devel-4.4.6-150600.13.30.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * libavformat58_76-debuginfo-4.4.6-150600.13.30.1 * libswresample3_9-debuginfo-4.4.6-150600.13.30.1 * libswresample3_9-4.4.6-150600.13.30.1 * libavutil56_70-debuginfo-4.4.6-150600.13.30.1 * libavcodec58_134-4.4.6-150600.13.30.1 * ffmpeg-4-debuginfo-4.4.6-150600.13.30.1 * libavutil56_70-4.4.6-150600.13.30.1 * libavcodec58_134-debuginfo-4.4.6-150600.13.30.1 * libavformat58_76-4.4.6-150600.13.30.1 * ffmpeg-4-debugsource-4.4.6-150600.13.30.1 * libswscale5_9-4.4.6-150600.13.30.1 * libswscale5_9-debuginfo-4.4.6-150600.13.30.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * libavformat58_76-debuginfo-4.4.6-150600.13.30.1 * libswresample3_9-debuginfo-4.4.6-150600.13.30.1 * libswresample3_9-4.4.6-150600.13.30.1 * libavutil56_70-debuginfo-4.4.6-150600.13.30.1 * libavcodec58_134-4.4.6-150600.13.30.1 * ffmpeg-4-debuginfo-4.4.6-150600.13.30.1 * libavutil56_70-4.4.6-150600.13.30.1 * libavcodec58_134-debuginfo-4.4.6-150600.13.30.1 * libavformat58_76-4.4.6-150600.13.30.1 * ffmpeg-4-debugsource-4.4.6-150600.13.30.1 * libswscale5_9-4.4.6-150600.13.30.1 * libswscale5_9-debuginfo-4.4.6-150600.13.30.1 ## References: * https://www.suse.com/security/cve/CVE-2025-7700.html * https://bugzilla.suse.com/show_bug.cgi?id=1246790 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 11 12:30:34 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 11 Sep 2025 12:30:34 -0000 Subject: SUSE-SU-2025:03161-1: important: Security update for go1.25-openssl Message-ID: <175759383496.24344.2844886721424316308@smelt2.prg2.suse.org> # Security update for go1.25-openssl Announcement ID: SUSE-SU-2025:03161-1 Release Date: 2025-09-11T09:15:57Z Rating: important References: * bsc#1244485 * bsc#1246118 * bsc#1247719 * bsc#1247720 * bsc#1247816 * bsc#1248082 * jsc#SLE-18320 Cross-References: * CVE-2025-4674 * CVE-2025-47906 * CVE-2025-47907 CVSS scores: * CVE-2025-4674 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-4674 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-4674 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-47906 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-47906 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2025-47907 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-47907 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2025-47907 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L Affected Products: * Development Tools Module 15-SP6 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities, contains one feature and has three security fixes can now be installed. ## Description: This update for go1.25-openssl fixes the following issues: Update to version 1.25.0 cut from the go1.25-fips-release branch at the revision tagged go1.25.0-1-openssl-fips. ( jsc#SLE-18320 ) * Rebase to 1.25.0 * Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length buffer of zeros. go1.25 (released 2025-08-12) is a major release of Go. go1.25.x minor releases will be provided through August 2026. https://github.com/golang/go/wiki/Go- Release-Cycle go1.25 arrives six months after Go 1.24. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. ( bsc#1244485 go1.25 release tracking ) * Language changes: There are no languages changes that affect Go programs in Go 1.25. However, in the language specification the notion of core types has been removed in favor of dedicated prose. See the respective blog post for more information. * go command: The go build -asan option now defaults to doing leak detection at program exit. This will report an error if memory allocated by C is not freed and is not referenced by any other memory allocated by either C or Go. These new error reports may be disabled by setting ASAN_OPTIONS=detect_leaks=0 in the environment when running the program. * go command: The Go distribution will include fewer prebuilt tool binaries. Core toolchain binaries such as the compiler and linker will still be included, but tools not invoked by build or test operations will be built and run by go tool as needed. * go command: The new go.mod ignore directive can be used to specify directories the go command should ignore. Files in these directories and their subdirectories will be ignored by the go command when matching package patterns, such as all or ./..., but will still be included in module zip files. * go command: The new go doc -http option will start a documentation server showing documentation for the requested object, and open the documentation in a browser window. * go command: The new go version -m -json option will print the JSON encodings of the runtime/debug.BuildInfo structures embedded in the given Go binary files. * go command: The go command now supports using a subdirectory of a repository as the path for a module root, when resolving a module path using the syntax to indicate that the root-path corresponds to the subdir of the repo-url with version control system vcs. * go command: The new work package pattern matches all packages in the work (formerly called main) modules: either the single work module in module mode or the set of workspace modules in workspace mode. * go command: When the go command updates the go line in a go.mod or go.work file, it no longer adds a toolchain line specifying the command?s current version. * go vet: The go vet command includes new analyzers: * go vet: waitgroup reports misplaced calls to sync.WaitGroup.Add; * go vet: hostport reports uses of fmt.Sprintf("%s:%d", host, port) to construct addresses for net.Dial, as these will not work with IPv6; instead it suggests using net.JoinHostPort. * Runtime: Container-aware GOMAXPROCS. The default behavior of the GOMAXPROCS has changed. In prior versions of Go, GOMAXPROCS defaults to the number of logical CPUs available at startup (runtime.NumCPU). Go 1.25 introduces two changes: On Linux, the runtime considers the CPU bandwidth limit of the cgroup containing the process, if any. If the CPU bandwidth limit is lower than the number of logical CPUs available, GOMAXPROCS will default to the lower limit. In container runtime systems like Kubernetes, cgroup CPU bandwidth limits generally correspond to the ?CPU limit? option. The Go runtime does not consider the ?CPU requests? option. On all OSes, the runtime periodically updates GOMAXPROCS if the number of logical CPUs available or the cgroup CPU bandwidth limit change. Both of these behaviors are automatically disabled if GOMAXPROCS is set manually via the GOMAXPROCS environment variable or a call to runtime.GOMAXPROCS. They can also be disabled explicitly with the GODEBUG settings containermaxprocs=0 and updatemaxprocs=0, respectively. In order to support reading updated cgroup limits, the runtime will keep cached file descriptors for the cgroup files for the duration of the process lifetime. * Runtime: garbage collector: A new garbage collector is now available as an experiment. This garbage collector?s design improves the performance of marking and scanning small objects through better locality and CPU scalability. Benchmark result vary, but we expect somewhere between a 10?40% reduction in garbage collection overhead in real-world programs that heavily use the garbage collector. The new garbage collector may be enabled by setting GOEXPERIMENT=greenteagc at build time. We expect the design to continue to evolve and improve. To that end, we encourage Go developers to try it out and report back their experiences. See the GitHub issue for more details on the design and instructions for sharing feedback. * Runtime: trace flight recorder: Runtime execution traces have long provided a powerful, but expensive way to understand and debug the low-level behavior of an application. Unfortunately, because of their size and the cost of continuously writing an execution trace, they were generally impractical for debugging rare events. The new runtime/trace.FlightRecorder API provides a lightweight way to capture a runtime execution trace by continuously recording the trace into an in-memory ring buffer. When a significant event occurs, a program can call FlightRecorder.WriteTo to snapshot the last few seconds of the trace to a file. This approach produces a much smaller trace by enabling applications to capture only the traces that matter. The length of time and amount of data captured by a FlightRecorder may be configured within the FlightRecorderConfig. * Runtime: Change to unhandled panic output: The message printed when a program exits due to an unhandled panic that was recovered and repanicked no longer repeats the text of the panic value. * Runtime: VMA names on Linux: On Linux systems with kernel support for anonymous virtual memory area (VMA) names (CONFIG_ANON_VMA_NAME), the Go runtime will annotate anonymous memory mappings with context about their purpose. e.g., [anon: Go: heap] for heap memory. This can be disabled with the GODEBUG setting decoratemappings=0. * Compiler: nil pointer bug: This release fixes a compiler bug, introduced in Go 1.21, that could incorrectly delay nil pointer checks. * Compiler: DWARF5 support: The compiler and linker in Go 1.25 now generate debug information using DWARF version 5. The newer DWARF version reduces the space required for debugging information in Go binaries, and reduces the time for linking, especially for large Go binaries. DWARF 5 generation can be disabled by setting the environment variable GOEXPERIMENT=nodwarf5 at build time (this fallback may be removed in a future Go release). * Compiler: Faster slices: The compiler can now allocate the backing store for slices on the stack in more situations, which improves performance. This change has the potential to amplify the effects of incorrect unsafe.Pointer usage, see for example issue 73199. In order to track down these problems, the bisect tool can be used to find the allocation causing trouble using the -compile=variablemake flag. All such new stack allocations can also be turned off using -gcflags=all=-d=variablemakehash=n. * Linker: The linker now accepts a -funcalign=N command line option, which specifies the alignment of function entries. The default value is platform- dependent, and is unchanged in this release. * Standard library: testing/synctest: The new testing/synctest package provides support for testing concurrent code. This package was first available in Go 1.24 under GOEXPERIMENT=synctest, with a slightly different API. The experiment has now graduated to general availability. The old API is still present if GOEXPERIMENT=synctest is set, but will be removed in Go 1.26. * Standard library: testing/synctest: The Test function runs a test function in an isolated ?bubble?. Within the bubble, time is virtualized: time package functions operate on a fake clock and the clock moves forward instantaneously if all goroutines in the bubble are blocked. * Standard library: testing/synctest: The Wait function waits for all goroutines in the current bubble to block. * Standard library: encoding/json/v2: Go 1.25 includes a new, experimental JSON implementation, which can be enabled by setting the environment variable GOEXPERIMENT=jsonv2 at build time. When enabled, two new packages are available: The encoding/json/v2 package is a major revision of the encoding/json package. The encoding/json/jsontext package provides lower- level processing of JSON syntax. In addition, when the ?jsonv2? GOEXPERIMENT is enabled: The encoding/json package uses the new JSON implementation. Marshaling and unmarshaling behavior is unaffected, but the text of errors returned by package function may change. The encoding/json package contains a number of new options which may be used to configure the marshaler and unmarshaler. The new implementation performs substantially better than the existing one under many scenarios. In general, encoding performance is at parity between the implementations and decoding is substantially faster in the new one. See the github.com/go-json-experiment/jsonbench repository for more detailed analysis. We encourage users of encoding/json to test their programs with GOEXPERIMENT=jsonv2 enabled to help detect any compatibility issues with the new implementation. We expect the design of encoding/json/v2 to continue to evolve. We encourage developers to try out the new API and provide feedback on the proposal issue. * archive/tar: The Writer.AddFS implementation now supports symbolic links for filesystems that implement io/fs.ReadLinkFS. * encoding/asn1: Unmarshal and UnmarshalWithParams now parse the ASN.1 types T61String and BMPString more consistently. This may result in some previously accepted malformed encodings now being rejected. * crypto: MessageSigner is a new signing interface that can be implemented by signers that wish to hash the message to be signed themselves. A new function is also introduced, SignMessage, which attempts to upgrade a Signer interface to MessageSigner, using the MessageSigner.SignMessage method if successful, and Signer.Sign if not. This can be used when code wishes to support both Signer and MessageSigner. * crypto: Changing the fips140 GODEBUG setting after the program has started is now a no-op. Previously, it was documented as not allowed, and could cause a panic if changed. * crypto: SHA-1, SHA-256, and SHA-512 are now slower on amd64 when AVX2 instructions are not available. All server processors (and most others) produced since 2015 support AVX2. * crypto/ecdsa: The new ParseRawPrivateKey, ParseUncompressedPublicKey, PrivateKey.Bytes, and PublicKey.Bytes functions and methods implement low- level encodings, replacing the need to use crypto/elliptic or math/big functions and methods. * crypto/ecdsa: When FIPS 140-3 mode is enabled, signing is now four times faster, matching the performance of non-FIPS mode. * crypto/ed25519: When FIPS 140-3 mode is enabled, signing is now four times faster, matching the performance of non-FIPS mode. * crypto/elliptic: The hidden and undocumented Inverse and CombinedMult methods on some Curve implementations have been removed. * crypto/rsa: PublicKey no longer claims that the modulus value is treated as secret. VerifyPKCS1v15 and VerifyPSS already warned that all inputs are public and could be leaked, and there are mathematical attacks that can recover the modulus from other public values. * crypto/rsa: Key generation is now three times faster. * crypto/sha1: Hashing is now two times faster on amd64 when SHA-NI instructions are available. * crypto/sha3: The new SHA3.Clone method implements hash.Cloner. * crypto/sha3: Hashing is now two times faster on Apple M processors. * crypto/tls: The new ConnectionState.CurveID field exposes the key exchange mechanism used to establish the connection. * crypto/tls: The new Config.GetEncryptedClientHelloKeys callback can be used to set the EncryptedClientHelloKeys for a server to use when a client sends an Encrypted Client Hello extension. * crypto/tls: SHA-1 signature algorithms are now disallowed in TLS 1.2 handshakes, per RFC 9155. They can be re-enabled with the GODEBUG setting tlssha1=1. * crypto/tls: When FIPS 140-3 mode is enabled, Extended Master Secret is now required in TLS 1.2, and Ed25519 and X25519MLKEM768 are now allowed. * crypto/tls: TLS servers now prefer the highest supported protocol version, even if it isn?t the client?s most preferred protocol version. * crypto/tls: Both TLS clients and servers are now stricter in following the specifications and in rejecting off-spec behavior. Connections with compliant peers should be unaffected. * crypto/x509: CreateCertificate, CreateCertificateRequest, and CreateRevocationList can now accept a crypto.MessageSigner signing interface as well as crypto.Signer. This allows these functions to use signers which implement ?one-shot? signing interfaces, where hashing is done as part of the signing operation, instead of by the caller. * crypto/x509: CreateCertificate now uses truncated SHA-256 to populate the SubjectKeyId if it is missing. The GODEBUG setting x509sha256skid=0 reverts to SHA-1. * crypto/x509: ParseCertificate now rejects certificates which contain a BasicConstraints extension that contains a negative pathLenConstraint. * crypto/x509: ParseCertificate now handles strings encoded with the ASN.1 T61String and BMPString types more consistently. This may result in some previously accepted malformed encodings now being rejected. * debug/elf: The debug/elf package adds two new constants: PT_RISCV_ATTRIBUTES and SHT_RISCV_ATTRIBUTES for RISC-V ELF parsing. * go/ast: The FilterPackage, PackageExports, and MergePackageFiles functions, and the MergeMode type and its constants, are all deprecated, as they are for use only with the long-deprecated Object and Package machinery. * go/ast: The new PreorderStack function, like Inspect, traverses a syntax tree and provides control over descent into subtrees, but as a convenience it also provides the stack of enclosing nodes at each point. * go/parser: The ParseDir function is deprecated. * go/token: The new FileSet.AddExistingFiles method enables existing Files to be added to a FileSet, or a FileSet to be constructed for an arbitrary set of Files, alleviating the problems associated with a single global FileSet in long-lived applications. * go/types: Var now has a Var.Kind method that classifies the variable as one of: package-level, receiver, parameter, result, local variable, or a struct field. * go/types: The new LookupSelection function looks up the field or method of a given name and receiver type, like the existing LookupFieldOrMethod function, but returns the result in the form of a Selection. * hash: The new XOF interface can be implemented by ?extendable output functions?, which are hash functions with arbitrary or unlimited output length such as SHAKE. * hash: Hashes implementing the new Cloner interface can return a copy of their state. All standard library Hash implementations now implement Cloner. * hash/maphash: The new Hash.Clone method implements hash.Cloner. * io/fs: A new ReadLinkFS interface provides the ability to read symbolic links in a filesystem. * log/slog: GroupAttrs creates a group Attr from a slice of Attr values. * log/slog: Record now has a Source method, returning its source location or nil if unavailable. * mime/multipart: The new helper function FileContentDisposition builds multipart Content-Disposition header fields. * net: LookupMX and Resolver.LookupMX now return DNS names that look like valid IP address, as well as valid domain names. Previously if a name server returned an IP address as a DNS name, LookupMX would discard it, as required by the RFCs. However, name servers in practice do sometimes return IP addresses. * net: On Windows, ListenMulticastUDP now supports IPv6 addresses. * net: On Windows, it is now possible to convert between an os.File and a network connection. Specifcally, the FileConn, FilePacketConn, and FileListener functions are now implemented, and return a network connection or listener corresponding to an open file. Similarly, the File methods of TCPConn, UDPConn, UnixConn, IPConn, TCPListener, and UnixListener are now implemented, and return the underlying os.File of a network connection. * net/http: The new CrossOriginProtection implements protections against Cross-Site Request Forgery (CSRF) by rejecting non-safe cross-origin browser requests. It uses modern browser Fetch metadata, doesn?t require tokens or cookies, and supports origin-based and pattern-based bypasses. * os: On Windows, NewFile now supports handles opened for asynchronous I/O (that is, syscall.FILE_FLAG_OVERLAPPED is specified in the syscall.CreateFile call). These handles are associated with the Go runtime?s I/O completion port, which provides the following benefits for the resulting File: I/O methods (File.Read, File.Write, File.ReadAt, and File.WriteAt) do not block an OS thread. Deadline methods (File.SetDeadline, File.SetReadDeadline, and File.SetWriteDeadline) are supported. This enhancement is especially beneficial for applications that communicate via named pipes on Windows. Note that a handle can only be associated with one completion port at a time. If the handle provided to NewFile is already associated with a completion port, the returned File is downgraded to synchronous I/O mode. In this case, I/O methods will block an OS thread, and the deadline methods have no effect. * os: The filesystems returned by DirFS and Root.FS implement the new io/fs.ReadLinkFS interface. CopyFS supports symlinks when copying filesystems that implement io/fs.ReadLinkFS. The Root type supports the following additional methods: Root.Chmod, Root.Chown, Root.Chtimes, Root.Lchown, Root.Link, Root.MkdirAll, Root.ReadFile, Root.Readlink, Root.RemoveAll, Root.Rename, Root.Symlink, and Root.WriteFile. * reflect: The new TypeAssert function permits converting a Value directly to a Go value of the given type. This is like using a type assertion on the result of Value.Interface, but avoids unnecessary memory allocations. * regexp/syntax: The \p{name} and \P{name} character class syntaxes now accept the names Any, ASCII, Assigned, Cn, and LC, as well as Unicode category aliases like \p{Letter} for \pL. Following Unicode TR18, they also now use case-insensitive name lookups, ignoring spaces, underscores, and hyphens. * runtime: Cleanup functions scheduled by AddCleanup are now executed concurrently and in parallel, making cleanups more viable for heavy use like the unique package. Note that individual cleanups should still shunt their work to a new goroutine if they must execute or block for a long time to avoid blocking the cleanup queue. * runtime: A new GODEBUG=checkfinalizers=1 setting helps find common issues with finalizers and cleanups, such as those described in the GC guide. In this mode, the runtime runs diagnostics on each garbage collection cycle, and will also regularly report the finalizer and cleanup queue lengths to stderr to help identify issues with long-running finalizers and/or cleanups. See the GODEBUG documentation for more details. * runtime: The new SetDefaultGOMAXPROCS function sets GOMAXPROCS to the runtime default value, as if the GOMAXPROCS environment variable is not set. This is useful for enabling the new GOMAXPROCS default if it has been disabled by the GOMAXPROCS environment variable or a prior call to GOMAXPROCS. * runtime/pprof: The mutex profile for contention on runtime-internal locks now correctly points to the end of the critical section that caused the delay. This matches the profile?s behavior for contention on sync.Mutex values. The runtimecontentionstacks setting for GODEBUG, which allowed opting in to the unusual behavior of Go 1.22 through 1.24 for this part of the profile, is now gone. * sync: The new WaitGroup.Go method makes the common pattern of creating and counting goroutines more convenient. * testing: The new methods T.Attr, B.Attr, and F.Attr emit an attribute to the test log. An attribute is an arbitrary key and value associated with a test. * testing: With the -json flag, attributes appear as a new ?attr? action. * testing: The new Output method of T, B and F provides an io.Writer that writes to the same test output stream as TB.Log. Like TB.Log, the output is indented, but it does not include the file and line number. * testing: The AllocsPerRun function now panics if parallel tests are running. The result of AllocsPerRun is inherently flaky if other tests are running. The new panicking behavior helps catch such bugs. * testing/fstest: MapFS implements the new io/fs.ReadLinkFS interface. TestFS will verify the functionality of the io/fs.ReadLinkFS interface if implemented. TestFS will no longer follow symlinks to avoid unbounded recursion. * unicode: The new CategoryAliases map provides access to category alias names, such as ?Letter? for ?L?. * unicode: The new categories Cn and LC define unassigned codepoints and cased letters, respectively. These have always been defined by Unicode but were inadvertently omitted in earlier versions of Go. The C category now includes Cn, meaning it has added all unassigned code points. * unique: The unique package now reclaims interned values more eagerly, more efficiently, and in parallel. As a consequence, applications using Make are now less likely to experience memory blow-up when lots of truly unique values are interned. * unique: Values passed to Make containing Handles previously required multiple garbage collection cycles to collect, proportional to the depth of the chain of Handle values. Now, once unused, they are collected promptly in a single cycle. * Darwin port: As announced in the Go 1.24 release notes, Go 1.25 requires macOS 12 Monterey or later. Support for previous versions has been discontinued. * Windows port: Go 1.25 is the last release that contains the broken 32-bit windows/arm port (GOOS=windows GOARCH=arm). It will be removed in Go 1.26. * Loong64 port: The linux/loong64 port now supports the race detector, gathering traceback information from C code using runtime.SetCgoTraceback, and linking cgo programs with the internal link mode. * RISC-V port: The linux/riscv64 port now supports the plugin build mode. * RISC-V port: The GORISCV64 environment variable now accepts a new value rva23u64, which selects the RVA23U64 user-mode application profile. Fixed during development: * go#74466 bsc#1247719 security: fix CVE-2025-47906 os/exec: LookPath bug: incorrect expansion of "", "." and ".." in some PATH configurations * go#74831 bsc#1247720 security: fix CVE-2025-47907 database/sql: incorrect results returned from Rows.Scan CVE-2025-4674 * go#74380 bsc#1246118 security: fix CVE-2025-4674 cmd/go: disable support for multiple vcs in one module ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3161=1 SUSE-2025-3161=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-3161=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-3161=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * go1.25-openssl-doc-1.25.0-150600.13.3.1 * go1.25-openssl-debuginfo-1.25.0-150600.13.3.1 * go1.25-openssl-1.25.0-150600.13.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * go1.25-openssl-race-1.25.0-150600.13.3.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * go1.25-openssl-doc-1.25.0-150600.13.3.1 * go1.25-openssl-debuginfo-1.25.0-150600.13.3.1 * go1.25-openssl-race-1.25.0-150600.13.3.1 * go1.25-openssl-1.25.0-150600.13.3.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * go1.25-openssl-doc-1.25.0-150600.13.3.1 * go1.25-openssl-debuginfo-1.25.0-150600.13.3.1 * go1.25-openssl-race-1.25.0-150600.13.3.1 * go1.25-openssl-1.25.0-150600.13.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-4674.html * https://www.suse.com/security/cve/CVE-2025-47906.html * https://www.suse.com/security/cve/CVE-2025-47907.html * https://bugzilla.suse.com/show_bug.cgi?id=1244485 * https://bugzilla.suse.com/show_bug.cgi?id=1246118 * https://bugzilla.suse.com/show_bug.cgi?id=1247719 * https://bugzilla.suse.com/show_bug.cgi?id=1247720 * https://bugzilla.suse.com/show_bug.cgi?id=1247816 * https://bugzilla.suse.com/show_bug.cgi?id=1248082 * https://jira.suse.com/browse/SLE-18320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 11 16:30:11 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 11 Sep 2025 16:30:11 -0000 Subject: SUSE-SU-2025:03175-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP4) Message-ID: <175760821129.29615.17726653487735411536@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP4) Announcement ID: SUSE-SU-2025:03175-1 Release Date: 2025-09-11T13:04:57Z Rating: important References: * bsc#1231676 * bsc#1231943 * bsc#1232271 * bsc#1237930 * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1246030 Cross-References: * CVE-2022-49053 * CVE-2024-47674 * CVE-2024-47706 * CVE-2024-49867 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2022-49053 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47706 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49867 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves nine vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_128 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232271). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231676). * CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231943). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3175=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3175=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_128-default-16-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_29-debugsource-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_128-default-debuginfo-16-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_128-default-16-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_29-debugsource-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_128-default-debuginfo-16-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49053.html * https://www.suse.com/security/cve/CVE-2024-47674.html * https://www.suse.com/security/cve/CVE-2024-47706.html * https://www.suse.com/security/cve/CVE-2024-49867.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1231676 * https://bugzilla.suse.com/show_bug.cgi?id=1231943 * https://bugzilla.suse.com/show_bug.cgi?id=1232271 * https://bugzilla.suse.com/show_bug.cgi?id=1237930 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 11 16:30:23 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 11 Sep 2025 16:30:23 -0000 Subject: SUSE-SU-2025:03173-1: important: Security update for curl Message-ID: <175760822342.29615.8370772172693915024@smelt2.prg2.suse.org> # Security update for curl Announcement ID: SUSE-SU-2025:03173-1 Release Date: 2025-09-11T12:55:04Z Rating: important References: * bsc#1249191 * bsc#1249348 Cross-References: * CVE-2025-10148 * CVE-2025-9086 CVSS scores: * CVE-2025-9086 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2025-9086: bug in path comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). * CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-3173=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3173=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * curl-debugsource-8.0.1-11.108.1 * libcurl4-8.0.1-11.108.1 * curl-8.0.1-11.108.1 * libcurl4-debuginfo-8.0.1-11.108.1 * curl-debuginfo-8.0.1-11.108.1 * libcurl-devel-8.0.1-11.108.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libcurl4-32bit-8.0.1-11.108.1 * libcurl4-debuginfo-32bit-8.0.1-11.108.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * curl-debugsource-8.0.1-11.108.1 * libcurl4-8.0.1-11.108.1 * curl-8.0.1-11.108.1 * libcurl4-debuginfo-8.0.1-11.108.1 * libcurl4-debuginfo-32bit-8.0.1-11.108.1 * libcurl4-32bit-8.0.1-11.108.1 * curl-debuginfo-8.0.1-11.108.1 * libcurl-devel-8.0.1-11.108.1 ## References: * https://www.suse.com/security/cve/CVE-2025-10148.html * https://www.suse.com/security/cve/CVE-2025-9086.html * https://bugzilla.suse.com/show_bug.cgi?id=1249191 * https://bugzilla.suse.com/show_bug.cgi?id=1249348 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 11 16:30:18 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 11 Sep 2025 16:30:18 -0000 Subject: SUSE-SU-2025:03165-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4) Message-ID: <175760821818.29615.6624442977571488919@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4) Announcement ID: SUSE-SU-2025:03165-1 Release Date: 2025-09-11T15:33:53Z Rating: important References: * bsc#1237930 * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1246030 Cross-References: * CVE-2022-49053 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2022-49053 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_153 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3165=1 SUSE-2025-3177=1 SUSE-2025-3176=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3176=1 SUSE-SLE- Module-Live-Patching-15-SP4-2025-3165=1 SUSE-SLE-Module-Live- Patching-15-SP4-2025-3177=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_37-debugsource-6-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_34-debugsource-12-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_35-debugsource-11-150400.2.1 * kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_147-default-debuginfo-11-150400.2.1 * kernel-livepatch-5_14_21-150400_24_147-default-11-150400.2.1 * kernel-livepatch-5_14_21-150400_24_144-default-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_153-default-6-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_37-debugsource-6-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_34-debugsource-12-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_35-debugsource-11-150400.2.1 * kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_147-default-debuginfo-11-150400.2.1 * kernel-livepatch-5_14_21-150400_24_147-default-11-150400.2.1 * kernel-livepatch-5_14_21-150400_24_144-default-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_153-default-6-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49053.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1237930 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 11 16:30:26 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 11 Sep 2025 16:30:26 -0000 Subject: SUSE-SU-2025:03172-1: important: Security update for xen Message-ID: <175760822649.29615.7090562474525401678@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2025:03172-1 Release Date: 2025-09-11T12:54:02Z Rating: important References: * bsc#1027519 * bsc#1248807 Cross-References: * CVE-2025-27466 * CVE-2025-58142 * CVE-2025-58143 CVSS scores: * CVE-2025-27466 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2025-27466 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-58142 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2025-58142 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-58143 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-58143 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: Security issues fixed: * CVE-2025-27466: NULL pointer dereference in the Viridian interface when updating the reference TSC area (bsc#1248807). * CVE-2025-58142: NULL pointer dereference in the Viridian interface due to assumption that the SIM page is mapped when a synthetic timer message has to be delivered (bsc#1248807). * CVE-2025-58143: information leak and reference counter underflow in the Viridian interface due to race in the mapping of the reference TSC page (bsc#1248807). Other issues fixed: * efi: Call FreePages() only if needed (bsc#1027519). * x86/hpet: do local APIC EOI after interrupt processing (bsc#1027519). * x86/hvm/ioreq: Fix condition in hvm_alloc_legacy_ioreq_gfn() (bsc#1027519). * x86/idle: Fix the C6 eoi_errata[] list to include NEHALEM_EX (bsc#1027519). * x86/iommu: setup MMCFG ahead of IOMMU (bsc#1027519). * x86/mce: Adjustments to intel_init_ppin() (bsc#1027519). * x86/mkelf32: pad load segment to 2Mb boundary (bsc#1027519). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3172=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-3172=1 ## Package List: * Basesystem Module 15-SP7 (x86_64) * xen-tools-domU-debuginfo-4.20.1_04-150700.3.11.1 * xen-libs-4.20.1_04-150700.3.11.1 * xen-tools-domU-4.20.1_04-150700.3.11.1 * xen-debugsource-4.20.1_04-150700.3.11.1 * xen-libs-debuginfo-4.20.1_04-150700.3.11.1 * Server Applications Module 15-SP7 (x86_64) * xen-tools-debuginfo-4.20.1_04-150700.3.11.1 * xen-4.20.1_04-150700.3.11.1 * xen-tools-4.20.1_04-150700.3.11.1 * xen-debugsource-4.20.1_04-150700.3.11.1 * xen-devel-4.20.1_04-150700.3.11.1 * Server Applications Module 15-SP7 (noarch) * xen-tools-xendomains-wait-disk-4.20.1_04-150700.3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2025-27466.html * https://www.suse.com/security/cve/CVE-2025-58142.html * https://www.suse.com/security/cve/CVE-2025-58143.html * https://bugzilla.suse.com/show_bug.cgi?id=1027519 * https://bugzilla.suse.com/show_bug.cgi?id=1248807 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 11 16:30:36 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 11 Sep 2025 16:30:36 -0000 Subject: SUSE-SU-2025:03169-1: critical: Security update for regionServiceClientConfigAzure Message-ID: <175760823673.29615.6330741459752640924@smelt2.prg2.suse.org> # Security update for regionServiceClientConfigAzure Announcement ID: SUSE-SU-2025:03169-1 Release Date: 2025-09-11T12:38:15Z Rating: critical References: * bsc#1243419 * bsc#1246995 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has two security fixes can now be installed. ## Description: This update for regionServiceClientConfigAzure contains the following fixes: * Update to version 3.0.0. (bsc#1246995) * SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16 when it gets released. * Update dependency name for metadata package, name change in SLE 16. (bsc#1243419) * Replacing certificate for rgnsrv-azure-southeastasia to get rid of weird chain cert ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2025-3169=1 ## Package List: * Public Cloud Module 12 (noarch) * regionServiceClientConfigAzure-3.0.0-3.32.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1243419 * https://bugzilla.suse.com/show_bug.cgi?id=1246995 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 11 16:30:34 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 11 Sep 2025 16:30:34 -0000 Subject: SUSE-SU-2025:03170-1: critical: Security update for regionServiceClientConfigEC2 Message-ID: <175760823401.29615.3315160047858936895@smelt2.prg2.suse.org> # Security update for regionServiceClientConfigEC2 Announcement ID: SUSE-SU-2025:03170-1 Release Date: 2025-09-11T12:38:40Z Rating: critical References: * bsc#1243419 * bsc#1246995 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has two security fixes can now be installed. ## Description: This update for regionServiceClientConfigEC2 contains the following fixes: * Update to version 5.0.0. (bsc#1246995) * SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16 when it gets released. * Update dependency to accomodate metadata binary package name change in SLE 16. (bsc#1243419) * New 4096 certificate for rgnsrv-ec2-us-east1 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2025-3170=1 ## Package List: * Public Cloud Module 12 (noarch) * regionServiceClientConfigEC2-5.0.0-4.37.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1243419 * https://bugzilla.suse.com/show_bug.cgi?id=1246995 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 11 16:30:30 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 11 Sep 2025 16:30:30 -0000 Subject: SUSE-SU-2025:03171-1: critical: Security update for regionServiceClientConfigGCE Message-ID: <175760823072.29615.13457560914614399906@smelt2.prg2.suse.org> # Security update for regionServiceClientConfigGCE Announcement ID: SUSE-SU-2025:03171-1 Release Date: 2025-09-11T12:38:50Z Rating: critical References: * bsc#1242063 * bsc#1246995 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has two security fixes can now be installed. ## Description: This update for regionServiceClientConfigGCE contains the following fixes: * Update to version 5.0.0. (bsc#1246995) * SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16 when it gets released. * Update conditional to handle name change of metadata package in SLE 16. (bsc#1242063) * Add noipv6 patch ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2025-3171=1 ## Package List: * Public Cloud Module 12 (noarch) * regionServiceClientConfigGCE-5.0.0-5.21.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1242063 * https://bugzilla.suse.com/show_bug.cgi?id=1246995 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 11 20:30:09 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 11 Sep 2025 20:30:09 -0000 Subject: SUSE-SU-2025:03180-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4) Message-ID: <175762260949.14509.2354049504825485795@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4) Announcement ID: SUSE-SU-2025:03180-1 Release Date: 2025-09-11T18:33:47Z Rating: important References: * bsc#1237930 * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1246030 Cross-References: * CVE-2022-49053 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2022-49053 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_141 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3180=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3180=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_141-default-13-150400.2.1 * kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-13-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_33-debugsource-13-150400.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_141-default-13-150400.2.1 * kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-13-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_33-debugsource-13-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49053.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1237930 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 11 20:30:15 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 11 Sep 2025 20:30:15 -0000 Subject: SUSE-SU-2025:03179-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP4) Message-ID: <175762261524.14509.8975386699664283908@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP4) Announcement ID: SUSE-SU-2025:03179-1 Release Date: 2025-09-11T17:33:44Z Rating: important References: * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1246030 Cross-References: * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_161 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3179=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3179=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-5-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_39-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_161-default-5-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-5-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_39-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_161-default-5-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Sep 11 20:30:18 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 11 Sep 2025 20:30:18 -0000 Subject: SUSE-SU-2025:03178-1: important: Security update for cups Message-ID: <175762261868.14509.16593010060872881480@smelt2.prg2.suse.org> # Security update for cups Announcement ID: SUSE-SU-2025:03178-1 Release Date: 2025-09-11T16:06:06Z Rating: important References: * bsc#1249049 * bsc#1249128 Cross-References: * CVE-2025-58060 * CVE-2025-58364 CVSS scores: * CVE-2025-58060 ( SUSE ): 7.7 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-58060 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-58060 ( NVD ): 8.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H * CVE-2025-58364 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-58364 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for cups fixes the following issues: * CVE-2025-58060: no password check when `AuthType` is set to anything but `Basic` and a request is made with an `Authorization: Basic` header (bsc#1249049). * CVE-2025-58364: unsafe deserialization and validation of printer attributes leads to NULL pointer dereference (bsc#1249128). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-3178=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3178=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * cups-client-1.7.5-20.54.1 * cups-devel-1.7.5-20.54.1 * cups-1.7.5-20.54.1 * cups-debugsource-1.7.5-20.54.1 * cups-debuginfo-1.7.5-20.54.1 * cups-libs-1.7.5-20.54.1 * cups-client-debuginfo-1.7.5-20.54.1 * cups-libs-debuginfo-1.7.5-20.54.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * cups-libs-32bit-1.7.5-20.54.1 * cups-libs-debuginfo-32bit-1.7.5-20.54.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * cups-libs-32bit-1.7.5-20.54.1 * cups-client-1.7.5-20.54.1 * cups-devel-1.7.5-20.54.1 * cups-1.7.5-20.54.1 * cups-debugsource-1.7.5-20.54.1 * cups-debuginfo-1.7.5-20.54.1 * cups-libs-1.7.5-20.54.1 * cups-client-debuginfo-1.7.5-20.54.1 * cups-libs-debuginfo-32bit-1.7.5-20.54.1 * cups-libs-debuginfo-1.7.5-20.54.1 ## References: * https://www.suse.com/security/cve/CVE-2025-58060.html * https://www.suse.com/security/cve/CVE-2025-58364.html * https://bugzilla.suse.com/show_bug.cgi?id=1249049 * https://bugzilla.suse.com/show_bug.cgi?id=1249128 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 12 08:30:06 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 12 Sep 2025 08:30:06 -0000 Subject: SUSE-SU-2025:03188-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5) Message-ID: <175766580620.29649.10716427800231495482@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5) Announcement ID: SUSE-SU-2025:03188-1 Release Date: 2025-09-12T06:33:50Z Rating: important References: * bsc#1245805 * bsc#1246030 Cross-References: * CVE-2025-21701 * CVE-2025-38212 CVSS scores: * CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_113 fixes several issues. The following security issues were fixed: * CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-3188=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3188=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_28-debugsource-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-4-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_28-debugsource-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-4-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21701.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1245805 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 12 08:30:18 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 12 Sep 2025 08:30:18 -0000 Subject: SUSE-SU-2025:03186-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP5) Message-ID: <175766581831.29649.13716964072940812600@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP5) Announcement ID: SUSE-SU-2025:03186-1 Release Date: 2025-09-12T02:04:17Z Rating: important References: * bsc#1231676 * bsc#1231943 * bsc#1232271 * bsc#1237930 * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1245805 * bsc#1246030 Cross-References: * CVE-2022-49053 * CVE-2024-47674 * CVE-2024-47706 * CVE-2024-49867 * CVE-2025-21701 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2022-49053 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47706 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49867 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_80 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232271). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231676). * CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805). * CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231943). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-3186=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3186=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_80-default-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-14-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_19-debugsource-14-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_80-default-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-14-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_19-debugsource-14-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49053.html * https://www.suse.com/security/cve/CVE-2024-47674.html * https://www.suse.com/security/cve/CVE-2024-47706.html * https://www.suse.com/security/cve/CVE-2024-49867.html * https://www.suse.com/security/cve/CVE-2025-21701.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1231676 * https://bugzilla.suse.com/show_bug.cgi?id=1231943 * https://bugzilla.suse.com/show_bug.cgi?id=1232271 * https://bugzilla.suse.com/show_bug.cgi?id=1237930 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1245805 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 12 08:30:27 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 12 Sep 2025 08:30:27 -0000 Subject: SUSE-SU-2025:03185-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP5) Message-ID: <175766582714.29649.15994842242949427257@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP5) Announcement ID: SUSE-SU-2025:03185-1 Release Date: 2025-09-12T06:03:55Z Rating: important References: * bsc#1237930 * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1245805 * bsc#1246030 Cross-References: * CVE-2022-49053 * CVE-2025-21701 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2022-49053 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_91 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3185=1 SUSE-SLE- Module-Live-Patching-15-SP5-2025-3187=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-3187=1 SUSE-2025-3185=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-10-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_22-debugsource-10-150500.2.1 * kernel-livepatch-5_14_21-150500_55_88-default-10-150500.2.1 * kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-10-150500.2.1 * kernel-livepatch-5_14_21-150500_55_91-default-10-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_21-debugsource-10-150500.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-10-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_22-debugsource-10-150500.2.1 * kernel-livepatch-5_14_21-150500_55_91-default-10-150500.2.1 * kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-10-150500.2.1 * kernel-livepatch-5_14_21-150500_55_88-default-10-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_21-debugsource-10-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49053.html * https://www.suse.com/security/cve/CVE-2025-21701.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1237930 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1245805 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 12 08:30:33 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 12 Sep 2025 08:30:33 -0000 Subject: SUSE-SU-2025:03184-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP4) Message-ID: <175766583315.29649.1965952595586410285@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP4) Announcement ID: SUSE-SU-2025:03184-1 Release Date: 2025-09-11T23:33:50Z Rating: important References: * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1246030 Cross-References: * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_164 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3184=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3184=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_40-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_164-default-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-5-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_40-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_164-default-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-5-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 12 08:30:35 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 12 Sep 2025 08:30:35 -0000 Subject: SUSE-SU-2025:03183-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP4) Message-ID: <175766583587.29649.3715075834993532435@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP4) Announcement ID: SUSE-SU-2025:03183-1 Release Date: 2025-09-11T22:04:29Z Rating: important References: * bsc#1246030 Cross-References: * CVE-2025-38212 CVSS scores: * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_170 fixes one issue. The following security issue was fixed: * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3183=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3183=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_42-debugsource-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_170-default-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-3-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_42-debugsource-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_170-default-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-3-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 12 08:30:41 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 12 Sep 2025 08:30:41 -0000 Subject: SUSE-SU-2025:03182-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP4) Message-ID: <175766584111.29649.2674015420259964234@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP4) Announcement ID: SUSE-SU-2025:03182-1 Release Date: 2025-09-11T21:04:07Z Rating: important References: * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1246030 Cross-References: * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_167 fixes several issues. The following security issues were fixed: * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3182=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3182=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_167-default-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_41-debugsource-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-4-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_167-default-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_41-debugsource-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-4-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 12 08:30:51 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 12 Sep 2025 08:30:51 -0000 Subject: SUSE-SU-2025:03181-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4) Message-ID: <175766585115.29649.15877295980439047101@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4) Announcement ID: SUSE-SU-2025:03181-1 Release Date: 2025-09-11T20:11:21Z Rating: important References: * bsc#1231676 * bsc#1231943 * bsc#1232271 * bsc#1237930 * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1246030 Cross-References: * CVE-2022-49053 * CVE-2024-47674 * CVE-2024-47706 * CVE-2024-49867 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2022-49053 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47706 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49867 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves nine vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_136 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232271). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231676). * CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231943). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3181=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3181=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_32-debugsource-14-150400.2.1 * kernel-livepatch-5_14_21-150400_24_136-default-14-150400.2.1 * kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-14-150400.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_32-debugsource-14-150400.2.1 * kernel-livepatch-5_14_21-150400_24_136-default-14-150400.2.1 * kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-14-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49053.html * https://www.suse.com/security/cve/CVE-2024-47674.html * https://www.suse.com/security/cve/CVE-2024-47706.html * https://www.suse.com/security/cve/CVE-2024-49867.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1231676 * https://bugzilla.suse.com/show_bug.cgi?id=1231943 * https://bugzilla.suse.com/show_bug.cgi?id=1232271 * https://bugzilla.suse.com/show_bug.cgi?id=1237930 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 12 12:30:11 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 12 Sep 2025 12:30:11 -0000 Subject: SUSE-SU-2025:03195-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP5) Message-ID: <175768021116.13948.5020863447021798544@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP5) Announcement ID: SUSE-SU-2025:03195-1 Release Date: 2025-09-12T11:33:46Z Rating: important References: * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1245805 * bsc#1246030 Cross-References: * CVE-2025-21701 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_110 fixes several issues. The following security issues were fixed: * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3195=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-3195=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-4-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_27-debugsource-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-4-150500.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-4-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_27-debugsource-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-4-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21701.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1245805 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 12 12:30:18 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 12 Sep 2025 12:30:18 -0000 Subject: SUSE-SU-2025:03194-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP5) Message-ID: <175768021837.13948.13285630430196016859@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP5) Announcement ID: SUSE-SU-2025:03194-1 Release Date: 2025-09-12T10:33:51Z Rating: important References: * bsc#1237930 * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1245805 * bsc#1246030 Cross-References: * CVE-2022-49053 * CVE-2025-21701 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2022-49053 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_97 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-3194=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3194=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_24-debugsource-6-150500.2.1 * kernel-livepatch-5_14_21-150500_55_97-default-6-150500.2.1 * kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-6-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_24-debugsource-6-150500.2.1 * kernel-livepatch-5_14_21-150500_55_97-default-6-150500.2.1 * kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-6-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49053.html * https://www.suse.com/security/cve/CVE-2025-21701.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1237930 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1245805 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 12 12:30:27 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 12 Sep 2025 12:30:27 -0000 Subject: SUSE-SU-2025:03191-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5) Message-ID: <175768022786.13948.2575106660432613550@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5) Announcement ID: SUSE-SU-2025:03191-1 Release Date: 2025-09-12T08:34:21Z Rating: important References: * bsc#1231676 * bsc#1231943 * bsc#1232271 * bsc#1237930 * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1245805 * bsc#1246030 Cross-References: * CVE-2022-49053 * CVE-2024-47674 * CVE-2024-47706 * CVE-2024-49867 * CVE-2025-21701 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2022-49053 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47706 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49867 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_83 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232271). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231676). * CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805). * CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231943). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-3191=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3191=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_83-default-14-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_20-debugsource-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-14-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_83-default-14-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_20-debugsource-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-14-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49053.html * https://www.suse.com/security/cve/CVE-2024-47674.html * https://www.suse.com/security/cve/CVE-2024-47706.html * https://www.suse.com/security/cve/CVE-2024-49867.html * https://www.suse.com/security/cve/CVE-2025-21701.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1231676 * https://bugzilla.suse.com/show_bug.cgi?id=1231943 * https://bugzilla.suse.com/show_bug.cgi?id=1232271 * https://bugzilla.suse.com/show_bug.cgi?id=1237930 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1245805 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 12 12:30:40 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 12 Sep 2025 12:30:40 -0000 Subject: SUSE-SU-2025:03193-1: critical: Security update for perl-Cpanel-JSON-XS Message-ID: <175768024083.13948.16575667502550727551@smelt2.prg2.suse.org> # Security update for perl-Cpanel-JSON-XS Announcement ID: SUSE-SU-2025:03193-1 Release Date: 2025-09-12T10:20:19Z Rating: critical References: * bsc#1249331 Cross-References: * CVE-2025-40929 CVSS scores: * CVE-2025-40929 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40929 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40929 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for perl-Cpanel-JSON-XS fixes the following issues: * CVE-2025-40929: integer buffer overflow causing a segmentation fault when parsing crafted JSON (bsc#1249331). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3193=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * perl-Cpanel-JSON-XS-4.380.0-150700.3.3.1 * perl-Cpanel-JSON-XS-debuginfo-4.380.0-150700.3.3.1 * perl-Cpanel-JSON-XS-debugsource-4.380.0-150700.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40929.html * https://bugzilla.suse.com/show_bug.cgi?id=1249331 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 12 12:30:36 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 12 Sep 2025 12:30:36 -0000 Subject: SUSE-SU-2025:03190-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP5) Message-ID: <175768023651.13948.5411657805276391403@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP5) Announcement ID: SUSE-SU-2025:03190-1 Release Date: 2025-09-12T08:09:51Z Rating: important References: * bsc#1231676 * bsc#1231943 * bsc#1232271 * bsc#1237930 * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1246030 Cross-References: * CVE-2022-49053 * CVE-2024-47674 * CVE-2024-47706 * CVE-2024-49867 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2022-49053 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47706 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49867 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves nine vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_73 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232271). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231676). * CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231943). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-3190=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3190=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_17-debugsource-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_73-default-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_73-default-debuginfo-16-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_73-default-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_73-default-debuginfo-16-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le x86_64) * kernel-livepatch-SLE15-SP5_Update_17-debugsource-16-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49053.html * https://www.suse.com/security/cve/CVE-2024-47674.html * https://www.suse.com/security/cve/CVE-2024-47706.html * https://www.suse.com/security/cve/CVE-2024-49867.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1231676 * https://bugzilla.suse.com/show_bug.cgi?id=1231943 * https://bugzilla.suse.com/show_bug.cgi?id=1232271 * https://bugzilla.suse.com/show_bug.cgi?id=1237930 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 12 16:31:06 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 12 Sep 2025 16:31:06 -0000 Subject: SUSE-SU-2025:03205-1: moderate: Security update for busybox, busybox-links Message-ID: <175769466646.29468.6179888111934150358@smelt2.prg2.suse.org> # Security update for busybox, busybox-links Announcement ID: SUSE-SU-2025:03205-1 Release Date: 2025-09-12T15:57:35Z Rating: moderate References: * bsc#1203397 * bsc#1203399 * bsc#1206798 * bsc#1215943 * bsc#1217580 * bsc#1217584 * bsc#1217585 * bsc#1217883 * bsc#1243201 * jsc#PED-13039 * jsc#SLE-24210 * jsc#SLE-24211 Cross-References: * CVE-2023-42363 * CVE-2023-42364 * CVE-2023-42365 CVSS scores: * CVE-2023-42363 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-42363 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-42364 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2023-42364 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-42364 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-42364 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-42365 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-42365 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities, contains three features and has six security fixes can now be installed. ## Description: This update for busybox, busybox-links fixes the following issues: Updated to version 1.37.0 (jsc#PED-13039): \- CVE-2023-42363: Fixed use-after- free vulnerability in xasprintf function in xfuncs_printf.c (bsc#1217580) \- CVE-2023-42364: Fixed use-after-free in the awk.c evaluate function (bsc#1217584) \- CVE-2023-42365: Fixed use-after-free in the awk.c copyvar function (bsc#1217585) Other fixes: \- fix generation of file lists via Dockerfile \- add copy of busybox.links from the container to catch changes to busybox config \- Blacklist creating links for halt, reboot, shutdown commands to avoid accidental use in a fully booted system (bsc#1243201) \- Add getfattr applet to attr filelist \- busybox-udhcpc conflicts with udhcp. \- Add new sub-package for udhcpc \- zgrep: don't set the label option as only the real grep supports it (bsc#1215943) \- Add conflict for coreutils-systemd, package got splitted \- Check in filelists instead of buildrequiring all non-busybox utils \- Replace transitional %usrmerged macro with regular version check (bsc#1206798) \- Create sub-package "hexedit" [bsc#1203399] \- Create sub-package "sha3sum" [bsc#1203397] \- Drop update-alternatives support \- Add provides smtp_daemon to busybox-sendmail \- Add conflicts: mawk to busybox-gawk \- fix mkdir path to point to /usr/bin instead of /bin \- add placeholder variable and ignore applet logic to busybox.install \- enable halt, poweroff, reboot commands (bsc#1243201) \- Fully enable udhcpc and document that this tool needs special configuration and does not work out of the box [bsc#1217883] \- Replace transitional %usrmerged macro with regular version check (bsc#1206798) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3205=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * busybox-static-1.37.0-150700.18.4.1 * busybox-1.37.0-150700.18.4.1 ## References: * https://www.suse.com/security/cve/CVE-2023-42363.html * https://www.suse.com/security/cve/CVE-2023-42364.html * https://www.suse.com/security/cve/CVE-2023-42365.html * https://bugzilla.suse.com/show_bug.cgi?id=1203397 * https://bugzilla.suse.com/show_bug.cgi?id=1203399 * https://bugzilla.suse.com/show_bug.cgi?id=1206798 * https://bugzilla.suse.com/show_bug.cgi?id=1215943 * https://bugzilla.suse.com/show_bug.cgi?id=1217580 * https://bugzilla.suse.com/show_bug.cgi?id=1217584 * https://bugzilla.suse.com/show_bug.cgi?id=1217585 * https://bugzilla.suse.com/show_bug.cgi?id=1217883 * https://bugzilla.suse.com/show_bug.cgi?id=1243201 * https://jira.suse.com/browse/PED-13039 * https://jira.suse.com/browse/SLE-24210 * https://jira.suse.com/browse/SLE-24211 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 12 16:31:11 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 12 Sep 2025 16:31:11 -0000 Subject: SUSE-SU-2025:03202-1: moderate: Security update for python-eventlet Message-ID: <175769467177.29468.16052130715457934157@smelt2.prg2.suse.org> # Security update for python-eventlet Announcement ID: SUSE-SU-2025:03202-1 Release Date: 2025-09-12T12:27:38Z Rating: moderate References: * bsc#1248994 Cross-References: * CVE-2025-58068 CVSS scores: * CVE-2025-58068 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-58068 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-58068 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Python 3 Module 15-SP6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-eventlet fixes the following issues: * CVE-2025-58068: improper handling of HTTP trailer sections in WSGI parser leads to HTTP request smuggling (bsc#1248994). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2025-3202=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3202=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3202=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-3202=1 ## Package List: * Python 3 Module 15-SP7 (noarch) * python311-eventlet-0.33.3-150400.5.6.1 * openSUSE Leap 15.4 (noarch) * python311-eventlet-0.33.3-150400.5.6.1 * openSUSE Leap 15.6 (noarch) * python311-eventlet-0.33.3-150400.5.6.1 * Python 3 Module 15-SP6 (noarch) * python311-eventlet-0.33.3-150400.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-58068.html * https://bugzilla.suse.com/show_bug.cgi?id=1248994 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 12 16:31:14 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 12 Sep 2025 16:31:14 -0000 Subject: SUSE-SU-2025:03201-1: low: Security update for python-aiohttp Message-ID: <175769467416.29468.2696334526746063844@smelt2.prg2.suse.org> # Security update for python-aiohttp Announcement ID: SUSE-SU-2025:03201-1 Release Date: 2025-09-12T12:24:44Z Rating: low References: * bsc#1246517 Cross-References: * CVE-2025-53643 CVSS scores: * CVE-2025-53643 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-53643 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2025-53643 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-53643 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * Public Cloud Module 15-SP6 * Public Cloud Module 15-SP7 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-aiohttp fixes the following issues: * CVE-2025-53643: request smuggling vulnerability due to incorrect parsing trailer sections of an HTTP request (bsc#1246517). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2025-3201=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2025-3201=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2025-3201=1 * Public Cloud Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2025-3201=1 * Public Cloud Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2025-3201=1 ## Package List: * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * python-aiohttp-debugsource-3.6.0-150100.3.27.1 * python3-aiohttp-debuginfo-3.6.0-150100.3.27.1 * python3-aiohttp-3.6.0-150100.3.27.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python-aiohttp-debugsource-3.6.0-150100.3.27.1 * python3-aiohttp-debuginfo-3.6.0-150100.3.27.1 * python3-aiohttp-3.6.0-150100.3.27.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python-aiohttp-debugsource-3.6.0-150100.3.27.1 * python3-aiohttp-debuginfo-3.6.0-150100.3.27.1 * python3-aiohttp-3.6.0-150100.3.27.1 * Public Cloud Module 15-SP6 (aarch64 ppc64le s390x x86_64) * python-aiohttp-debugsource-3.6.0-150100.3.27.1 * python3-aiohttp-debuginfo-3.6.0-150100.3.27.1 * python3-aiohttp-3.6.0-150100.3.27.1 * Public Cloud Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python-aiohttp-debugsource-3.6.0-150100.3.27.1 * python3-aiohttp-debuginfo-3.6.0-150100.3.27.1 * python3-aiohttp-3.6.0-150100.3.27.1 ## References: * https://www.suse.com/security/cve/CVE-2025-53643.html * https://bugzilla.suse.com/show_bug.cgi?id=1246517 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 12 16:30:55 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 12 Sep 2025 16:30:55 -0000 Subject: SUSE-SU-2025:03204-1: important: Security update for the Linux Kernel Message-ID: <175769465561.29468.8511844868012659199@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2025:03204-1 Release Date: 2025-09-12T13:40:35Z Rating: important References: * bsc#1225527 * bsc#1240224 * bsc#1241292 * bsc#1242006 * bsc#1242782 * bsc#1244337 * bsc#1244734 * bsc#1244773 * bsc#1244794 * bsc#1244797 * bsc#1244815 * bsc#1244824 * bsc#1244854 * bsc#1244856 * bsc#1244887 * bsc#1244899 * bsc#1244964 * bsc#1244972 * bsc#1244985 * bsc#1245016 * bsc#1245072 * bsc#1245110 * bsc#1245196 * bsc#1245663 * bsc#1245669 * bsc#1245695 * bsc#1245744 * bsc#1245746 * bsc#1245769 * bsc#1245781 * bsc#1245956 * bsc#1245973 * bsc#1246012 * bsc#1246042 * bsc#1246193 * bsc#1246248 * bsc#1246342 * bsc#1246547 * bsc#1246879 * bsc#1246911 * bsc#1247098 * bsc#1247112 * bsc#1247118 * bsc#1247138 * bsc#1247143 * bsc#1247160 * bsc#1247172 * bsc#1247255 * bsc#1247288 * bsc#1247289 * bsc#1247293 * bsc#1247311 * bsc#1247374 * bsc#1247929 * bsc#1247976 * bsc#1248108 * bsc#1248130 * bsc#1248178 * bsc#1248179 * bsc#1248212 * bsc#1248223 * bsc#1248296 * bsc#1248306 * bsc#1248377 * bsc#1248511 * bsc#1248621 * bsc#1248748 * jsc#PED-8240 Cross-References: * CVE-2022-49967 * CVE-2022-49975 * CVE-2022-49980 * CVE-2022-49981 * CVE-2022-50007 * CVE-2022-50066 * CVE-2022-50080 * CVE-2022-50116 * CVE-2022-50127 * CVE-2022-50138 * CVE-2022-50141 * CVE-2022-50162 * CVE-2022-50185 * CVE-2022-50191 * CVE-2022-50228 * CVE-2022-50229 * CVE-2023-52813 * CVE-2023-53020 * CVE-2024-28956 * CVE-2025-22022 * CVE-2025-23141 * CVE-2025-38075 * CVE-2025-38102 * CVE-2025-38103 * CVE-2025-38117 * CVE-2025-38122 * CVE-2025-38153 * CVE-2025-38173 * CVE-2025-38174 * CVE-2025-38184 * CVE-2025-38185 * CVE-2025-38190 * CVE-2025-38214 * CVE-2025-38245 * CVE-2025-38263 * CVE-2025-38313 * CVE-2025-38352 * CVE-2025-38386 * CVE-2025-38424 * CVE-2025-38430 * CVE-2025-38449 * CVE-2025-38457 * CVE-2025-38460 * CVE-2025-38464 * CVE-2025-38465 * CVE-2025-38470 * CVE-2025-38473 * CVE-2025-38474 * CVE-2025-38498 * CVE-2025-38499 * CVE-2025-38512 * CVE-2025-38513 * CVE-2025-38515 * CVE-2025-38546 * CVE-2025-38556 * CVE-2025-38563 * CVE-2025-38565 * CVE-2025-38617 * CVE-2025-38618 * CVE-2025-38644 CVSS scores: * CVE-2022-49967 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-49975 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2022-49975 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-49980 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49980 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49981 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2022-49981 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-50007 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-50066 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-50080 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-50116 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-50127 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-50138 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-50141 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-50162 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-50185 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-50191 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-50228 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-50229 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52813 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-53020 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-53020 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-28956 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-28956 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2024-28956 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-28956 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2025-22022 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-22022 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-23141 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-23141 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38075 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38075 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38102 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38102 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38103 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-38103 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-38117 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38117 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-38122 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38122 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38153 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-38153 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2025-38173 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-38173 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2025-38174 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38174 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38184 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38184 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38185 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38185 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38190 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38190 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38214 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38214 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38245 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38245 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38263 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38263 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38313 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38313 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38352 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38352 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38424 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38424 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38430 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38430 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38449 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38449 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38457 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38457 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38460 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38460 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38464 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38464 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-38465 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38465 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38470 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38470 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38473 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38473 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38474 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38474 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38498 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38499 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H * CVE-2025-38499 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H * CVE-2025-38512 ( SUSE ): 6.9 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-38512 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-38513 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38513 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38515 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38515 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38546 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38546 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38556 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38556 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-38563 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2025-38565 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-38565 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-38617 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38617 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38618 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38618 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38644 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38644 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 60 vulnerabilities, contains one feature and has seven security fixes can now be installed. ## Description: This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2025-3204=1 * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-3204=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3204=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (nosrc) * kernel-default-4.12.14-122.272.1 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kernel-default-kgraft-4.12.14-122.272.1 * kernel-default-debugsource-4.12.14-122.272.1 * kernel-default-kgraft-devel-4.12.14-122.272.1 * kgraft-patch-4_12_14-122_272-default-1-8.3.1 * kernel-default-debuginfo-4.12.14-122.272.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * kernel-default-devel-4.12.14-122.272.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.272.1 * kernel-syms-4.12.14-122.272.1 * gfs2-kmp-default-4.12.14-122.272.1 * kernel-default-debugsource-4.12.14-122.272.1 * kernel-default-base-debuginfo-4.12.14-122.272.1 * cluster-md-kmp-default-4.12.14-122.272.1 * ocfs2-kmp-default-4.12.14-122.272.1 * kernel-default-debuginfo-4.12.14-122.272.1 * kernel-default-base-4.12.14-122.272.1 * dlm-kmp-default-debuginfo-4.12.14-122.272.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.272.1 * gfs2-kmp-default-debuginfo-4.12.14-122.272.1 * dlm-kmp-default-4.12.14-122.272.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-122.272.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * kernel-source-4.12.14-122.272.1 * kernel-devel-4.12.14-122.272.1 * kernel-macros-4.12.14-122.272.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x) * kernel-default-man-4.12.14-122.272.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.272.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * kernel-default-devel-4.12.14-122.272.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.272.1 * kernel-syms-4.12.14-122.272.1 * kernel-default-devel-debuginfo-4.12.14-122.272.1 * gfs2-kmp-default-4.12.14-122.272.1 * kernel-default-debugsource-4.12.14-122.272.1 * kernel-default-base-debuginfo-4.12.14-122.272.1 * cluster-md-kmp-default-4.12.14-122.272.1 * ocfs2-kmp-default-4.12.14-122.272.1 * kernel-default-debuginfo-4.12.14-122.272.1 * kernel-default-base-4.12.14-122.272.1 * dlm-kmp-default-debuginfo-4.12.14-122.272.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.272.1 * gfs2-kmp-default-debuginfo-4.12.14-122.272.1 * dlm-kmp-default-4.12.14-122.272.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (nosrc x86_64) * kernel-default-4.12.14-122.272.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * kernel-source-4.12.14-122.272.1 * kernel-devel-4.12.14-122.272.1 * kernel-macros-4.12.14-122.272.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49967.html * https://www.suse.com/security/cve/CVE-2022-49975.html * https://www.suse.com/security/cve/CVE-2022-49980.html * https://www.suse.com/security/cve/CVE-2022-49981.html * https://www.suse.com/security/cve/CVE-2022-50007.html * https://www.suse.com/security/cve/CVE-2022-50066.html * https://www.suse.com/security/cve/CVE-2022-50080.html * https://www.suse.com/security/cve/CVE-2022-50116.html * https://www.suse.com/security/cve/CVE-2022-50127.html * https://www.suse.com/security/cve/CVE-2022-50138.html * https://www.suse.com/security/cve/CVE-2022-50141.html * https://www.suse.com/security/cve/CVE-2022-50162.html * https://www.suse.com/security/cve/CVE-2022-50185.html * https://www.suse.com/security/cve/CVE-2022-50191.html * https://www.suse.com/security/cve/CVE-2022-50228.html * https://www.suse.com/security/cve/CVE-2022-50229.html * https://www.suse.com/security/cve/CVE-2023-52813.html * https://www.suse.com/security/cve/CVE-2023-53020.html * https://www.suse.com/security/cve/CVE-2024-28956.html * https://www.suse.com/security/cve/CVE-2025-22022.html * https://www.suse.com/security/cve/CVE-2025-23141.html * https://www.suse.com/security/cve/CVE-2025-38075.html * https://www.suse.com/security/cve/CVE-2025-38102.html * https://www.suse.com/security/cve/CVE-2025-38103.html * https://www.suse.com/security/cve/CVE-2025-38117.html * https://www.suse.com/security/cve/CVE-2025-38122.html * https://www.suse.com/security/cve/CVE-2025-38153.html * https://www.suse.com/security/cve/CVE-2025-38173.html * https://www.suse.com/security/cve/CVE-2025-38174.html * https://www.suse.com/security/cve/CVE-2025-38184.html * https://www.suse.com/security/cve/CVE-2025-38185.html * https://www.suse.com/security/cve/CVE-2025-38190.html * https://www.suse.com/security/cve/CVE-2025-38214.html * https://www.suse.com/security/cve/CVE-2025-38245.html * https://www.suse.com/security/cve/CVE-2025-38263.html * https://www.suse.com/security/cve/CVE-2025-38313.html * https://www.suse.com/security/cve/CVE-2025-38352.html * https://www.suse.com/security/cve/CVE-2025-38386.html * https://www.suse.com/security/cve/CVE-2025-38424.html * https://www.suse.com/security/cve/CVE-2025-38430.html * https://www.suse.com/security/cve/CVE-2025-38449.html * https://www.suse.com/security/cve/CVE-2025-38457.html * https://www.suse.com/security/cve/CVE-2025-38460.html * https://www.suse.com/security/cve/CVE-2025-38464.html * https://www.suse.com/security/cve/CVE-2025-38465.html * https://www.suse.com/security/cve/CVE-2025-38470.html * https://www.suse.com/security/cve/CVE-2025-38473.html * https://www.suse.com/security/cve/CVE-2025-38474.html * https://www.suse.com/security/cve/CVE-2025-38498.html * https://www.suse.com/security/cve/CVE-2025-38499.html * https://www.suse.com/security/cve/CVE-2025-38512.html * https://www.suse.com/security/cve/CVE-2025-38513.html * https://www.suse.com/security/cve/CVE-2025-38515.html * https://www.suse.com/security/cve/CVE-2025-38546.html * https://www.suse.com/security/cve/CVE-2025-38556.html * https://www.suse.com/security/cve/CVE-2025-38563.html * https://www.suse.com/security/cve/CVE-2025-38565.html * https://www.suse.com/security/cve/CVE-2025-38617.html * https://www.suse.com/security/cve/CVE-2025-38618.html * https://www.suse.com/security/cve/CVE-2025-38644.html * https://bugzilla.suse.com/show_bug.cgi?id=1225527 * https://bugzilla.suse.com/show_bug.cgi?id=1240224 * https://bugzilla.suse.com/show_bug.cgi?id=1241292 * https://bugzilla.suse.com/show_bug.cgi?id=1242006 * https://bugzilla.suse.com/show_bug.cgi?id=1242782 * https://bugzilla.suse.com/show_bug.cgi?id=1244337 * https://bugzilla.suse.com/show_bug.cgi?id=1244734 * https://bugzilla.suse.com/show_bug.cgi?id=1244773 * https://bugzilla.suse.com/show_bug.cgi?id=1244794 * https://bugzilla.suse.com/show_bug.cgi?id=1244797 * https://bugzilla.suse.com/show_bug.cgi?id=1244815 * https://bugzilla.suse.com/show_bug.cgi?id=1244824 * https://bugzilla.suse.com/show_bug.cgi?id=1244854 * https://bugzilla.suse.com/show_bug.cgi?id=1244856 * https://bugzilla.suse.com/show_bug.cgi?id=1244887 * https://bugzilla.suse.com/show_bug.cgi?id=1244899 * https://bugzilla.suse.com/show_bug.cgi?id=1244964 * https://bugzilla.suse.com/show_bug.cgi?id=1244972 * https://bugzilla.suse.com/show_bug.cgi?id=1244985 * https://bugzilla.suse.com/show_bug.cgi?id=1245016 * https://bugzilla.suse.com/show_bug.cgi?id=1245072 * https://bugzilla.suse.com/show_bug.cgi?id=1245110 * https://bugzilla.suse.com/show_bug.cgi?id=1245196 * https://bugzilla.suse.com/show_bug.cgi?id=1245663 * https://bugzilla.suse.com/show_bug.cgi?id=1245669 * https://bugzilla.suse.com/show_bug.cgi?id=1245695 * https://bugzilla.suse.com/show_bug.cgi?id=1245744 * https://bugzilla.suse.com/show_bug.cgi?id=1245746 * https://bugzilla.suse.com/show_bug.cgi?id=1245769 * https://bugzilla.suse.com/show_bug.cgi?id=1245781 * https://bugzilla.suse.com/show_bug.cgi?id=1245956 * https://bugzilla.suse.com/show_bug.cgi?id=1245973 * https://bugzilla.suse.com/show_bug.cgi?id=1246012 * https://bugzilla.suse.com/show_bug.cgi?id=1246042 * https://bugzilla.suse.com/show_bug.cgi?id=1246193 * https://bugzilla.suse.com/show_bug.cgi?id=1246248 * https://bugzilla.suse.com/show_bug.cgi?id=1246342 * https://bugzilla.suse.com/show_bug.cgi?id=1246547 * https://bugzilla.suse.com/show_bug.cgi?id=1246879 * https://bugzilla.suse.com/show_bug.cgi?id=1246911 * https://bugzilla.suse.com/show_bug.cgi?id=1247098 * https://bugzilla.suse.com/show_bug.cgi?id=1247112 * https://bugzilla.suse.com/show_bug.cgi?id=1247118 * https://bugzilla.suse.com/show_bug.cgi?id=1247138 * https://bugzilla.suse.com/show_bug.cgi?id=1247143 * https://bugzilla.suse.com/show_bug.cgi?id=1247160 * https://bugzilla.suse.com/show_bug.cgi?id=1247172 * https://bugzilla.suse.com/show_bug.cgi?id=1247255 * https://bugzilla.suse.com/show_bug.cgi?id=1247288 * https://bugzilla.suse.com/show_bug.cgi?id=1247289 * https://bugzilla.suse.com/show_bug.cgi?id=1247293 * https://bugzilla.suse.com/show_bug.cgi?id=1247311 * https://bugzilla.suse.com/show_bug.cgi?id=1247374 * https://bugzilla.suse.com/show_bug.cgi?id=1247929 * https://bugzilla.suse.com/show_bug.cgi?id=1247976 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 * https://bugzilla.suse.com/show_bug.cgi?id=1248130 * https://bugzilla.suse.com/show_bug.cgi?id=1248178 * https://bugzilla.suse.com/show_bug.cgi?id=1248179 * https://bugzilla.suse.com/show_bug.cgi?id=1248212 * https://bugzilla.suse.com/show_bug.cgi?id=1248223 * https://bugzilla.suse.com/show_bug.cgi?id=1248296 * https://bugzilla.suse.com/show_bug.cgi?id=1248306 * https://bugzilla.suse.com/show_bug.cgi?id=1248377 * https://bugzilla.suse.com/show_bug.cgi?id=1248511 * https://bugzilla.suse.com/show_bug.cgi?id=1248621 * https://bugzilla.suse.com/show_bug.cgi?id=1248748 * https://jira.suse.com/browse/PED-8240 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 12 16:31:28 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 12 Sep 2025 16:31:28 -0000 Subject: SUSE-SU-2025:03198-1: important: Security update for curl Message-ID: <175769468803.29468.12817429197072782350@smelt2.prg2.suse.org> # Security update for curl Announcement ID: SUSE-SU-2025:03198-1 Release Date: 2025-09-12T12:15:18Z Rating: important References: * bsc#1228260 * bsc#1236589 * bsc#1243397 * bsc#1243706 * bsc#1243933 * bsc#1246197 * bsc#1249191 * bsc#1249348 * bsc#1249367 * jsc#PED-13055 * jsc#PED-13056 Cross-References: * CVE-2024-6874 * CVE-2025-0665 * CVE-2025-10148 * CVE-2025-4947 * CVE-2025-5025 * CVE-2025-5399 * CVE-2025-9086 CVSS scores: * CVE-2024-6874 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-6874 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-6874 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-0665 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-0665 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2025-0665 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-4947 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-4947 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2025-4947 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-5025 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-5025 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2025-5025 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-5399 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-5399 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-5399 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-9086 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves seven vulnerabilities, contains two features and has two security fixes can now be installed. ## Description: This update for curl fixes the following issues: Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). Security issues fixed: * CVE-2025-0665: eventfd double close can cause libcurl to act unreliably (bsc#1236589). * CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks (bsc#1243397). * CVE-2025-5025: no QUIC certificate pinning with wolfSSL can lead to connections to impostor servers that are not easily noticed (bsc#1243706). * CVE-2025-5399: bug in websocket code can cause libcurl to get trapped in an endless busy-loop when processing specially crafted packets (bsc#1243933). * CVE-2024-6874: punycode conversions to/from IDN can leak stack content when libcurl is built to use the macidn IDN backend (bsc#1228260). * CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). * CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: * Fix wrong return code when --retry is used (bsc#1249367). * tool_operate: fix return code when --retry is used but not triggered [b42776b] * Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] * Fixed with version 8.14.1: * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3198=1 openSUSE-SLE-15.6-2025-3198=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3198=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3198=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libcurl-mini4-8.14.1-150600.4.28.1 * libcurl4-debuginfo-8.14.1-150600.4.28.1 * libcurl-devel-8.14.1-150600.4.28.1 * libcurl-mini4-debuginfo-8.14.1-150600.4.28.1 * libcurl4-8.14.1-150600.4.28.1 * curl-mini-debugsource-8.14.1-150600.4.28.1 * curl-8.14.1-150600.4.28.1 * curl-debuginfo-8.14.1-150600.4.28.1 * curl-debugsource-8.14.1-150600.4.28.1 * openSUSE Leap 15.6 (noarch) * curl-zsh-completion-8.14.1-150600.4.28.1 * libcurl-devel-doc-8.14.1-150600.4.28.1 * curl-fish-completion-8.14.1-150600.4.28.1 * openSUSE Leap 15.6 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150600.4.28.1 * libcurl-devel-32bit-8.14.1-150600.4.28.1 * libcurl4-32bit-8.14.1-150600.4.28.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libcurl4-64bit-debuginfo-8.14.1-150600.4.28.1 * libcurl-devel-64bit-8.14.1-150600.4.28.1 * libcurl4-64bit-8.14.1-150600.4.28.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libcurl4-debuginfo-8.14.1-150600.4.28.1 * libcurl-devel-8.14.1-150600.4.28.1 * libcurl4-8.14.1-150600.4.28.1 * curl-8.14.1-150600.4.28.1 * curl-debuginfo-8.14.1-150600.4.28.1 * curl-debugsource-8.14.1-150600.4.28.1 * Basesystem Module 15-SP6 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150600.4.28.1 * libcurl4-32bit-8.14.1-150600.4.28.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libcurl4-debuginfo-8.14.1-150600.4.28.1 * libcurl-devel-8.14.1-150600.4.28.1 * libcurl4-8.14.1-150600.4.28.1 * curl-8.14.1-150600.4.28.1 * curl-debuginfo-8.14.1-150600.4.28.1 * curl-debugsource-8.14.1-150600.4.28.1 * Basesystem Module 15-SP7 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150600.4.28.1 * libcurl4-32bit-8.14.1-150600.4.28.1 ## References: * https://www.suse.com/security/cve/CVE-2024-6874.html * https://www.suse.com/security/cve/CVE-2025-0665.html * https://www.suse.com/security/cve/CVE-2025-10148.html * https://www.suse.com/security/cve/CVE-2025-4947.html * https://www.suse.com/security/cve/CVE-2025-5025.html * https://www.suse.com/security/cve/CVE-2025-5399.html * https://www.suse.com/security/cve/CVE-2025-9086.html * https://bugzilla.suse.com/show_bug.cgi?id=1228260 * https://bugzilla.suse.com/show_bug.cgi?id=1236589 * https://bugzilla.suse.com/show_bug.cgi?id=1243397 * https://bugzilla.suse.com/show_bug.cgi?id=1243706 * https://bugzilla.suse.com/show_bug.cgi?id=1243933 * https://bugzilla.suse.com/show_bug.cgi?id=1246197 * https://bugzilla.suse.com/show_bug.cgi?id=1249191 * https://bugzilla.suse.com/show_bug.cgi?id=1249348 * https://bugzilla.suse.com/show_bug.cgi?id=1249367 * https://jira.suse.com/browse/PED-13055 * https://jira.suse.com/browse/PED-13056 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 12 16:31:18 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 12 Sep 2025 16:31:18 -0000 Subject: SUSE-SU-2025:03200-1: moderate: Security update for go1.25 Message-ID: <175769467819.29468.17037180629706830017@smelt2.prg2.suse.org> # Security update for go1.25 Announcement ID: SUSE-SU-2025:03200-1 Release Date: 2025-09-12T12:22:43Z Rating: moderate References: * bsc#1244485 * bsc#1247816 * bsc#1248082 * bsc#1249141 Cross-References: * CVE-2025-47910 CVSS scores: * CVE-2025-47910 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: * Development Tools Module 15-SP6 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has three security fixes can now be installed. ## Description: This update for go1.25 fixes the following issues: Update to go1.25.1, released 2025-09-03 (bsc#1244485). Security issues fixed: * CVE-2025-47910: net/http: `CrossOriginProtection` insecure bypass patterns not limited to exact matches (bsc#1249141). Other issues fixed: * go#74822 cmd/go: "get toolchain at latest" should ignore release candidates. * go#74999 net: WriteMsgUDPAddrPort should accept IPv4-mapped IPv6 destination addresses on IPv4 UDP sockets. * go#75008 os/exec: TestLookPath fails on plan9 after CL 685755. * go#75021 testing/synctest: bubble not terminating. * go#75083 os: File.Seek doesn't set the correct offset with Windows overlapped handles. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3200=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-3200=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-3200=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3200=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3200=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3200=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3200=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3200=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3200=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3200=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3200=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3200=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3200=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3200=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-3200=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * go1.25-doc-1.25.1-150000.1.8.1 * go1.25-race-1.25.1-150000.1.8.1 * go1.25-1.25.1-150000.1.8.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * go1.25-doc-1.25.1-150000.1.8.1 * go1.25-race-1.25.1-150000.1.8.1 * go1.25-1.25.1-150000.1.8.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * go1.25-doc-1.25.1-150000.1.8.1 * go1.25-race-1.25.1-150000.1.8.1 * go1.25-1.25.1-150000.1.8.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * go1.25-doc-1.25.1-150000.1.8.1 * go1.25-race-1.25.1-150000.1.8.1 * go1.25-1.25.1-150000.1.8.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * go1.25-doc-1.25.1-150000.1.8.1 * go1.25-race-1.25.1-150000.1.8.1 * go1.25-1.25.1-150000.1.8.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * go1.25-doc-1.25.1-150000.1.8.1 * go1.25-race-1.25.1-150000.1.8.1 * go1.25-1.25.1-150000.1.8.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * go1.25-doc-1.25.1-150000.1.8.1 * go1.25-race-1.25.1-150000.1.8.1 * go1.25-1.25.1-150000.1.8.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * go1.25-doc-1.25.1-150000.1.8.1 * go1.25-race-1.25.1-150000.1.8.1 * go1.25-1.25.1-150000.1.8.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-doc-1.25.1-150000.1.8.1 * go1.25-race-1.25.1-150000.1.8.1 * go1.25-1.25.1-150000.1.8.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-doc-1.25.1-150000.1.8.1 * go1.25-race-1.25.1-150000.1.8.1 * go1.25-1.25.1-150000.1.8.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-doc-1.25.1-150000.1.8.1 * go1.25-race-1.25.1-150000.1.8.1 * go1.25-1.25.1-150000.1.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * go1.25-doc-1.25.1-150000.1.8.1 * go1.25-race-1.25.1-150000.1.8.1 * go1.25-1.25.1-150000.1.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * go1.25-doc-1.25.1-150000.1.8.1 * go1.25-race-1.25.1-150000.1.8.1 * go1.25-1.25.1-150000.1.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * go1.25-doc-1.25.1-150000.1.8.1 * go1.25-race-1.25.1-150000.1.8.1 * go1.25-1.25.1-150000.1.8.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * go1.25-doc-1.25.1-150000.1.8.1 * go1.25-race-1.25.1-150000.1.8.1 * go1.25-1.25.1-150000.1.8.1 ## References: * https://www.suse.com/security/cve/CVE-2025-47910.html * https://bugzilla.suse.com/show_bug.cgi?id=1244485 * https://bugzilla.suse.com/show_bug.cgi?id=1247816 * https://bugzilla.suse.com/show_bug.cgi?id=1248082 * https://bugzilla.suse.com/show_bug.cgi?id=1249141 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Sep 12 16:31:20 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 12 Sep 2025 16:31:20 -0000 Subject: SUSE-SU-2025:03199-1: moderate: Security update for python-h2 Message-ID: <175769468062.29468.11083499488376435659@smelt2.prg2.suse.org> # Security update for python-h2 Announcement ID: SUSE-SU-2025:03199-1 Release Date: 2025-09-12T12:19:48Z Rating: moderate References: * bsc#1248737 Cross-References: * CVE-2025-57804 CVSS scores: * CVE-2025-57804 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-57804 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2025-57804 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Python 3 Module 15-SP6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-h2 fixes the following issues: * CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers (bsc#1248737) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2025-3199=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3199=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3199=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-3199=1 ## Package List: * Python 3 Module 15-SP7 (noarch) * python311-h2-4.1.0-150400.8.6.1 * openSUSE Leap 15.4 (noarch) * python311-h2-4.1.0-150400.8.6.1 * openSUSE Leap 15.6 (noarch) * python311-h2-4.1.0-150400.8.6.1 * Python 3 Module 15-SP6 (noarch) * python311-h2-4.1.0-150400.8.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-57804.html * https://bugzilla.suse.com/show_bug.cgi?id=1248737 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 15 08:30:17 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 15 Sep 2025 08:30:17 -0000 Subject: SUSE-SU-2025:03215-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP7) Message-ID: <175792501790.29615.15726598770332697141@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP7) Announcement ID: SUSE-SU-2025:03215-1 Release Date: 2025-09-14T23:18:15Z Rating: important References: * bsc#1236207 * bsc#1242579 * bsc#1244235 * bsc#1245505 * bsc#1245775 * bsc#1245791 * bsc#1245805 * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2025-21659 * CVE-2025-21701 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38087 * CVE-2025-38212 CVSS scores: * CVE-2025-21659 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-21659 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38087 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves eight vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150700_51 fixes several issues. The following security issues were fixed: * CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier (bsc#1245504). * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236207). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2025-3215=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP7_Update_0-debugsource-3-150700.3.6.2 * kernel-livepatch-6_4_0-150700_51-default-debuginfo-3-150700.3.6.2 * kernel-livepatch-6_4_0-150700_51-default-3-150700.3.6.2 ## References: * https://www.suse.com/security/cve/CVE-2025-21659.html * https://www.suse.com/security/cve/CVE-2025-21701.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38087.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1236207 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245505 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1245805 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 15 08:30:23 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 15 Sep 2025 08:30:23 -0000 Subject: SUSE-SU-2025:03214-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6) Message-ID: <175792502380.29615.10904944838422842298@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6) Announcement ID: SUSE-SU-2025:03214-1 Release Date: 2025-09-13T21:09:03Z Rating: important References: * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2025-38212 CVSS scores: * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_23_60 fixes several issues. The following security issue was fixed: * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3214=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3214=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_13-debugsource-3-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-3-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-3-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_13-debugsource-3-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-3-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-3-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 15 08:30:35 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 15 Sep 2025 08:30:35 -0000 Subject: SUSE-SU-2025:03213-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6) Message-ID: <175792503598.29615.6429437230187751792@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6) Announcement ID: SUSE-SU-2025:03213-1 Release Date: 2025-09-13T17:38:25Z Rating: important References: * bsc#1244235 * bsc#1245505 * bsc#1245775 * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38087 * CVE-2025-38212 CVSS scores: * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38087 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves four vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_23_53 fixes several issues. The following security issues were fixed: * CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier (bsc#1245504). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3213=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3213=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_12-debugsource-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_53-default-4-150600.2.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_12-debugsource-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_53-default-4-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38087.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245505 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 15 08:30:45 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 15 Sep 2025 08:30:45 -0000 Subject: SUSE-SU-2025:03212-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP6) Message-ID: <175792504524.29615.2897580853415473330@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP6) Announcement ID: SUSE-SU-2025:03212-1 Release Date: 2025-09-13T12:10:45Z Rating: important References: * bsc#1242579 * bsc#1244235 * bsc#1245505 * bsc#1245775 * bsc#1245791 * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38087 * CVE-2025-38212 CVSS scores: * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38087 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves six vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_23_47 fixes several issues. The following security issues were fixed: * CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier (bsc#1245504). * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3212=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3212=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_47-default-5-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_10-debugsource-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-5-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_47-default-5-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_10-debugsource-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-5-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38087.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245505 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 15 08:30:53 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 15 Sep 2025 08:30:53 -0000 Subject: SUSE-SU-2025:03210-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6) Message-ID: <175792505355.29615.17523153643541455121@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6) Announcement ID: SUSE-SU-2025:03210-1 Release Date: 2025-09-13T11:09:04Z Rating: important References: * bsc#1236207 * bsc#1242579 * bsc#1244235 * bsc#1245505 * bsc#1245775 * bsc#1245791 * bsc#1245805 * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2025-21659 * CVE-2025-21701 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38087 * CVE-2025-38212 CVSS scores: * CVE-2025-21659 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-21659 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38087 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves eight vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_23_38 fixes several issues. The following security issues were fixed: * CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier (bsc#1245504). * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236207). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3210=1 SUSE-2025-3211=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3210=1 SUSE-SLE- Module-Live-Patching-15-SP6-2025-3211=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_33-default-11-150600.2.1 * kernel-livepatch-6_4_0-150600_23_38-default-debuginfo-6-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_7-debugsource-11-150600.2.1 * kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-11-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_8-debugsource-6-150600.2.1 * kernel-livepatch-6_4_0-150600_23_38-default-6-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_33-default-11-150600.2.1 * kernel-livepatch-6_4_0-150600_23_38-default-debuginfo-6-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_7-debugsource-11-150600.2.1 * kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-11-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_8-debugsource-6-150600.2.1 * kernel-livepatch-6_4_0-150600_23_38-default-6-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21659.html * https://www.suse.com/security/cve/CVE-2025-21701.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38087.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1236207 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245505 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1245805 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 15 08:31:04 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 15 Sep 2025 08:31:04 -0000 Subject: SUSE-SU-2025:03209-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6) Message-ID: <175792506444.29615.6447813863935872577@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6) Announcement ID: SUSE-SU-2025:03209-1 Release Date: 2025-09-13T08:40:00Z Rating: important References: * bsc#1231676 * bsc#1231943 * bsc#1232271 * bsc#1236207 * bsc#1242579 * bsc#1244235 * bsc#1245505 * bsc#1245775 * bsc#1245791 * bsc#1245805 * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2024-47674 * CVE-2024-47706 * CVE-2024-49867 * CVE-2025-21659 * CVE-2025-21701 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38087 * CVE-2025-38212 CVSS scores: * CVE-2024-47674 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47706 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49867 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21659 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-21659 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38087 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 11 vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_23_22 fixes several issues. The following security issues were fixed: * CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier (bsc#1245504). * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232271). * CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236207). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231676). * CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805). * CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231943). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3209=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3209=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_4-debugsource-16-150600.2.1 * kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-16-150600.2.1 * kernel-livepatch-6_4_0-150600_23_22-default-16-150600.2.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_4-debugsource-16-150600.2.1 * kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-16-150600.2.1 * kernel-livepatch-6_4_0-150600_23_22-default-16-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47674.html * https://www.suse.com/security/cve/CVE-2024-47706.html * https://www.suse.com/security/cve/CVE-2024-49867.html * https://www.suse.com/security/cve/CVE-2025-21659.html * https://www.suse.com/security/cve/CVE-2025-21701.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38087.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1231676 * https://bugzilla.suse.com/show_bug.cgi?id=1231943 * https://bugzilla.suse.com/show_bug.cgi?id=1232271 * https://bugzilla.suse.com/show_bug.cgi?id=1236207 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245505 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1245805 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 15 08:31:11 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 15 Sep 2025 08:31:11 -0000 Subject: SUSE-SU-2025:03208-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP5) Message-ID: <175792507181.29615.4965475715027577846@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP5) Announcement ID: SUSE-SU-2025:03208-1 Release Date: 2025-09-13T00:04:01Z Rating: important References: * bsc#1237930 * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1245805 * bsc#1246030 Cross-References: * CVE-2022-49053 * CVE-2025-21701 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2022-49053 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_94 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-3208=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3208=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_94-default-6-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_23-debugsource-6-150500.2.1 * kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-6-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_94-default-6-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_23-debugsource-6-150500.2.1 * kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-6-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49053.html * https://www.suse.com/security/cve/CVE-2025-21701.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1237930 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1245805 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 15 08:31:18 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 15 Sep 2025 08:31:18 -0000 Subject: SUSE-SU-2025:03207-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP5) Message-ID: <175792507870.29615.843336192135956179@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP5) Announcement ID: SUSE-SU-2025:03207-1 Release Date: 2025-09-12T22:33:40Z Rating: important References: * bsc#1242579 * bsc#1244235 * bsc#1245775 * bsc#1245791 * bsc#1245805 * bsc#1246030 Cross-References: * CVE-2025-21701 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38212 CVSS scores: * CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_103 fixes several issues. The following security issues were fixed: * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-3207=1 SUSE-2025-3206=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3207=1 SUSE-SLE- Module-Live-Patching-15-SP5-2025-3206=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_100-default-5-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_25-debugsource-5-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_26-debugsource-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_103-default-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-5-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_100-default-5-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_25-debugsource-5-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_26-debugsource-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_103-default-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-5-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21701.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1245805 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 15 12:30:14 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 15 Sep 2025 12:30:14 -0000 Subject: SUSE-SU-2025:03223-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6) Message-ID: <175793941489.29468.4028434404878035999@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6) Announcement ID: SUSE-SU-2025:03223-1 Release Date: 2025-09-15T11:36:38Z Rating: important References: * bsc#1231676 * bsc#1231943 * bsc#1232271 * bsc#1236207 * bsc#1242579 * bsc#1244235 * bsc#1245505 * bsc#1245775 * bsc#1245791 * bsc#1245805 * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2024-47674 * CVE-2024-47706 * CVE-2024-49867 * CVE-2025-21659 * CVE-2025-21701 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38087 * CVE-2025-38212 CVSS scores: * CVE-2024-47674 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47706 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49867 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21659 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-21659 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38087 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 11 vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_23_17 fixes several issues. The following security issues were fixed: * CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier (bsc#1245504). * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232271). * CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236207). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231676). * CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805). * CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231943). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3223=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3223=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_3-debugsource-20-150600.2.1 * kernel-livepatch-6_4_0-150600_23_17-default-20-150600.2.1 * kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-20-150600.2.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_3-debugsource-20-150600.2.1 * kernel-livepatch-6_4_0-150600_23_17-default-20-150600.2.1 * kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-20-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47674.html * https://www.suse.com/security/cve/CVE-2024-47706.html * https://www.suse.com/security/cve/CVE-2024-49867.html * https://www.suse.com/security/cve/CVE-2025-21659.html * https://www.suse.com/security/cve/CVE-2025-21701.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38087.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1231676 * https://bugzilla.suse.com/show_bug.cgi?id=1231943 * https://bugzilla.suse.com/show_bug.cgi?id=1232271 * https://bugzilla.suse.com/show_bug.cgi?id=1236207 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245505 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1245805 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 15 12:30:19 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 15 Sep 2025 12:30:19 -0000 Subject: SUSE-SU-2025:03221-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP7) Message-ID: <175793941932.29468.6212082456430929374@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP7) Announcement ID: SUSE-SU-2025:03221-1 Release Date: 2025-09-15T09:36:01Z Rating: important References: * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2025-38212 CVSS scores: * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150700_53_6 fixes several issues. The following security issue was fixed: * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2025-3221=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_6-default-debuginfo-3-150700.2.1 * kernel-livepatch-6_4_0-150700_53_6-default-3-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_2-debugsource-3-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 15 12:30:24 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 15 Sep 2025 12:30:24 -0000 Subject: SUSE-SU-2025:03222-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP7) Message-ID: <175793942480.29468.6355112604031878224@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP7) Announcement ID: SUSE-SU-2025:03222-1 Release Date: 2025-09-15T10:34:35Z Rating: important References: * bsc#1244235 * bsc#1245505 * bsc#1245775 * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38087 * CVE-2025-38212 CVSS scores: * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38087 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves four vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150700_53_3 fixes several issues. The following security issues were fixed: * CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier (bsc#1245504). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3222=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3222=1 * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2025-3220=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-4-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_11-debugsource-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_50-default-4-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-4-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_11-debugsource-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_50-default-4-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_3-default-debuginfo-3-150700.2.1 * kernel-livepatch-6_4_0-150700_53_3-default-3-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_1-debugsource-3-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38087.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245505 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 15 12:30:34 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 15 Sep 2025 12:30:34 -0000 Subject: SUSE-SU-2025:03217-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6) Message-ID: <175793943484.29468.15609061614814176490@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6) Announcement ID: SUSE-SU-2025:03217-1 Release Date: 2025-09-15T08:34:21Z Rating: important References: * bsc#1236207 * bsc#1242579 * bsc#1244235 * bsc#1245505 * bsc#1245775 * bsc#1245791 * bsc#1245805 * bsc#1246030 * bsc#1248108 Cross-References: * CVE-2025-21659 * CVE-2025-21701 * CVE-2025-21999 * CVE-2025-37890 * CVE-2025-38000 * CVE-2025-38001 * CVE-2025-38087 * CVE-2025-38212 CVSS scores: * CVE-2025-21659 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-21659 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38087 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves eight vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_23_30 fixes several issues. The following security issues were fixed: * CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier (bsc#1245504). * CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579). * CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235). * CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236207). * CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775). * CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791). * CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805). * CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3217=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3217=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_30-default-11-150600.2.1 * kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-11-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_6-debugsource-11-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_30-default-11-150600.2.1 * kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-11-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_6-debugsource-11-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21659.html * https://www.suse.com/security/cve/CVE-2025-21701.html * https://www.suse.com/security/cve/CVE-2025-21999.html * https://www.suse.com/security/cve/CVE-2025-37890.html * https://www.suse.com/security/cve/CVE-2025-38000.html * https://www.suse.com/security/cve/CVE-2025-38001.html * https://www.suse.com/security/cve/CVE-2025-38087.html * https://www.suse.com/security/cve/CVE-2025-38212.html * https://bugzilla.suse.com/show_bug.cgi?id=1236207 * https://bugzilla.suse.com/show_bug.cgi?id=1242579 * https://bugzilla.suse.com/show_bug.cgi?id=1244235 * https://bugzilla.suse.com/show_bug.cgi?id=1245505 * https://bugzilla.suse.com/show_bug.cgi?id=1245775 * https://bugzilla.suse.com/show_bug.cgi?id=1245791 * https://bugzilla.suse.com/show_bug.cgi?id=1245805 * https://bugzilla.suse.com/show_bug.cgi?id=1246030 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 15 12:30:44 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 15 Sep 2025 12:30:44 -0000 Subject: SUSE-SU-2025:03225-1: important: Security update for cups-filters Message-ID: <175793944400.29468.7439793733106491441@smelt2.prg2.suse.org> # Security update for cups-filters Announcement ID: SUSE-SU-2025:03225-1 Release Date: 2025-09-15T11:39:34Z Rating: important References: * bsc#1230932 * bsc#1246533 Cross-References: * CVE-2024-47175 CVSS scores: * CVE-2024-47175 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H * CVE-2024-47175 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47175 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 LTS * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Retail Branch Server 4.3 LTS * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 LTS An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for cups-filters fixes the following issues: * CVE-2024-47175: no validation of IPP attributes in `ppdCreatePPDFromIPP2` when writing to a temporary PPD file allows for the injection of attacker- controlled data to the resulting PPD (bsc#1230932). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3225=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3225=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3225=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3225=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3225=1 * SUSE Manager Proxy 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-3225=1 * SUSE Manager Retail Branch Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-LTS-2025-3225=1 * SUSE Manager Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3225=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-3225=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3225=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3225=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3225=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3225=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3225=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3225=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3225=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3225=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3225=1 ## Package List: * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * cups-filters-debugsource-1.25.0-150200.3.22.1 * cups-filters-1.25.0-150200.3.22.1 * cups-filters-devel-1.25.0-150200.3.22.1 * cups-filters-debuginfo-1.25.0-150200.3.22.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * cups-filters-debugsource-1.25.0-150200.3.22.1 * cups-filters-1.25.0-150200.3.22.1 * cups-filters-devel-1.25.0-150200.3.22.1 * cups-filters-debuginfo-1.25.0-150200.3.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * cups-filters-debugsource-1.25.0-150200.3.22.1 * cups-filters-1.25.0-150200.3.22.1 * cups-filters-devel-1.25.0-150200.3.22.1 * cups-filters-debuginfo-1.25.0-150200.3.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * cups-filters-debugsource-1.25.0-150200.3.22.1 * cups-filters-1.25.0-150200.3.22.1 * cups-filters-devel-1.25.0-150200.3.22.1 * cups-filters-debuginfo-1.25.0-150200.3.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * cups-filters-debugsource-1.25.0-150200.3.22.1 * cups-filters-1.25.0-150200.3.22.1 * cups-filters-devel-1.25.0-150200.3.22.1 * cups-filters-debuginfo-1.25.0-150200.3.22.1 * SUSE Manager Proxy 4.3 LTS (x86_64) * cups-filters-debugsource-1.25.0-150200.3.22.1 * cups-filters-1.25.0-150200.3.22.1 * cups-filters-devel-1.25.0-150200.3.22.1 * cups-filters-debuginfo-1.25.0-150200.3.22.1 * SUSE Manager Retail Branch Server 4.3 LTS (x86_64) * cups-filters-debugsource-1.25.0-150200.3.22.1 * cups-filters-1.25.0-150200.3.22.1 * cups-filters-devel-1.25.0-150200.3.22.1 * cups-filters-debuginfo-1.25.0-150200.3.22.1 * SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64) * cups-filters-debugsource-1.25.0-150200.3.22.1 * cups-filters-1.25.0-150200.3.22.1 * cups-filters-devel-1.25.0-150200.3.22.1 * cups-filters-debuginfo-1.25.0-150200.3.22.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * cups-filters-debugsource-1.25.0-150200.3.22.1 * cups-filters-1.25.0-150200.3.22.1 * cups-filters-devel-1.25.0-150200.3.22.1 * cups-filters-debuginfo-1.25.0-150200.3.22.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * cups-filters-debugsource-1.25.0-150200.3.22.1 * cups-filters-1.25.0-150200.3.22.1 * cups-filters-devel-1.25.0-150200.3.22.1 * cups-filters-debuginfo-1.25.0-150200.3.22.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * cups-filters-debugsource-1.25.0-150200.3.22.1 * cups-filters-1.25.0-150200.3.22.1 * cups-filters-devel-1.25.0-150200.3.22.1 * cups-filters-debuginfo-1.25.0-150200.3.22.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * cups-filters-debugsource-1.25.0-150200.3.22.1 * cups-filters-1.25.0-150200.3.22.1 * cups-filters-devel-1.25.0-150200.3.22.1 * cups-filters-debuginfo-1.25.0-150200.3.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * cups-filters-debugsource-1.25.0-150200.3.22.1 * cups-filters-1.25.0-150200.3.22.1 * cups-filters-devel-1.25.0-150200.3.22.1 * cups-filters-debuginfo-1.25.0-150200.3.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * cups-filters-debugsource-1.25.0-150200.3.22.1 * cups-filters-1.25.0-150200.3.22.1 * cups-filters-devel-1.25.0-150200.3.22.1 * cups-filters-debuginfo-1.25.0-150200.3.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * cups-filters-debugsource-1.25.0-150200.3.22.1 * cups-filters-1.25.0-150200.3.22.1 * cups-filters-devel-1.25.0-150200.3.22.1 * cups-filters-debuginfo-1.25.0-150200.3.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * cups-filters-debugsource-1.25.0-150200.3.22.1 * cups-filters-1.25.0-150200.3.22.1 * cups-filters-devel-1.25.0-150200.3.22.1 * cups-filters-debuginfo-1.25.0-150200.3.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * cups-filters-debugsource-1.25.0-150200.3.22.1 * cups-filters-1.25.0-150200.3.22.1 * cups-filters-devel-1.25.0-150200.3.22.1 * cups-filters-debuginfo-1.25.0-150200.3.22.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * cups-filters-debugsource-1.25.0-150200.3.22.1 * cups-filters-1.25.0-150200.3.22.1 * cups-filters-devel-1.25.0-150200.3.22.1 * cups-filters-debuginfo-1.25.0-150200.3.22.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47175.html * https://bugzilla.suse.com/show_bug.cgi?id=1230932 * https://bugzilla.suse.com/show_bug.cgi?id=1246533 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 15 12:30:49 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 15 Sep 2025 12:30:49 -0000 Subject: SUSE-SU-2025:03224-1: important: Security update for java-1_8_0-openjdk Message-ID: <175793944997.29468.3856404175291653322@smelt2.prg2.suse.org> # Security update for java-1_8_0-openjdk Announcement ID: SUSE-SU-2025:03224-1 Release Date: 2025-09-15T11:38:07Z Rating: important References: * bsc#1246580 * bsc#1246584 * bsc#1246595 * bsc#1246598 * bsc#1246806 Cross-References: * CVE-2025-30749 * CVE-2025-30754 * CVE-2025-30761 * CVE-2025-50106 CVSS scores: * CVE-2025-30749 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-30749 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-30749 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-30754 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-30754 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-30754 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-30761 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-30761 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-50106 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-50106 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Legacy Module 15-SP6 * Legacy Module 15-SP7 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves four vulnerabilities and has one security fix can now be installed. ## Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u462 (icedtea-3.36.0). Security issues fixed: * CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java applications that load and run untrusted code (bsc#1246595). * CVE-2025-30754: incomplete handshake allows unauthenticated attacker with network access via TLS to gain unauthorized update, insert, delete and read access to sensitive data (bsc#1246598). * CVE-2025-30761: issue in Scripting component allows unauthenticated attacker with network access to gain unauthorized creation, deletion or modification access to critical data (bsc#1246580). * CVE-2025-50106: Glyph out-of-memory access allows unauthenticated attacker with network access to compromise and takeover Java applications that load and run untrusted code (bsc#1246584). Other issues fixed: * Import of OpenJDK 8 u462 build 08 * JDK-8026976: ECParameters, Point does not match field size. * JDK-8071996: split_if accesses NULL region of ConstraintCast. * JDK-8186143: keytool -ext option doesn't accept wildcards for DNS subject alternative names. * JDK-8186787: clang-4.0 SIGSEGV in Unsafe_PutByte. * JDK-8248001: javadoc generates invalid HTML pages whose ftp:// links are broken. * JDK-8278472: Invalid value set to CANDIDATEFORM structure. * JDK-8293107: GHA: Bump to Ubuntu 22.04. * JDK-8303770: Remove Baltimore root certificate expiring in May 2025. * JDK-8309841: Jarsigner should print a warning if an entry is removed. * JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract. * JDK-8345625: Better HTTP connections. * JDK-8346887: DrawFocusRect() may cause an assertion failure. * JDK-8349111: Enhance Swing supports. * JDK-8350498: Remove two Camerfirma root CA certificates. * JDK-8352716: (tz) Update Timezone Data to 2025b. * JDK-8353433: XCG currency code not recognized in JDK 8u. * JDK-8356096: ISO 4217 Amendment 179 Update. * JDK-8359170: Add 2 TLS and 2 CS Sectigo roots. * Backports * JDK-8358538: Update GHA Windows runner to 2025. * JDK-8354941: Build failure with glibc 2.42 due to uabs() name collision. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3224=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-3224=1 * Legacy Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2025-3224=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3224=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3224=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3224=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3224=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3224=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3224=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3224=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3224=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3224=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-3224=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-accessibility-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-src-1.8.0.462-150000.3.109.1 * openSUSE Leap 15.6 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.462-150000.3.109.1 * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1 * Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-1.8.0.462-150000.3.109.1 * java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1 ## References: * https://www.suse.com/security/cve/CVE-2025-30749.html * https://www.suse.com/security/cve/CVE-2025-30754.html * https://www.suse.com/security/cve/CVE-2025-30761.html * https://www.suse.com/security/cve/CVE-2025-50106.html * https://bugzilla.suse.com/show_bug.cgi?id=1246580 * https://bugzilla.suse.com/show_bug.cgi?id=1246584 * https://bugzilla.suse.com/show_bug.cgi?id=1246595 * https://bugzilla.suse.com/show_bug.cgi?id=1246598 * https://bugzilla.suse.com/show_bug.cgi?id=1246806 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Sep 15 12:30:54 2025 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 15 Sep 2025 12:30:54 -0000 Subject: SUSE-SU-2025:03219-1: moderate: Security update for jasper Message-ID: <175793945418.29468.1621287187910143230@smelt2.prg2.suse.org> # Security update for jasper Announcement ID: SUSE-SU-2025:03219-1 Release Date: 2025-09-15T09:19:18Z Rating: moderate References: * bsc#1247901 * bsc#1247902 * bsc#1247904 Cross-References: * CVE-2025-8835 * CVE-2025-8836 * CVE-2025-8837 CVSS scores: * CVE-2025-8835 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-8835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-8835 ( NVD ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-8835 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-8836 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-8836 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-8836 ( NVD ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-8836 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-8837 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-8837 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-8837 ( NVD ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-8837 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for jasper fixes the following issues: * CVE-2025-8835: missing range check in the JPEG-2000 (JPC) Encoder leads to assertion failure and crash when processing a malformed JPEG2000 image with an invalid `cblkwidth` parameter (bsc#1247904). * CVE-2025-8836: out-of-bounds array indexing in function `jas_image_chclrspc` leads to crash when processing a malformed image file with BMP output format and color space conversion (bsc#1247902). * CVE-2025-8837: missing operations in cleanup code of the JPEG-2000 (JPC) Encoder leads to use-after-free when processing malformed JPEG2000 images with certain debug levels enabled (bsc#1247901). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3219=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3219=1 ## Package List: * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libjasper4-debuginfo-2.0.14-150000.3.37.1 * jasper-debuginfo-2.0.14-150000.3.37.1 * libjasper4-2.0.14-150000.3.37.1 * jasper-debugsource-2.0.14-150000.3.37.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libjasper4-debuginfo-2.0.14-150000.3.37.1 * jasper-debuginfo-2.0.14-150000.3.37.1 * libjasper4-2.0.14-150000.3.37.1 * jasper-debugsource-2.0.14-150000.3.37.1 ## References: * https://www.suse.com/security/cve/CVE-2025-8835.html * https://www.suse.com/security/cve/CVE-2025-8836.html * https://www.suse.com/security/cve/CVE-2025-8837.html * https://bugzilla.suse.com/show_bug.cgi?id=1247901 * https://bugzilla.suse.com/show_bug.cgi?id=1247902 * https://bugzilla.suse.com/show_bug.cgi?id=1247904 -------------- next part -------------- An HTML attachment was scrubbed... URL: