From null at suse.de Fri Jan 2 20:30:03 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 02 Jan 2026 20:30:03 -0000 Subject: SUSE-SU-2026:0005-1: moderate: Security update for rsync Message-ID: <176738580348.2971.3387141995853529156@smelt2.prg2.suse.org> # Security update for rsync Announcement ID: SUSE-SU-2026:0005-1 Release Date: 2026-01-02T12:30:51Z Rating: moderate References: * bsc#1254441 Cross-References: * CVE-2025-10158 CVSS scores: * CVE-2025-10158 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-10158 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for rsync fixes the following issues: * CVE-2025-10158: Fixed out of bounds array access via negative index (bsc#1254441) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-5=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * rsync-debugsource-3.1.3-3.34.1 * rsync-3.1.3-3.34.1 * rsync-debuginfo-3.1.3-3.34.1 ## References: * https://www.suse.com/security/cve/CVE-2025-10158.html * https://bugzilla.suse.com/show_bug.cgi?id=1254441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Jan 5 16:30:07 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 Jan 2026 16:30:07 -0000 Subject: SUSE-SU-2026:0022-1: important: Security update for qemu Message-ID: <176763060778.22147.1991465528257576662@smelt2.prg2.suse.org> # Security update for qemu Announcement ID: SUSE-SU-2026:0022-1 Release Date: 2026-01-05T11:19:59Z Rating: important References: * bsc#1250984 * bsc#1252768 * bsc#1253002 * bsc#1254286 Cross-References: * CVE-2025-11234 * CVE-2025-12464 CVSS scores: * CVE-2025-11234 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-11234 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-11234 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-12464 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-12464 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-12464 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities and has two security fixes can now be installed. ## Description: This update for qemu fixes the following issues: Security issues fixed: * CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host (bsc#1253002). * CVE-2025-11234: use-after-free in WebSocket handshake operations can be exploited by a malicious client with network access to the VNC WebSocket port to cause a denial-of-service (bsc#1250984). Other updates and bugfixes: * [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286). * block/curl: fix curl internal handles handling (bsc#1252768). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-22=1 openSUSE-SLE-15.6-2026-22=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-22=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-22=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * qemu-x86-8.2.10-150600.3.43.1 * qemu-vhost-user-gpu-debuginfo-8.2.10-150600.3.43.1 * qemu-audio-pa-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-s390x-virtio-gpu-ccw-8.2.10-150600.3.43.1 * qemu-block-iscsi-debuginfo-8.2.10-150600.3.43.1 * qemu-accel-qtest-8.2.10-150600.3.43.1 * qemu-audio-spice-8.2.10-150600.3.43.1 * qemu-hw-usb-smartcard-8.2.10-150600.3.43.1 * qemu-ui-spice-app-debuginfo-8.2.10-150600.3.43.1 * qemu-ui-dbus-debuginfo-8.2.10-150600.3.43.1 * qemu-audio-spice-debuginfo-8.2.10-150600.3.43.1 * qemu-tools-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-usb-redirect-8.2.10-150600.3.43.1 * qemu-linux-user-8.2.10-150600.3.43.1 * qemu-block-ssh-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-display-virtio-gpu-8.2.10-150600.3.43.1 * qemu-ui-gtk-8.2.10-150600.3.43.1 * qemu-audio-alsa-8.2.10-150600.3.43.1 * qemu-hw-usb-redirect-debuginfo-8.2.10-150600.3.43.1 * qemu-audio-pa-8.2.10-150600.3.43.1 * qemu-guest-agent-debuginfo-8.2.10-150600.3.43.1 * qemu-block-nfs-debuginfo-8.2.10-150600.3.43.1 * qemu-block-dmg-8.2.10-150600.3.43.1 * qemu-chardev-spice-8.2.10-150600.3.43.1 * qemu-spice-8.2.10-150600.3.43.1 * qemu-hw-usb-smartcard-debuginfo-8.2.10-150600.3.43.1 * qemu-ui-curses-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-display-qxl-8.2.10-150600.3.43.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-8.2.10-150600.3.43.1 * qemu-x86-debuginfo-8.2.10-150600.3.43.1 * qemu-chardev-spice-debuginfo-8.2.10-150600.3.43.1 * qemu-ui-opengl-8.2.10-150600.3.43.1 * qemu-ui-spice-core-8.2.10-150600.3.43.1 * qemu-block-dmg-debuginfo-8.2.10-150600.3.43.1 * qemu-ppc-8.2.10-150600.3.43.1 * qemu-ivshmem-tools-debuginfo-8.2.10-150600.3.43.1 * qemu-img-8.2.10-150600.3.43.1 * qemu-accel-tcg-x86-8.2.10-150600.3.43.1 * qemu-ui-dbus-8.2.10-150600.3.43.1 * qemu-audio-pipewire-8.2.10-150600.3.43.1 * qemu-audio-dbus-8.2.10-150600.3.43.1 * qemu-ksm-8.2.10-150600.3.43.1 * qemu-accel-qtest-debuginfo-8.2.10-150600.3.43.1 * qemu-audio-jack-8.2.10-150600.3.43.1 * qemu-tools-8.2.10-150600.3.43.1 * qemu-audio-dbus-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-display-qxl-debuginfo-8.2.10-150600.3.43.1 * qemu-ivshmem-tools-8.2.10-150600.3.43.1 * qemu-block-iscsi-8.2.10-150600.3.43.1 * qemu-pr-helper-8.2.10-150600.3.43.1 * qemu-arm-debuginfo-8.2.10-150600.3.43.1 * qemu-chardev-baum-8.2.10-150600.3.43.1 * qemu-hw-display-virtio-vga-debuginfo-8.2.10-150600.3.43.1 * qemu-pr-helper-debuginfo-8.2.10-150600.3.43.1 * qemu-extra-8.2.10-150600.3.43.1 * qemu-audio-alsa-debuginfo-8.2.10-150600.3.43.1 * qemu-debugsource-8.2.10-150600.3.43.1 * qemu-audio-pipewire-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-usb-host-8.2.10-150600.3.43.1 * qemu-arm-8.2.10-150600.3.43.1 * qemu-headless-8.2.10-150600.3.43.1 * qemu-block-gluster-8.2.10-150600.3.43.1 * qemu-block-nfs-8.2.10-150600.3.43.1 * qemu-audio-jack-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-display-virtio-gpu-debuginfo-8.2.10-150600.3.43.1 * qemu-block-curl-debuginfo-8.2.10-150600.3.43.1 * qemu-ui-opengl-debuginfo-8.2.10-150600.3.43.1 * qemu-extra-debuginfo-8.2.10-150600.3.43.1 * qemu-vhost-user-gpu-8.2.10-150600.3.43.1 * qemu-ui-spice-core-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-display-virtio-vga-8.2.10-150600.3.43.1 * qemu-s390x-8.2.10-150600.3.43.1 * qemu-8.2.10-150600.3.43.1 * qemu-ppc-debuginfo-8.2.10-150600.3.43.1 * qemu-linux-user-debugsource-8.2.10-150600.3.43.1 * qemu-chardev-baum-debuginfo-8.2.10-150600.3.43.1 * qemu-block-ssh-8.2.10-150600.3.43.1 * qemu-hw-display-virtio-gpu-pci-8.2.10-150600.3.43.1 * qemu-ui-spice-app-8.2.10-150600.3.43.1 * qemu-audio-oss-8.2.10-150600.3.43.1 * qemu-guest-agent-8.2.10-150600.3.43.1 * qemu-ui-gtk-debuginfo-8.2.10-150600.3.43.1 * qemu-block-gluster-debuginfo-8.2.10-150600.3.43.1 * qemu-linux-user-debuginfo-8.2.10-150600.3.43.1 * qemu-s390x-debuginfo-8.2.10-150600.3.43.1 * qemu-accel-tcg-x86-debuginfo-8.2.10-150600.3.43.1 * qemu-ui-curses-8.2.10-150600.3.43.1 * qemu-block-curl-8.2.10-150600.3.43.1 * qemu-debuginfo-8.2.10-150600.3.43.1 * qemu-img-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-usb-host-debuginfo-8.2.10-150600.3.43.1 * qemu-audio-oss-debuginfo-8.2.10-150600.3.43.1 * openSUSE Leap 15.6 (noarch) * qemu-skiboot-8.2.10-150600.3.43.1 * qemu-doc-8.2.10-150600.3.43.1 * qemu-ipxe-8.2.10-150600.3.43.1 * qemu-seabios-8.2.101.16.3_3_ga95067eb-150600.3.43.1 * qemu-lang-8.2.10-150600.3.43.1 * qemu-microvm-8.2.10-150600.3.43.1 * qemu-vgabios-8.2.101.16.3_3_ga95067eb-150600.3.43.1 * qemu-SLOF-8.2.10-150600.3.43.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * qemu-block-rbd-8.2.10-150600.3.43.1 * qemu-block-rbd-debuginfo-8.2.10-150600.3.43.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * qemu-8.2.10-150600.3.43.1 * qemu-chardev-baum-8.2.10-150600.3.43.1 * qemu-hw-display-virtio-vga-debuginfo-8.2.10-150600.3.43.1 * qemu-block-iscsi-debuginfo-8.2.10-150600.3.43.1 * qemu-pr-helper-8.2.10-150600.3.43.1 * qemu-spice-8.2.10-150600.3.43.1 * qemu-chardev-baum-debuginfo-8.2.10-150600.3.43.1 * qemu-pr-helper-debuginfo-8.2.10-150600.3.43.1 * qemu-audio-spice-8.2.10-150600.3.43.1 * qemu-block-rbd-8.2.10-150600.3.43.1 * qemu-debugsource-8.2.10-150600.3.43.1 * qemu-ui-dbus-debuginfo-8.2.10-150600.3.43.1 * qemu-audio-spice-debuginfo-8.2.10-150600.3.43.1 * qemu-audio-pipewire-debuginfo-8.2.10-150600.3.43.1 * qemu-tools-debuginfo-8.2.10-150600.3.43.1 * qemu-chardev-spice-debuginfo-8.2.10-150600.3.43.1 * qemu-ui-opengl-8.2.10-150600.3.43.1 * qemu-ui-spice-core-8.2.10-150600.3.43.1 * qemu-block-ssh-8.2.10-150600.3.43.1 * qemu-hw-usb-host-8.2.10-150600.3.43.1 * qemu-headless-8.2.10-150600.3.43.1 * qemu-guest-agent-8.2.10-150600.3.43.1 * qemu-block-nfs-8.2.10-150600.3.43.1 * qemu-hw-usb-redirect-8.2.10-150600.3.43.1 * qemu-img-8.2.10-150600.3.43.1 * qemu-block-ssh-debuginfo-8.2.10-150600.3.43.1 * qemu-ui-dbus-8.2.10-150600.3.43.1 * qemu-audio-pipewire-8.2.10-150600.3.43.1 * qemu-audio-dbus-8.2.10-150600.3.43.1 * qemu-block-curl-debuginfo-8.2.10-150600.3.43.1 * qemu-ksm-8.2.10-150600.3.43.1 * qemu-hw-usb-redirect-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-usb-host-debuginfo-8.2.10-150600.3.43.1 * qemu-ui-opengl-debuginfo-8.2.10-150600.3.43.1 * qemu-guest-agent-debuginfo-8.2.10-150600.3.43.1 * qemu-tools-8.2.10-150600.3.43.1 * qemu-ui-curses-8.2.10-150600.3.43.1 * qemu-block-rbd-debuginfo-8.2.10-150600.3.43.1 * qemu-ui-curses-debuginfo-8.2.10-150600.3.43.1 * qemu-block-nfs-debuginfo-8.2.10-150600.3.43.1 * qemu-audio-dbus-debuginfo-8.2.10-150600.3.43.1 * qemu-block-curl-8.2.10-150600.3.43.1 * qemu-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-display-virtio-vga-8.2.10-150600.3.43.1 * qemu-chardev-spice-8.2.10-150600.3.43.1 * qemu-img-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-display-qxl-debuginfo-8.2.10-150600.3.43.1 * qemu-block-iscsi-8.2.10-150600.3.43.1 * qemu-ui-spice-core-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-display-qxl-8.2.10-150600.3.43.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64) * qemu-arm-debuginfo-8.2.10-150600.3.43.1 * qemu-arm-8.2.10-150600.3.43.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * qemu-skiboot-8.2.10-150600.3.43.1 * qemu-ipxe-8.2.10-150600.3.43.1 * qemu-seabios-8.2.101.16.3_3_ga95067eb-150600.3.43.1 * qemu-lang-8.2.10-150600.3.43.1 * qemu-vgabios-8.2.101.16.3_3_ga95067eb-150600.3.43.1 * qemu-SLOF-8.2.10-150600.3.43.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le x86_64) * qemu-ui-spice-app-8.2.10-150600.3.43.1 * qemu-ui-spice-app-debuginfo-8.2.10-150600.3.43.1 * qemu-ui-gtk-8.2.10-150600.3.43.1 * qemu-ui-gtk-debuginfo-8.2.10-150600.3.43.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (ppc64le) * qemu-ppc-debuginfo-8.2.10-150600.3.43.1 * qemu-ppc-8.2.10-150600.3.43.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (s390x x86_64) * qemu-hw-display-virtio-gpu-8.2.10-150600.3.43.1 * qemu-hw-display-virtio-gpu-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-display-virtio-gpu-pci-8.2.10-150600.3.43.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (s390x) * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-8.2.10-150600.3.43.1 * qemu-s390x-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-s390x-virtio-gpu-ccw-8.2.10-150600.3.43.1 * qemu-s390x-8.2.10-150600.3.43.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * qemu-x86-8.2.10-150600.3.43.1 * qemu-audio-pa-debuginfo-8.2.10-150600.3.43.1 * qemu-accel-tcg-x86-8.2.10-150600.3.43.1 * qemu-accel-tcg-x86-debuginfo-8.2.10-150600.3.43.1 * qemu-audio-alsa-8.2.10-150600.3.43.1 * qemu-audio-alsa-debuginfo-8.2.10-150600.3.43.1 * qemu-x86-debuginfo-8.2.10-150600.3.43.1 * qemu-audio-pa-8.2.10-150600.3.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * qemu-8.2.10-150600.3.43.1 * qemu-chardev-baum-8.2.10-150600.3.43.1 * qemu-hw-display-virtio-vga-debuginfo-8.2.10-150600.3.43.1 * qemu-block-iscsi-debuginfo-8.2.10-150600.3.43.1 * qemu-pr-helper-8.2.10-150600.3.43.1 * qemu-spice-8.2.10-150600.3.43.1 * qemu-chardev-baum-debuginfo-8.2.10-150600.3.43.1 * qemu-pr-helper-debuginfo-8.2.10-150600.3.43.1 * qemu-audio-spice-8.2.10-150600.3.43.1 * qemu-ui-spice-app-debuginfo-8.2.10-150600.3.43.1 * qemu-block-rbd-8.2.10-150600.3.43.1 * qemu-debugsource-8.2.10-150600.3.43.1 * qemu-ui-dbus-debuginfo-8.2.10-150600.3.43.1 * qemu-audio-spice-debuginfo-8.2.10-150600.3.43.1 * qemu-audio-pipewire-debuginfo-8.2.10-150600.3.43.1 * qemu-tools-debuginfo-8.2.10-150600.3.43.1 * qemu-chardev-spice-debuginfo-8.2.10-150600.3.43.1 * qemu-ui-opengl-8.2.10-150600.3.43.1 * qemu-ui-spice-core-8.2.10-150600.3.43.1 * qemu-block-ssh-8.2.10-150600.3.43.1 * qemu-hw-usb-host-8.2.10-150600.3.43.1 * qemu-ui-spice-app-8.2.10-150600.3.43.1 * qemu-headless-8.2.10-150600.3.43.1 * qemu-guest-agent-8.2.10-150600.3.43.1 * qemu-ui-gtk-debuginfo-8.2.10-150600.3.43.1 * qemu-block-nfs-8.2.10-150600.3.43.1 * qemu-hw-usb-redirect-8.2.10-150600.3.43.1 * qemu-img-8.2.10-150600.3.43.1 * qemu-block-ssh-debuginfo-8.2.10-150600.3.43.1 * qemu-ui-gtk-8.2.10-150600.3.43.1 * qemu-ui-dbus-8.2.10-150600.3.43.1 * qemu-audio-pipewire-8.2.10-150600.3.43.1 * qemu-audio-dbus-8.2.10-150600.3.43.1 * qemu-block-curl-debuginfo-8.2.10-150600.3.43.1 * qemu-ksm-8.2.10-150600.3.43.1 * qemu-hw-usb-redirect-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-usb-host-debuginfo-8.2.10-150600.3.43.1 * qemu-ui-opengl-debuginfo-8.2.10-150600.3.43.1 * qemu-guest-agent-debuginfo-8.2.10-150600.3.43.1 * qemu-tools-8.2.10-150600.3.43.1 * qemu-ui-curses-8.2.10-150600.3.43.1 * qemu-block-rbd-debuginfo-8.2.10-150600.3.43.1 * qemu-ui-curses-debuginfo-8.2.10-150600.3.43.1 * qemu-block-nfs-debuginfo-8.2.10-150600.3.43.1 * qemu-audio-dbus-debuginfo-8.2.10-150600.3.43.1 * qemu-block-curl-8.2.10-150600.3.43.1 * qemu-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-display-virtio-vga-8.2.10-150600.3.43.1 * qemu-chardev-spice-8.2.10-150600.3.43.1 * qemu-img-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-display-qxl-debuginfo-8.2.10-150600.3.43.1 * qemu-block-iscsi-8.2.10-150600.3.43.1 * qemu-ui-spice-core-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-display-qxl-8.2.10-150600.3.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * qemu-skiboot-8.2.10-150600.3.43.1 * qemu-ipxe-8.2.10-150600.3.43.1 * qemu-seabios-8.2.101.16.3_3_ga95067eb-150600.3.43.1 * qemu-lang-8.2.10-150600.3.43.1 * qemu-vgabios-8.2.101.16.3_3_ga95067eb-150600.3.43.1 * qemu-SLOF-8.2.10-150600.3.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le) * qemu-ppc-debuginfo-8.2.10-150600.3.43.1 * qemu-ppc-8.2.10-150600.3.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * qemu-x86-8.2.10-150600.3.43.1 * qemu-audio-pa-debuginfo-8.2.10-150600.3.43.1 * qemu-hw-display-virtio-gpu-8.2.10-150600.3.43.1 * qemu-hw-display-virtio-gpu-debuginfo-8.2.10-150600.3.43.1 * qemu-accel-tcg-x86-8.2.10-150600.3.43.1 * qemu-accel-tcg-x86-debuginfo-8.2.10-150600.3.43.1 * qemu-audio-alsa-8.2.10-150600.3.43.1 * qemu-hw-display-virtio-gpu-pci-8.2.10-150600.3.43.1 * qemu-audio-alsa-debuginfo-8.2.10-150600.3.43.1 * qemu-x86-debuginfo-8.2.10-150600.3.43.1 * qemu-audio-pa-8.2.10-150600.3.43.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-8.2.10-150600.3.43.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11234.html * https://www.suse.com/security/cve/CVE-2025-12464.html * https://bugzilla.suse.com/show_bug.cgi?id=1250984 * https://bugzilla.suse.com/show_bug.cgi?id=1252768 * https://bugzilla.suse.com/show_bug.cgi?id=1253002 * https://bugzilla.suse.com/show_bug.cgi?id=1254286 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Jan 5 16:30:27 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 Jan 2026 16:30:27 -0000 Subject: SUSE-SU-2026:0021-1: important: Security update for webkit2gtk3 Message-ID: <176763062749.22147.5544493996139577715@smelt2.prg2.suse.org> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2026:0021-1 Release Date: 2026-01-05T11:16:02Z Rating: important References: * bsc#1254164 * bsc#1254165 * bsc#1254166 * bsc#1254167 * bsc#1254168 * bsc#1254169 * bsc#1254170 * bsc#1254171 * bsc#1254172 * bsc#1254174 * bsc#1254175 * bsc#1254176 * bsc#1254177 * bsc#1254179 * bsc#1254208 * bsc#1254473 * bsc#1254498 * bsc#1254509 * bsc#1255183 * bsc#1255191 * bsc#1255194 * bsc#1255195 * bsc#1255198 * bsc#1255200 * bsc#1255497 Cross-References: * CVE-2023-43000 * CVE-2025-13502 * CVE-2025-13947 * CVE-2025-14174 * CVE-2025-43392 * CVE-2025-43419 * CVE-2025-43421 * CVE-2025-43425 * CVE-2025-43427 * CVE-2025-43429 * CVE-2025-43430 * CVE-2025-43431 * CVE-2025-43432 * CVE-2025-43434 * CVE-2025-43440 * CVE-2025-43443 * CVE-2025-43458 * CVE-2025-43480 * CVE-2025-43501 * CVE-2025-43529 * CVE-2025-43531 * CVE-2025-43535 * CVE-2025-43536 * CVE-2025-43541 * CVE-2025-66287 CVSS scores: * CVE-2023-43000 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-43000 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-43000 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-13502 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-13502 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-13502 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-13947 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N * CVE-2025-13947 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N * CVE-2025-14174 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-14174 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-14174 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43392 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-43392 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-43392 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-43419 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43419 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43419 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43421 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-43421 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43421 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43425 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-43425 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43425 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43427 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-43427 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43427 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43429 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-43429 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43429 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43430 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-43430 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43430 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43431 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L * CVE-2025-43431 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43432 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-43432 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43432 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43434 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-43434 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43434 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43440 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-43440 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43440 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43443 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-43443 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43443 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43458 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-43458 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43458 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43480 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-43480 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-43480 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2025-43501 ( SUSE ): 6.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-43501 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43501 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43529 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43529 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43529 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43531 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-43531 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43531 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43535 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-43535 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43535 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43536 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-43536 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43536 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43541 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-43541 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43541 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-66287 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-66287 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-66287 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP6 * Desktop Applications Module 15-SP7 * Development Tools Module 15-SP6 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 25 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.50.4. Security issues fixed: * CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a UIProcess crash due to an out-of- bounds read and an integer underflow (bsc#1254208). * CVE-2025-13947: use of the file drag-and-drop mechanism may lead to remote information disclosure due to a lack of verification of the origins of drag operations (bsc#1254473). * CVE-2025-14174: processing maliciously crafted web content may lead to memory corruption due to improper validation (bsc#1255497). * CVE-2025-43392: websites may exfiltrate image data cross-origin due to issues with cache handling (bsc#1254165). * CVE-2025-43421: processing maliciously crafted web content may lead to an unexpected process crash due to enabled array allocation sinking (bsc#1254167). * CVE-2025-43425: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1254168). * CVE-2025-43427: processing maliciously crafted web content may lead to an unexpected process crash due to issues with state management (bsc#1254169). * CVE-2025-43429: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer overflow issue (bsc#1254174). * CVE-2025-43430: processing maliciously crafted web content may lead to an unexpected process crash due to issues with state management (bsc#1254172). * CVE-2025-43431: processing maliciously crafted web content may lead to memory corruption due to improper memory handling (bsc#1254170). * CVE-2025-43432: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after-free issue (bsc#1254171). * CVE-2025-43434: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after-free issue (bsc#1254179). * CVE-2025-43440: processing maliciously crafted web content may lead to an unexpected process crash due to missing checks (bsc#1254177). * CVE-2025-43443: processing maliciously crafted web content may lead to an unexpected process crash due to missing checks (bsc#1254176). * CVE-2025-43458: processing maliciously crafted web content may lead to an unexpected process crash due to issues with state management (bsc#1254498). * CVE-2025-43501: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer overflow issue (bsc#1255194). * CVE-2025-43529: processing maliciously crafted web content may lead to arbitrary code execution due to a use-after-free issue (bsc#1255198). * CVE-2025-43531: processing maliciously crafted web content may lead to an unexpected process crash due to a race condition (bsc#1255183). * CVE-2025-43535: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1255195). * CVE-2025-43536: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after-free issue (bsc#1255200). * CVE-2025-43541: processing maliciously crafted web content may lead to an unexpected process crash due to type confusion (bsc#1255191). * CVE-2025-66287: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1254509). Other issues fixed and changes: * Version 2.50.4: * Correctly handle the program name passed to the sleep disabler. * Ensure GStreamer is initialized before using the Quirks. * Fix several crashes and rendering issues. * Version 2.50.3: * Fix seeking and looping of media elements that set the "loop" property. * Fix several crashes and rendering issues. * Version 2.50.2: * Prevent unsafe URI schemes from participating in media playback. * Make jsc_value_array_buffer_get_data() function introspectable. * Fix logging in to Google accounts that have a WebAuthn second factor configured. * Fix loading webkit://gpu when there are no threads configured for GPU rendering. * Fix rendering gradiants that use the CSS hue interpolation method. * Fix pasting image data from the clipboard. * Fix font-family selection when the font name contains spaces. * Fix the build with standard C libraries that lack execinfo.h, like Musl or uClibc. * Fix capturing canvas snapshots in the Web Inspector. * Fix several crashes and rendering issues. * Fix a11y regression where AT-SPI roles were mapped incorrectly. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-21=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-21=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-21=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-21=1 openSUSE-SLE-15.6-2026-21=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2026-21=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-21=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2026-21=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-21=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2026-21=1 ## Package List: * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * webkit2gtk4-debugsource-2.50.4-150600.12.54.1 * typelib-1_0-JavaScriptCore-6_0-2.50.4-150600.12.54.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.50.4-150600.12.54.1 * typelib-1_0-WebKit-6_0-2.50.4-150600.12.54.1 * webkit2gtk4-devel-2.50.4-150600.12.54.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * WebKitGTK-4.0-lang-2.50.4-150600.12.54.1 * WebKitGTK-6.0-lang-2.50.4-150600.12.54.1 * WebKitGTK-4.1-lang-2.50.4-150600.12.54.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libwebkit2gtk-4_1-0-debuginfo-2.50.4-150600.12.54.1 * libwebkit2gtk-4_0-37-debuginfo-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.50.4-150600.12.54.1 * webkit2gtk-4_0-injected-bundles-2.50.4-150600.12.54.1 * webkit2gtk-4_1-injected-bundles-2.50.4-150600.12.54.1 * webkit2gtk3-soup2-debugsource-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_1-0-2.50.4-150600.12.54.1 * webkit2gtk4-debugsource-2.50.4-150600.12.54.1 * typelib-1_0-JavaScriptCore-6_0-2.50.4-150600.12.54.1 * libwebkit2gtk-4_0-37-2.50.4-150600.12.54.1 * webkit2gtk3-devel-2.50.4-150600.12.54.1 * typelib-1_0-JavaScriptCore-4_1-2.50.4-150600.12.54.1 * libwebkitgtk-6_0-4-2.50.4-150600.12.54.1 * libwebkit2gtk-4_1-0-2.50.4-150600.12.54.1 * typelib-1_0-WebKit2-4_0-2.50.4-150600.12.54.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.50.4-150600.12.54.1 * libwebkitgtk-6_0-4-debuginfo-2.50.4-150600.12.54.1 * webkit2gtk4-devel-2.50.4-150600.12.54.1 * typelib-1_0-JavaScriptCore-4_0-2.50.4-150600.12.54.1 * webkit2gtk3-debugsource-2.50.4-150600.12.54.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.50.4-150600.12.54.1 * webkit2gtk3-soup2-devel-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_0-18-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.50.4-150600.12.54.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.50.4-150600.12.54.1 * typelib-1_0-WebKit-6_0-2.50.4-150600.12.54.1 * typelib-1_0-WebKit2WebExtension-4_1-2.50.4-150600.12.54.1 * webkitgtk-6_0-injected-bundles-2.50.4-150600.12.54.1 * typelib-1_0-WebKit2WebExtension-4_0-2.50.4-150600.12.54.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.50.4-150600.12.54.1 * libjavascriptcoregtk-6_0-1-2.50.4-150600.12.54.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.50.4-150600.12.54.1 * typelib-1_0-WebKit2-4_1-2.50.4-150600.12.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * WebKitGTK-4.0-lang-2.50.4-150600.12.54.1 * WebKitGTK-6.0-lang-2.50.4-150600.12.54.1 * WebKitGTK-4.1-lang-2.50.4-150600.12.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libwebkit2gtk-4_1-0-debuginfo-2.50.4-150600.12.54.1 * libwebkit2gtk-4_0-37-debuginfo-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.50.4-150600.12.54.1 * webkit2gtk-4_0-injected-bundles-2.50.4-150600.12.54.1 * webkit2gtk-4_1-injected-bundles-2.50.4-150600.12.54.1 * webkit2gtk3-soup2-debugsource-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_1-0-2.50.4-150600.12.54.1 * webkit2gtk4-debugsource-2.50.4-150600.12.54.1 * typelib-1_0-JavaScriptCore-6_0-2.50.4-150600.12.54.1 * libwebkit2gtk-4_0-37-2.50.4-150600.12.54.1 * webkit2gtk3-devel-2.50.4-150600.12.54.1 * typelib-1_0-JavaScriptCore-4_1-2.50.4-150600.12.54.1 * libwebkitgtk-6_0-4-2.50.4-150600.12.54.1 * libwebkit2gtk-4_1-0-2.50.4-150600.12.54.1 * typelib-1_0-WebKit2-4_0-2.50.4-150600.12.54.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.50.4-150600.12.54.1 * libwebkitgtk-6_0-4-debuginfo-2.50.4-150600.12.54.1 * webkit2gtk4-devel-2.50.4-150600.12.54.1 * typelib-1_0-JavaScriptCore-4_0-2.50.4-150600.12.54.1 * webkit2gtk3-debugsource-2.50.4-150600.12.54.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.50.4-150600.12.54.1 * webkit2gtk3-soup2-devel-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_0-18-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.50.4-150600.12.54.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.50.4-150600.12.54.1 * typelib-1_0-WebKit-6_0-2.50.4-150600.12.54.1 * typelib-1_0-WebKit2WebExtension-4_1-2.50.4-150600.12.54.1 * webkitgtk-6_0-injected-bundles-2.50.4-150600.12.54.1 * typelib-1_0-WebKit2WebExtension-4_0-2.50.4-150600.12.54.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.50.4-150600.12.54.1 * libjavascriptcoregtk-6_0-1-2.50.4-150600.12.54.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.50.4-150600.12.54.1 * typelib-1_0-WebKit2-4_1-2.50.4-150600.12.54.1 * openSUSE Leap 15.6 (noarch) * WebKitGTK-4.0-lang-2.50.4-150600.12.54.1 * WebKitGTK-6.0-lang-2.50.4-150600.12.54.1 * WebKitGTK-4.1-lang-2.50.4-150600.12.54.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libwebkit2gtk-4_1-0-debuginfo-2.50.4-150600.12.54.1 * libwebkit2gtk-4_0-37-debuginfo-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.50.4-150600.12.54.1 * webkit2gtk-4_1-injected-bundles-2.50.4-150600.12.54.1 * webkit2gtk-4_0-injected-bundles-2.50.4-150600.12.54.1 * webkit2gtk3-soup2-debugsource-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_1-0-2.50.4-150600.12.54.1 * webkit2gtk4-debugsource-2.50.4-150600.12.54.1 * typelib-1_0-JavaScriptCore-6_0-2.50.4-150600.12.54.1 * libwebkit2gtk-4_0-37-2.50.4-150600.12.54.1 * webkit2gtk3-devel-2.50.4-150600.12.54.1 * typelib-1_0-JavaScriptCore-4_1-2.50.4-150600.12.54.1 * webkit2gtk3-soup2-minibrowser-2.50.4-150600.12.54.1 * libwebkitgtk-6_0-4-2.50.4-150600.12.54.1 * libwebkit2gtk-4_1-0-2.50.4-150600.12.54.1 * webkit-jsc-6.0-2.50.4-150600.12.54.1 * webkit2gtk3-minibrowser-debuginfo-2.50.4-150600.12.54.1 * typelib-1_0-WebKit2-4_0-2.50.4-150600.12.54.1 * webkit2gtk4-minibrowser-2.50.4-150600.12.54.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.50.4-150600.12.54.1 * libwebkitgtk-6_0-4-debuginfo-2.50.4-150600.12.54.1 * webkit-jsc-4.1-debuginfo-2.50.4-150600.12.54.1 * webkit-jsc-4.1-2.50.4-150600.12.54.1 * webkit2gtk4-devel-2.50.4-150600.12.54.1 * webkit-jsc-4-debuginfo-2.50.4-150600.12.54.1 * typelib-1_0-JavaScriptCore-4_0-2.50.4-150600.12.54.1 * webkit2gtk3-debugsource-2.50.4-150600.12.54.1 * webkit-jsc-4-2.50.4-150600.12.54.1 * webkit-jsc-6.0-debuginfo-2.50.4-150600.12.54.1 * webkit2gtk3-soup2-minibrowser-debuginfo-2.50.4-150600.12.54.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.50.4-150600.12.54.1 * webkit2gtk3-soup2-devel-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_0-18-2.50.4-150600.12.54.1 * webkit2gtk4-minibrowser-debuginfo-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.50.4-150600.12.54.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.50.4-150600.12.54.1 * typelib-1_0-WebKit-6_0-2.50.4-150600.12.54.1 * webkit2gtk3-minibrowser-2.50.4-150600.12.54.1 * typelib-1_0-WebKit2WebExtension-4_1-2.50.4-150600.12.54.1 * webkitgtk-6_0-injected-bundles-2.50.4-150600.12.54.1 * typelib-1_0-WebKit2WebExtension-4_0-2.50.4-150600.12.54.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.50.4-150600.12.54.1 * libjavascriptcoregtk-6_0-1-2.50.4-150600.12.54.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.50.4-150600.12.54.1 * typelib-1_0-WebKit2-4_1-2.50.4-150600.12.54.1 * openSUSE Leap 15.6 (x86_64) * libjavascriptcoregtk-4_0-18-32bit-2.50.4-150600.12.54.1 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_1-0-32bit-2.50.4-150600.12.54.1 * libwebkit2gtk-4_0-37-32bit-2.50.4-150600.12.54.1 * libwebkit2gtk-4_1-0-32bit-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.50.4-150600.12.54.1 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.50.4-150600.12.54.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libwebkit2gtk-4_1-0-64bit-debuginfo-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_1-0-64bit-2.50.4-150600.12.54.1 * libwebkit2gtk-4_0-37-64bit-2.50.4-150600.12.54.1 * libwebkit2gtk-4_1-0-64bit-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_0-18-64bit-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.50.4-150600.12.54.1 * libwebkit2gtk-4_0-37-64bit-debuginfo-2.50.4-150600.12.54.1 * Basesystem Module 15-SP6 (noarch) * WebKitGTK-4.0-lang-2.50.4-150600.12.54.1 * WebKitGTK-6.0-lang-2.50.4-150600.12.54.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libwebkit2gtk-4_0-37-2.50.4-150600.12.54.1 * libwebkit2gtk-4_0-37-debuginfo-2.50.4-150600.12.54.1 * typelib-1_0-JavaScriptCore-4_0-2.50.4-150600.12.54.1 * webkitgtk-6_0-injected-bundles-2.50.4-150600.12.54.1 * libwebkitgtk-6_0-4-2.50.4-150600.12.54.1 * typelib-1_0-WebKit2WebExtension-4_0-2.50.4-150600.12.54.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.50.4-150600.12.54.1 * libjavascriptcoregtk-6_0-1-2.50.4-150600.12.54.1 * webkit2gtk-4_0-injected-bundles-2.50.4-150600.12.54.1 * webkit2gtk3-soup2-debugsource-2.50.4-150600.12.54.1 * webkit2gtk3-soup2-devel-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_0-18-2.50.4-150600.12.54.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.50.4-150600.12.54.1 * typelib-1_0-WebKit2-4_0-2.50.4-150600.12.54.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.50.4-150600.12.54.1 * webkit2gtk4-debugsource-2.50.4-150600.12.54.1 * libwebkitgtk-6_0-4-debuginfo-2.50.4-150600.12.54.1 * Basesystem Module 15-SP7 (noarch) * WebKitGTK-4.0-lang-2.50.4-150600.12.54.1 * WebKitGTK-6.0-lang-2.50.4-150600.12.54.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libwebkit2gtk-4_0-37-2.50.4-150600.12.54.1 * libwebkit2gtk-4_0-37-debuginfo-2.50.4-150600.12.54.1 * typelib-1_0-JavaScriptCore-4_0-2.50.4-150600.12.54.1 * webkitgtk-6_0-injected-bundles-2.50.4-150600.12.54.1 * libwebkitgtk-6_0-4-2.50.4-150600.12.54.1 * typelib-1_0-WebKit2WebExtension-4_0-2.50.4-150600.12.54.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.50.4-150600.12.54.1 * libjavascriptcoregtk-6_0-1-2.50.4-150600.12.54.1 * webkit2gtk-4_0-injected-bundles-2.50.4-150600.12.54.1 * webkit2gtk3-soup2-debugsource-2.50.4-150600.12.54.1 * webkit2gtk3-soup2-devel-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_0-18-2.50.4-150600.12.54.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.50.4-150600.12.54.1 * typelib-1_0-WebKit2-4_0-2.50.4-150600.12.54.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.50.4-150600.12.54.1 * webkit2gtk4-debugsource-2.50.4-150600.12.54.1 * libwebkitgtk-6_0-4-debuginfo-2.50.4-150600.12.54.1 * Desktop Applications Module 15-SP6 (noarch) * WebKitGTK-4.1-lang-2.50.4-150600.12.54.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2WebExtension-4_1-2.50.4-150600.12.54.1 * libwebkit2gtk-4_1-0-debuginfo-2.50.4-150600.12.54.1 * webkit2gtk3-debugsource-2.50.4-150600.12.54.1 * webkit2gtk3-devel-2.50.4-150600.12.54.1 * typelib-1_0-JavaScriptCore-4_1-2.50.4-150600.12.54.1 * webkit2gtk-4_1-injected-bundles-2.50.4-150600.12.54.1 * libwebkit2gtk-4_1-0-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_1-0-2.50.4-150600.12.54.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.50.4-150600.12.54.1 * typelib-1_0-WebKit2-4_1-2.50.4-150600.12.54.1 * Desktop Applications Module 15-SP7 (noarch) * WebKitGTK-4.1-lang-2.50.4-150600.12.54.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2WebExtension-4_1-2.50.4-150600.12.54.1 * libwebkit2gtk-4_1-0-debuginfo-2.50.4-150600.12.54.1 * webkit2gtk3-debugsource-2.50.4-150600.12.54.1 * webkit2gtk3-devel-2.50.4-150600.12.54.1 * typelib-1_0-JavaScriptCore-4_1-2.50.4-150600.12.54.1 * webkit2gtk-4_1-injected-bundles-2.50.4-150600.12.54.1 * libwebkit2gtk-4_1-0-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.50.4-150600.12.54.1 * libjavascriptcoregtk-4_1-0-2.50.4-150600.12.54.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.50.4-150600.12.54.1 * typelib-1_0-WebKit2-4_1-2.50.4-150600.12.54.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * webkit2gtk4-debugsource-2.50.4-150600.12.54.1 * typelib-1_0-JavaScriptCore-6_0-2.50.4-150600.12.54.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.50.4-150600.12.54.1 * typelib-1_0-WebKit-6_0-2.50.4-150600.12.54.1 * webkit2gtk4-devel-2.50.4-150600.12.54.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43000.html * https://www.suse.com/security/cve/CVE-2025-13502.html * https://www.suse.com/security/cve/CVE-2025-13947.html * https://www.suse.com/security/cve/CVE-2025-14174.html * https://www.suse.com/security/cve/CVE-2025-43392.html * https://www.suse.com/security/cve/CVE-2025-43419.html * https://www.suse.com/security/cve/CVE-2025-43421.html * https://www.suse.com/security/cve/CVE-2025-43425.html * https://www.suse.com/security/cve/CVE-2025-43427.html * https://www.suse.com/security/cve/CVE-2025-43429.html * https://www.suse.com/security/cve/CVE-2025-43430.html * https://www.suse.com/security/cve/CVE-2025-43431.html * https://www.suse.com/security/cve/CVE-2025-43432.html * https://www.suse.com/security/cve/CVE-2025-43434.html * https://www.suse.com/security/cve/CVE-2025-43440.html * https://www.suse.com/security/cve/CVE-2025-43443.html * https://www.suse.com/security/cve/CVE-2025-43458.html * https://www.suse.com/security/cve/CVE-2025-43480.html * https://www.suse.com/security/cve/CVE-2025-43501.html * https://www.suse.com/security/cve/CVE-2025-43529.html * https://www.suse.com/security/cve/CVE-2025-43531.html * https://www.suse.com/security/cve/CVE-2025-43535.html * https://www.suse.com/security/cve/CVE-2025-43536.html * https://www.suse.com/security/cve/CVE-2025-43541.html * https://www.suse.com/security/cve/CVE-2025-66287.html * https://bugzilla.suse.com/show_bug.cgi?id=1254164 * https://bugzilla.suse.com/show_bug.cgi?id=1254165 * https://bugzilla.suse.com/show_bug.cgi?id=1254166 * https://bugzilla.suse.com/show_bug.cgi?id=1254167 * https://bugzilla.suse.com/show_bug.cgi?id=1254168 * https://bugzilla.suse.com/show_bug.cgi?id=1254169 * https://bugzilla.suse.com/show_bug.cgi?id=1254170 * https://bugzilla.suse.com/show_bug.cgi?id=1254171 * https://bugzilla.suse.com/show_bug.cgi?id=1254172 * https://bugzilla.suse.com/show_bug.cgi?id=1254174 * https://bugzilla.suse.com/show_bug.cgi?id=1254175 * https://bugzilla.suse.com/show_bug.cgi?id=1254176 * https://bugzilla.suse.com/show_bug.cgi?id=1254177 * https://bugzilla.suse.com/show_bug.cgi?id=1254179 * https://bugzilla.suse.com/show_bug.cgi?id=1254208 * https://bugzilla.suse.com/show_bug.cgi?id=1254473 * https://bugzilla.suse.com/show_bug.cgi?id=1254498 * https://bugzilla.suse.com/show_bug.cgi?id=1254509 * https://bugzilla.suse.com/show_bug.cgi?id=1255183 * https://bugzilla.suse.com/show_bug.cgi?id=1255191 * https://bugzilla.suse.com/show_bug.cgi?id=1255194 * https://bugzilla.suse.com/show_bug.cgi?id=1255195 * https://bugzilla.suse.com/show_bug.cgi?id=1255198 * https://bugzilla.suse.com/show_bug.cgi?id=1255200 * https://bugzilla.suse.com/show_bug.cgi?id=1255497 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Jan 5 16:30:32 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 Jan 2026 16:30:32 -0000 Subject: SUSE-SU-2026:0020-1: important: Security update for apache2 Message-ID: <176763063245.22147.17573053496028745086@smelt2.prg2.suse.org> # Security update for apache2 Announcement ID: SUSE-SU-2026:0020-1 Release Date: 2026-01-05T11:10:13Z Rating: important References: * bsc#1254511 * bsc#1254512 * bsc#1254514 * bsc#1254515 Cross-References: * CVE-2025-55753 * CVE-2025-58098 * CVE-2025-65082 * CVE-2025-66200 CVSS scores: * CVE-2025-55753 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-55753 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-55753 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-58098 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-58098 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-58098 ( NVD ): 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2025-65082 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-65082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2025-65082 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-66200 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-66200 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-66200 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves four vulnerabilities can now be installed. ## Description: This update for apache2 fixes the following issues: * CVE-2025-55753: Fixed mod_md (ACME) unintended retry intervals (bsc#1254511) * CVE-2025-65082: Fixed CGI environment variable override (bsc#1254514) * CVE-2025-58098: Fixed Server Side Includes adding query string to #exec cmd=... (bsc#1254512) * CVE-2025-66200: Fixed mod_userdir+suexec bypass via AllowOverride FileInfo (bsc#1254515) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-20=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-20=1 openSUSE-SLE-15.6-2026-20=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-20=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * apache2-utils-debuginfo-2.4.58-150600.5.41.1 * apache2-debugsource-2.4.58-150600.5.41.1 * apache2-prefork-2.4.58-150600.5.41.1 * apache2-utils-2.4.58-150600.5.41.1 * apache2-prefork-debuginfo-2.4.58-150600.5.41.1 * apache2-prefork-debugsource-2.4.58-150600.5.41.1 * apache2-devel-2.4.58-150600.5.41.1 * apache2-worker-debuginfo-2.4.58-150600.5.41.1 * apache2-utils-debugsource-2.4.58-150600.5.41.1 * apache2-worker-debugsource-2.4.58-150600.5.41.1 * apache2-debuginfo-2.4.58-150600.5.41.1 * apache2-worker-2.4.58-150600.5.41.1 * apache2-2.4.58-150600.5.41.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * apache2-utils-debuginfo-2.4.58-150600.5.41.1 * apache2-event-2.4.58-150600.5.41.1 * apache2-debugsource-2.4.58-150600.5.41.1 * apache2-event-debugsource-2.4.58-150600.5.41.1 * apache2-prefork-2.4.58-150600.5.41.1 * apache2-utils-2.4.58-150600.5.41.1 * apache2-prefork-debuginfo-2.4.58-150600.5.41.1 * apache2-prefork-debugsource-2.4.58-150600.5.41.1 * apache2-devel-2.4.58-150600.5.41.1 * apache2-worker-debuginfo-2.4.58-150600.5.41.1 * apache2-utils-debugsource-2.4.58-150600.5.41.1 * apache2-worker-debugsource-2.4.58-150600.5.41.1 * apache2-event-debuginfo-2.4.58-150600.5.41.1 * apache2-debuginfo-2.4.58-150600.5.41.1 * apache2-worker-2.4.58-150600.5.41.1 * apache2-2.4.58-150600.5.41.1 * openSUSE Leap 15.6 (noarch) * apache2-manual-2.4.58-150600.5.41.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * apache2-utils-debuginfo-2.4.58-150600.5.41.1 * apache2-debugsource-2.4.58-150600.5.41.1 * apache2-prefork-2.4.58-150600.5.41.1 * apache2-utils-2.4.58-150600.5.41.1 * apache2-prefork-debuginfo-2.4.58-150600.5.41.1 * apache2-prefork-debugsource-2.4.58-150600.5.41.1 * apache2-devel-2.4.58-150600.5.41.1 * apache2-worker-debuginfo-2.4.58-150600.5.41.1 * apache2-utils-debugsource-2.4.58-150600.5.41.1 * apache2-worker-debugsource-2.4.58-150600.5.41.1 * apache2-debuginfo-2.4.58-150600.5.41.1 * apache2-worker-2.4.58-150600.5.41.1 * apache2-2.4.58-150600.5.41.1 ## References: * https://www.suse.com/security/cve/CVE-2025-55753.html * https://www.suse.com/security/cve/CVE-2025-58098.html * https://www.suse.com/security/cve/CVE-2025-65082.html * https://www.suse.com/security/cve/CVE-2025-66200.html * https://bugzilla.suse.com/show_bug.cgi?id=1254511 * https://bugzilla.suse.com/show_bug.cgi?id=1254512 * https://bugzilla.suse.com/show_bug.cgi?id=1254514 * https://bugzilla.suse.com/show_bug.cgi?id=1254515 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Jan 5 16:30:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 Jan 2026 16:30:36 -0000 Subject: SUSE-SU-2026:0019-1: important: Security update for apache2 Message-ID: <176763063690.22147.10507920955449497317@smelt2.prg2.suse.org> # Security update for apache2 Announcement ID: SUSE-SU-2026:0019-1 Release Date: 2026-01-05T11:08:06Z Rating: important References: * bsc#1254511 * bsc#1254512 * bsc#1254514 * bsc#1254515 Cross-References: * CVE-2025-55753 * CVE-2025-58098 * CVE-2025-65082 * CVE-2025-66200 CVSS scores: * CVE-2025-55753 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-55753 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-55753 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-58098 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-58098 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-58098 ( NVD ): 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2025-65082 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-65082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2025-65082 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-66200 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-66200 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-66200 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 LTS * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Retail Branch Server 4.3 LTS * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 LTS An update that solves four vulnerabilities can now be installed. ## Description: This update for apache2 fixes the following issues: * CVE-2025-55753: Fixed mod_md (ACME) unintended retry intervals (bsc#1254511) * CVE-2025-65082: Fixed CGI environment variable override (bsc#1254514) * CVE-2025-58098: Fixed Server Side Includes adding query string to #exec cmd=... (bsc#1254512) * CVE-2025-66200: Fixed mod_userdir+suexec bypass via AllowOverride FileInfo (bsc#1254515) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-19=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-19=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-19=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-19=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-19=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-19=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-19=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-19=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-19=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-19=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-19=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-19=1 * SUSE Manager Proxy 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2026-19=1 * SUSE Manager Retail Branch Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-LTS-2026-19=1 * SUSE Manager Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2026-19=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * apache2-worker-debuginfo-2.4.51-150400.6.52.1 * apache2-prefork-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-2.4.51-150400.6.52.1 * apache2-event-2.4.51-150400.6.52.1 * apache2-devel-2.4.51-150400.6.52.1 * apache2-2.4.51-150400.6.52.1 * apache2-prefork-2.4.51-150400.6.52.1 * apache2-worker-2.4.51-150400.6.52.1 * apache2-debuginfo-2.4.51-150400.6.52.1 * apache2-example-pages-2.4.51-150400.6.52.1 * apache2-event-debuginfo-2.4.51-150400.6.52.1 * apache2-debugsource-2.4.51-150400.6.52.1 * openSUSE Leap 15.4 (noarch) * apache2-doc-2.4.51-150400.6.52.1 * Server Applications Module 15-SP7 (noarch) * apache2-doc-2.4.51-150400.6.52.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * apache2-worker-debuginfo-2.4.51-150400.6.52.1 * apache2-prefork-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-2.4.51-150400.6.52.1 * apache2-devel-2.4.51-150400.6.52.1 * apache2-prefork-2.4.51-150400.6.52.1 * apache2-2.4.51-150400.6.52.1 * apache2-worker-2.4.51-150400.6.52.1 * apache2-debuginfo-2.4.51-150400.6.52.1 * apache2-debugsource-2.4.51-150400.6.52.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * apache2-doc-2.4.51-150400.6.52.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * apache2-worker-debuginfo-2.4.51-150400.6.52.1 * apache2-prefork-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-2.4.51-150400.6.52.1 * apache2-devel-2.4.51-150400.6.52.1 * apache2-prefork-2.4.51-150400.6.52.1 * apache2-2.4.51-150400.6.52.1 * apache2-worker-2.4.51-150400.6.52.1 * apache2-debuginfo-2.4.51-150400.6.52.1 * apache2-debugsource-2.4.51-150400.6.52.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * apache2-doc-2.4.51-150400.6.52.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * apache2-worker-debuginfo-2.4.51-150400.6.52.1 * apache2-prefork-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-2.4.51-150400.6.52.1 * apache2-devel-2.4.51-150400.6.52.1 * apache2-prefork-2.4.51-150400.6.52.1 * apache2-2.4.51-150400.6.52.1 * apache2-worker-2.4.51-150400.6.52.1 * apache2-debuginfo-2.4.51-150400.6.52.1 * apache2-debugsource-2.4.51-150400.6.52.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * apache2-doc-2.4.51-150400.6.52.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * apache2-worker-debuginfo-2.4.51-150400.6.52.1 * apache2-prefork-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-2.4.51-150400.6.52.1 * apache2-devel-2.4.51-150400.6.52.1 * apache2-prefork-2.4.51-150400.6.52.1 * apache2-2.4.51-150400.6.52.1 * apache2-worker-2.4.51-150400.6.52.1 * apache2-debuginfo-2.4.51-150400.6.52.1 * apache2-debugsource-2.4.51-150400.6.52.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * apache2-doc-2.4.51-150400.6.52.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * apache2-worker-debuginfo-2.4.51-150400.6.52.1 * apache2-prefork-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-2.4.51-150400.6.52.1 * apache2-devel-2.4.51-150400.6.52.1 * apache2-prefork-2.4.51-150400.6.52.1 * apache2-2.4.51-150400.6.52.1 * apache2-worker-2.4.51-150400.6.52.1 * apache2-debuginfo-2.4.51-150400.6.52.1 * apache2-debugsource-2.4.51-150400.6.52.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * apache2-doc-2.4.51-150400.6.52.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * apache2-worker-debuginfo-2.4.51-150400.6.52.1 * apache2-prefork-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-2.4.51-150400.6.52.1 * apache2-devel-2.4.51-150400.6.52.1 * apache2-prefork-2.4.51-150400.6.52.1 * apache2-2.4.51-150400.6.52.1 * apache2-worker-2.4.51-150400.6.52.1 * apache2-debuginfo-2.4.51-150400.6.52.1 * apache2-debugsource-2.4.51-150400.6.52.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * apache2-doc-2.4.51-150400.6.52.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * apache2-doc-2.4.51-150400.6.52.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * apache2-worker-debuginfo-2.4.51-150400.6.52.1 * apache2-prefork-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-2.4.51-150400.6.52.1 * apache2-devel-2.4.51-150400.6.52.1 * apache2-prefork-2.4.51-150400.6.52.1 * apache2-2.4.51-150400.6.52.1 * apache2-worker-2.4.51-150400.6.52.1 * apache2-debuginfo-2.4.51-150400.6.52.1 * apache2-debugsource-2.4.51-150400.6.52.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * apache2-doc-2.4.51-150400.6.52.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * apache2-worker-debuginfo-2.4.51-150400.6.52.1 * apache2-prefork-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-2.4.51-150400.6.52.1 * apache2-devel-2.4.51-150400.6.52.1 * apache2-prefork-2.4.51-150400.6.52.1 * apache2-2.4.51-150400.6.52.1 * apache2-worker-2.4.51-150400.6.52.1 * apache2-debuginfo-2.4.51-150400.6.52.1 * apache2-debugsource-2.4.51-150400.6.52.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * apache2-doc-2.4.51-150400.6.52.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * apache2-doc-2.4.51-150400.6.52.1 * SUSE Manager Proxy 4.3 LTS (x86_64) * apache2-worker-debuginfo-2.4.51-150400.6.52.1 * apache2-prefork-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-2.4.51-150400.6.52.1 * apache2-devel-2.4.51-150400.6.52.1 * apache2-prefork-2.4.51-150400.6.52.1 * apache2-2.4.51-150400.6.52.1 * apache2-worker-2.4.51-150400.6.52.1 * apache2-debuginfo-2.4.51-150400.6.52.1 * apache2-debugsource-2.4.51-150400.6.52.1 * SUSE Manager Proxy 4.3 LTS (noarch) * apache2-doc-2.4.51-150400.6.52.1 * SUSE Manager Retail Branch Server 4.3 LTS (x86_64) * apache2-worker-debuginfo-2.4.51-150400.6.52.1 * apache2-prefork-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-2.4.51-150400.6.52.1 * apache2-devel-2.4.51-150400.6.52.1 * apache2-prefork-2.4.51-150400.6.52.1 * apache2-2.4.51-150400.6.52.1 * apache2-worker-2.4.51-150400.6.52.1 * apache2-debuginfo-2.4.51-150400.6.52.1 * apache2-debugsource-2.4.51-150400.6.52.1 * SUSE Manager Retail Branch Server 4.3 LTS (noarch) * apache2-doc-2.4.51-150400.6.52.1 * SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64) * apache2-worker-debuginfo-2.4.51-150400.6.52.1 * apache2-prefork-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-debuginfo-2.4.51-150400.6.52.1 * apache2-utils-2.4.51-150400.6.52.1 * apache2-devel-2.4.51-150400.6.52.1 * apache2-prefork-2.4.51-150400.6.52.1 * apache2-2.4.51-150400.6.52.1 * apache2-worker-2.4.51-150400.6.52.1 * apache2-debuginfo-2.4.51-150400.6.52.1 * apache2-debugsource-2.4.51-150400.6.52.1 * SUSE Manager Server 4.3 LTS (noarch) * apache2-doc-2.4.51-150400.6.52.1 ## References: * https://www.suse.com/security/cve/CVE-2025-55753.html * https://www.suse.com/security/cve/CVE-2025-58098.html * https://www.suse.com/security/cve/CVE-2025-65082.html * https://www.suse.com/security/cve/CVE-2025-66200.html * https://bugzilla.suse.com/show_bug.cgi?id=1254511 * https://bugzilla.suse.com/show_bug.cgi?id=1254512 * https://bugzilla.suse.com/show_bug.cgi?id=1254514 * https://bugzilla.suse.com/show_bug.cgi?id=1254515 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Jan 5 16:30:41 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 Jan 2026 16:30:41 -0000 Subject: SUSE-SU-2026:0018-1: important: Security update for glib2 Message-ID: <176763064188.22147.14747375356394854356@smelt2.prg2.suse.org> # Security update for glib2 Announcement ID: SUSE-SU-2026:0018-1 Release Date: 2026-01-05T10:52:41Z Rating: important References: * bsc#1254297 * bsc#1254662 * bsc#1254878 Cross-References: * CVE-2025-13601 * CVE-2025-14087 * CVE-2025-14512 CVSS scores: * CVE-2025-13601 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2025-13601 ( NVD ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2025-14087 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-14087 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-14087 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-14512 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-14512 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-14512 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for glib2 fixes the following issues: * CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). * CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). * CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-18=1 openSUSE-SLE-15.6-2026-18=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-18=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-18=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-18=1 ## Package List: * openSUSE Leap 15.6 (noarch) * gio-branding-upstream-2.78.6-150600.4.25.1 * glib2-lang-2.78.6-150600.4.25.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * glib2-tests-devel-2.78.6-150600.4.25.1 * glib2-doc-2.78.6-150600.4.25.1 * glib2-tools-2.78.6-150600.4.25.1 * libglib-2_0-0-2.78.6-150600.4.25.1 * glib2-debugsource-2.78.6-150600.4.25.1 * libgio-2_0-0-debuginfo-2.78.6-150600.4.25.1 * libgmodule-2_0-0-debuginfo-2.78.6-150600.4.25.1 * libgthread-2_0-0-2.78.6-150600.4.25.1 * glib2-devel-debuginfo-2.78.6-150600.4.25.1 * libgmodule-2_0-0-2.78.6-150600.4.25.1 * glib2-tools-debuginfo-2.78.6-150600.4.25.1 * libgobject-2_0-0-debuginfo-2.78.6-150600.4.25.1 * libgthread-2_0-0-debuginfo-2.78.6-150600.4.25.1 * glib2-devel-static-2.78.6-150600.4.25.1 * libgio-2_0-0-2.78.6-150600.4.25.1 * glib2-tests-devel-debuginfo-2.78.6-150600.4.25.1 * libglib-2_0-0-debuginfo-2.78.6-150600.4.25.1 * glib2-devel-2.78.6-150600.4.25.1 * libgobject-2_0-0-2.78.6-150600.4.25.1 * openSUSE Leap 15.6 (x86_64) * glib2-tools-32bit-2.78.6-150600.4.25.1 * libgobject-2_0-0-32bit-2.78.6-150600.4.25.1 * libgthread-2_0-0-32bit-2.78.6-150600.4.25.1 * glib2-devel-32bit-debuginfo-2.78.6-150600.4.25.1 * libglib-2_0-0-32bit-debuginfo-2.78.6-150600.4.25.1 * libgmodule-2_0-0-32bit-2.78.6-150600.4.25.1 * glib2-tools-32bit-debuginfo-2.78.6-150600.4.25.1 * libglib-2_0-0-32bit-2.78.6-150600.4.25.1 * libgobject-2_0-0-32bit-debuginfo-2.78.6-150600.4.25.1 * libgio-2_0-0-32bit-2.78.6-150600.4.25.1 * glib2-devel-32bit-2.78.6-150600.4.25.1 * libgio-2_0-0-32bit-debuginfo-2.78.6-150600.4.25.1 * libgthread-2_0-0-32bit-debuginfo-2.78.6-150600.4.25.1 * libgmodule-2_0-0-32bit-debuginfo-2.78.6-150600.4.25.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libgio-2_0-0-64bit-2.78.6-150600.4.25.1 * libglib-2_0-0-64bit-debuginfo-2.78.6-150600.4.25.1 * libgmodule-2_0-0-64bit-2.78.6-150600.4.25.1 * libgobject-2_0-0-64bit-debuginfo-2.78.6-150600.4.25.1 * libglib-2_0-0-64bit-2.78.6-150600.4.25.1 * glib2-tools-64bit-debuginfo-2.78.6-150600.4.25.1 * glib2-tools-64bit-2.78.6-150600.4.25.1 * glib2-devel-64bit-2.78.6-150600.4.25.1 * glib2-devel-64bit-debuginfo-2.78.6-150600.4.25.1 * libgthread-2_0-0-64bit-debuginfo-2.78.6-150600.4.25.1 * libgmodule-2_0-0-64bit-debuginfo-2.78.6-150600.4.25.1 * libgobject-2_0-0-64bit-2.78.6-150600.4.25.1 * libgthread-2_0-0-64bit-2.78.6-150600.4.25.1 * libgio-2_0-0-64bit-debuginfo-2.78.6-150600.4.25.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * glib2-tools-2.78.6-150600.4.25.1 * libglib-2_0-0-2.78.6-150600.4.25.1 * glib2-debugsource-2.78.6-150600.4.25.1 * libgio-2_0-0-debuginfo-2.78.6-150600.4.25.1 * libgmodule-2_0-0-debuginfo-2.78.6-150600.4.25.1 * libgthread-2_0-0-2.78.6-150600.4.25.1 * glib2-devel-debuginfo-2.78.6-150600.4.25.1 * libgmodule-2_0-0-2.78.6-150600.4.25.1 * glib2-tools-debuginfo-2.78.6-150600.4.25.1 * libgobject-2_0-0-debuginfo-2.78.6-150600.4.25.1 * libgthread-2_0-0-debuginfo-2.78.6-150600.4.25.1 * libgio-2_0-0-2.78.6-150600.4.25.1 * libglib-2_0-0-debuginfo-2.78.6-150600.4.25.1 * glib2-devel-2.78.6-150600.4.25.1 * libgobject-2_0-0-2.78.6-150600.4.25.1 * Basesystem Module 15-SP7 (noarch) * glib2-lang-2.78.6-150600.4.25.1 * Basesystem Module 15-SP7 (x86_64) * libgobject-2_0-0-32bit-2.78.6-150600.4.25.1 * libglib-2_0-0-32bit-debuginfo-2.78.6-150600.4.25.1 * libgmodule-2_0-0-32bit-2.78.6-150600.4.25.1 * libglib-2_0-0-32bit-2.78.6-150600.4.25.1 * libgobject-2_0-0-32bit-debuginfo-2.78.6-150600.4.25.1 * libgio-2_0-0-32bit-2.78.6-150600.4.25.1 * libgio-2_0-0-32bit-debuginfo-2.78.6-150600.4.25.1 * libgmodule-2_0-0-32bit-debuginfo-2.78.6-150600.4.25.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * glib2-tools-2.78.6-150600.4.25.1 * libglib-2_0-0-2.78.6-150600.4.25.1 * glib2-debugsource-2.78.6-150600.4.25.1 * libgio-2_0-0-debuginfo-2.78.6-150600.4.25.1 * libgmodule-2_0-0-debuginfo-2.78.6-150600.4.25.1 * libgthread-2_0-0-2.78.6-150600.4.25.1 * glib2-devel-debuginfo-2.78.6-150600.4.25.1 * libgmodule-2_0-0-2.78.6-150600.4.25.1 * glib2-tools-debuginfo-2.78.6-150600.4.25.1 * libgobject-2_0-0-debuginfo-2.78.6-150600.4.25.1 * libgthread-2_0-0-debuginfo-2.78.6-150600.4.25.1 * libgio-2_0-0-2.78.6-150600.4.25.1 * libglib-2_0-0-debuginfo-2.78.6-150600.4.25.1 * glib2-devel-2.78.6-150600.4.25.1 * libgobject-2_0-0-2.78.6-150600.4.25.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * glib2-lang-2.78.6-150600.4.25.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libgobject-2_0-0-32bit-2.78.6-150600.4.25.1 * libglib-2_0-0-32bit-debuginfo-2.78.6-150600.4.25.1 * libgmodule-2_0-0-32bit-2.78.6-150600.4.25.1 * libglib-2_0-0-32bit-2.78.6-150600.4.25.1 * libgobject-2_0-0-32bit-debuginfo-2.78.6-150600.4.25.1 * libgio-2_0-0-32bit-2.78.6-150600.4.25.1 * libgio-2_0-0-32bit-debuginfo-2.78.6-150600.4.25.1 * libgmodule-2_0-0-32bit-debuginfo-2.78.6-150600.4.25.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * glib2-tools-2.78.6-150600.4.25.1 * libglib-2_0-0-2.78.6-150600.4.25.1 * glib2-debugsource-2.78.6-150600.4.25.1 * libgio-2_0-0-debuginfo-2.78.6-150600.4.25.1 * libgmodule-2_0-0-debuginfo-2.78.6-150600.4.25.1 * libgthread-2_0-0-2.78.6-150600.4.25.1 * glib2-devel-debuginfo-2.78.6-150600.4.25.1 * libgmodule-2_0-0-2.78.6-150600.4.25.1 * glib2-tools-debuginfo-2.78.6-150600.4.25.1 * libgobject-2_0-0-debuginfo-2.78.6-150600.4.25.1 * libgthread-2_0-0-debuginfo-2.78.6-150600.4.25.1 * libgio-2_0-0-2.78.6-150600.4.25.1 * libglib-2_0-0-debuginfo-2.78.6-150600.4.25.1 * glib2-devel-2.78.6-150600.4.25.1 * libgobject-2_0-0-2.78.6-150600.4.25.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * glib2-lang-2.78.6-150600.4.25.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libgobject-2_0-0-32bit-2.78.6-150600.4.25.1 * libglib-2_0-0-32bit-debuginfo-2.78.6-150600.4.25.1 * libgmodule-2_0-0-32bit-2.78.6-150600.4.25.1 * libglib-2_0-0-32bit-2.78.6-150600.4.25.1 * libgobject-2_0-0-32bit-debuginfo-2.78.6-150600.4.25.1 * libgio-2_0-0-32bit-2.78.6-150600.4.25.1 * libgio-2_0-0-32bit-debuginfo-2.78.6-150600.4.25.1 * libgmodule-2_0-0-32bit-debuginfo-2.78.6-150600.4.25.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13601.html * https://www.suse.com/security/cve/CVE-2025-14087.html * https://www.suse.com/security/cve/CVE-2025-14512.html * https://bugzilla.suse.com/show_bug.cgi?id=1254297 * https://bugzilla.suse.com/show_bug.cgi?id=1254662 * https://bugzilla.suse.com/show_bug.cgi?id=1254878 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Jan 5 16:30:44 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 Jan 2026 16:30:44 -0000 Subject: SUSE-SU-2026:0017-1: important: Security update for libsoup Message-ID: <176763064447.22147.12606925485287514350@smelt2.prg2.suse.org> # Security update for libsoup Announcement ID: SUSE-SU-2026:0017-1 Release Date: 2026-01-05T10:52:12Z Rating: important References: * bsc#1252555 Cross-References: * CVE-2025-12105 CVSS scores: * CVE-2025-12105 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-12105 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-12105 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for libsoup fixes the following issues: * CVE-2025-12105: Fixed heap use-after-free in message queue handling during HTTP/2 read completion (bsc#1252555) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-17=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-17=1 openSUSE-SLE-15.6-2026-17=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-17=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-17=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libsoup-devel-3.4.4-150600.3.21.1 * typelib-1_0-Soup-3_0-3.4.4-150600.3.21.1 * libsoup-debugsource-3.4.4-150600.3.21.1 * libsoup-3_0-0-3.4.4-150600.3.21.1 * libsoup-3_0-0-debuginfo-3.4.4-150600.3.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * libsoup-lang-3.4.4-150600.3.21.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libsoup-devel-3.4.4-150600.3.21.1 * typelib-1_0-Soup-3_0-3.4.4-150600.3.21.1 * libsoup-debugsource-3.4.4-150600.3.21.1 * libsoup-3_0-0-3.4.4-150600.3.21.1 * libsoup-3_0-0-debuginfo-3.4.4-150600.3.21.1 * openSUSE Leap 15.6 (x86_64) * libsoup-3_0-0-32bit-3.4.4-150600.3.21.1 * libsoup-devel-32bit-3.4.4-150600.3.21.1 * libsoup-3_0-0-32bit-debuginfo-3.4.4-150600.3.21.1 * openSUSE Leap 15.6 (noarch) * libsoup-lang-3.4.4-150600.3.21.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libsoup-3_0-0-64bit-3.4.4-150600.3.21.1 * libsoup-3_0-0-64bit-debuginfo-3.4.4-150600.3.21.1 * libsoup-devel-64bit-3.4.4-150600.3.21.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libsoup-devel-3.4.4-150600.3.21.1 * typelib-1_0-Soup-3_0-3.4.4-150600.3.21.1 * libsoup-debugsource-3.4.4-150600.3.21.1 * libsoup-3_0-0-3.4.4-150600.3.21.1 * libsoup-3_0-0-debuginfo-3.4.4-150600.3.21.1 * Basesystem Module 15-SP7 (noarch) * libsoup-lang-3.4.4-150600.3.21.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libsoup-devel-3.4.4-150600.3.21.1 * typelib-1_0-Soup-3_0-3.4.4-150600.3.21.1 * libsoup-debugsource-3.4.4-150600.3.21.1 * libsoup-3_0-0-3.4.4-150600.3.21.1 * libsoup-3_0-0-debuginfo-3.4.4-150600.3.21.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * libsoup-lang-3.4.4-150600.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12105.html * https://bugzilla.suse.com/show_bug.cgi?id=1252555 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Jan 5 16:30:47 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 Jan 2026 16:30:47 -0000 Subject: SUSE-SU-2026:0016-1: important: Security update for pgadmin4 Message-ID: <176763064789.22147.661085351825594089@smelt2.prg2.suse.org> # Security update for pgadmin4 Announcement ID: SUSE-SU-2026:0016-1 Release Date: 2026-01-05T10:48:10Z Rating: important References: * bsc#1253477 * bsc#1253478 Cross-References: * CVE-2025-12764 * CVE-2025-12765 CVSS scores: * CVE-2025-12764 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-12764 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-12764 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-12765 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-12765 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-12765 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-12765 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.3 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 LTS * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Retail Branch Server 4.3 LTS * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 LTS An update that solves two vulnerabilities can now be installed. ## Description: This update for pgadmin4 fixes the following issues: * CVE-2025-12765: insufficient checks in the LDAP authentication flow allow a for bypass of TLS certificate validation that can lead to the stealing of bind credentials and the altering of directory responses (bsc#1253478). * CVE-2025-12764: improper validation of characters in a username allows for LDAP injections that force the processing of unusual amounts of data and leads to a DoS (bsc#1253477). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-16=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-16=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-16=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-16=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-16=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-16=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-16=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-16=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-16=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-16=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-16=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-16=1 * SUSE Manager Proxy 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2026-16=1 * SUSE Manager Retail Branch Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-LTS-2026-16=1 * SUSE Manager Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2026-16=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * pgadmin4-4.30-150300.3.21.1 * pgadmin4-debuginfo-4.30-150300.3.21.1 * openSUSE Leap 15.3 (noarch) * pgadmin4-web-4.30-150300.3.21.1 * pgadmin4-doc-4.30-150300.3.21.1 * pgadmin4-web-uwsgi-4.30-150300.3.21.1 * Python 3 Module 15-SP7 (noarch) * pgadmin4-web-4.30-150300.3.21.1 * pgadmin4-doc-4.30-150300.3.21.1 * Python 3 Module 15-SP7 (s390x) * pgadmin4-4.30-150300.3.21.1 * pgadmin4-debuginfo-4.30-150300.3.21.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * pgadmin4-4.30-150300.3.21.1 * pgadmin4-debuginfo-4.30-150300.3.21.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * pgadmin4-web-4.30-150300.3.21.1 * pgadmin4-doc-4.30-150300.3.21.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * pgadmin4-4.30-150300.3.21.1 * pgadmin4-debuginfo-4.30-150300.3.21.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * pgadmin4-web-4.30-150300.3.21.1 * pgadmin4-doc-4.30-150300.3.21.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * pgadmin4-4.30-150300.3.21.1 * pgadmin4-debuginfo-4.30-150300.3.21.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * pgadmin4-web-4.30-150300.3.21.1 * pgadmin4-doc-4.30-150300.3.21.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * pgadmin4-4.30-150300.3.21.1 * pgadmin4-debuginfo-4.30-150300.3.21.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * pgadmin4-web-4.30-150300.3.21.1 * pgadmin4-doc-4.30-150300.3.21.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * pgadmin4-4.30-150300.3.21.1 * pgadmin4-debuginfo-4.30-150300.3.21.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * pgadmin4-web-4.30-150300.3.21.1 * pgadmin4-doc-4.30-150300.3.21.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * pgadmin4-4.30-150300.3.21.1 * pgadmin4-debuginfo-4.30-150300.3.21.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * pgadmin4-web-4.30-150300.3.21.1 * pgadmin4-doc-4.30-150300.3.21.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * pgadmin4-web-4.30-150300.3.21.1 * pgadmin4-doc-4.30-150300.3.21.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (s390x) * pgadmin4-4.30-150300.3.21.1 * pgadmin4-debuginfo-4.30-150300.3.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * pgadmin4-4.30-150300.3.21.1 * pgadmin4-debuginfo-4.30-150300.3.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * pgadmin4-web-4.30-150300.3.21.1 * pgadmin4-doc-4.30-150300.3.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * pgadmin4-4.30-150300.3.21.1 * pgadmin4-debuginfo-4.30-150300.3.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * pgadmin4-web-4.30-150300.3.21.1 * pgadmin4-doc-4.30-150300.3.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * pgadmin4-web-4.30-150300.3.21.1 * SUSE Manager Proxy 4.3 LTS (x86_64) * pgadmin4-4.30-150300.3.21.1 * pgadmin4-debuginfo-4.30-150300.3.21.1 * SUSE Manager Proxy 4.3 LTS (noarch) * pgadmin4-web-4.30-150300.3.21.1 * pgadmin4-doc-4.30-150300.3.21.1 * SUSE Manager Retail Branch Server 4.3 LTS (x86_64) * pgadmin4-4.30-150300.3.21.1 * pgadmin4-debuginfo-4.30-150300.3.21.1 * SUSE Manager Retail Branch Server 4.3 LTS (noarch) * pgadmin4-web-4.30-150300.3.21.1 * pgadmin4-doc-4.30-150300.3.21.1 * SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64) * pgadmin4-4.30-150300.3.21.1 * pgadmin4-debuginfo-4.30-150300.3.21.1 * SUSE Manager Server 4.3 LTS (noarch) * pgadmin4-web-4.30-150300.3.21.1 * pgadmin4-doc-4.30-150300.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12764.html * https://www.suse.com/security/cve/CVE-2025-12765.html * https://bugzilla.suse.com/show_bug.cgi?id=1253477 * https://bugzilla.suse.com/show_bug.cgi?id=1253478 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Jan 5 16:30:51 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 Jan 2026 16:30:51 -0000 Subject: SUSE-SU-2026:0015-1: important: Security update for pgadmin4 Message-ID: <176763065112.22147.15792982998981749564@smelt2.prg2.suse.org> # Security update for pgadmin4 Announcement ID: SUSE-SU-2026:0015-1 Release Date: 2026-01-05T10:41:14Z Rating: important References: * bsc#1253477 * bsc#1253478 Cross-References: * CVE-2025-12764 * CVE-2025-12765 CVSS scores: * CVE-2025-12764 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-12764 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-12764 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-12765 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-12765 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-12765 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-12765 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for pgadmin4 fixes the following issues: * CVE-2025-12765: insufficient checks in the LDAP authentication flow allow a for bypass of TLS certificate validation that can lead to the stealing of bind credentials and the altering of directory responses (bsc#1253478). * CVE-2025-12764: improper validation of characters in a username allows for LDAP injections that force the processing of unusual amounts of data and leads to a DoS (bsc#1253477). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-15=1 openSUSE-SLE-15.6-2026-15=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-15=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-15=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-15=1 ## Package List: * openSUSE Leap 15.6 (noarch) * pgadmin4-8.5-150600.3.18.1 * pgadmin4-web-uwsgi-8.5-150600.3.18.1 * pgadmin4-desktop-8.5-150600.3.18.1 * pgadmin4-cloud-8.5-150600.3.18.1 * pgadmin4-doc-8.5-150600.3.18.1 * system-user-pgadmin-8.5-150600.3.18.1 * Python 3 Module 15-SP7 (noarch) * system-user-pgadmin-8.5-150600.3.18.1 * pgadmin4-8.5-150600.3.18.1 * pgadmin4-doc-8.5-150600.3.18.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * system-user-pgadmin-8.5-150600.3.18.1 * pgadmin4-8.5-150600.3.18.1 * pgadmin4-doc-8.5-150600.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * system-user-pgadmin-8.5-150600.3.18.1 * pgadmin4-8.5-150600.3.18.1 * pgadmin4-doc-8.5-150600.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12764.html * https://www.suse.com/security/cve/CVE-2025-12765.html * https://bugzilla.suse.com/show_bug.cgi?id=1253477 * https://bugzilla.suse.com/show_bug.cgi?id=1253478 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Jan 5 16:30:54 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 Jan 2026 16:30:54 -0000 Subject: SUSE-SU-2026:0014-1: important: Security update for buildah Message-ID: <176763065431.22147.4272837486548696745@smelt2.prg2.suse.org> # Security update for buildah Announcement ID: SUSE-SU-2026:0014-1 Release Date: 2026-01-05T10:39:45Z Rating: important References: * bsc#1253598 * bsc#1254054 Cross-References: * CVE-2025-47913 * CVE-2025-47914 CVSS scores: * CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47914 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47914 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Containers Module 15-SP7 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for buildah fixes the following issues: * CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed out of bounds read caused by non validated message size (bsc#1254054) * CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253598) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-14=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-14=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-14=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-14=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-14=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-14=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-14=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-14=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-14=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * buildah-1.35.5-150500.3.53.1 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * buildah-1.35.5-150500.3.53.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * buildah-1.35.5-150500.3.53.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * buildah-1.35.5-150500.3.53.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * buildah-1.35.5-150500.3.53.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * buildah-1.35.5-150500.3.53.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * buildah-1.35.5-150500.3.53.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * buildah-1.35.5-150500.3.53.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * buildah-1.35.5-150500.3.53.1 ## References: * https://www.suse.com/security/cve/CVE-2025-47913.html * https://www.suse.com/security/cve/CVE-2025-47914.html * https://bugzilla.suse.com/show_bug.cgi?id=1253598 * https://bugzilla.suse.com/show_bug.cgi?id=1254054 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Jan 5 16:30:58 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 Jan 2026 16:30:58 -0000 Subject: SUSE-SU-2026:0013-1: important: Security update for ImageMagick Message-ID: <176763065844.22147.14264911945968789075@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:0013-1 Release Date: 2026-01-05T10:36:12Z Rating: important References: * bsc#1254435 * bsc#1254820 * bsc#1255391 Cross-References: * CVE-2025-65955 * CVE-2025-66628 * CVE-2025-68469 CVSS scores: * CVE-2025-65955 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-65955 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-65955 ( NVD ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-65955 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-66628 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-66628 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-66628 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-68469 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-68469 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-68469 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-68469 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * Desktop Applications Module 15-SP7 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2025-65955: possible use-after-free/double-free in `Options::fontFamily` when clearing a family can lead to crashes or memory corruption (bsc#1254435). * CVE-2025-66628: possible integer overflow in the TIM image parser's `ReadTIMImage` function can lead to arbitrary memory disclosure on 32-bit systems (bsc#1254820). * CVE-2025-68469: crash due to heap buffer overflow when processing a specially crafted TIFF file (bsc#1255391). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-13=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-13=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-13=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-13=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-13=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-13=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-13=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-13=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-13=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-13=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-13=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-13=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * ImageMagick-config-7-upstream-7.1.0.9-150400.6.58.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.58.1 * ImageMagick-extra-debuginfo-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.58.1 * libMagick++-devel-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.58.1 * perl-PerlMagick-7.1.0.9-150400.6.58.1 * ImageMagick-debugsource-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.58.1 * ImageMagick-devel-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-extra-7.1.0.9-150400.6.58.1 * ImageMagick-7.1.0.9-150400.6.58.1 * openSUSE Leap 15.4 (x86_64) * libMagick++-devel-32bit-7.1.0.9-150400.6.58.1 * ImageMagick-devel-32bit-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.58.1 * openSUSE Leap 15.4 (noarch) * ImageMagick-doc-7.1.0.9-150400.6.58.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-64bit-7.1.0.9-150400.6.58.1 * libMagick++-devel-64bit-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-64bit-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-64bit-7.1.0.9-150400.6.58.1 * ImageMagick-devel-64bit-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.0.9-150400.6.58.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.58.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.58.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * ImageMagick-config-7-upstream-7.1.0.9-150400.6.58.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.58.1 * libMagick++-devel-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.58.1 * perl-PerlMagick-7.1.0.9-150400.6.58.1 * ImageMagick-debugsource-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.58.1 * ImageMagick-devel-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-7.1.0.9-150400.6.58.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * ImageMagick-config-7-upstream-7.1.0.9-150400.6.58.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.58.1 * libMagick++-devel-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.58.1 * perl-PerlMagick-7.1.0.9-150400.6.58.1 * ImageMagick-debugsource-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.58.1 * ImageMagick-devel-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-7.1.0.9-150400.6.58.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * ImageMagick-config-7-upstream-7.1.0.9-150400.6.58.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.58.1 * libMagick++-devel-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.58.1 * perl-PerlMagick-7.1.0.9-150400.6.58.1 * ImageMagick-debugsource-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.58.1 * ImageMagick-devel-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-7.1.0.9-150400.6.58.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * ImageMagick-config-7-upstream-7.1.0.9-150400.6.58.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.58.1 * libMagick++-devel-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.58.1 * perl-PerlMagick-7.1.0.9-150400.6.58.1 * ImageMagick-debugsource-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.58.1 * ImageMagick-devel-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-7.1.0.9-150400.6.58.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * ImageMagick-config-7-upstream-7.1.0.9-150400.6.58.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.58.1 * libMagick++-devel-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.58.1 * perl-PerlMagick-7.1.0.9-150400.6.58.1 * ImageMagick-debugsource-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.58.1 * ImageMagick-devel-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-7.1.0.9-150400.6.58.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * ImageMagick-config-7-upstream-7.1.0.9-150400.6.58.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.58.1 * libMagick++-devel-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.58.1 * perl-PerlMagick-7.1.0.9-150400.6.58.1 * ImageMagick-debugsource-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.58.1 * ImageMagick-devel-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-7.1.0.9-150400.6.58.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.58.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.58.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * ImageMagick-config-7-upstream-7.1.0.9-150400.6.58.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.58.1 * libMagick++-devel-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.58.1 * perl-PerlMagick-7.1.0.9-150400.6.58.1 * ImageMagick-debugsource-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.58.1 * ImageMagick-devel-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-7.1.0.9-150400.6.58.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * ImageMagick-config-7-upstream-7.1.0.9-150400.6.58.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.58.1 * libMagick++-devel-7.1.0.9-150400.6.58.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.58.1 * perl-PerlMagick-7.1.0.9-150400.6.58.1 * ImageMagick-debugsource-7.1.0.9-150400.6.58.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.58.1 * ImageMagick-devel-7.1.0.9-150400.6.58.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-7.1.0.9-150400.6.58.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.58.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.58.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.58.1 ## References: * https://www.suse.com/security/cve/CVE-2025-65955.html * https://www.suse.com/security/cve/CVE-2025-66628.html * https://www.suse.com/security/cve/CVE-2025-68469.html * https://bugzilla.suse.com/show_bug.cgi?id=1254435 * https://bugzilla.suse.com/show_bug.cgi?id=1254820 * https://bugzilla.suse.com/show_bug.cgi?id=1255391 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Jan 5 16:31:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 Jan 2026 16:31:05 -0000 Subject: SUSE-SU-2026:0012-1: important: Security update for xen Message-ID: <176763066597.22147.15083881739530712504@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2026:0012-1 Release Date: 2026-01-05T10:31:33Z Rating: important References: * bsc#1027519 * bsc#1248807 * bsc#1251271 * bsc#1252692 * bsc#1254180 Cross-References: * CVE-2025-27466 * CVE-2025-58142 * CVE-2025-58143 * CVE-2025-58147 * CVE-2025-58148 * CVE-2025-58149 CVSS scores: * CVE-2025-27466 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2025-27466 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-58142 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2025-58142 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-58143 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-58143 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-58147 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H * CVE-2025-58147 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-58148 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H * CVE-2025-58148 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-58149 ( SUSE ): 4.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2025-58149 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2025-58149 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves six vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: Security issues fixed: * CVE-2025-27466: NULL pointer dereference in the Viridian interface when updating the reference TSC area (bsc#1248807). * CVE-2025-58142: NULL pointer dereference in the Viridian interface due to assumption that the SIM page is mapped when a synthetic timer message has to be delivered (bsc#1248807). * CVE-2025-58143: information leak and reference counter underflow in the Viridian interface due to race in the mapping of the reference TSC page (bsc#1248807). * CVE-2025-58147: incorrect input sanitisation in Viridian hypercalls using the HV_VP_SET Sparse format can lead to out-of-bounds write through `vpmask_set()` (bsc#1251271). * CVE-2025-58148: incorrect input sanitisation in Viridian hypercalls using any input format can lead to out-of-bounds read through `send_ipi()` (bsc#1251271). * CVE-2025-58149: incorrect removal of permissions on PCI device unplug allows PV guests to access memory of devices no longer assigned to them (bsc#1252692). Other issues fixed: * Several upstream bug fixes (bsc#1027519). * Failure to restart xenstored (bsc#1254180). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-12=1 openSUSE-SLE-15.6-2026-12=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2026-12=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2026-12=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-12=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-12=1 ## Package List: * openSUSE Leap 15.6 (aarch64 x86_64 i586) * xen-devel-4.18.5_08-150600.3.34.2 * xen-libs-debuginfo-4.18.5_08-150600.3.34.2 * xen-tools-domU-debuginfo-4.18.5_08-150600.3.34.2 * xen-tools-domU-4.18.5_08-150600.3.34.2 * xen-debugsource-4.18.5_08-150600.3.34.2 * xen-libs-4.18.5_08-150600.3.34.2 * openSUSE Leap 15.6 (x86_64) * xen-libs-32bit-debuginfo-4.18.5_08-150600.3.34.2 * xen-libs-32bit-4.18.5_08-150600.3.34.2 * openSUSE Leap 15.6 (aarch64 x86_64) * xen-4.18.5_08-150600.3.34.2 * xen-doc-html-4.18.5_08-150600.3.34.2 * xen-tools-debuginfo-4.18.5_08-150600.3.34.2 * xen-tools-4.18.5_08-150600.3.34.2 * openSUSE Leap 15.6 (noarch) * xen-tools-xendomains-wait-disk-4.18.5_08-150600.3.34.2 * openSUSE Leap 15.6 (aarch64_ilp32) * xen-libs-64bit-4.18.5_08-150600.3.34.2 * xen-libs-64bit-debuginfo-4.18.5_08-150600.3.34.2 * Basesystem Module 15-SP6 (x86_64) * xen-libs-debuginfo-4.18.5_08-150600.3.34.2 * xen-tools-domU-debuginfo-4.18.5_08-150600.3.34.2 * xen-tools-domU-4.18.5_08-150600.3.34.2 * xen-debugsource-4.18.5_08-150600.3.34.2 * xen-libs-4.18.5_08-150600.3.34.2 * Server Applications Module 15-SP6 (x86_64) * xen-4.18.5_08-150600.3.34.2 * xen-devel-4.18.5_08-150600.3.34.2 * xen-debugsource-4.18.5_08-150600.3.34.2 * xen-tools-debuginfo-4.18.5_08-150600.3.34.2 * xen-tools-4.18.5_08-150600.3.34.2 * Server Applications Module 15-SP6 (noarch) * xen-tools-xendomains-wait-disk-4.18.5_08-150600.3.34.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * xen-4.18.5_08-150600.3.34.2 * xen-devel-4.18.5_08-150600.3.34.2 * xen-libs-debuginfo-4.18.5_08-150600.3.34.2 * xen-tools-domU-debuginfo-4.18.5_08-150600.3.34.2 * xen-tools-domU-4.18.5_08-150600.3.34.2 * xen-debugsource-4.18.5_08-150600.3.34.2 * xen-libs-4.18.5_08-150600.3.34.2 * xen-tools-debuginfo-4.18.5_08-150600.3.34.2 * xen-tools-4.18.5_08-150600.3.34.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * xen-tools-xendomains-wait-disk-4.18.5_08-150600.3.34.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * xen-4.18.5_08-150600.3.34.2 * xen-devel-4.18.5_08-150600.3.34.2 * xen-libs-debuginfo-4.18.5_08-150600.3.34.2 * xen-tools-domU-debuginfo-4.18.5_08-150600.3.34.2 * xen-tools-domU-4.18.5_08-150600.3.34.2 * xen-debugsource-4.18.5_08-150600.3.34.2 * xen-libs-4.18.5_08-150600.3.34.2 * xen-tools-debuginfo-4.18.5_08-150600.3.34.2 * xen-tools-4.18.5_08-150600.3.34.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * xen-tools-xendomains-wait-disk-4.18.5_08-150600.3.34.2 ## References: * https://www.suse.com/security/cve/CVE-2025-27466.html * https://www.suse.com/security/cve/CVE-2025-58142.html * https://www.suse.com/security/cve/CVE-2025-58143.html * https://www.suse.com/security/cve/CVE-2025-58147.html * https://www.suse.com/security/cve/CVE-2025-58148.html * https://www.suse.com/security/cve/CVE-2025-58149.html * https://bugzilla.suse.com/show_bug.cgi?id=1027519 * https://bugzilla.suse.com/show_bug.cgi?id=1248807 * https://bugzilla.suse.com/show_bug.cgi?id=1251271 * https://bugzilla.suse.com/show_bug.cgi?id=1252692 * https://bugzilla.suse.com/show_bug.cgi?id=1254180 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Jan 5 16:31:09 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 Jan 2026 16:31:09 -0000 Subject: SUSE-SU-2026:0011-1: important: Security update for ImageMagick Message-ID: <176763066929.22147.14059174944812423020@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:0011-1 Release Date: 2026-01-05T10:29:01Z Rating: important References: * bsc#1254435 * bsc#1254820 Cross-References: * CVE-2025-65955 * CVE-2025-66628 CVSS scores: * CVE-2025-65955 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-65955 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-65955 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-65955 ( NVD ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66628 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-66628 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-66628 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2025-65955: possible use-after-free/double-free in `Options::fontFamily` when clearing a family can lead to crashes or memory corruption (bsc#1254435). * CVE-2025-66628: possible integer overflow in the TIM image parser's `ReadTIMImage` function can lead to arbitrary memory disclosure on 32-bit systems (bsc#1254820). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-11=1 openSUSE-SLE-15.6-2026-11=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-11=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-11=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.32.1 * ImageMagick-extra-debuginfo-7.1.1.21-150600.3.32.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.32.1 * libMagick++-devel-7.1.1.21-150600.3.32.1 * libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.32.1 * ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.32.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.32.1 * libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.32.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.32.1 * ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.32.1 * ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.32.1 * ImageMagick-config-7-SUSE-7.1.1.21-150600.3.32.1 * ImageMagick-devel-7.1.1.21-150600.3.32.1 * ImageMagick-extra-7.1.1.21-150600.3.32.1 * libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.32.1 * ImageMagick-debugsource-7.1.1.21-150600.3.32.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.32.1 * perl-PerlMagick-debuginfo-7.1.1.21-150600.3.32.1 * perl-PerlMagick-7.1.1.21-150600.3.32.1 * ImageMagick-7.1.1.21-150600.3.32.1 * openSUSE Leap 15.6 (x86_64) * libMagick++-devel-32bit-7.1.1.21-150600.3.32.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.32.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.1.21-150600.3.32.1 * ImageMagick-devel-32bit-7.1.1.21-150600.3.32.1 * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.32.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.1.21-150600.3.32.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.1.21-150600.3.32.1 * libMagick++-7_Q16HDRI5-32bit-7.1.1.21-150600.3.32.1 * openSUSE Leap 15.6 (noarch) * ImageMagick-doc-7.1.1.21-150600.3.32.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.1.21-150600.3.32.1 * libMagickCore-7_Q16HDRI10-64bit-7.1.1.21-150600.3.32.1 * libMagick++-7_Q16HDRI5-64bit-7.1.1.21-150600.3.32.1 * libMagick++-devel-64bit-7.1.1.21-150600.3.32.1 * libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.32.1 * ImageMagick-devel-64bit-7.1.1.21-150600.3.32.1 * libMagickWand-7_Q16HDRI10-64bit-7.1.1.21-150600.3.32.1 * libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.32.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.32.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.32.1 * libMagick++-devel-7.1.1.21-150600.3.32.1 * libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.32.1 * ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.32.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.32.1 * libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.32.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.32.1 * ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.32.1 * ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.32.1 * ImageMagick-config-7-SUSE-7.1.1.21-150600.3.32.1 * ImageMagick-devel-7.1.1.21-150600.3.32.1 * libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.32.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.32.1 * ImageMagick-debugsource-7.1.1.21-150600.3.32.1 * perl-PerlMagick-debuginfo-7.1.1.21-150600.3.32.1 * perl-PerlMagick-7.1.1.21-150600.3.32.1 * ImageMagick-7.1.1.21-150600.3.32.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.32.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.32.1 * libMagick++-devel-7.1.1.21-150600.3.32.1 * libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.32.1 * ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.32.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.32.1 * libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.32.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.32.1 * ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.32.1 * ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.32.1 * ImageMagick-config-7-SUSE-7.1.1.21-150600.3.32.1 * ImageMagick-devel-7.1.1.21-150600.3.32.1 * libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.32.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.32.1 * ImageMagick-debugsource-7.1.1.21-150600.3.32.1 * perl-PerlMagick-debuginfo-7.1.1.21-150600.3.32.1 * perl-PerlMagick-7.1.1.21-150600.3.32.1 * ImageMagick-7.1.1.21-150600.3.32.1 ## References: * https://www.suse.com/security/cve/CVE-2025-65955.html * https://www.suse.com/security/cve/CVE-2025-66628.html * https://bugzilla.suse.com/show_bug.cgi?id=1254435 * https://bugzilla.suse.com/show_bug.cgi?id=1254820 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Jan 5 16:31:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 Jan 2026 16:31:13 -0000 Subject: SUSE-SU-2026:0010-1: important: Security update for python-tornado6 Message-ID: <176763067346.22147.7142845267191736220@smelt2.prg2.suse.org> # Security update for python-tornado6 Announcement ID: SUSE-SU-2026:0010-1 Release Date: 2026-01-05T10:27:06Z Rating: important References: * bsc#1254903 * bsc#1254904 * bsc#1254905 Cross-References: * CVE-2025-67724 * CVE-2025-67725 * CVE-2025-67726 CVSS scores: * CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for python-tornado6 fixes the following issues: * CVE-2025-67724: unescaped `reason` argument used in HTTP headers and in HTML default error pages can be used by attackers to launch header injection or XSS attacks (bsc#1254903). * CVE-2025-67725: quadratic complexity of string concatenation operations used by the `HTTPHeaders.add` method can lead to DoS when processing a maliciously crafted HTTP request (bsc#1254905). * CVE-2025-67726: quadratic complexity algorithm used in the `_parseparam` function of `httputil.py` can lead to DoS when processing maliciously crafted parameters in a `Content-Disposition` header (bsc#1254904). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-10=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-10=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-10=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-10=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-10=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-10=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-10=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-10=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-10=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-10=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-10=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-10=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-10=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67724.html * https://www.suse.com/security/cve/CVE-2025-67725.html * https://www.suse.com/security/cve/CVE-2025-67726.html * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254904 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Jan 5 20:30:11 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 Jan 2026 20:30:11 -0000 Subject: SUSE-SU-2026:0029-1: important: Security update for the Linux Kernel Message-ID: <176764501108.22173.8055134252964339670@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:0029-1 Release Date: 2026-01-05T12:59:55Z Rating: important References: * bsc#1249806 * bsc#1251786 * bsc#1252033 * bsc#1252267 * bsc#1252780 * bsc#1252862 * bsc#1253367 * bsc#1253431 * bsc#1253436 Cross-References: * CVE-2022-50280 * CVE-2023-53676 * CVE-2025-39967 * CVE-2025-40040 * CVE-2025-40048 * CVE-2025-40121 * CVE-2025-40154 * CVE-2025-40204 CVSS scores: * CVE-2022-50280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-50280 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-53676 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53676 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39967 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39967 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40040 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40040 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40048 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40121 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40121 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40154 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40154 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40204 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 LTS * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Retail Branch Server 4.3 LTS * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 LTS An update that solves eight vulnerabilities and has one security fix can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806). * CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). * CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). * CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). * CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367). * CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431). * CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). * CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033) The following non-security bugs were fixed: * scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2026-29=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-29=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-29=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-29=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-29=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-29=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-29=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-29=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-29=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-29=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-29=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-29=1 * SUSE Manager Proxy 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2026-29=1 * SUSE Manager Retail Branch Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-LTS-2026-29=1 ## Package List: * SUSE Manager Server 4.3 LTS (nosrc ppc64le s390x x86_64) * kernel-default-5.14.21-150400.24.187.3 * SUSE Manager Server 4.3 LTS (ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.187.3.150400.24.96.3 * SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64) * kernel-syms-5.14.21-150400.24.187.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.187.3 * kernel-default-debuginfo-5.14.21-150400.24.187.3 * kernel-default-devel-5.14.21-150400.24.187.3 * kernel-default-debugsource-5.14.21-150400.24.187.3 * SUSE Manager Server 4.3 LTS (noarch) * kernel-macros-5.14.21-150400.24.187.3 * kernel-source-5.14.21-150400.24.187.3 * kernel-devel-5.14.21-150400.24.187.3 * SUSE Manager Server 4.3 LTS (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.187.3 * SUSE Manager Server 4.3 LTS (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.187.3 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.187.3 * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.187.3 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.187.3 * kernel-livepatch-SLE15-SP4_Update_47-debugsource-1-150400.9.3.3 * kernel-default-livepatch-5.14.21-150400.24.187.3 * kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-1-150400.9.3.3 * kernel-livepatch-5_14_21-150400_24_187-default-1-150400.9.3.3 * kernel-default-debugsource-5.14.21-150400.24.187.3 * kernel-default-livepatch-devel-5.14.21-150400.24.187.3 * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.187.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-5.14.21-150400.24.187.3 * kernel-source-5.14.21-150400.24.187.3 * kernel-docs-html-5.14.21-150400.24.187.1 * kernel-source-vanilla-5.14.21-150400.24.187.3 * kernel-macros-5.14.21-150400.24.187.3 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-kvmsmall-debugsource-5.14.21-150400.24.187.3 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.187.3 * kernel-default-base-5.14.21-150400.24.187.3.150400.24.96.3 * kernel-default-base-rebuild-5.14.21-150400.24.187.3.150400.24.96.3 * kernel-kvmsmall-debuginfo-5.14.21-150400.24.187.3 * kernel-kvmsmall-devel-5.14.21-150400.24.187.3 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kselftests-kmp-default-debuginfo-5.14.21-150400.24.187.3 * ocfs2-kmp-default-5.14.21-150400.24.187.3 * kernel-default-extra-5.14.21-150400.24.187.3 * kernel-default-devel-5.14.21-150400.24.187.3 * dlm-kmp-default-debuginfo-5.14.21-150400.24.187.3 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.187.3 * reiserfs-kmp-default-5.14.21-150400.24.187.3 * kernel-default-optional-5.14.21-150400.24.187.3 * dlm-kmp-default-5.14.21-150400.24.187.3 * kernel-obs-build-debugsource-5.14.21-150400.24.187.3 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.187.3 * kernel-default-extra-debuginfo-5.14.21-150400.24.187.3 * kernel-obs-qa-5.14.21-150400.24.187.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.187.3 * kernel-default-debuginfo-5.14.21-150400.24.187.3 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.187.3 * gfs2-kmp-default-5.14.21-150400.24.187.3 * kselftests-kmp-default-5.14.21-150400.24.187.3 * kernel-default-optional-debuginfo-5.14.21-150400.24.187.3 * cluster-md-kmp-default-5.14.21-150400.24.187.3 * kernel-syms-5.14.21-150400.24.187.1 * kernel-default-livepatch-5.14.21-150400.24.187.3 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.187.3 * kernel-obs-build-5.14.21-150400.24.187.3 * kernel-default-debugsource-5.14.21-150400.24.187.3 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.187.3 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_47-debugsource-1-150400.9.3.3 * kernel-default-livepatch-devel-5.14.21-150400.24.187.3 * kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-1-150400.9.3.3 * kernel-livepatch-5_14_21-150400_24_187-default-1-150400.9.3.3 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.187.3 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.187.3 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.187.3 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.187.3 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.187.1 * openSUSE Leap 15.4 (aarch64) * dlm-kmp-64kb-5.14.21-150400.24.187.3 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.187.3 * dtb-cavium-5.14.21-150400.24.187.1 * reiserfs-kmp-64kb-5.14.21-150400.24.187.3 * dtb-renesas-5.14.21-150400.24.187.1 * dtb-socionext-5.14.21-150400.24.187.1 * dtb-amlogic-5.14.21-150400.24.187.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.187.3 * dtb-hisilicon-5.14.21-150400.24.187.1 * gfs2-kmp-64kb-5.14.21-150400.24.187.3 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.187.3 * dtb-xilinx-5.14.21-150400.24.187.1 * kernel-64kb-optional-5.14.21-150400.24.187.3 * dtb-altera-5.14.21-150400.24.187.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.187.3 * dtb-sprd-5.14.21-150400.24.187.1 * kernel-64kb-devel-5.14.21-150400.24.187.3 * kernel-64kb-extra-5.14.21-150400.24.187.3 * dtb-arm-5.14.21-150400.24.187.1 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.187.3 * dtb-broadcom-5.14.21-150400.24.187.1 * dtb-marvell-5.14.21-150400.24.187.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.187.3 * kselftests-kmp-64kb-5.14.21-150400.24.187.3 * ocfs2-kmp-64kb-5.14.21-150400.24.187.3 * dtb-amazon-5.14.21-150400.24.187.1 * dtb-amd-5.14.21-150400.24.187.1 * dtb-apm-5.14.21-150400.24.187.1 * dtb-allwinner-5.14.21-150400.24.187.1 * dtb-freescale-5.14.21-150400.24.187.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.187.3 * dtb-apple-5.14.21-150400.24.187.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.187.3 * kernel-64kb-debuginfo-5.14.21-150400.24.187.3 * dtb-lg-5.14.21-150400.24.187.1 * dtb-exynos-5.14.21-150400.24.187.1 * dtb-mediatek-5.14.21-150400.24.187.1 * dtb-nvidia-5.14.21-150400.24.187.1 * kernel-64kb-debugsource-5.14.21-150400.24.187.3 * dtb-qcom-5.14.21-150400.24.187.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.187.3 * cluster-md-kmp-64kb-5.14.21-150400.24.187.3 * dtb-rockchip-5.14.21-150400.24.187.1 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.187.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.187.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.187.3.150400.24.96.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.187.3 * kernel-default-debuginfo-5.14.21-150400.24.187.3 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.187.3 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.187.3.150400.24.96.3 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.187.3 * kernel-default-debuginfo-5.14.21-150400.24.187.3 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.187.3 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.187.3.150400.24.96.3 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.187.3 * kernel-default-debuginfo-5.14.21-150400.24.187.3 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.187.3 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.187.3.150400.24.96.3 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.187.3 * kernel-default-debuginfo-5.14.21-150400.24.187.3 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-debuginfo-5.14.21-150400.24.187.3 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.187.3 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.187.3 * cluster-md-kmp-default-5.14.21-150400.24.187.3 * kernel-default-debuginfo-5.14.21-150400.24.187.3 * ocfs2-kmp-default-5.14.21-150400.24.187.3 * dlm-kmp-default-5.14.21-150400.24.187.3 * gfs2-kmp-default-5.14.21-150400.24.187.3 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.187.3 * kernel-default-debugsource-5.14.21-150400.24.187.3 * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.187.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.187.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64) * kernel-64kb-debugsource-5.14.21-150400.24.187.3 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.187.3 * kernel-64kb-devel-5.14.21-150400.24.187.3 * kernel-64kb-debuginfo-5.14.21-150400.24.187.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.187.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * reiserfs-kmp-default-5.14.21-150400.24.187.3 * kernel-syms-5.14.21-150400.24.187.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.187.3 * kernel-default-base-5.14.21-150400.24.187.3.150400.24.96.3 * kernel-default-debuginfo-5.14.21-150400.24.187.3 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.187.3 * kernel-obs-build-5.14.21-150400.24.187.3 * kernel-default-devel-5.14.21-150400.24.187.3 * kernel-default-debugsource-5.14.21-150400.24.187.3 * kernel-obs-build-debugsource-5.14.21-150400.24.187.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * kernel-macros-5.14.21-150400.24.187.3 * kernel-source-5.14.21-150400.24.187.3 * kernel-devel-5.14.21-150400.24.187.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.187.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.187.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64) * kernel-64kb-debugsource-5.14.21-150400.24.187.3 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.187.3 * kernel-64kb-devel-5.14.21-150400.24.187.3 * kernel-64kb-debuginfo-5.14.21-150400.24.187.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.187.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * reiserfs-kmp-default-5.14.21-150400.24.187.3 * kernel-syms-5.14.21-150400.24.187.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.187.3 * kernel-default-base-5.14.21-150400.24.187.3.150400.24.96.3 * kernel-default-debuginfo-5.14.21-150400.24.187.3 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.187.3 * kernel-obs-build-5.14.21-150400.24.187.3 * kernel-default-devel-5.14.21-150400.24.187.3 * kernel-default-debugsource-5.14.21-150400.24.187.3 * kernel-obs-build-debugsource-5.14.21-150400.24.187.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * kernel-macros-5.14.21-150400.24.187.3 * kernel-source-5.14.21-150400.24.187.3 * kernel-devel-5.14.21-150400.24.187.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.187.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.187.3 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64) * kernel-64kb-debugsource-5.14.21-150400.24.187.3 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.187.3 * kernel-64kb-devel-5.14.21-150400.24.187.3 * kernel-64kb-debuginfo-5.14.21-150400.24.187.3 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.187.3 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.187.3.150400.24.96.3 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-5.14.21-150400.24.187.3 * kernel-syms-5.14.21-150400.24.187.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.187.3 * kernel-default-debuginfo-5.14.21-150400.24.187.3 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.187.3 * kernel-obs-build-5.14.21-150400.24.187.3 * kernel-default-devel-5.14.21-150400.24.187.3 * kernel-default-debugsource-5.14.21-150400.24.187.3 * kernel-obs-build-debugsource-5.14.21-150400.24.187.3 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * kernel-macros-5.14.21-150400.24.187.3 * kernel-source-5.14.21-150400.24.187.3 * kernel-devel-5.14.21-150400.24.187.3 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch nosrc) * kernel-docs-5.14.21-150400.24.187.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.187.3 * SUSE Linux Enterprise Server 15 SP4 LTSS (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.187.3 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.187.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le x86_64) * kernel-default-5.14.21-150400.24.187.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * reiserfs-kmp-default-5.14.21-150400.24.187.3 * kernel-syms-5.14.21-150400.24.187.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.187.3 * kernel-default-base-5.14.21-150400.24.187.3.150400.24.96.3 * kernel-default-debuginfo-5.14.21-150400.24.187.3 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.187.3 * kernel-obs-build-5.14.21-150400.24.187.3 * kernel-default-devel-5.14.21-150400.24.187.3 * kernel-default-debugsource-5.14.21-150400.24.187.3 * kernel-obs-build-debugsource-5.14.21-150400.24.187.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * kernel-macros-5.14.21-150400.24.187.3 * kernel-source-5.14.21-150400.24.187.3 * kernel-devel-5.14.21-150400.24.187.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.187.1 * SUSE Manager Proxy 4.3 LTS (nosrc x86_64) * kernel-default-5.14.21-150400.24.187.3 * SUSE Manager Proxy 4.3 LTS (x86_64) * kernel-syms-5.14.21-150400.24.187.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.187.3 * kernel-default-base-5.14.21-150400.24.187.3.150400.24.96.3 * kernel-default-debuginfo-5.14.21-150400.24.187.3 * kernel-default-devel-5.14.21-150400.24.187.3 * kernel-default-debugsource-5.14.21-150400.24.187.3 * SUSE Manager Proxy 4.3 LTS (noarch) * kernel-macros-5.14.21-150400.24.187.3 * kernel-source-5.14.21-150400.24.187.3 * kernel-devel-5.14.21-150400.24.187.3 * SUSE Manager Retail Branch Server 4.3 LTS (nosrc x86_64) * kernel-default-5.14.21-150400.24.187.3 * SUSE Manager Retail Branch Server 4.3 LTS (x86_64) * kernel-default-devel-debuginfo-5.14.21-150400.24.187.3 * kernel-default-base-5.14.21-150400.24.187.3.150400.24.96.3 * kernel-default-debuginfo-5.14.21-150400.24.187.3 * kernel-default-devel-5.14.21-150400.24.187.3 * kernel-default-debugsource-5.14.21-150400.24.187.3 * SUSE Manager Retail Branch Server 4.3 LTS (noarch) * kernel-macros-5.14.21-150400.24.187.3 * kernel-devel-5.14.21-150400.24.187.3 ## References: * https://www.suse.com/security/cve/CVE-2022-50280.html * https://www.suse.com/security/cve/CVE-2023-53676.html * https://www.suse.com/security/cve/CVE-2025-39967.html * https://www.suse.com/security/cve/CVE-2025-40040.html * https://www.suse.com/security/cve/CVE-2025-40048.html * https://www.suse.com/security/cve/CVE-2025-40121.html * https://www.suse.com/security/cve/CVE-2025-40154.html * https://www.suse.com/security/cve/CVE-2025-40204.html * https://bugzilla.suse.com/show_bug.cgi?id=1249806 * https://bugzilla.suse.com/show_bug.cgi?id=1251786 * https://bugzilla.suse.com/show_bug.cgi?id=1252033 * https://bugzilla.suse.com/show_bug.cgi?id=1252267 * https://bugzilla.suse.com/show_bug.cgi?id=1252780 * https://bugzilla.suse.com/show_bug.cgi?id=1252862 * https://bugzilla.suse.com/show_bug.cgi?id=1253367 * https://bugzilla.suse.com/show_bug.cgi?id=1253431 * https://bugzilla.suse.com/show_bug.cgi?id=1253436 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Jan 5 20:30:15 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 Jan 2026 20:30:15 -0000 Subject: SUSE-SU-2026:0028-1: important: Security update for alloy Message-ID: <176764501548.22173.10052262286347094887@smelt2.prg2.suse.org> # Security update for alloy Announcement ID: SUSE-SU-2026:0028-1 Release Date: 2026-01-05T12:53:12Z Rating: important References: * bsc#1251509 * bsc#1251716 * bsc#1253609 Cross-References: * CVE-2025-47911 * CVE-2025-47913 * CVE-2025-58190 CVSS scores: * CVE-2025-47911 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-47911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-58190 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for alloy fixes the following issues: Upgrade to version 1.12.1. Security issues fixed: * CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents (bsc#1251509). * CVE-2025-47913: golang.org/x/crypto: early client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253609). * CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input (bsc#1251716). Other updates and bugfixes: * Version 1.12.1: * Bugfixes * update to Beyla 2.7.10. * Version 1.12.0: * Breaking changes * `prometheus.exporter.blackbox`, `prometheus.exporter.snmp` and `prometheus.exporter.statsd` now use the component ID instead of the hostname as their instance label in their exported metrics. * Features * (Experimental) Add an `otelcol.receiver.cloudflare` component to receive logs pushed by Cloudflare's LogPush jobs. * (Experimental) Additions to experimental `database_observability.mysql` component: * `explain_plans` * collector now changes schema before returning the connection to the pool. * collector now passes queries more permissively. * enable `explain_plans` collector by default * (Experimental) Additions to experimental `database_observability.postgres` component: * `explain_plans` * added the explain plan collector. * collector now passes queries more permissively. * `query_samples` * add user field to wait events within `query_samples` collector. * rework the query samples collector to buffer per-query execution state across scrapes and emit finalized entries. * process turned idle rows to calculate finalization times precisely and emit first seen idle rows. * `query_details` * escape queries coming from `pg_stat_statements` with quotes. * enable `explain_plans` collector by default. * safely generate `server_id` when UDP socket used for database connection. * add table registry and include "validated" in parsed table name logs. * Add `otelcol.exporter.googlecloudpubsub` community component to export metrics, traces, and logs to Google Cloud Pub/Sub topic. * Add `structured_metadata_drop` stage for `loki.process` to filter structured metadata. * Send remote config status to the remote server for the `remotecfg` service. * Send effective config to the remote server for the `remotecfg` service. * Add a `stat_statements` configuration block to the `prometheus.exporter.postgres` component to enable selecting both the query ID and the full SQL statement. The new block includes one option to enable statement selection, and another to configure the maximum length of the statement text. * Add truncate stage for `loki.process` to truncate log entries, label values, and `structured_metadata` values. * Add `u_probe_links` & `load_probe` configuration fields to alloy `pyroscope.ebpf` to extend configuration of the `opentelemetry-ebpf-profiler` to allow uprobe profiling and dynamic probing. * Add `verbose_mode` configuration fields to `alloy pyroscope.ebpf` to be enable `ebpf-profiler` verbose mode. * Add `file_match` block to `loki.source.file` for built-in file discovery using glob patterns. * Add a regex argument to the `structured_metadata` stage in `loki.process` to extract labels matching a regular expression. * OpenTelemetry Collector dependencies upgraded from v0.134.0 to v0.139.0. * See the upstream core and contrib changelogs for more details. * A new `mimir.alerts.kubernetes` component which discovers AlertmanagerConfig Kubernetes resources and loads them into a Mimir instance. * Mark `stage.windowsevent` block in the `loki.process` component as GA. * Enhancements * Add per-application rate limiting with the strategy attribute in the `faro.receiver` component, to prevent one application from consuming the rate limit quota of others. * Add support of tls in components `loki.source.(awsfirehose|gcplog|heroku|api)` and `prometheus.receive_http` and `pyroscope.receive_http`. * Remove `SendSIGKILL=no` from unit files and recommendations. * Reduce memory overhead of `prometheus.remote_write`'s WAL by lowering the size of the allocated series storage. * Reduce lock wait/contention on the `labelstore.LabelStore` by removing unecessary usage from `prometheus.relabel`. * `prometheus.exporter.postgres` dependency has been updated to v0.18.1. * Update Beyla component to 2.7.8. * Support delimiters in `stage.luhn`. * `pyroscope.java`: update `async-profiler` to 4.2. * `prometheus.exporter.unix`: Add an arp config block to configure the ARP collector. * `prometheus.exporter.snowflake` dependency has been updated to 20251016132346-6d442402afb2. * `loki.source.podlogs` now supports `preserve_discovered_labels` parameter to preserve discovered pod metadata labels for use by downstream components. * Rework underlying framework of Alloy UI to use Vite instead of Create React App. * Use POST requests for remote config requests to avoid hitting http2 header limits. * `loki.source.api` during component shutdown will now reject all the inflight requests with status code 503 after `graceful_shutdown_timeout` has expired. * `kubernetes.discovery`: Add support for attaching namespace metadata. * Add `meta_cache_address` to `beyla.ebpf` component. * Bugfixes * Stop `loki.source.kubernetes` discarding log lines with duplicate timestamps. * Fix direction of arrows for pyroscope components in UI graph. * Only log EOF errors for syslog port investigations in `loki.source.syslog` as Debug, not Warn. * Fix `prometheus.exporter.process` ignoring the `remove_empty_groups` argument. * Fix issues with "unknown series ref when trying to add exemplar" from `prometheus.remote_write` by allowing series ref links to be updated if they change. * Fix `loki.source.podlogs` component to register the Kubernetes field index for `spec.nodeName` when node filtering is enabled, preventing "Index with name `field:spec.nodeName` does not exist" errors. * Fix issue in `loki.source.file` where scheduling files could take too long. * Fix `loki.write` no longer includes internal labels __. * Fix missing native histograms custom buckets (NHCB) samples from `prometheus.remote_write`. * `otelcol.receiver.prometheus` now supports mixed histograms if `prometheus.scrape` has `honor_metadata` set to true. * `loki.source.file` has better support for non-UTF-8 encoded files. * Fix the `loki.write` endpoint block's `enable_http2` attribute to actually affect the client. * Optionally remove trailing newlines before appending entries in `stage.multiline`. * `loki.source.api` no longer drops request when relabel rules drops a specific stream. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-28=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * alloy-debuginfo-1.12.1-150700.15.12.1 * alloy-1.12.1-150700.15.12.1 ## References: * https://www.suse.com/security/cve/CVE-2025-47911.html * https://www.suse.com/security/cve/CVE-2025-47913.html * https://www.suse.com/security/cve/CVE-2025-58190.html * https://bugzilla.suse.com/show_bug.cgi?id=1251509 * https://bugzilla.suse.com/show_bug.cgi?id=1251716 * https://bugzilla.suse.com/show_bug.cgi?id=1253609 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Jan 5 20:30:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 Jan 2026 20:30:19 -0000 Subject: SUSE-SU-2026:0027-1: moderate: Security update for python3 Message-ID: <176764501926.22173.589536603782192261@smelt2.prg2.suse.org> # Security update for python3 Announcement ID: SUSE-SU-2026:0027-1 Release Date: 2026-01-05T12:50:14Z Rating: moderate References: * bsc#1254400 * bsc#1254401 * bsc#1254997 Cross-References: * CVE-2025-12084 * CVE-2025-13836 * CVE-2025-13837 CVSS scores: * CVE-2025-12084 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-12084 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13836 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13836 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2025-13837 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13837 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13837 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * openSUSE Leap 15.3 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for python3 fixes the following issues: * CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997) * CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400) * CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-27=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-27=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-27=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-27=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-27=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-27=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-27=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-27=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-27=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-27=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-27=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * python3-dbm-3.6.15-150300.10.103.1 * python3-doc-3.6.15-150300.10.103.1 * python3-debugsource-3.6.15-150300.10.103.1 * python3-devel-debuginfo-3.6.15-150300.10.103.1 * python3-core-debugsource-3.6.15-150300.10.103.1 * python3-base-debuginfo-3.6.15-150300.10.103.1 * python3-dbm-debuginfo-3.6.15-150300.10.103.1 * python3-testsuite-3.6.15-150300.10.103.1 * python3-tools-3.6.15-150300.10.103.1 * python3-testsuite-debuginfo-3.6.15-150300.10.103.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.103.1 * python3-devel-3.6.15-150300.10.103.1 * python3-idle-3.6.15-150300.10.103.1 * python3-3.6.15-150300.10.103.1 * python3-base-3.6.15-150300.10.103.1 * python3-debuginfo-3.6.15-150300.10.103.1 * python3-tk-debuginfo-3.6.15-150300.10.103.1 * python3-doc-devhelp-3.6.15-150300.10.103.1 * python3-curses-3.6.15-150300.10.103.1 * python3-tk-3.6.15-150300.10.103.1 * python3-curses-debuginfo-3.6.15-150300.10.103.1 * libpython3_6m1_0-3.6.15-150300.10.103.1 * openSUSE Leap 15.3 (x86_64) * libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.103.1 * libpython3_6m1_0-32bit-3.6.15-150300.10.103.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libpython3_6m1_0-64bit-3.6.15-150300.10.103.1 * libpython3_6m1_0-64bit-debuginfo-3.6.15-150300.10.103.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python3-dbm-3.6.15-150300.10.103.1 * python3-doc-3.6.15-150300.10.103.1 * python3-debugsource-3.6.15-150300.10.103.1 * python3-devel-debuginfo-3.6.15-150300.10.103.1 * python3-core-debugsource-3.6.15-150300.10.103.1 * python3-base-debuginfo-3.6.15-150300.10.103.1 * python3-dbm-debuginfo-3.6.15-150300.10.103.1 * python3-testsuite-3.6.15-150300.10.103.1 * python3-tools-3.6.15-150300.10.103.1 * python3-testsuite-debuginfo-3.6.15-150300.10.103.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.103.1 * python3-devel-3.6.15-150300.10.103.1 * python3-idle-3.6.15-150300.10.103.1 * python3-3.6.15-150300.10.103.1 * python3-base-3.6.15-150300.10.103.1 * python3-debuginfo-3.6.15-150300.10.103.1 * python3-tk-debuginfo-3.6.15-150300.10.103.1 * python3-doc-devhelp-3.6.15-150300.10.103.1 * python3-curses-3.6.15-150300.10.103.1 * python3-tk-3.6.15-150300.10.103.1 * python3-curses-debuginfo-3.6.15-150300.10.103.1 * libpython3_6m1_0-3.6.15-150300.10.103.1 * openSUSE Leap 15.6 (x86_64) * libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.103.1 * libpython3_6m1_0-32bit-3.6.15-150300.10.103.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * python3-3.6.15-150300.10.103.1 * python3-base-debuginfo-3.6.15-150300.10.103.1 * python3-base-3.6.15-150300.10.103.1 * python3-debuginfo-3.6.15-150300.10.103.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.103.1 * python3-debugsource-3.6.15-150300.10.103.1 * python3-core-debugsource-3.6.15-150300.10.103.1 * libpython3_6m1_0-3.6.15-150300.10.103.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * python3-3.6.15-150300.10.103.1 * python3-base-debuginfo-3.6.15-150300.10.103.1 * python3-base-3.6.15-150300.10.103.1 * python3-debuginfo-3.6.15-150300.10.103.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.103.1 * python3-debugsource-3.6.15-150300.10.103.1 * python3-core-debugsource-3.6.15-150300.10.103.1 * libpython3_6m1_0-3.6.15-150300.10.103.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * python3-3.6.15-150300.10.103.1 * python3-base-debuginfo-3.6.15-150300.10.103.1 * python3-base-3.6.15-150300.10.103.1 * python3-debuginfo-3.6.15-150300.10.103.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.103.1 * python3-debugsource-3.6.15-150300.10.103.1 * python3-core-debugsource-3.6.15-150300.10.103.1 * libpython3_6m1_0-3.6.15-150300.10.103.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * python3-3.6.15-150300.10.103.1 * python3-base-debuginfo-3.6.15-150300.10.103.1 * python3-base-3.6.15-150300.10.103.1 * python3-debuginfo-3.6.15-150300.10.103.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.103.1 * python3-debugsource-3.6.15-150300.10.103.1 * python3-core-debugsource-3.6.15-150300.10.103.1 * libpython3_6m1_0-3.6.15-150300.10.103.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * python3-3.6.15-150300.10.103.1 * python3-base-debuginfo-3.6.15-150300.10.103.1 * python3-base-3.6.15-150300.10.103.1 * python3-debuginfo-3.6.15-150300.10.103.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.103.1 * python3-debugsource-3.6.15-150300.10.103.1 * python3-core-debugsource-3.6.15-150300.10.103.1 * libpython3_6m1_0-3.6.15-150300.10.103.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python3-3.6.15-150300.10.103.1 * python3-dbm-3.6.15-150300.10.103.1 * python3-base-debuginfo-3.6.15-150300.10.103.1 * python3-base-3.6.15-150300.10.103.1 * python3-dbm-debuginfo-3.6.15-150300.10.103.1 * python3-debuginfo-3.6.15-150300.10.103.1 * python3-curses-debuginfo-3.6.15-150300.10.103.1 * python3-tk-debuginfo-3.6.15-150300.10.103.1 * python3-curses-3.6.15-150300.10.103.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.103.1 * python3-tk-3.6.15-150300.10.103.1 * python3-idle-3.6.15-150300.10.103.1 * python3-debugsource-3.6.15-150300.10.103.1 * python3-devel-debuginfo-3.6.15-150300.10.103.1 * python3-devel-3.6.15-150300.10.103.1 * python3-core-debugsource-3.6.15-150300.10.103.1 * libpython3_6m1_0-3.6.15-150300.10.103.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python3-tools-3.6.15-150300.10.103.1 * python3-core-debugsource-3.6.15-150300.10.103.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python3-3.6.15-150300.10.103.1 * python3-base-debuginfo-3.6.15-150300.10.103.1 * python3-base-3.6.15-150300.10.103.1 * python3-debuginfo-3.6.15-150300.10.103.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.103.1 * python3-debugsource-3.6.15-150300.10.103.1 * python3-core-debugsource-3.6.15-150300.10.103.1 * libpython3_6m1_0-3.6.15-150300.10.103.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python3-3.6.15-150300.10.103.1 * python3-base-debuginfo-3.6.15-150300.10.103.1 * python3-base-3.6.15-150300.10.103.1 * python3-debuginfo-3.6.15-150300.10.103.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.103.1 * python3-debugsource-3.6.15-150300.10.103.1 * python3-core-debugsource-3.6.15-150300.10.103.1 * libpython3_6m1_0-3.6.15-150300.10.103.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12084.html * https://www.suse.com/security/cve/CVE-2025-13836.html * https://www.suse.com/security/cve/CVE-2025-13837.html * https://bugzilla.suse.com/show_bug.cgi?id=1254400 * https://bugzilla.suse.com/show_bug.cgi?id=1254401 * https://bugzilla.suse.com/show_bug.cgi?id=1254997 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Jan 5 20:30:23 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 Jan 2026 20:30:23 -0000 Subject: SUSE-SU-2026:0025-1: moderate: Security update for python312 Message-ID: <176764502310.22173.8630161179227351516@smelt2.prg2.suse.org> # Security update for python312 Announcement ID: SUSE-SU-2026:0025-1 Release Date: 2026-01-05T12:11:33Z Rating: moderate References: * bsc#1254400 * bsc#1254401 * bsc#1254997 Cross-References: * CVE-2025-12084 * CVE-2025-13836 * CVE-2025-13837 CVSS scores: * CVE-2025-12084 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-12084 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13836 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13836 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2025-13837 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13837 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13837 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 An update that solves three vulnerabilities can now be installed. ## Description: This update for python312 fixes the following issues: * CVE-2025-12084: quadratic complexity when building nested elements using `xml.dom.minidom` methods that depend on `_clear_id_cache()` can lead to availability issues when building excessively nested documents (bsc#1254997). * CVE-2025-13836: use of `Content-Length` by default when reading an HTTP response with no read amount specified can lead to OOM issues and DoS when a client deals with a malicious server (bsc#1254400). * CVE-2025-13837: data read by the plistlib module according to the size specified by the file itself can lead to OOM issues and DoS (bsc#1254401). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-25=1 openSUSE-SLE-15.6-2026-25=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python312-core-debugsource-3.12.12-150600.3.40.1 * python312-devel-3.12.12-150600.3.40.1 * python312-dbm-debuginfo-3.12.12-150600.3.40.1 * libpython3_12-1_0-debuginfo-3.12.12-150600.3.40.1 * python312-tk-3.12.12-150600.3.40.1 * python312-doc-devhelp-3.12.12-150600.3.40.1 * python312-debuginfo-3.12.12-150600.3.40.1 * python312-base-debuginfo-3.12.12-150600.3.40.1 * python312-debugsource-3.12.12-150600.3.40.1 * python312-testsuite-3.12.12-150600.3.40.1 * python312-testsuite-debuginfo-3.12.12-150600.3.40.1 * python312-tk-debuginfo-3.12.12-150600.3.40.1 * python312-dbm-3.12.12-150600.3.40.1 * python312-doc-3.12.12-150600.3.40.1 * python312-curses-3.12.12-150600.3.40.1 * libpython3_12-1_0-3.12.12-150600.3.40.1 * python312-idle-3.12.12-150600.3.40.1 * python312-base-3.12.12-150600.3.40.1 * python312-3.12.12-150600.3.40.1 * python312-tools-3.12.12-150600.3.40.1 * python312-curses-debuginfo-3.12.12-150600.3.40.1 * openSUSE Leap 15.6 (x86_64) * python312-base-32bit-3.12.12-150600.3.40.1 * python312-base-32bit-debuginfo-3.12.12-150600.3.40.1 * libpython3_12-1_0-32bit-3.12.12-150600.3.40.1 * libpython3_12-1_0-32bit-debuginfo-3.12.12-150600.3.40.1 * python312-32bit-debuginfo-3.12.12-150600.3.40.1 * python312-32bit-3.12.12-150600.3.40.1 * openSUSE Leap 15.6 (aarch64_ilp32) * python312-base-64bit-3.12.12-150600.3.40.1 * libpython3_12-1_0-64bit-debuginfo-3.12.12-150600.3.40.1 * python312-64bit-3.12.12-150600.3.40.1 * python312-64bit-debuginfo-3.12.12-150600.3.40.1 * libpython3_12-1_0-64bit-3.12.12-150600.3.40.1 * python312-base-64bit-debuginfo-3.12.12-150600.3.40.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12084.html * https://www.suse.com/security/cve/CVE-2025-13836.html * https://www.suse.com/security/cve/CVE-2025-13837.html * https://bugzilla.suse.com/show_bug.cgi?id=1254400 * https://bugzilla.suse.com/show_bug.cgi?id=1254401 * https://bugzilla.suse.com/show_bug.cgi?id=1254997 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Jan 5 20:30:26 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 Jan 2026 20:30:26 -0000 Subject: SUSE-SU-2026:0024-1: moderate: Security update for python313 Message-ID: <176764502697.22173.2830612116777220965@smelt2.prg2.suse.org> # Security update for python313 Announcement ID: SUSE-SU-2026:0024-1 Release Date: 2026-01-05T12:10:26Z Rating: moderate References: * bsc#1254400 * bsc#1254401 * bsc#1254997 Cross-References: * CVE-2025-12084 * CVE-2025-13836 * CVE-2025-13837 CVSS scores: * CVE-2025-12084 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-12084 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13836 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13836 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2025-13837 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13837 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13837 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for python313 fixes the following issues: Update to version 3.13.11. Security issues fixed: * CVE-2025-12084: quadratic complexity when building nested elements using `xml.dom.minidom` methods that depend on `_clear_id_cache()` can lead to availability issues when building excessively nested documents (bsc#1254997). * CVE-2025-13836: use of `Content-Length` by default when reading an HTTP response with no read amount specified can lead to OOM issues and DoS when a client deals with a malicious server (bsc#1254400). * CVE-2025-13837: data read by the plistlib module according to the size specified by the file itself can lead to OOM issues and DoS (bsc#1254401). Other updates and bugfixes: * Version 3.13.11: * Library * gh-140797: Revert changes to the undocumented re.Scanner class. Capturing groups are still allowed for backward compatibility, although using them can lead to incorrect result. They will be forbidden in future Python versions. * gh-142206: The resource tracker in the multiprocessing module now uses the original communication protocol, as in Python 3.14.0 and below, by default. This avoids issues with upgrading Python while it is running. (Note that such ?in-place? upgrades are not tested.) The tracker remains compatible with subprocesses that use new protocol (that is, subprocesses using Python 3.13.10, 3.14.1 and 3.15). * Core and Builtins * gh-142218: Fix crash when inserting into a split table dictionary with a non str key that matches an existing key. * Version to 3.13.10: * Security * gh-137836: Add support of the ?plaintext? element, RAWTEXT elements ?xmp?, ?iframe?, ?noembed? and ?noframes?, and optionally RAWTEXT element ?noscript? in html.parser.HTMLParser. * gh-136063: email.message: ensure linear complexity for legacy HTTP parameters parsing. Patch by B?n?dikt Tran. * Library * gh-74389: When the stdin being used by a subprocess.Popen instance is closed, this is now ignored in subprocess.Popen.communicate() instead of leaving the class in an inconsistent state. * gh-87512: Fix subprocess.Popen.communicate() timeout handling on Windows when writing large input. Previously, the timeout was ignored during stdin writing, causing the method to block indefinitely if the child process did not consume input quickly. The stdin write is now performed in a background thread, allowing the timeout to be properly enforced. * gh-141473: When subprocess.Popen.communicate() was called with input and a timeout and is called for a second time after a TimeoutExpired exception before the process has died, it should no longer hang. * gh-59000: Fix pdb breakpoint resolution for class methods when the module defining the class is not imported. * gh-141570: Support file-like object raising OSError from fileno() in color detection (_colorize.can_colorize()). This can occur when sys.stdout is redirected. * gh-141659: Fix bad file descriptor errors from _posixsubprocess on AIX. * gh-141497: ipaddress: ensure that the methods IPv4Network.hosts() and IPv6Network.hosts() always return an iterator. * gh-140938: The statistics.stdev() and statistics.pstdev() functions now raise a ValueError when the input contains an infinity or a NaN. * gh-124111: Updated Tcl threading configuration in _tkinter to assume that threads are always available in Tcl 9 and later. * gh-137109: The os.fork and related forking APIs will no longer warn in the common case where Linux or macOS platform APIs return the number of threads in a process and find the answer to be 1 even when a os.register_at_fork() after_in_parent= callback (re)starts a thread. * gh-141314: Fix assertion failure in io.TextIOWrapper.tell() when reading files with standalone carriage return (\r) line endings. * gh-141311: Fix assertion failure in io.BytesIO.readinto() and undefined behavior arising when read position is above capcity in io.BytesIO. * gh-141141: Fix a thread safety issue with base64.b85decode(). Contributed by Benel Tayar. * gh-140911: collections: Ensure that the methods UserString.rindex() and UserString.index() accept collections.UserString instances as the sub argument. * gh-140797: The undocumented re.Scanner class now forbids regular expressions containing capturing groups in its lexicon patterns. Patterns using capturing groups could previously lead to crashes with segmentation fault. Use non-capturing groups (?:?) instead. * gh-140815: faulthandler now detects if a frame or a code object is invalid or freed. Patch by Victor Stinner. * gh-100218: Correctly set errno when socket.if_nametoindex() or socket.if_indextoname() raise an OSError. Patch by B?n?dikt Tran. * gh-140875: Fix handling of unclosed character references (named and numerical) followed by the end of file in html.parser.HTMLParser with convert_charrefs=False. * gh-140734: multiprocessing: fix off-by-one error when checking the length of a temporary socket file path. Patch by B?n?dikt Tran. * gh-140874: Bump the version of pip bundled in ensurepip to version 25.3 * gh-140691: In urllib.request, when opening a FTP URL fails because a data connection cannot be made, the control connection?s socket is now closed to avoid a ResourceWarning. * gh-103847: Fix hang when cancelling process created by asyncio.create_subprocess_exec() or asyncio.create_subprocess_shell(). Patch by Kumar Aditya. * gh-140590: Fix arguments checking for the functools.partial. **setstate** () that may lead to internal state corruption and crash. Patch by Sergey Miryanov. * gh-140634: Fix a reference counting bug in os.sched_param. **reduce** (). * gh-140633: Ignore AttributeError when setting a module?s **file** attribute when loading an extension module packaged as Apple Framework. * gh-140593: xml.parsers.expat: Fix a memory leak that could affect users with ElementDeclHandler() set to a custom element declaration handler. Patch by Sebastian Pipping. * gh-140607: Inside io.RawIOBase.read(), validate that the count of bytes returned by io.RawIOBase.readinto() is valid (inside the provided buffer). * gh-138162: Fix logging.LoggerAdapter with merge_extra=True and without the extra argument. * gh-140474: Fix memory leak in array.array when creating arrays from an empty str and the u type code. * gh-140272: Fix memory leak in the clear() method of the dbm.gnu database. * gh-140041: Fix import of ctypes on Android and Cygwin when ABI flags are present. * gh-139905: Add suggestion to error message for typing.Generic subclasses when cls. **parameters** is missing due to a parent class failing to call super(). **init_subclass** () in its **init_subclass**. * gh-139845: Fix to not print KeyboardInterrupt twice in default asyncio REPL. * gh-139783: Fix inspect.getsourcelines() for the case when a decorator is followed by a comment or an empty line. * gh-70765: http.server: fix default handling of HTTP/0.9 requests in BaseHTTPRequestHandler. Previously, BaseHTTPRequestHandler.parse_request() incorrectly waited for headers in the request although those are not supported in HTTP/0.9. Patch by B?n?dikt Tran. * gh-139391: Fix an issue when, on non-Windows platforms, it was not possible to gracefully exit a python -m asyncio process suspended by Ctrl+Z and later resumed by fg other than with kill. * gh-101828: Fix 'shift_jisx0213', 'shift_jis_2004', 'euc_jisx0213' and 'euc_jis_2004' codecs truncating null chars as they were treated as part of multi-character sequences. * gh-139246: fix: paste zero-width in default repl width is wrong. * gh-90949: Add SetAllocTrackerActivationThreshold() and SetAllocTrackerMaximumAmplification() to xmlparser objects to prevent use of disproportional amounts of dynamic memory from within an Expat parser. Patch by B?n?dikt Tran. * gh-139065: Fix trailing space before a wrapped long word if the line length is exactly width in textwrap. * gh-138993: Dedent credits text. * gh-138859: Fix generic type parameterization raising a TypeError when omitting a ParamSpec that has a default which is not a list of types. * gh-138775: Use of python -m with base64 has been fixed to detect input from a terminal so that it properly notices EOF. * gh-98896: Fix a failure in multiprocessing resource_tracker when SharedMemory names contain colons. Patch by Rani Pinchuk. * gh-75989: tarfile.TarFile.extractall() and tarfile.TarFile.extract() now overwrite symlinks when extracting hardlinks. (Contributed by Alexander Enrique Urieles Nieto in gh-75989.) * gh-83424: Allows creating a ctypes.CDLL without name when passing a handle as an argument. * gh-136234: Fix asyncio.WriteTransport.writelines() to be robust to connection failure, by using the same behavior as write(). * gh-136057: Fixed the bug in pdb and bdb where next and step can?t go over the line if a loop exists in the line. * gh-135307: email: Fix exception in set_content() when encoding text and max_line_length is set to 0 or None (unlimited). * gh-134453: Fixed subprocess.Popen.communicate() input= handling of memoryview instances that were non-byte shaped on POSIX platforms. Those are now properly cast to a byte shaped view instead of truncating the input. Windows platforms did not have this bug. * gh-102431: Clarify constraints for ?logical? arguments in methods of decimal.Context. * IDLE * gh-96491: Deduplicate version number in IDLE shell title bar after saving to a file. * Core and Builtins * gh-142048: Fix quadratically increasing garbage collection delays in free-threaded build. * gh-141930: When importing a module, use Python?s regular file object to ensure that writes to .pyc files are complete or an appropriate error is raised. * gh-120158: Fix inconsistent state when enabling or disabling monitoring events too many times. * gh-141579: Fix sys.activate_stack_trampoline() to properly support the perf_jit backend. Patch by Pablo Galindo. * gh-141312: Fix the assertion failure in the **setstate** method of the range iterator when a non-integer argument is passed. Patch by Sergey Miryanov. * gh-140939: Fix memory leak when bytearray or bytes is formated with the %*b format with a large width that results in %a MemoryError. * gh-140530: Fix a reference leak when raise exc from cause fails. Patch by B?n?dikt Tran. * gh-140576: Fixed crash in tokenize.generate_tokens() in case of specific incorrect input. Patch by Mikhail Efimov. * gh-140551: Fixed crash in dict if dict.clear() is called at the lookup stage. Patch by Mikhail Efimov and Inada Naoki. * gh-140471: Fix potential buffer overflow in ast.AST node initialization when encountering malformed _fields containing non-str. * gh-140406: Fix memory leak when an object?s **hash** () method returns an object that isn?t an int. * gh-140306: Fix memory leaks in cross-interpreter channel operations and shared namespace handling. * gh-140301: Fix memory leak of PyConfig in subinterpreters. * gh-140000: Fix potential memory leak when a reference cycle exists between an instance of typing.TypeAliasType, typing.TypeVar, typing.ParamSpec, or typing.TypeVarTuple and its **name** attribute. Patch by Mikhail Efimov. * gh-139748: Fix reference leaks in error branches of functions accepting path strings or bytes such as compile() and os.system(). Patch by B?n?dikt Tran. * gh-139516: Fix lambda colon erroneously start format spec in f-string in tokenizer. * gh-139640: Fix swallowing some syntax warnings in different modules if they accidentally have the same message and are emitted from the same line. Fix duplicated warnings in the finally block. * gh-137400: Fix a crash in the free threading build when disabling profiling or tracing across all threads with PyEval_SetProfileAllThreads() or PyEval_SetTraceAllThreads() or their Python equivalents threading.settrace_all_threads() and threading.setprofile_all_threads(). * gh-133400: Fixed Ctrl+D (^D) behavior in _pyrepl module to match old pre-3.13 REPL behavior. * C API * gh-140042: Removed the sqlite3_shutdown call that could cause closing connections for sqlite when used with multiple sub interpreters. * gh-140487: Fix Py_RETURN_NOTIMPLEMENTED in limited C API 3.11 and older: don?t treat Py_NotImplemented as immortal. Patch by Victor Stinner. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-24=1 ## Package List: * Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python313-debugsource-3.13.11-150700.4.36.1 * python313-base-debuginfo-3.13.11-150700.4.36.1 * python313-3.13.11-150700.4.36.1 * python313-curses-3.13.11-150700.4.36.1 * python313-base-3.13.11-150700.4.36.1 * libpython3_13-1_0-debuginfo-3.13.11-150700.4.36.1 * python313-tk-3.13.11-150700.4.36.1 * python313-tools-3.13.11-150700.4.36.1 * python313-curses-debuginfo-3.13.11-150700.4.36.1 * python313-idle-3.13.11-150700.4.36.1 * python313-core-debugsource-3.13.11-150700.4.36.1 * libpython3_13-1_0-3.13.11-150700.4.36.1 * python313-debuginfo-3.13.11-150700.4.36.1 * python313-devel-3.13.11-150700.4.36.1 * python313-dbm-debuginfo-3.13.11-150700.4.36.1 * python313-tk-debuginfo-3.13.11-150700.4.36.1 * python313-dbm-3.13.11-150700.4.36.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12084.html * https://www.suse.com/security/cve/CVE-2025-13836.html * https://www.suse.com/security/cve/CVE-2025-13837.html * https://bugzilla.suse.com/show_bug.cgi?id=1254400 * https://bugzilla.suse.com/show_bug.cgi?id=1254401 * https://bugzilla.suse.com/show_bug.cgi?id=1254997 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Jan 5 20:30:31 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 05 Jan 2026 20:30:31 -0000 Subject: SUSE-SU-2026:0023-1: moderate: Security update for erlang26 Message-ID: <176764503137.22173.7471442975973043624@smelt2.prg2.suse.org> # Security update for erlang26 Announcement ID: SUSE-SU-2026:0023-1 Release Date: 2026-01-05T12:06:33Z Rating: moderate References: * bsc#1249469 * bsc#1249470 * bsc#1249472 Cross-References: * CVE-2025-48038 * CVE-2025-48039 * CVE-2025-48040 CVSS scores: * CVE-2025-48038 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-48038 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-48038 ( NVD ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-48039 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-48039 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-48039 ( NVD ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-48040 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-48040 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-48040 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.6 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for erlang26 fixes the following issues: * CVE-2025-48040: Excessive resource consumption (bsc#1249472) * CVE-2025-48039: Excessive use of system resources (bsc#1249469) * CVE-2025-48038: Excessive use of system resources (bsc#1249470) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-23=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-23=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-23=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * erlang26-epmd-debuginfo-26.2.1-150300.7.22.1 * erlang26-wx-26.2.1-150300.7.22.1 * erlang26-dialyzer-26.2.1-150300.7.22.1 * erlang26-reltool-26.2.1-150300.7.22.1 * erlang26-observer-src-26.2.1-150300.7.22.1 * erlang26-jinterface-src-26.2.1-150300.7.22.1 * erlang26-debugger-src-26.2.1-150300.7.22.1 * erlang26-epmd-26.2.1-150300.7.22.1 * erlang26-debugger-26.2.1-150300.7.22.1 * erlang26-debugsource-26.2.1-150300.7.22.1 * erlang26-dialyzer-src-26.2.1-150300.7.22.1 * erlang26-observer-26.2.1-150300.7.22.1 * erlang26-dialyzer-debuginfo-26.2.1-150300.7.22.1 * erlang26-debuginfo-26.2.1-150300.7.22.1 * erlang26-reltool-src-26.2.1-150300.7.22.1 * erlang26-wx-debuginfo-26.2.1-150300.7.22.1 * erlang26-et-26.2.1-150300.7.22.1 * erlang26-wx-src-26.2.1-150300.7.22.1 * erlang26-diameter-src-26.2.1-150300.7.22.1 * erlang26-et-src-26.2.1-150300.7.22.1 * erlang26-26.2.1-150300.7.22.1 * erlang26-diameter-26.2.1-150300.7.22.1 * erlang26-jinterface-26.2.1-150300.7.22.1 * erlang26-doc-26.2.1-150300.7.22.1 * erlang26-src-26.2.1-150300.7.22.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * erlang26-epmd-debuginfo-26.2.1-150300.7.22.1 * erlang26-26.2.1-150300.7.22.1 * erlang26-debuginfo-26.2.1-150300.7.22.1 * erlang26-epmd-26.2.1-150300.7.22.1 * erlang26-debugsource-26.2.1-150300.7.22.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * erlang26-epmd-debuginfo-26.2.1-150300.7.22.1 * erlang26-wx-26.2.1-150300.7.22.1 * erlang26-dialyzer-26.2.1-150300.7.22.1 * erlang26-reltool-26.2.1-150300.7.22.1 * erlang26-observer-src-26.2.1-150300.7.22.1 * erlang26-jinterface-src-26.2.1-150300.7.22.1 * erlang26-debugger-src-26.2.1-150300.7.22.1 * erlang26-epmd-26.2.1-150300.7.22.1 * erlang26-debugger-26.2.1-150300.7.22.1 * erlang26-debugsource-26.2.1-150300.7.22.1 * erlang26-dialyzer-src-26.2.1-150300.7.22.1 * erlang26-observer-26.2.1-150300.7.22.1 * erlang26-dialyzer-debuginfo-26.2.1-150300.7.22.1 * erlang26-debuginfo-26.2.1-150300.7.22.1 * erlang26-reltool-src-26.2.1-150300.7.22.1 * erlang26-wx-debuginfo-26.2.1-150300.7.22.1 * erlang26-et-26.2.1-150300.7.22.1 * erlang26-wx-src-26.2.1-150300.7.22.1 * erlang26-diameter-src-26.2.1-150300.7.22.1 * erlang26-et-src-26.2.1-150300.7.22.1 * erlang26-26.2.1-150300.7.22.1 * erlang26-diameter-26.2.1-150300.7.22.1 * erlang26-jinterface-26.2.1-150300.7.22.1 * erlang26-doc-26.2.1-150300.7.22.1 * erlang26-src-26.2.1-150300.7.22.1 ## References: * https://www.suse.com/security/cve/CVE-2025-48038.html * https://www.suse.com/security/cve/CVE-2025-48039.html * https://www.suse.com/security/cve/CVE-2025-48040.html * https://bugzilla.suse.com/show_bug.cgi?id=1249469 * https://bugzilla.suse.com/show_bug.cgi?id=1249470 * https://bugzilla.suse.com/show_bug.cgi?id=1249472 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Jan 6 08:30:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 06 Jan 2026 08:30:10 -0000 Subject: SUSE-SU-2026:0034-1: important: Security update for the Linux Kernel Message-ID: <176768821035.22154.8626775378496052981@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:0034-1 Release Date: 2026-01-05T19:29:30Z Rating: important References: * bsc#1233640 * bsc#1249806 * bsc#1251786 * bsc#1252267 * bsc#1252780 * bsc#1252862 * bsc#1253367 * bsc#1253431 * bsc#1253436 Cross-References: * CVE-2022-50280 * CVE-2023-53676 * CVE-2024-53093 * CVE-2025-40040 * CVE-2025-40048 * CVE-2025-40121 * CVE-2025-40154 * CVE-2025-40204 CVSS scores: * CVE-2022-50280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-50280 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-53676 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53676 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53093 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53093 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53093 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40040 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40040 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40048 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40121 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40121 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40154 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40154 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40204 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Micro 5.5 An update that solves eight vulnerabilities and has one security fix can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806). * CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). * CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640). * CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). * CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). * CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367). * CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431). * CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). The following non-security bugs were fixed: * Fix type signess in fbcon_set_font() (bsc#1252033). * scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-34=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-34=1 ## Package List: * openSUSE Leap 15.5 (noarch) * kernel-devel-rt-5.14.21-150500.13.115.1 * kernel-source-rt-5.14.21-150500.13.115.1 * openSUSE Leap 15.5 (x86_64) * kernel-rt-devel-debuginfo-5.14.21-150500.13.115.2 * kernel-rt_debug-debuginfo-5.14.21-150500.13.115.2 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.115.2 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.115.2 * reiserfs-kmp-rt-5.14.21-150500.13.115.2 * kernel-rt_debug-vdso-5.14.21-150500.13.115.2 * kernel-syms-rt-5.14.21-150500.13.115.1 * kselftests-kmp-rt-debuginfo-5.14.21-150500.13.115.2 * kernel-rt-extra-5.14.21-150500.13.115.2 * kernel-rt-optional-5.14.21-150500.13.115.2 * kernel-rt-livepatch-devel-5.14.21-150500.13.115.2 * ocfs2-kmp-rt-5.14.21-150500.13.115.2 * kernel-rt-livepatch-5.14.21-150500.13.115.2 * dlm-kmp-rt-5.14.21-150500.13.115.2 * kernel-rt-debugsource-5.14.21-150500.13.115.2 * kernel-rt-vdso-5.14.21-150500.13.115.2 * cluster-md-kmp-rt-5.14.21-150500.13.115.2 * kernel-rt_debug-debugsource-5.14.21-150500.13.115.2 * kernel-rt-devel-5.14.21-150500.13.115.2 * reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.115.2 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.115.2 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.115.2 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.115.2 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.115.2 * kernel-rt-extra-debuginfo-5.14.21-150500.13.115.2 * gfs2-kmp-rt-5.14.21-150500.13.115.2 * kernel-rt_debug-devel-5.14.21-150500.13.115.2 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.115.2 * kselftests-kmp-rt-5.14.21-150500.13.115.2 * kernel-rt-debuginfo-5.14.21-150500.13.115.2 * kernel-rt-optional-debuginfo-5.14.21-150500.13.115.2 * openSUSE Leap 15.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.115.2 * kernel-rt_debug-5.14.21-150500.13.115.2 * SUSE Linux Enterprise Micro 5.5 (noarch) * kernel-devel-rt-5.14.21-150500.13.115.1 * kernel-source-rt-5.14.21-150500.13.115.1 * SUSE Linux Enterprise Micro 5.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.115.2 * SUSE Linux Enterprise Micro 5.5 (x86_64) * kernel-rt-debugsource-5.14.21-150500.13.115.2 * kernel-rt-debuginfo-5.14.21-150500.13.115.2 ## References: * https://www.suse.com/security/cve/CVE-2022-50280.html * https://www.suse.com/security/cve/CVE-2023-53676.html * https://www.suse.com/security/cve/CVE-2024-53093.html * https://www.suse.com/security/cve/CVE-2025-40040.html * https://www.suse.com/security/cve/CVE-2025-40048.html * https://www.suse.com/security/cve/CVE-2025-40121.html * https://www.suse.com/security/cve/CVE-2025-40154.html * https://www.suse.com/security/cve/CVE-2025-40204.html * https://bugzilla.suse.com/show_bug.cgi?id=1233640 * https://bugzilla.suse.com/show_bug.cgi?id=1249806 * https://bugzilla.suse.com/show_bug.cgi?id=1251786 * https://bugzilla.suse.com/show_bug.cgi?id=1252267 * https://bugzilla.suse.com/show_bug.cgi?id=1252780 * https://bugzilla.suse.com/show_bug.cgi?id=1252862 * https://bugzilla.suse.com/show_bug.cgi?id=1253367 * https://bugzilla.suse.com/show_bug.cgi?id=1253431 * https://bugzilla.suse.com/show_bug.cgi?id=1253436 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Jan 6 08:30:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 06 Jan 2026 08:30:18 -0000 Subject: SUSE-SU-2026:0033-1: important: Security update for the Linux Kernel Message-ID: <176768821867.22154.8890733638759020675@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:0033-1 Release Date: 2026-01-05T19:26:53Z Rating: important References: * bsc#1249806 * bsc#1251786 * bsc#1252033 * bsc#1252267 * bsc#1252780 * bsc#1252862 * bsc#1253367 * bsc#1253431 * bsc#1253436 Cross-References: * CVE-2022-50280 * CVE-2023-53676 * CVE-2025-39967 * CVE-2025-40040 * CVE-2025-40048 * CVE-2025-40121 * CVE-2025-40154 * CVE-2025-40204 CVSS scores: * CVE-2022-50280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-50280 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-53676 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53676 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39967 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39967 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40040 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40040 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40048 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40121 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40121 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40154 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40154 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40204 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves eight vulnerabilities and has one security fix can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806). * CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). * CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033). * CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). * CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). * CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367). * CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431). * CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). The following non-security bugs were fixed: * scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-33=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-33=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-33=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-33=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.139.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.139.2 * kernel-rt-debuginfo-5.14.21-150400.15.139.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * kernel-source-rt-5.14.21-150400.15.139.1 * SUSE Linux Enterprise Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.139.2 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.139.2 * kernel-rt-debuginfo-5.14.21-150400.15.139.2 * SUSE Linux Enterprise Micro 5.3 (noarch) * kernel-source-rt-5.14.21-150400.15.139.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.139.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.139.2 * kernel-rt-debuginfo-5.14.21-150400.15.139.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * kernel-source-rt-5.14.21-150400.15.139.1 * SUSE Linux Enterprise Micro 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.139.2 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.139.2 * kernel-rt-debuginfo-5.14.21-150400.15.139.2 * SUSE Linux Enterprise Micro 5.4 (noarch) * kernel-source-rt-5.14.21-150400.15.139.1 ## References: * https://www.suse.com/security/cve/CVE-2022-50280.html * https://www.suse.com/security/cve/CVE-2023-53676.html * https://www.suse.com/security/cve/CVE-2025-39967.html * https://www.suse.com/security/cve/CVE-2025-40040.html * https://www.suse.com/security/cve/CVE-2025-40048.html * https://www.suse.com/security/cve/CVE-2025-40121.html * https://www.suse.com/security/cve/CVE-2025-40154.html * https://www.suse.com/security/cve/CVE-2025-40204.html * https://bugzilla.suse.com/show_bug.cgi?id=1249806 * https://bugzilla.suse.com/show_bug.cgi?id=1251786 * https://bugzilla.suse.com/show_bug.cgi?id=1252033 * https://bugzilla.suse.com/show_bug.cgi?id=1252267 * https://bugzilla.suse.com/show_bug.cgi?id=1252780 * https://bugzilla.suse.com/show_bug.cgi?id=1252862 * https://bugzilla.suse.com/show_bug.cgi?id=1253367 * https://bugzilla.suse.com/show_bug.cgi?id=1253431 * https://bugzilla.suse.com/show_bug.cgi?id=1253436 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Jan 6 08:30:26 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 06 Jan 2026 08:30:26 -0000 Subject: SUSE-SU-2026:0032-1: important: Security update for the Linux Kernel Message-ID: <176768822665.22154.16768390657127049423@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:0032-1 Release Date: 2026-01-05T19:24:53Z Rating: important References: * bsc#1228688 * bsc#1249806 * bsc#1251247 * bsc#1251786 * bsc#1252560 * bsc#1252780 * bsc#1253367 * bsc#1253431 * bsc#1253436 Cross-References: * CVE-2022-50280 * CVE-2023-53659 * CVE-2023-53676 * CVE-2023-53717 * CVE-2025-40040 * CVE-2025-40121 * CVE-2025-40154 * CVE-2025-40204 CVSS scores: * CVE-2022-50280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-50280 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-53659 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53659 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-53676 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53676 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-53717 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53717 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40040 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40040 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40121 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40121 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40154 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40154 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40204 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves eight vulnerabilities and has one security fix can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806). * CVE-2023-53659: iavf: Fix out-of-bounds when setting channels on remove (bsc#1251247). * CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). * CVE-2023-53717: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (bsc#1252560). * CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). * CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367). * CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431). * CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). The following non-security bugs were fixed: * cifs: Check the lease context if we actually got a lease (bsc#1228688). * cifs: return a single-use cfid if we did not get a lease (bsc#1228688). * smb3: fix Open files on server counter going negative (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-32=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-32=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.229.2 * SUSE Linux Enterprise Micro 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.229.2 * kernel-rt-debugsource-5.3.18-150300.229.2 * SUSE Linux Enterprise Micro 5.2 (noarch) * kernel-source-rt-5.3.18-150300.229.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.229.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.229.2 * kernel-rt-debugsource-5.3.18-150300.229.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * kernel-source-rt-5.3.18-150300.229.1 ## References: * https://www.suse.com/security/cve/CVE-2022-50280.html * https://www.suse.com/security/cve/CVE-2023-53659.html * https://www.suse.com/security/cve/CVE-2023-53676.html * https://www.suse.com/security/cve/CVE-2023-53717.html * https://www.suse.com/security/cve/CVE-2025-40040.html * https://www.suse.com/security/cve/CVE-2025-40121.html * https://www.suse.com/security/cve/CVE-2025-40154.html * https://www.suse.com/security/cve/CVE-2025-40204.html * https://bugzilla.suse.com/show_bug.cgi?id=1228688 * https://bugzilla.suse.com/show_bug.cgi?id=1249806 * https://bugzilla.suse.com/show_bug.cgi?id=1251247 * https://bugzilla.suse.com/show_bug.cgi?id=1251786 * https://bugzilla.suse.com/show_bug.cgi?id=1252560 * https://bugzilla.suse.com/show_bug.cgi?id=1252780 * https://bugzilla.suse.com/show_bug.cgi?id=1253367 * https://bugzilla.suse.com/show_bug.cgi?id=1253431 * https://bugzilla.suse.com/show_bug.cgi?id=1253436 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Jan 6 16:30:04 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 06 Jan 2026 16:30:04 -0000 Subject: SUSE-SU-2026:0042-1: moderate: Security update for usbmuxd Message-ID: <176771700422.22147.13798429288887189181@smelt2.prg2.suse.org> # Security update for usbmuxd Announcement ID: SUSE-SU-2026:0042-1 Release Date: 2026-01-06T10:35:00Z Rating: moderate References: * bsc#1254302 Cross-References: * CVE-2025-66004 CVSS scores: * CVE-2025-66004 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L * CVE-2025-66004 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L * CVE-2025-66004 ( NVD ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-66004 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for usbmuxd fixes the following issues: * CVE-2025-66004: Fixed LPE from nobody to usbmux (bsc#1254302) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-42=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-42=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-42=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-42=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * usbmuxd-1.1.1-150400.3.3.1 * usbmuxd-debugsource-1.1.1-150400.3.3.1 * usbmuxd-debuginfo-1.1.1-150400.3.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * usbmuxd-1.1.1-150400.3.3.1 * usbmuxd-debugsource-1.1.1-150400.3.3.1 * usbmuxd-debuginfo-1.1.1-150400.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * usbmuxd-1.1.1-150400.3.3.1 * usbmuxd-debugsource-1.1.1-150400.3.3.1 * usbmuxd-debuginfo-1.1.1-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * usbmuxd-32bit-debuginfo-1.1.1-150400.3.3.1 * openSUSE Leap 15.4 (aarch64_ilp32) * usbmuxd-64bit-debuginfo-1.1.1-150400.3.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * usbmuxd-1.1.1-150400.3.3.1 * usbmuxd-debugsource-1.1.1-150400.3.3.1 * usbmuxd-debuginfo-1.1.1-150400.3.3.1 * openSUSE Leap 15.6 (x86_64) * usbmuxd-32bit-debuginfo-1.1.1-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-66004.html * https://bugzilla.suse.com/show_bug.cgi?id=1254302 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Jan 6 16:30:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 06 Jan 2026 16:30:08 -0000 Subject: SUSE-SU-2026:0041-1: moderate: Security update for rsync Message-ID: <176771700805.22147.6414134590338079196@smelt2.prg2.suse.org> # Security update for rsync Announcement ID: SUSE-SU-2026:0041-1 Release Date: 2026-01-06T10:33:35Z Rating: moderate References: * bsc#1254441 Cross-References: * CVE-2025-10158 CVSS scores: * CVE-2025-10158 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-10158 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for rsync fixes the following issues: * CVE-2025-10158: Fixed out of bounds array access via negative index (bsc#1254441) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-41=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-41=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-41=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-41=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-41=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-41=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * rsync-debuginfo-3.2.3-150400.3.26.1 * rsync-debugsource-3.2.3-150400.3.26.1 * rsync-3.2.3-150400.3.26.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * rsync-debuginfo-3.2.3-150400.3.26.1 * rsync-debugsource-3.2.3-150400.3.26.1 * rsync-3.2.3-150400.3.26.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * rsync-debuginfo-3.2.3-150400.3.26.1 * rsync-debugsource-3.2.3-150400.3.26.1 * rsync-3.2.3-150400.3.26.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * rsync-debuginfo-3.2.3-150400.3.26.1 * rsync-debugsource-3.2.3-150400.3.26.1 * rsync-3.2.3-150400.3.26.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * rsync-debuginfo-3.2.3-150400.3.26.1 * rsync-debugsource-3.2.3-150400.3.26.1 * rsync-3.2.3-150400.3.26.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * rsync-debuginfo-3.2.3-150400.3.26.1 * rsync-debugsource-3.2.3-150400.3.26.1 * rsync-3.2.3-150400.3.26.1 ## References: * https://www.suse.com/security/cve/CVE-2025-10158.html * https://bugzilla.suse.com/show_bug.cgi?id=1254441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Jan 6 16:30:14 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 06 Jan 2026 16:30:14 -0000 Subject: SUSE-SU-2026:0039-1: important: Security update for qemu Message-ID: <176771701430.22147.5996182755644851488@smelt2.prg2.suse.org> # Security update for qemu Announcement ID: SUSE-SU-2026:0039-1 Release Date: 2026-01-06T10:31:24Z Rating: important References: * bsc#1227397 * bsc#1250984 * bsc#1252768 * bsc#1253002 * bsc#1254286 Cross-References: * CVE-2024-6505 * CVE-2025-11234 * CVE-2025-12464 CVSS scores: * CVE-2024-6505 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2024-6505 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2024-6505 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2025-11234 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-11234 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-11234 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-12464 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-12464 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-12464 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP7 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for qemu fixes the following issues: * CVE-2024-6505: qemu-kvm: virtio-net: Fixed queue index out-of-bounds access in software RSS (bsc#1227397) * CVE-2025-12464: net: pad packets to minimum length in qemu_receive_packet() (bsc#1253002) * CVE-2025-11234: qemu-kvm: Fixed use-after-free in websocket handshake code leading to denial of service (bsc#1250984) Other fixes: \- Fixed *-virtio-gpu-pci dependency on ARM (bsc#1254286) \- block/curl: Fixed curl internal handles handling (bsc#1252768) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-39=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-39=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-39=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-39=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-39=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-39=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-39=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * qemu-block-ssh-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-usb-host-7.1.0-150500.49.36.2 * qemu-tools-7.1.0-150500.49.36.2 * qemu-accel-qtest-7.1.0-150500.49.36.2 * qemu-chardev-baum-debuginfo-7.1.0-150500.49.36.2 * qemu-s390x-7.1.0-150500.49.36.2 * qemu-audio-alsa-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-gpu-pci-debuginfo-7.1.0-150500.49.36.2 * qemu-ksm-7.1.0-150500.49.36.2 * qemu-ui-spice-core-7.1.0-150500.49.36.2 * qemu-ui-opengl-7.1.0-150500.49.36.2 * qemu-accel-qtest-debuginfo-7.1.0-150500.49.36.2 * qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.36.2 * qemu-block-curl-7.1.0-150500.49.36.2 * qemu-guest-agent-7.1.0-150500.49.36.2 * qemu-audio-alsa-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-dbus-debuginfo-7.1.0-150500.49.36.2 * qemu-ppc-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-spice-7.1.0-150500.49.36.2 * qemu-extra-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-usb-redirect-7.1.0-150500.49.36.2 * qemu-linux-user-debugsource-7.1.0-150500.49.36.2 * qemu-7.1.0-150500.49.36.2 * qemu-x86-debuginfo-7.1.0-150500.49.36.2 * qemu-chardev-spice-7.1.0-150500.49.36.2 * qemu-ui-gtk-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-gpu-7.1.0-150500.49.36.2 * qemu-block-nfs-7.1.0-150500.49.36.2 * qemu-block-gluster-7.1.0-150500.49.36.2 * qemu-ui-dbus-7.1.0-150500.49.36.2 * qemu-block-ssh-7.1.0-150500.49.36.2 * qemu-ui-spice-core-debuginfo-7.1.0-150500.49.36.2 * qemu-block-iscsi-7.1.0-150500.49.36.2 * qemu-hw-display-qxl-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-vga-7.1.0-150500.49.36.2 * qemu-audio-dbus-7.1.0-150500.49.36.2 * qemu-chardev-spice-debuginfo-7.1.0-150500.49.36.2 * qemu-block-gluster-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-oss-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.36.2 * qemu-audio-pa-debuginfo-7.1.0-150500.49.36.2 * qemu-x86-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.36.2 * qemu-tools-debuginfo-7.1.0-150500.49.36.2 * qemu-linux-user-7.1.0-150500.49.36.2 * qemu-hw-usb-host-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-usb-smartcard-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-spice-debuginfo-7.1.0-150500.49.36.2 * qemu-arm-7.1.0-150500.49.36.2 * qemu-accel-tcg-x86-7.1.0-150500.49.36.2 * qemu-block-dmg-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.36.2 * qemu-audio-jack-7.1.0-150500.49.36.2 * qemu-linux-user-debuginfo-7.1.0-150500.49.36.2 * qemu-debuginfo-7.1.0-150500.49.36.2 * qemu-block-iscsi-debuginfo-7.1.0-150500.49.36.2 * qemu-ppc-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-dbus-debuginfo-7.1.0-150500.49.36.2 * qemu-block-nfs-debuginfo-7.1.0-150500.49.36.2 * qemu-block-curl-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-oss-debuginfo-7.1.0-150500.49.36.2 * qemu-vhost-user-gpu-7.1.0-150500.49.36.2 * qemu-ivshmem-tools-7.1.0-150500.49.36.2 * qemu-chardev-baum-7.1.0-150500.49.36.2 * qemu-debugsource-7.1.0-150500.49.36.2 * qemu-audio-jack-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-spice-app-7.1.0-150500.49.36.2 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-7.1.0-150500.49.36.2 * qemu-extra-7.1.0-150500.49.36.2 * qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-spice-app-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-curses-debuginfo-7.1.0-150500.49.36.2 * qemu-arm-debuginfo-7.1.0-150500.49.36.2 * qemu-headless-7.1.0-150500.49.36.2 * qemu-s390x-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-gtk-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-pa-7.1.0-150500.49.36.2 * qemu-ui-opengl-debuginfo-7.1.0-150500.49.36.2 * qemu-block-dmg-7.1.0-150500.49.36.2 * qemu-guest-agent-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.36.2 * qemu-ivshmem-tools-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-usb-smartcard-7.1.0-150500.49.36.2 * qemu-ui-curses-7.1.0-150500.49.36.2 * qemu-vhost-user-gpu-debuginfo-7.1.0-150500.49.36.2 * openSUSE Leap 15.5 (s390x x86_64 i586) * qemu-kvm-7.1.0-150500.49.36.2 * openSUSE Leap 15.5 (noarch) * qemu-SLOF-7.1.0-150500.49.36.2 * qemu-vgabios-1.16.0_0_gd239552-150500.49.36.2 * qemu-sgabios-8-150500.49.36.2 * qemu-skiboot-7.1.0-150500.49.36.2 * qemu-microvm-7.1.0-150500.49.36.2 * qemu-lang-7.1.0-150500.49.36.2 * qemu-ipxe-1.0.0+-150500.49.36.2 * qemu-seabios-1.16.0_0_gd239552-150500.49.36.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * qemu-block-rbd-debuginfo-7.1.0-150500.49.36.2 * qemu-block-rbd-7.1.0-150500.49.36.2 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-usb-redirect-7.1.0-150500.49.36.2 * qemu-tools-debuginfo-7.1.0-150500.49.36.2 * qemu-tools-7.1.0-150500.49.36.2 * qemu-7.1.0-150500.49.36.2 * qemu-chardev-spice-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-gpu-pci-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-gpu-7.1.0-150500.49.36.2 * qemu-audio-spice-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-spice-core-7.1.0-150500.49.36.2 * qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-opengl-7.1.0-150500.49.36.2 * qemu-ui-spice-core-debuginfo-7.1.0-150500.49.36.2 * qemu-block-curl-7.1.0-150500.49.36.2 * qemu-debuginfo-7.1.0-150500.49.36.2 * qemu-guest-agent-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-display-qxl-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-vga-7.1.0-150500.49.36.2 * qemu-ui-opengl-debuginfo-7.1.0-150500.49.36.2 * qemu-chardev-spice-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-spice-7.1.0-150500.49.36.2 * qemu-block-curl-debuginfo-7.1.0-150500.49.36.2 * qemu-guest-agent-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.36.2 * qemu-debugsource-7.1.0-150500.49.36.2 * SUSE Linux Enterprise Micro 5.5 (aarch64) * qemu-arm-debuginfo-7.1.0-150500.49.36.2 * qemu-arm-7.1.0-150500.49.36.2 * SUSE Linux Enterprise Micro 5.5 (noarch) * qemu-SLOF-7.1.0-150500.49.36.2 * qemu-vgabios-1.16.0_0_gd239552-150500.49.36.2 * qemu-sgabios-8-150500.49.36.2 * qemu-ipxe-1.0.0+-150500.49.36.2 * qemu-seabios-1.16.0_0_gd239552-150500.49.36.2 * SUSE Linux Enterprise Micro 5.5 (ppc64le) * qemu-ppc-debuginfo-7.1.0-150500.49.36.2 * qemu-ppc-7.1.0-150500.49.36.2 * SUSE Linux Enterprise Micro 5.5 (s390x) * qemu-s390x-debuginfo-7.1.0-150500.49.36.2 * qemu-s390x-7.1.0-150500.49.36.2 * SUSE Linux Enterprise Micro 5.5 (x86_64) * qemu-accel-tcg-x86-7.1.0-150500.49.36.2 * qemu-x86-debuginfo-7.1.0-150500.49.36.2 * qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.36.2 * qemu-x86-7.1.0-150500.49.36.2 * Server Applications Module 15-SP7 (noarch) * qemu-sgabios-8-150500.49.36.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * qemu-block-ssh-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-usb-redirect-7.1.0-150500.49.36.2 * qemu-tools-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-usb-host-7.1.0-150500.49.36.2 * qemu-tools-7.1.0-150500.49.36.2 * qemu-7.1.0-150500.49.36.2 * qemu-chardev-baum-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-usb-host-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-spice-app-7.1.0-150500.49.36.2 * qemu-chardev-spice-7.1.0-150500.49.36.2 * qemu-block-rbd-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-gtk-7.1.0-150500.49.36.2 * qemu-ksm-7.1.0-150500.49.36.2 * qemu-audio-spice-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-spice-core-7.1.0-150500.49.36.2 * qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-opengl-7.1.0-150500.49.36.2 * qemu-ui-dbus-7.1.0-150500.49.36.2 * qemu-block-ssh-7.1.0-150500.49.36.2 * qemu-ui-spice-core-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-spice-app-debuginfo-7.1.0-150500.49.36.2 * qemu-block-curl-7.1.0-150500.49.36.2 * qemu-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-curses-debuginfo-7.1.0-150500.49.36.2 * qemu-block-iscsi-debuginfo-7.1.0-150500.49.36.2 * qemu-guest-agent-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.36.2 * qemu-block-iscsi-7.1.0-150500.49.36.2 * qemu-hw-display-qxl-7.1.0-150500.49.36.2 * qemu-ui-dbus-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-vga-7.1.0-150500.49.36.2 * qemu-audio-dbus-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-dbus-7.1.0-150500.49.36.2 * qemu-block-rbd-7.1.0-150500.49.36.2 * qemu-ui-gtk-debuginfo-7.1.0-150500.49.36.2 * qemu-chardev-spice-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-opengl-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-spice-7.1.0-150500.49.36.2 * qemu-block-curl-debuginfo-7.1.0-150500.49.36.2 * qemu-guest-agent-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.36.2 * qemu-chardev-baum-7.1.0-150500.49.36.2 * qemu-ui-curses-7.1.0-150500.49.36.2 * qemu-debugsource-7.1.0-150500.49.36.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64) * qemu-arm-debuginfo-7.1.0-150500.49.36.2 * qemu-arm-7.1.0-150500.49.36.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * qemu-vgabios-1.16.0_0_gd239552-150500.49.36.2 * qemu-sgabios-8-150500.49.36.2 * qemu-ipxe-1.0.0+-150500.49.36.2 * qemu-lang-7.1.0-150500.49.36.2 * qemu-seabios-1.16.0_0_gd239552-150500.49.36.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.36.2 * qemu-accel-tcg-x86-7.1.0-150500.49.36.2 * qemu-x86-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-alsa-debuginfo-7.1.0-150500.49.36.2 * qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.36.2 * qemu-kvm-7.1.0-150500.49.36.2 * qemu-audio-pa-7.1.0-150500.49.36.2 * qemu-audio-alsa-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-gpu-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-gpu-pci-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-pa-debuginfo-7.1.0-150500.49.36.2 * qemu-x86-7.1.0-150500.49.36.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * qemu-block-ssh-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-usb-redirect-7.1.0-150500.49.36.2 * qemu-tools-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-usb-host-7.1.0-150500.49.36.2 * qemu-tools-7.1.0-150500.49.36.2 * qemu-7.1.0-150500.49.36.2 * qemu-chardev-baum-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-usb-host-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-spice-app-7.1.0-150500.49.36.2 * qemu-chardev-spice-7.1.0-150500.49.36.2 * qemu-block-rbd-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-gtk-7.1.0-150500.49.36.2 * qemu-ksm-7.1.0-150500.49.36.2 * qemu-audio-spice-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-spice-core-7.1.0-150500.49.36.2 * qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-opengl-7.1.0-150500.49.36.2 * qemu-ui-dbus-7.1.0-150500.49.36.2 * qemu-block-ssh-7.1.0-150500.49.36.2 * qemu-ui-spice-core-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-spice-app-debuginfo-7.1.0-150500.49.36.2 * qemu-block-curl-7.1.0-150500.49.36.2 * qemu-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-curses-debuginfo-7.1.0-150500.49.36.2 * qemu-block-iscsi-debuginfo-7.1.0-150500.49.36.2 * qemu-guest-agent-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.36.2 * qemu-block-iscsi-7.1.0-150500.49.36.2 * qemu-hw-display-qxl-7.1.0-150500.49.36.2 * qemu-ui-dbus-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-vga-7.1.0-150500.49.36.2 * qemu-audio-dbus-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-dbus-7.1.0-150500.49.36.2 * qemu-block-rbd-7.1.0-150500.49.36.2 * qemu-ui-gtk-debuginfo-7.1.0-150500.49.36.2 * qemu-chardev-spice-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-opengl-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-spice-7.1.0-150500.49.36.2 * qemu-block-curl-debuginfo-7.1.0-150500.49.36.2 * qemu-guest-agent-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.36.2 * qemu-chardev-baum-7.1.0-150500.49.36.2 * qemu-ui-curses-7.1.0-150500.49.36.2 * qemu-debugsource-7.1.0-150500.49.36.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64) * qemu-arm-debuginfo-7.1.0-150500.49.36.2 * qemu-arm-7.1.0-150500.49.36.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * qemu-vgabios-1.16.0_0_gd239552-150500.49.36.2 * qemu-sgabios-8-150500.49.36.2 * qemu-ipxe-1.0.0+-150500.49.36.2 * qemu-lang-7.1.0-150500.49.36.2 * qemu-seabios-1.16.0_0_gd239552-150500.49.36.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.36.2 * qemu-accel-tcg-x86-7.1.0-150500.49.36.2 * qemu-x86-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-alsa-debuginfo-7.1.0-150500.49.36.2 * qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.36.2 * qemu-kvm-7.1.0-150500.49.36.2 * qemu-audio-pa-7.1.0-150500.49.36.2 * qemu-audio-alsa-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-gpu-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-gpu-pci-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-pa-debuginfo-7.1.0-150500.49.36.2 * qemu-x86-7.1.0-150500.49.36.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * qemu-block-ssh-debuginfo-7.1.0-150500.49.36.2 * qemu-tools-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-usb-host-7.1.0-150500.49.36.2 * qemu-tools-7.1.0-150500.49.36.2 * qemu-7.1.0-150500.49.36.2 * qemu-chardev-baum-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-usb-host-debuginfo-7.1.0-150500.49.36.2 * qemu-block-rbd-debuginfo-7.1.0-150500.49.36.2 * qemu-ksm-7.1.0-150500.49.36.2 * qemu-ui-dbus-7.1.0-150500.49.36.2 * qemu-block-ssh-7.1.0-150500.49.36.2 * qemu-block-curl-7.1.0-150500.49.36.2 * qemu-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-curses-debuginfo-7.1.0-150500.49.36.2 * qemu-block-iscsi-debuginfo-7.1.0-150500.49.36.2 * qemu-guest-agent-7.1.0-150500.49.36.2 * qemu-block-iscsi-7.1.0-150500.49.36.2 * qemu-ui-dbus-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-dbus-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-dbus-7.1.0-150500.49.36.2 * qemu-block-rbd-7.1.0-150500.49.36.2 * qemu-block-curl-debuginfo-7.1.0-150500.49.36.2 * qemu-guest-agent-debuginfo-7.1.0-150500.49.36.2 * qemu-chardev-baum-7.1.0-150500.49.36.2 * qemu-ui-curses-7.1.0-150500.49.36.2 * qemu-debugsource-7.1.0-150500.49.36.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64) * qemu-arm-debuginfo-7.1.0-150500.49.36.2 * qemu-arm-7.1.0-150500.49.36.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le x86_64) * qemu-hw-usb-redirect-7.1.0-150500.49.36.2 * qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-opengl-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-display-qxl-7.1.0-150500.49.36.2 * qemu-ui-spice-core-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-vga-7.1.0-150500.49.36.2 * qemu-ui-spice-app-7.1.0-150500.49.36.2 * qemu-chardev-spice-7.1.0-150500.49.36.2 * qemu-ui-gtk-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-gtk-7.1.0-150500.49.36.2 * qemu-chardev-spice-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-opengl-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-spice-app-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-spice-7.1.0-150500.49.36.2 * qemu-audio-spice-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-spice-core-7.1.0-150500.49.36.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * qemu-SLOF-7.1.0-150500.49.36.2 * qemu-vgabios-1.16.0_0_gd239552-150500.49.36.2 * qemu-sgabios-8-150500.49.36.2 * qemu-skiboot-7.1.0-150500.49.36.2 * qemu-ipxe-1.0.0+-150500.49.36.2 * qemu-lang-7.1.0-150500.49.36.2 * qemu-seabios-1.16.0_0_gd239552-150500.49.36.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (ppc64le) * qemu-ppc-debuginfo-7.1.0-150500.49.36.2 * qemu-ppc-7.1.0-150500.49.36.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (s390x x86_64) * qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.36.2 * qemu-kvm-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-gpu-pci-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-gpu-7.1.0-150500.49.36.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (s390x) * qemu-s390x-7.1.0-150500.49.36.2 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.36.2 * qemu-s390x-debuginfo-7.1.0-150500.49.36.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * qemu-accel-tcg-x86-7.1.0-150500.49.36.2 * qemu-x86-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-alsa-debuginfo-7.1.0-150500.49.36.2 * qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-pa-7.1.0-150500.49.36.2 * qemu-audio-alsa-7.1.0-150500.49.36.2 * qemu-audio-pa-debuginfo-7.1.0-150500.49.36.2 * qemu-x86-7.1.0-150500.49.36.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * qemu-block-ssh-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-usb-redirect-7.1.0-150500.49.36.2 * qemu-tools-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-usb-host-7.1.0-150500.49.36.2 * qemu-tools-7.1.0-150500.49.36.2 * qemu-7.1.0-150500.49.36.2 * qemu-chardev-baum-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-usb-host-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-spice-app-7.1.0-150500.49.36.2 * qemu-chardev-spice-7.1.0-150500.49.36.2 * qemu-block-rbd-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-gtk-7.1.0-150500.49.36.2 * qemu-ksm-7.1.0-150500.49.36.2 * qemu-audio-spice-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-spice-core-7.1.0-150500.49.36.2 * qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-opengl-7.1.0-150500.49.36.2 * qemu-ui-dbus-7.1.0-150500.49.36.2 * qemu-block-ssh-7.1.0-150500.49.36.2 * qemu-ui-spice-core-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-spice-app-debuginfo-7.1.0-150500.49.36.2 * qemu-block-curl-7.1.0-150500.49.36.2 * qemu-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-curses-debuginfo-7.1.0-150500.49.36.2 * qemu-block-iscsi-debuginfo-7.1.0-150500.49.36.2 * qemu-guest-agent-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.36.2 * qemu-block-iscsi-7.1.0-150500.49.36.2 * qemu-hw-display-qxl-7.1.0-150500.49.36.2 * qemu-ui-dbus-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-vga-7.1.0-150500.49.36.2 * qemu-audio-dbus-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-dbus-7.1.0-150500.49.36.2 * qemu-block-rbd-7.1.0-150500.49.36.2 * qemu-ui-gtk-debuginfo-7.1.0-150500.49.36.2 * qemu-chardev-spice-debuginfo-7.1.0-150500.49.36.2 * qemu-ui-opengl-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-spice-7.1.0-150500.49.36.2 * qemu-block-curl-debuginfo-7.1.0-150500.49.36.2 * qemu-guest-agent-debuginfo-7.1.0-150500.49.36.2 * qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.36.2 * qemu-chardev-baum-7.1.0-150500.49.36.2 * qemu-ui-curses-7.1.0-150500.49.36.2 * qemu-debugsource-7.1.0-150500.49.36.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * qemu-SLOF-7.1.0-150500.49.36.2 * qemu-vgabios-1.16.0_0_gd239552-150500.49.36.2 * qemu-sgabios-8-150500.49.36.2 * qemu-skiboot-7.1.0-150500.49.36.2 * qemu-ipxe-1.0.0+-150500.49.36.2 * qemu-lang-7.1.0-150500.49.36.2 * qemu-seabios-1.16.0_0_gd239552-150500.49.36.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le) * qemu-ppc-debuginfo-7.1.0-150500.49.36.2 * qemu-ppc-7.1.0-150500.49.36.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.36.2 * qemu-accel-tcg-x86-7.1.0-150500.49.36.2 * qemu-x86-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-alsa-debuginfo-7.1.0-150500.49.36.2 * qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.36.2 * qemu-kvm-7.1.0-150500.49.36.2 * qemu-audio-pa-7.1.0-150500.49.36.2 * qemu-audio-alsa-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-gpu-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.36.2 * qemu-hw-display-virtio-gpu-pci-debuginfo-7.1.0-150500.49.36.2 * qemu-audio-pa-debuginfo-7.1.0-150500.49.36.2 * qemu-x86-7.1.0-150500.49.36.2 ## References: * https://www.suse.com/security/cve/CVE-2024-6505.html * https://www.suse.com/security/cve/CVE-2025-11234.html * https://www.suse.com/security/cve/CVE-2025-12464.html * https://bugzilla.suse.com/show_bug.cgi?id=1227397 * https://bugzilla.suse.com/show_bug.cgi?id=1250984 * https://bugzilla.suse.com/show_bug.cgi?id=1252768 * https://bugzilla.suse.com/show_bug.cgi?id=1253002 * https://bugzilla.suse.com/show_bug.cgi?id=1254286 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Jan 6 16:30:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 06 Jan 2026 16:30:16 -0000 Subject: SUSE-SU-2026:0037-1: moderate: Security update for govulncheck-vulndb Message-ID: <176771701631.22147.12790953467730675934@smelt2.prg2.suse.org> # Security update for govulncheck-vulndb Announcement ID: SUSE-SU-2026:0037-1 Release Date: 2026-01-06T10:24:38Z Rating: moderate References: * jsc#PED-11136 Affected Products: * openSUSE Leap 15.6 An update that contains one feature can now be installed. ## Description: This update for govulncheck-vulndb fixes the following issues: * Update to version 0.0.20251230T014957 2025-12-30T01:49:57Z (jsc#PED-11136). Go CVE Numbering Authority IDs added or updated with aliases: * GO-2025-4249 CVE-2025-68120 CVE-2025-68120 * GO-2025-4254 CVE-2025-62190 GHSA-gmx5-frv9-9m9f * GO-2025-4255 CVE-2025-12689 GHSA-j5vq-62gr-8v3r * GO-2025-4256 CVE-2025-13324 GHSA-x3r8-2hmh-89f5 * GO-2025-4257 CVE-2025-68476 GHSA-c4p6-qg4m-9jmr * GO-2025-4258 CVE-2025-68938 GHSA-cm54-pfmc-xrwx * GO-2025-4261 CVE-2025-68939 GHSA-263q-5cv3-xq9g * GO-2025-4262 CVE-2025-68945 GHSA-7xq4-mwcp-q8fx * GO-2025-4263 CVE-2025-68942 GHSA-898p-hh3p-hf9r * GO-2025-4264 CVE-2025-68944 GHSA-f85h-c7m6-cfpm * GO-2025-4265 CVE-2025-68946 GHSA-hq57-c72x-4774 * GO-2025-4266 CVE-2025-68943 GHSA-jhx5-4vr4-f327 * GO-2025-4267 CVE-2025-68940 GHSA-rrcw-5rjv-vj26 * GO-2025-4268 CVE-2025-68941 GHSA-xfq3-qj7j-4565 * Update to version 0.0.20251222T181535 2025-12-22T18:15:35Z (jsc#PED-11136). Go CVE Numbering Authority IDs added or updated with aliases: * GO-2025-4241 CVE-2025-11393 GHSA-cc8c-28gj-px38 * GO-2025-4242 CVE-2025-13888 GHSA- pcqx-8qww-7f4v * GO-2025-4243 GHSA-wh6m-h6f4-rjf4 * GO-2025-4244 CVE-2025-68274 GHSA-c623-f998-8hhv * GO-2025-4245 CVE-2025-68156 GHSA-cfpf-hrx2-8rv6 * GO-2025-4247 CVE-2025-13352 GHSA-jf5h-xfw4-p8gp * GO-2025-4250 CVE-2025-14764 GHSA-3g75-q268-r9r6 * Update to version 0.0.20251216T193914 2025-12-16T19:39:14Z (jsc#PED-11136). Go CVE Numbering Authority IDs added or updated with aliases: * GO-2025-4239 CVE-2025-68113 GHSA-6gvq-jcmp-8959 * GO-2025-4240 CVE-2025-13281 GHSA-r6j8-c6r2-37rr * Update to version 0.0.20251216T162327 2025-12-16T16:23:27Z (jsc#PED-11136). Go CVE Numbering Authority IDs added or updated with aliases: * GO-2024-3036 CVE-2024-41265 GHSA-vw7g-3cc7-7rmh * GO-2024-3057 CVE-2024-41260 GHSA-9v35-4xcr-w9ph * GO-2025-3437 GHSA-274v-mgcv-cm8j * GO-2025-3465 CVE-2025-0426 GHSA-jgfp-53c3-624w * GO-2025-3764 CVE-2024-44905 GHSA-6xp3-p59p-q4fj * GO-2025-3829 CVE-2025-54410 GHSA-4vq8-7jfc-9cvp * GO-2025-4116 CVE-2025-47913 * GO-2025-4122 CVE-2025-11777 GHSA-mqcj-8c2g-h97q * GO-2025-4178 CVE-2025-13870 GHSA-58w6-w55x-6wq8 * Update to version 0.0.20251215T203741 2025-12-15T20:37:41Z (jsc#PED-11136). Go CVE Numbering Authority IDs added or updated with aliases: * GO-2025-4136 CVE-2025-64708 GHSA-ch7q-53v8-73pc * GO-2025-4137 CVE-2025-64521 GHSA- xr73-jq5p-ch8r * GO-2025-4148 CVE-2017-18874 GHSA-8qg8-c7mw-6fj7 * GO-2025-4154 CVE-2025-62155 GHSA-9f46-w24h-69w4 * GO-2025-4161 CVE-2025-65942 GHSA-66jq-2c23-2xh5 * GO-2025-4162 CVE-2025-60633 GHSA-3j9f-7w24-pcqg * GO-2025-4167 CVE-2025-64715 GHSA-38pp-6gcp-rqvm * GO-2025-4168 CVE-2025-12419 GHSA-3x39-62h4-f8j6 * GO-2025-4169 CVE-2025-12559 GHSA-4g87-9x45-cx2h * GO-2025-4170 CVE-2025-12421 GHSA-mp6x-97xj-9x62 * GO-2025-4173 CVE-2025-10543 GHSA-32fw-gq77-f2f2 * GO-2025-4188 CVE-2025-65637 GHSA-4f99-4q7p-p3gh * GO-2025-4191 CVE-2017-18878 GHSA-h564-6gc2-fcc6 * GO-2025-4199 CVE-2017-18887 GHSA-35c4-5qfp-wxj6 * GO-2025-4200 CVE-2017-18885 GHSA-g78f-6xq7-rrhq * GO-2025-4201 CVE-2017-18889 GHSA-jp57-4x34-5v94 * GO-2025-4202 CVE-2017-18890 GHSA-m497-hq5x-6jcv * GO-2025-4203 CVE-2017-18888 GHSA-v2vm-hq26-5jv6 * GO-2025-4204 CVE-2017-18886 GHSA-wvjg-33p9-938h * GO-2025-4205 CVE-2025-66491 GHSA-7vww-mvcr-x6vj * GO-2025-4206 CVE-2025-66490 GHSA-gm3x-23wp-hc2c * GO-2025-4207 CVE-2025-66508 GHSA-7cqv-qcq2-r765 * GO-2025-4208 CVE-2025-66565 GHSA-m98w-cqp3-qcqr * GO-2025-4209 CVE-2025-66507 GHSA-qmg5-v42x-qqhq * GO-2025-4210 CVE-2025-67494 GHSA-7wfc-4796-gmg5 * GO-2025-4211 GHSA-m6wq-66p2-c8pc * GO-2025-4212 GHSA-pfrf-9r5f-73f5 * GO-2025-4213 CVE-2025-67495 GHSA-v959-qxv6-6f8p * GO-2025-4214 GHSA-4rmq-mc2c-r495 * GO-2025-4215 CVE-2025-65796 GHSA-8jcj-g9f4-qx42 * GO-2025-4216 CVE-2025-65798 GHSA-8p44-g572-557h * GO-2025-4217 CVE-2025-65795 GHSA-mg56-wc4q-rw4w * GO-2025-4218 CVE-2025-65799 GHSA-qgjp-5g5x-vhq2 * GO-2025-4219 GHSA-4r66-7rcv-x46x * GO-2025-4220 CVE-2025-65797 GHSA-99m2-qwx6-2w6f * GO-2025-4221 CVE-2025-67488 GHSA-gqfv-g4v7-m366 * GO-2025-4222 CVE-2025-67499 GHSA-jv3w-x3r3-g6rm * GO-2025-4223 CVE-2025-66626 GHSA-xrqc-7xgx-c9vh * GO-2025-4224 GHSA-mjcp-gpgx-ggcg * GO-2025-4225 CVE-2025-8110 GHSA-mq8m-42gh- wq7r * GO-2025-4226 CVE-2025-67713 GHSA-wqv2-4wpg-8hc9 * GO-2025-4227 CVE-2025-67717 GHSA-f4cf-9rvr-2rcx * GO-2025-4228 CVE-2025-65754 GHSA-8jqm-8qm3-qgqm * GO-2025-4229 CVE-2025-34410 GHSA-rpr2-4hqj-hc4q * GO-2025-4230 CVE-2025-34430 GHSA-5xpq-2vmc-5cqp * GO-2025-4231 CVE-2025-34429 GHSA-wrvc-x3wf-j5f5 * GO-2025-4232 CVE-2025-67508 GHSA-fw33-qpx7-rhx2 * GO-2025-4233 CVE-2025-64702 GHSA-g754-hx8w-x2g6 * GO-2025-4235 CVE-2025-66001 GHSA-4jj9-cgqc-x9h5 * GO-2025-4236 GHSA-4jmp-x7mh-rgmr * GO-2025-4237 CVE-2025-67818 GHSA-7v39-2hx7-7c43 * GO-2025-4238 CVE-2025-67819 GHSA- hmmh-292h-3364 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-37=1 ## Package List: * openSUSE Leap 15.6 (noarch) * govulncheck-vulndb-0.0.20251230T014957-150000.1.134.1 ## References: * https://jira.suse.com/browse/PED-11136 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Jan 6 16:30:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 06 Jan 2026 16:30:18 -0000 Subject: SUSE-SU-2026:0036-1: low: Security update for libpcap Message-ID: <176771701864.22147.1682496314466116741@smelt2.prg2.suse.org> # Security update for libpcap Announcement ID: SUSE-SU-2026:0036-1 Release Date: 2026-01-06T10:22:41Z Rating: low References: * bsc#1255765 Cross-References: * CVE-2025-11961 CVSS scores: * CVE-2025-11961 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-11961 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-11961 ( NVD ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for libpcap fixes the following issues: * CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds read and write (bsc#1255765). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-36=1 openSUSE-SLE-15.6-2026-36=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libpcap1-debuginfo-1.10.4-150600.3.9.1 * libpcap1-1.10.4-150600.3.9.1 * libpcap-debugsource-1.10.4-150600.3.9.1 * libpcap-devel-static-1.10.4-150600.3.9.1 * libpcap-devel-1.10.4-150600.3.9.1 * openSUSE Leap 15.6 (x86_64) * libpcap1-32bit-debuginfo-1.10.4-150600.3.9.1 * libpcap1-32bit-1.10.4-150600.3.9.1 * libpcap-devel-32bit-1.10.4-150600.3.9.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libpcap1-64bit-debuginfo-1.10.4-150600.3.9.1 * libpcap-devel-64bit-1.10.4-150600.3.9.1 * libpcap1-64bit-1.10.4-150600.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11961.html * https://bugzilla.suse.com/show_bug.cgi?id=1255765 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Jan 7 08:30:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 Jan 2026 08:30:08 -0000 Subject: SUSE-SU-2026:0044-1: moderate: Security update for mozjs60 Message-ID: <176777460868.22173.17856137564336236932@smelt2.prg2.suse.org> # Security update for mozjs60 Announcement ID: SUSE-SU-2026:0044-1 Release Date: 2026-01-06T16:10:26Z Rating: moderate References: * bsc#1230036 * bsc#1230037 * bsc#1230038 * bsc#1232602 Cross-References: * CVE-2024-45490 * CVE-2024-45491 * CVE-2024-45492 * CVE-2024-50602 CVSS scores: * CVE-2024-45490 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45490 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45490 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45490 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45491 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45491 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45491 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45491 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45492 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45492 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45492 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45492 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50602 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-50602 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50602 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves four vulnerabilities can now be installed. ## Description: This update for mozjs60 fixes the following issues: * CVE-2024-50602: embedded expat: make XML_StopParser refuse to stop/suspend an unstarted parser and be explicit about XML_PARSING in XML_StopParser (bsc#1232602) * CVE-2024-45492: embedded expat: detect integer overflow in function nextScaffoldPart (bsc#1230038) * CVE-2024-45491: embedded expat: detect integer overflow in dtdCopy (bsc#1230037) * CVE-2024-45490: embedded expat: reject negative len for XML_ParseBuffer (bsc#1230036) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-44=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-44=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-44=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-44=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-44=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-44=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-44=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-44=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-44=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libmozjs-60-debuginfo-60.9.0-150200.6.8.1 * mozjs60-devel-60.9.0-150200.6.8.1 * mozjs60-debuginfo-60.9.0-150200.6.8.1 * mozjs60-60.9.0-150200.6.8.1 * libmozjs-60-60.9.0-150200.6.8.1 * mozjs60-debugsource-60.9.0-150200.6.8.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * mozjs60-debugsource-60.9.0-150200.6.8.1 * libmozjs-60-debuginfo-60.9.0-150200.6.8.1 * libmozjs-60-60.9.0-150200.6.8.1 * mozjs60-debuginfo-60.9.0-150200.6.8.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * mozjs60-debugsource-60.9.0-150200.6.8.1 * libmozjs-60-debuginfo-60.9.0-150200.6.8.1 * libmozjs-60-60.9.0-150200.6.8.1 * mozjs60-debuginfo-60.9.0-150200.6.8.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * mozjs60-debugsource-60.9.0-150200.6.8.1 * libmozjs-60-debuginfo-60.9.0-150200.6.8.1 * libmozjs-60-60.9.0-150200.6.8.1 * mozjs60-debuginfo-60.9.0-150200.6.8.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * mozjs60-debugsource-60.9.0-150200.6.8.1 * libmozjs-60-debuginfo-60.9.0-150200.6.8.1 * libmozjs-60-60.9.0-150200.6.8.1 * mozjs60-debuginfo-60.9.0-150200.6.8.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * mozjs60-debugsource-60.9.0-150200.6.8.1 * libmozjs-60-debuginfo-60.9.0-150200.6.8.1 * libmozjs-60-60.9.0-150200.6.8.1 * mozjs60-debuginfo-60.9.0-150200.6.8.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * mozjs60-debugsource-60.9.0-150200.6.8.1 * mozjs60-devel-60.9.0-150200.6.8.1 * mozjs60-debuginfo-60.9.0-150200.6.8.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * mozjs60-debugsource-60.9.0-150200.6.8.1 * libmozjs-60-debuginfo-60.9.0-150200.6.8.1 * libmozjs-60-60.9.0-150200.6.8.1 * mozjs60-debuginfo-60.9.0-150200.6.8.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * mozjs60-debugsource-60.9.0-150200.6.8.1 * libmozjs-60-debuginfo-60.9.0-150200.6.8.1 * libmozjs-60-60.9.0-150200.6.8.1 * mozjs60-debuginfo-60.9.0-150200.6.8.1 ## References: * https://www.suse.com/security/cve/CVE-2024-45490.html * https://www.suse.com/security/cve/CVE-2024-45491.html * https://www.suse.com/security/cve/CVE-2024-45492.html * https://www.suse.com/security/cve/CVE-2024-50602.html * https://bugzilla.suse.com/show_bug.cgi?id=1230036 * https://bugzilla.suse.com/show_bug.cgi?id=1230037 * https://bugzilla.suse.com/show_bug.cgi?id=1230038 * https://bugzilla.suse.com/show_bug.cgi?id=1232602 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Jan 7 08:30:15 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 Jan 2026 08:30:15 -0000 Subject: SUSE-SU-2026:0043-1: important: Security update for qemu Message-ID: <176777461521.22173.8334529835923611400@smelt2.prg2.suse.org> # Security update for qemu Announcement ID: SUSE-SU-2026:0043-1 Release Date: 2026-01-06T16:03:08Z Rating: important References: * bsc#1209554 * bsc#1227397 * bsc#1252768 * bsc#1253002 * bsc#1254286 Cross-References: * CVE-2023-1544 * CVE-2024-6505 * CVE-2025-12464 CVSS scores: * CVE-2023-1544 ( SUSE ): 7.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H * CVE-2023-1544 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H * CVE-2023-1544 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2024-6505 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2024-6505 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2024-6505 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2025-12464 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-12464 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-12464 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 LTS * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Retail Branch Server 4.3 LTS * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 LTS An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for qemu fixes the following issues: Security issues fixed: * CVE-2023-1544: out-of-bounds read in VMWare's paravirtual RDMA device operations can be exploited through a malicious guest driver to crash the QEMU process on the host (bsc#1209554). * CVE-2024-6505: heap-based buffer overflow in the virtio-net device operations can be exploited by a malicious privileged user to crash the QEMU process on the host (bsc#1227397). * CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host (bsc#1253002). Other updates and bugfixes: * [openSUSE][RPM] spec: require qemu-hw-display-virtio-gpu-pci for x86 too. * [openSUSE][RPM} spec: delete old specfile constructs. * block/curl: fix curl internal handles handling (bsc#1252768). * [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-43=1 * SUSE Manager Proxy 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2026-43=1 * SUSE Manager Retail Branch Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-LTS-2026-43=1 * SUSE Manager Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2026-43=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-43=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-43=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-43=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-43=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-43=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-43=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-43=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-43=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * qemu-block-curl-6.2.0-150400.37.46.1 * qemu-hw-usb-host-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-usb-host-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.46.1 * qemu-block-iscsi-debuginfo-6.2.0-150400.37.46.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.46.1 * qemu-6.2.0-150400.37.46.1 * qemu-ui-curses-6.2.0-150400.37.46.1 * qemu-lang-6.2.0-150400.37.46.1 * qemu-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-6.2.0-150400.37.46.1 * qemu-debugsource-6.2.0-150400.37.46.1 * qemu-block-rbd-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.46.1 * qemu-tools-6.2.0-150400.37.46.1 * qemu-block-ssh-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-gtk-6.2.0-150400.37.46.1 * qemu-chardev-baum-6.2.0-150400.37.46.1 * qemu-block-iscsi-6.2.0-150400.37.46.1 * qemu-chardev-spice-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.46.1 * qemu-tools-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-opengl-6.2.0-150400.37.46.1 * qemu-block-rbd-debuginfo-6.2.0-150400.37.46.1 * qemu-guest-agent-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.46.1 * qemu-ksm-6.2.0-150400.37.46.1 * qemu-ui-spice-app-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-curses-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-6.2.0-150400.37.46.1 * qemu-ui-spice-app-6.2.0-150400.37.46.1 * qemu-block-curl-debuginfo-6.2.0-150400.37.46.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-gtk-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-spice-core-6.2.0-150400.37.46.1 * qemu-block-ssh-6.2.0-150400.37.46.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.46.1 * qemu-chardev-baum-debuginfo-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-skiboot-6.2.0-150400.37.46.1 * qemu-ipxe-1.0.0+-150400.37.46.1 * qemu-SLOF-6.2.0-150400.37.46.1 * qemu-sgabios-8-150400.37.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le) * qemu-ppc-debuginfo-6.2.0-150400.37.46.1 * qemu-ppc-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-accel-tcg-x86-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-pa-debuginfo-6.2.0-150400.37.46.1 * qemu-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.46.1 * qemu-audio-alsa-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-pa-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.46.1 * qemu-kvm-6.2.0-150400.37.46.1 * qemu-x86-6.2.0-150400.37.46.1 * qemu-audio-alsa-6.2.0-150400.37.46.1 * SUSE Manager Proxy 4.3 LTS (x86_64) * qemu-block-curl-6.2.0-150400.37.46.1 * qemu-hw-usb-host-debuginfo-6.2.0-150400.37.46.1 * qemu-accel-tcg-x86-6.2.0-150400.37.46.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-usb-host-6.2.0-150400.37.46.1 * qemu-x86-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.46.1 * qemu-block-iscsi-debuginfo-6.2.0-150400.37.46.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.46.1 * qemu-6.2.0-150400.37.46.1 * qemu-ui-curses-6.2.0-150400.37.46.1 * qemu-lang-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.46.1 * qemu-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-6.2.0-150400.37.46.1 * qemu-debugsource-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.46.1 * qemu-block-rbd-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.46.1 * qemu-tools-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.46.1 * qemu-kvm-6.2.0-150400.37.46.1 * qemu-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-block-ssh-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-alsa-6.2.0-150400.37.46.1 * qemu-ui-gtk-6.2.0-150400.37.46.1 * qemu-chardev-baum-6.2.0-150400.37.46.1 * qemu-block-iscsi-6.2.0-150400.37.46.1 * qemu-chardev-spice-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.46.1 * qemu-tools-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.46.1 * qemu-ui-opengl-6.2.0-150400.37.46.1 * qemu-audio-pa-6.2.0-150400.37.46.1 * qemu-block-rbd-debuginfo-6.2.0-150400.37.46.1 * qemu-guest-agent-6.2.0-150400.37.46.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.46.1 * qemu-ksm-6.2.0-150400.37.46.1 * qemu-ui-spice-app-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-curses-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-pa-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-6.2.0-150400.37.46.1 * qemu-block-curl-debuginfo-6.2.0-150400.37.46.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-spice-app-6.2.0-150400.37.46.1 * qemu-ui-gtk-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-spice-core-6.2.0-150400.37.46.1 * qemu-audio-alsa-debuginfo-6.2.0-150400.37.46.1 * qemu-block-ssh-6.2.0-150400.37.46.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.46.1 * qemu-chardev-baum-debuginfo-6.2.0-150400.37.46.1 * SUSE Manager Proxy 4.3 LTS (noarch) * qemu-sgabios-8-150400.37.46.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-ipxe-1.0.0+-150400.37.46.1 * SUSE Manager Retail Branch Server 4.3 LTS (x86_64) * qemu-block-curl-6.2.0-150400.37.46.1 * qemu-hw-usb-host-debuginfo-6.2.0-150400.37.46.1 * qemu-accel-tcg-x86-6.2.0-150400.37.46.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-usb-host-6.2.0-150400.37.46.1 * qemu-x86-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.46.1 * qemu-block-iscsi-debuginfo-6.2.0-150400.37.46.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.46.1 * qemu-6.2.0-150400.37.46.1 * qemu-ui-curses-6.2.0-150400.37.46.1 * qemu-lang-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.46.1 * qemu-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-6.2.0-150400.37.46.1 * qemu-debugsource-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.46.1 * qemu-block-rbd-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.46.1 * qemu-tools-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.46.1 * qemu-kvm-6.2.0-150400.37.46.1 * qemu-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-block-ssh-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-alsa-6.2.0-150400.37.46.1 * qemu-ui-gtk-6.2.0-150400.37.46.1 * qemu-chardev-baum-6.2.0-150400.37.46.1 * qemu-block-iscsi-6.2.0-150400.37.46.1 * qemu-chardev-spice-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.46.1 * qemu-tools-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.46.1 * qemu-ui-opengl-6.2.0-150400.37.46.1 * qemu-audio-pa-6.2.0-150400.37.46.1 * qemu-block-rbd-debuginfo-6.2.0-150400.37.46.1 * qemu-guest-agent-6.2.0-150400.37.46.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.46.1 * qemu-ksm-6.2.0-150400.37.46.1 * qemu-ui-spice-app-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-curses-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-pa-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-6.2.0-150400.37.46.1 * qemu-block-curl-debuginfo-6.2.0-150400.37.46.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-spice-app-6.2.0-150400.37.46.1 * qemu-ui-gtk-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-spice-core-6.2.0-150400.37.46.1 * qemu-audio-alsa-debuginfo-6.2.0-150400.37.46.1 * qemu-block-ssh-6.2.0-150400.37.46.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.46.1 * qemu-chardev-baum-debuginfo-6.2.0-150400.37.46.1 * SUSE Manager Retail Branch Server 4.3 LTS (noarch) * qemu-sgabios-8-150400.37.46.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-ipxe-1.0.0+-150400.37.46.1 * SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64) * qemu-block-curl-6.2.0-150400.37.46.1 * qemu-hw-usb-host-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-usb-host-6.2.0-150400.37.46.1 * qemu-ui-curses-6.2.0-150400.37.46.1 * qemu-block-iscsi-debuginfo-6.2.0-150400.37.46.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.46.1 * qemu-6.2.0-150400.37.46.1 * qemu-lang-6.2.0-150400.37.46.1 * qemu-debuginfo-6.2.0-150400.37.46.1 * qemu-debugsource-6.2.0-150400.37.46.1 * qemu-block-rbd-6.2.0-150400.37.46.1 * qemu-tools-6.2.0-150400.37.46.1 * qemu-block-ssh-debuginfo-6.2.0-150400.37.46.1 * qemu-chardev-baum-6.2.0-150400.37.46.1 * qemu-block-iscsi-6.2.0-150400.37.46.1 * qemu-tools-debuginfo-6.2.0-150400.37.46.1 * qemu-block-rbd-debuginfo-6.2.0-150400.37.46.1 * qemu-guest-agent-6.2.0-150400.37.46.1 * qemu-ksm-6.2.0-150400.37.46.1 * qemu-ui-curses-debuginfo-6.2.0-150400.37.46.1 * qemu-block-curl-debuginfo-6.2.0-150400.37.46.1 * qemu-block-ssh-6.2.0-150400.37.46.1 * qemu-chardev-baum-debuginfo-6.2.0-150400.37.46.1 * SUSE Manager Server 4.3 LTS (noarch) * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-skiboot-6.2.0-150400.37.46.1 * qemu-ipxe-1.0.0+-150400.37.46.1 * qemu-SLOF-6.2.0-150400.37.46.1 * qemu-sgabios-8-150400.37.46.1 * SUSE Manager Server 4.3 LTS (ppc64le x86_64) * qemu-hw-usb-redirect-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-gtk-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-spice-app-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-6.2.0-150400.37.46.1 * qemu-audio-spice-6.2.0-150400.37.46.1 * qemu-ui-spice-app-6.2.0-150400.37.46.1 * qemu-chardev-spice-6.2.0-150400.37.46.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-gtk-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.46.1 * qemu-ui-opengl-6.2.0-150400.37.46.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-spice-core-6.2.0-150400.37.46.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.46.1 * SUSE Manager Server 4.3 LTS (ppc64le) * qemu-ppc-debuginfo-6.2.0-150400.37.46.1 * qemu-ppc-6.2.0-150400.37.46.1 * SUSE Manager Server 4.3 LTS (s390x x86_64) * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.46.1 * qemu-kvm-6.2.0-150400.37.46.1 * SUSE Manager Server 4.3 LTS (s390x) * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.46.1 * qemu-s390x-6.2.0-150400.37.46.1 * qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.46.1 * qemu-s390x-debuginfo-6.2.0-150400.37.46.1 * SUSE Manager Server 4.3 LTS (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-accel-tcg-x86-6.2.0-150400.37.46.1 * qemu-audio-pa-debuginfo-6.2.0-150400.37.46.1 * qemu-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-alsa-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-pa-6.2.0-150400.37.46.1 * qemu-x86-6.2.0-150400.37.46.1 * qemu-audio-alsa-6.2.0-150400.37.46.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * qemu-block-curl-6.2.0-150400.37.46.1 * qemu-hw-usb-host-debuginfo-6.2.0-150400.37.46.1 * qemu-block-gluster-6.2.0-150400.37.46.1 * qemu-extra-6.2.0-150400.37.46.1 * qemu-accel-tcg-x86-6.2.0-150400.37.46.1 * qemu-arm-debuginfo-6.2.0-150400.37.46.1 * qemu-ppc-debuginfo-6.2.0-150400.37.46.1 * qemu-block-nfs-6.2.0-150400.37.46.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.46.1 * qemu-ivshmem-tools-6.2.0-150400.37.46.1 * qemu-vhost-user-gpu-6.2.0-150400.37.46.1 * qemu-hw-usb-host-6.2.0-150400.37.46.1 * qemu-vhost-user-gpu-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-oss-debuginfo-6.2.0-150400.37.46.1 * qemu-block-nfs-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.46.1 * qemu-block-iscsi-debuginfo-6.2.0-150400.37.46.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.46.1 * qemu-6.2.0-150400.37.46.1 * qemu-ui-curses-6.2.0-150400.37.46.1 * qemu-x86-6.2.0-150400.37.46.1 * qemu-lang-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.46.1 * qemu-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-6.2.0-150400.37.46.1 * qemu-debugsource-6.2.0-150400.37.46.1 * qemu-hw-usb-smartcard-debuginfo-6.2.0-150400.37.46.1 * qemu-linux-user-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.46.1 * qemu-ivshmem-tools-debuginfo-6.2.0-150400.37.46.1 * qemu-ppc-6.2.0-150400.37.46.1 * qemu-tools-6.2.0-150400.37.46.1 * qemu-arm-6.2.0-150400.37.46.1 * qemu-block-gluster-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.46.1 * qemu-linux-user-debuginfo-6.2.0-150400.37.46.1 * qemu-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-alsa-6.2.0-150400.37.46.1 * qemu-block-ssh-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-gtk-6.2.0-150400.37.46.1 * qemu-block-dmg-6.2.0-150400.37.46.1 * qemu-chardev-baum-6.2.0-150400.37.46.1 * qemu-block-iscsi-6.2.0-150400.37.46.1 * qemu-chardev-spice-6.2.0-150400.37.46.1 * qemu-extra-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.46.1 * qemu-accel-qtest-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.46.1 * qemu-tools-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-opengl-6.2.0-150400.37.46.1 * qemu-audio-pa-6.2.0-150400.37.46.1 * qemu-audio-jack-6.2.0-150400.37.46.1 * qemu-guest-agent-6.2.0-150400.37.46.1 * qemu-linux-user-debugsource-6.2.0-150400.37.46.1 * qemu-accel-qtest-6.2.0-150400.37.46.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.46.1 * qemu-ksm-6.2.0-150400.37.46.1 * qemu-s390x-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-spice-app-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-curses-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-pa-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-6.2.0-150400.37.46.1 * qemu-block-curl-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-oss-6.2.0-150400.37.46.1 * qemu-block-dmg-debuginfo-6.2.0-150400.37.46.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-jack-debuginfo-6.2.0-150400.37.46.1 * qemu-s390x-6.2.0-150400.37.46.1 * qemu-ui-gtk-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-spice-app-6.2.0-150400.37.46.1 * qemu-ui-spice-core-6.2.0-150400.37.46.1 * qemu-audio-alsa-debuginfo-6.2.0-150400.37.46.1 * qemu-block-ssh-6.2.0-150400.37.46.1 * qemu-hw-usb-smartcard-6.2.0-150400.37.46.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.46.1 * qemu-chardev-baum-debuginfo-6.2.0-150400.37.46.1 * openSUSE Leap 15.4 (s390x x86_64 i586) * qemu-kvm-6.2.0-150400.37.46.1 * openSUSE Leap 15.4 (noarch) * qemu-microvm-6.2.0-150400.37.46.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-skiboot-6.2.0-150400.37.46.1 * qemu-ipxe-1.0.0+-150400.37.46.1 * qemu-SLOF-6.2.0-150400.37.46.1 * qemu-sgabios-8-150400.37.46.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * qemu-block-rbd-debuginfo-6.2.0-150400.37.46.1 * qemu-block-rbd-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * qemu-ui-opengl-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.46.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.46.1 * qemu-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.46.1 * qemu-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-6.2.0-150400.37.46.1 * qemu-debugsource-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.46.1 * qemu-tools-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.46.1 * qemu-chardev-spice-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.46.1 * qemu-tools-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.46.1 * qemu-ui-opengl-6.2.0-150400.37.46.1 * qemu-guest-agent-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-6.2.0-150400.37.46.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-spice-core-6.2.0-150400.37.46.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.46.1 * qemu-arm-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * qemu-sgabios-8-150400.37.46.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-ipxe-1.0.0+-150400.37.46.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (s390x) * qemu-s390x-6.2.0-150400.37.46.1 * qemu-s390x-debuginfo-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-accel-tcg-x86-6.2.0-150400.37.46.1 * qemu-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-x86-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * qemu-ui-opengl-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.46.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.46.1 * qemu-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.46.1 * qemu-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-6.2.0-150400.37.46.1 * qemu-debugsource-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.46.1 * qemu-tools-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.46.1 * qemu-chardev-spice-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.46.1 * qemu-tools-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.46.1 * qemu-ui-opengl-6.2.0-150400.37.46.1 * qemu-guest-agent-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-6.2.0-150400.37.46.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-spice-core-6.2.0-150400.37.46.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Micro 5.3 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.46.1 * qemu-arm-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * qemu-sgabios-8-150400.37.46.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-ipxe-1.0.0+-150400.37.46.1 * SUSE Linux Enterprise Micro 5.3 (s390x) * qemu-s390x-6.2.0-150400.37.46.1 * qemu-s390x-debuginfo-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-accel-tcg-x86-6.2.0-150400.37.46.1 * qemu-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-x86-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * qemu-ui-opengl-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.46.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.46.1 * qemu-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.46.1 * qemu-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-6.2.0-150400.37.46.1 * qemu-debugsource-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.46.1 * qemu-tools-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.46.1 * qemu-chardev-spice-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.46.1 * qemu-tools-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.46.1 * qemu-ui-opengl-6.2.0-150400.37.46.1 * qemu-guest-agent-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-6.2.0-150400.37.46.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-spice-core-6.2.0-150400.37.46.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.46.1 * qemu-arm-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * qemu-sgabios-8-150400.37.46.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-ipxe-1.0.0+-150400.37.46.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (s390x) * qemu-s390x-6.2.0-150400.37.46.1 * qemu-s390x-debuginfo-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-accel-tcg-x86-6.2.0-150400.37.46.1 * qemu-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-x86-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * qemu-ui-opengl-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.46.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.46.1 * qemu-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.46.1 * qemu-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-6.2.0-150400.37.46.1 * qemu-debugsource-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.46.1 * qemu-tools-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.46.1 * qemu-chardev-spice-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.46.1 * qemu-tools-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.46.1 * qemu-ui-opengl-6.2.0-150400.37.46.1 * qemu-guest-agent-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-6.2.0-150400.37.46.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-spice-core-6.2.0-150400.37.46.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Micro 5.4 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.46.1 * qemu-arm-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * qemu-sgabios-8-150400.37.46.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-ipxe-1.0.0+-150400.37.46.1 * SUSE Linux Enterprise Micro 5.4 (s390x) * qemu-s390x-6.2.0-150400.37.46.1 * qemu-s390x-debuginfo-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-accel-tcg-x86-6.2.0-150400.37.46.1 * qemu-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-x86-6.2.0-150400.37.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * qemu-block-curl-6.2.0-150400.37.46.1 * qemu-hw-usb-host-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-usb-host-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.46.1 * qemu-block-iscsi-debuginfo-6.2.0-150400.37.46.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.46.1 * qemu-6.2.0-150400.37.46.1 * qemu-ui-curses-6.2.0-150400.37.46.1 * qemu-lang-6.2.0-150400.37.46.1 * qemu-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-6.2.0-150400.37.46.1 * qemu-debugsource-6.2.0-150400.37.46.1 * qemu-block-rbd-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.46.1 * qemu-tools-6.2.0-150400.37.46.1 * qemu-block-ssh-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-gtk-6.2.0-150400.37.46.1 * qemu-chardev-baum-6.2.0-150400.37.46.1 * qemu-block-iscsi-6.2.0-150400.37.46.1 * qemu-chardev-spice-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.46.1 * qemu-tools-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-opengl-6.2.0-150400.37.46.1 * qemu-block-rbd-debuginfo-6.2.0-150400.37.46.1 * qemu-guest-agent-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.46.1 * qemu-ksm-6.2.0-150400.37.46.1 * qemu-ui-spice-app-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-curses-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-6.2.0-150400.37.46.1 * qemu-ui-spice-app-6.2.0-150400.37.46.1 * qemu-block-curl-debuginfo-6.2.0-150400.37.46.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-gtk-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-spice-core-6.2.0-150400.37.46.1 * qemu-block-ssh-6.2.0-150400.37.46.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.46.1 * qemu-chardev-baum-debuginfo-6.2.0-150400.37.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.46.1 * qemu-arm-6.2.0-150400.37.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * qemu-sgabios-8-150400.37.46.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-ipxe-1.0.0+-150400.37.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-accel-tcg-x86-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-pa-debuginfo-6.2.0-150400.37.46.1 * qemu-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.46.1 * qemu-audio-alsa-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-pa-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.46.1 * qemu-kvm-6.2.0-150400.37.46.1 * qemu-x86-6.2.0-150400.37.46.1 * qemu-audio-alsa-6.2.0-150400.37.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * qemu-block-curl-6.2.0-150400.37.46.1 * qemu-hw-usb-host-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-usb-host-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.46.1 * qemu-block-iscsi-debuginfo-6.2.0-150400.37.46.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.46.1 * qemu-6.2.0-150400.37.46.1 * qemu-ui-curses-6.2.0-150400.37.46.1 * qemu-lang-6.2.0-150400.37.46.1 * qemu-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-6.2.0-150400.37.46.1 * qemu-debugsource-6.2.0-150400.37.46.1 * qemu-block-rbd-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.46.1 * qemu-tools-6.2.0-150400.37.46.1 * qemu-block-ssh-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-gtk-6.2.0-150400.37.46.1 * qemu-chardev-baum-6.2.0-150400.37.46.1 * qemu-block-iscsi-6.2.0-150400.37.46.1 * qemu-chardev-spice-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.46.1 * qemu-tools-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-opengl-6.2.0-150400.37.46.1 * qemu-block-rbd-debuginfo-6.2.0-150400.37.46.1 * qemu-guest-agent-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.46.1 * qemu-ksm-6.2.0-150400.37.46.1 * qemu-ui-spice-app-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-curses-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-6.2.0-150400.37.46.1 * qemu-ui-spice-app-6.2.0-150400.37.46.1 * qemu-block-curl-debuginfo-6.2.0-150400.37.46.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-gtk-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-spice-core-6.2.0-150400.37.46.1 * qemu-block-ssh-6.2.0-150400.37.46.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.46.1 * qemu-chardev-baum-debuginfo-6.2.0-150400.37.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.46.1 * qemu-arm-6.2.0-150400.37.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * qemu-sgabios-8-150400.37.46.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-ipxe-1.0.0+-150400.37.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-accel-tcg-x86-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-pa-debuginfo-6.2.0-150400.37.46.1 * qemu-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.46.1 * qemu-audio-alsa-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-pa-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.46.1 * qemu-kvm-6.2.0-150400.37.46.1 * qemu-x86-6.2.0-150400.37.46.1 * qemu-audio-alsa-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * qemu-block-curl-6.2.0-150400.37.46.1 * qemu-hw-usb-host-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-usb-host-6.2.0-150400.37.46.1 * qemu-ui-curses-6.2.0-150400.37.46.1 * qemu-block-iscsi-debuginfo-6.2.0-150400.37.46.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.46.1 * qemu-6.2.0-150400.37.46.1 * qemu-lang-6.2.0-150400.37.46.1 * qemu-debuginfo-6.2.0-150400.37.46.1 * qemu-debugsource-6.2.0-150400.37.46.1 * qemu-block-rbd-6.2.0-150400.37.46.1 * qemu-tools-6.2.0-150400.37.46.1 * qemu-block-ssh-debuginfo-6.2.0-150400.37.46.1 * qemu-chardev-baum-6.2.0-150400.37.46.1 * qemu-block-iscsi-6.2.0-150400.37.46.1 * qemu-tools-debuginfo-6.2.0-150400.37.46.1 * qemu-block-rbd-debuginfo-6.2.0-150400.37.46.1 * qemu-guest-agent-6.2.0-150400.37.46.1 * qemu-ksm-6.2.0-150400.37.46.1 * qemu-ui-curses-debuginfo-6.2.0-150400.37.46.1 * qemu-block-curl-debuginfo-6.2.0-150400.37.46.1 * qemu-block-ssh-6.2.0-150400.37.46.1 * qemu-chardev-baum-debuginfo-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.46.1 * qemu-arm-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le x86_64) * qemu-hw-usb-redirect-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-gtk-6.2.0-150400.37.46.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-spice-app-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-6.2.0-150400.37.46.1 * qemu-audio-spice-6.2.0-150400.37.46.1 * qemu-ui-spice-app-6.2.0-150400.37.46.1 * qemu-chardev-spice-6.2.0-150400.37.46.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-gtk-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.46.1 * qemu-ui-opengl-6.2.0-150400.37.46.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.46.1 * qemu-ui-spice-core-6.2.0-150400.37.46.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.46.1 * qemu-skiboot-6.2.0-150400.37.46.1 * qemu-ipxe-1.0.0+-150400.37.46.1 * qemu-SLOF-6.2.0-150400.37.46.1 * qemu-sgabios-8-150400.37.46.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (ppc64le) * qemu-ppc-debuginfo-6.2.0-150400.37.46.1 * qemu-ppc-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (s390x x86_64) * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.46.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.46.1 * qemu-kvm-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (s390x) * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.46.1 * qemu-s390x-6.2.0-150400.37.46.1 * qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.46.1 * qemu-s390x-debuginfo-6.2.0-150400.37.46.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-accel-tcg-x86-6.2.0-150400.37.46.1 * qemu-audio-pa-debuginfo-6.2.0-150400.37.46.1 * qemu-x86-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-alsa-debuginfo-6.2.0-150400.37.46.1 * qemu-audio-pa-6.2.0-150400.37.46.1 * qemu-x86-6.2.0-150400.37.46.1 * qemu-audio-alsa-6.2.0-150400.37.46.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1544.html * https://www.suse.com/security/cve/CVE-2024-6505.html * https://www.suse.com/security/cve/CVE-2025-12464.html * https://bugzilla.suse.com/show_bug.cgi?id=1209554 * https://bugzilla.suse.com/show_bug.cgi?id=1227397 * https://bugzilla.suse.com/show_bug.cgi?id=1252768 * https://bugzilla.suse.com/show_bug.cgi?id=1253002 * https://bugzilla.suse.com/show_bug.cgi?id=1254286 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Jan 7 16:30:03 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 Jan 2026 16:30:03 -0000 Subject: SUSE-SU-2026:0053-1: low: Security update for libpcap Message-ID: <176780340387.22147.17330629458506186873@smelt2.prg2.suse.org> # Security update for libpcap Announcement ID: SUSE-SU-2026:0053-1 Release Date: 2026-01-07T11:03:53Z Rating: low References: * bsc#1255765 Cross-References: * CVE-2025-11961 CVSS scores: * CVE-2025-11961 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-11961 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-11961 ( NVD ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for libpcap fixes the following issues: * CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds read and write (bsc#1255765). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-53=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-53=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-53=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libpcap-devel-static-1.9.1-150300.3.6.1 * libpcap1-1.9.1-150300.3.6.1 * libpcap-devel-1.9.1-150300.3.6.1 * libpcap-debugsource-1.9.1-150300.3.6.1 * libpcap1-debuginfo-1.9.1-150300.3.6.1 * openSUSE Leap 15.3 (x86_64) * libpcap1-32bit-1.9.1-150300.3.6.1 * libpcap-devel-32bit-1.9.1-150300.3.6.1 * libpcap1-32bit-debuginfo-1.9.1-150300.3.6.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libpcap-devel-64bit-1.9.1-150300.3.6.1 * libpcap1-64bit-debuginfo-1.9.1-150300.3.6.1 * libpcap1-64bit-1.9.1-150300.3.6.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libpcap1-debuginfo-1.9.1-150300.3.6.1 * libpcap-debugsource-1.9.1-150300.3.6.1 * libpcap1-1.9.1-150300.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libpcap1-debuginfo-1.9.1-150300.3.6.1 * libpcap-debugsource-1.9.1-150300.3.6.1 * libpcap1-1.9.1-150300.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11961.html * https://bugzilla.suse.com/show_bug.cgi?id=1255765 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Jan 7 16:30:09 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 Jan 2026 16:30:09 -0000 Subject: SUSE-SU-2026:0052-1: moderate: Security update for curl Message-ID: <176780340994.22147.2081957939415464902@smelt2.prg2.suse.org> # Security update for curl Announcement ID: SUSE-SU-2026:0052-1 Release Date: 2026-01-07T09:28:40Z Rating: moderate References: * bsc#1255731 * bsc#1255732 * bsc#1255733 * bsc#1255734 Cross-References: * CVE-2025-14524 * CVE-2025-14819 * CVE-2025-15079 * CVE-2025-15224 CVSS scores: * CVE-2025-14524 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-14524 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-14819 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-14819 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-15079 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-15079 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-15224 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-15224 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves four vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). * CVE-2025-14819: libssh global knownhost override (bsc#1255732). * CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). * CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-52=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libcurl4-debuginfo-8.14.1-150700.7.8.1 * curl-8.14.1-150700.7.8.1 * libcurl4-8.14.1-150700.7.8.1 * libcurl-devel-8.14.1-150700.7.8.1 * curl-debugsource-8.14.1-150700.7.8.1 * curl-debuginfo-8.14.1-150700.7.8.1 * Basesystem Module 15-SP7 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150700.7.8.1 * libcurl4-32bit-8.14.1-150700.7.8.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14524.html * https://www.suse.com/security/cve/CVE-2025-14819.html * https://www.suse.com/security/cve/CVE-2025-15079.html * https://www.suse.com/security/cve/CVE-2025-15224.html * https://bugzilla.suse.com/show_bug.cgi?id=1255731 * https://bugzilla.suse.com/show_bug.cgi?id=1255732 * https://bugzilla.suse.com/show_bug.cgi?id=1255733 * https://bugzilla.suse.com/show_bug.cgi?id=1255734 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Jan 7 16:30:14 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 Jan 2026 16:30:14 -0000 Subject: SUSE-SU-2026:0051-1: moderate: Security update for curl Message-ID: <176780341439.22147.1918501355743850772@smelt2.prg2.suse.org> # Security update for curl Announcement ID: SUSE-SU-2026:0051-1 Release Date: 2026-01-07T09:28:27Z Rating: moderate References: * bsc#1255731 * bsc#1255732 * bsc#1255733 * bsc#1255734 Cross-References: * CVE-2025-14524 * CVE-2025-14819 * CVE-2025-15079 * CVE-2025-15224 CVSS scores: * CVE-2025-14524 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-14524 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-14819 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-14819 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-15079 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-15079 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-15224 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-15224 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves four vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). * CVE-2025-14819: libssh global knownhost override (bsc#1255732). * CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). * CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-51=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-51=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libcurl4-debuginfo-8.14.1-150200.4.97.1 * curl-8.14.1-150200.4.97.1 * curl-debugsource-8.14.1-150200.4.97.1 * curl-debuginfo-8.14.1-150200.4.97.1 * libcurl4-8.14.1-150200.4.97.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libcurl4-debuginfo-8.14.1-150200.4.97.1 * curl-8.14.1-150200.4.97.1 * curl-debugsource-8.14.1-150200.4.97.1 * curl-debuginfo-8.14.1-150200.4.97.1 * libcurl4-8.14.1-150200.4.97.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14524.html * https://www.suse.com/security/cve/CVE-2025-14819.html * https://www.suse.com/security/cve/CVE-2025-15079.html * https://www.suse.com/security/cve/CVE-2025-15224.html * https://bugzilla.suse.com/show_bug.cgi?id=1255731 * https://bugzilla.suse.com/show_bug.cgi?id=1255732 * https://bugzilla.suse.com/show_bug.cgi?id=1255733 * https://bugzilla.suse.com/show_bug.cgi?id=1255734 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Jan 7 16:30:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 07 Jan 2026 16:30:19 -0000 Subject: SUSE-SU-2026:0050-1: moderate: Security update for curl Message-ID: <176780341950.22147.16435307477444677279@smelt2.prg2.suse.org> # Security update for curl Announcement ID: SUSE-SU-2026:0050-1 Release Date: 2026-01-07T09:28:15Z Rating: moderate References: * bsc#1255731 * bsc#1255732 * bsc#1255733 * bsc#1255734 Cross-References: * CVE-2025-14524 * CVE-2025-14819 * CVE-2025-15079 * CVE-2025-15224 CVSS scores: * CVE-2025-14524 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-14524 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-14819 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-14819 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-15079 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-15079 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-15224 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-15224 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.6 An update that solves four vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). * CVE-2025-14819: libssh global knownhost override (bsc#1255732). * CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). * CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-50=1 openSUSE-SLE-15.6-2026-50=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * curl-8.14.1-150600.4.34.1 * libcurl4-debuginfo-8.14.1-150600.4.34.1 * curl-debuginfo-8.14.1-150600.4.34.1 * libcurl-mini4-8.14.1-150600.4.34.1 * libcurl-devel-8.14.1-150600.4.34.1 * curl-debugsource-8.14.1-150600.4.34.1 * curl-mini-debugsource-8.14.1-150600.4.34.1 * libcurl4-8.14.1-150600.4.34.1 * libcurl-mini4-debuginfo-8.14.1-150600.4.34.1 * openSUSE Leap 15.6 (noarch) * curl-fish-completion-8.14.1-150600.4.34.1 * curl-zsh-completion-8.14.1-150600.4.34.1 * libcurl-devel-doc-8.14.1-150600.4.34.1 * openSUSE Leap 15.6 (x86_64) * libcurl4-32bit-8.14.1-150600.4.34.1 * libcurl4-32bit-debuginfo-8.14.1-150600.4.34.1 * libcurl-devel-32bit-8.14.1-150600.4.34.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libcurl4-64bit-debuginfo-8.14.1-150600.4.34.1 * libcurl4-64bit-8.14.1-150600.4.34.1 * libcurl-devel-64bit-8.14.1-150600.4.34.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14524.html * https://www.suse.com/security/cve/CVE-2025-14819.html * https://www.suse.com/security/cve/CVE-2025-15079.html * https://www.suse.com/security/cve/CVE-2025-15224.html * https://bugzilla.suse.com/show_bug.cgi?id=1255731 * https://bugzilla.suse.com/show_bug.cgi?id=1255732 * https://bugzilla.suse.com/show_bug.cgi?id=1255733 * https://bugzilla.suse.com/show_bug.cgi?id=1255734 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Jan 8 08:30:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 08 Jan 2026 08:30:05 -0000 Subject: SUSE-SU-2026:0061-1: moderate: Security update for ImageMagick Message-ID: <176786100523.22154.4517294539060291416@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:0061-1 Release Date: 2026-01-07T18:33:22Z Rating: moderate References: * bsc#1255821 * bsc#1255822 * bsc#1255823 Cross-References: * CVE-2025-68618 * CVE-2025-68950 * CVE-2025-69204 CVSS scores: * CVE-2025-68618 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-68618 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-68618 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68618 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-68950 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-68950 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-68950 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-68950 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-69204 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-69204 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-69204 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-69204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 An update that solves three vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2025-68618: read a malicious SVG file may result in a DoS attack (bsc#1255821). * CVE-2025-68950: check for circular references in mvg files may lead to stack overflow (bsc#1255822). * CVE-2025-69204: an integer overflow can lead to a DoS attack (bsc#1255823). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-61=1 openSUSE-SLE-15.6-2026-61=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * ImageMagick-debugsource-7.1.1.21-150600.3.35.1 * ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.35.1 * ImageMagick-config-7-SUSE-7.1.1.21-150600.3.35.1 * libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.35.1 * libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.35.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.35.1 * libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.35.1 * perl-PerlMagick-7.1.1.21-150600.3.35.1 * ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.35.1 * ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.35.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.35.1 * ImageMagick-extra-7.1.1.21-150600.3.35.1 * libMagick++-devel-7.1.1.21-150600.3.35.1 * ImageMagick-devel-7.1.1.21-150600.3.35.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.35.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.35.1 * ImageMagick-extra-debuginfo-7.1.1.21-150600.3.35.1 * perl-PerlMagick-debuginfo-7.1.1.21-150600.3.35.1 * ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.35.1 * ImageMagick-7.1.1.21-150600.3.35.1 * openSUSE Leap 15.6 (x86_64) * libMagick++-devel-32bit-7.1.1.21-150600.3.35.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.35.1 * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.35.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.1.21-150600.3.35.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.1.21-150600.3.35.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.1.21-150600.3.35.1 * ImageMagick-devel-32bit-7.1.1.21-150600.3.35.1 * libMagick++-7_Q16HDRI5-32bit-7.1.1.21-150600.3.35.1 * openSUSE Leap 15.6 (noarch) * ImageMagick-doc-7.1.1.21-150600.3.35.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libMagick++-7_Q16HDRI5-64bit-7.1.1.21-150600.3.35.1 * libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.1.21-150600.3.35.1 * libMagickWand-7_Q16HDRI10-64bit-7.1.1.21-150600.3.35.1 * libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.35.1 * libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.35.1 * libMagick++-devel-64bit-7.1.1.21-150600.3.35.1 * libMagickCore-7_Q16HDRI10-64bit-7.1.1.21-150600.3.35.1 * ImageMagick-devel-64bit-7.1.1.21-150600.3.35.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68618.html * https://www.suse.com/security/cve/CVE-2025-68950.html * https://www.suse.com/security/cve/CVE-2025-69204.html * https://bugzilla.suse.com/show_bug.cgi?id=1255821 * https://bugzilla.suse.com/show_bug.cgi?id=1255822 * https://bugzilla.suse.com/show_bug.cgi?id=1255823 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Jan 8 08:30:09 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 08 Jan 2026 08:30:09 -0000 Subject: SUSE-SU-2026:0060-1: moderate: Security update for capstone Message-ID: <176786100936.22154.3205564715854197418@smelt2.prg2.suse.org> # Security update for capstone Announcement ID: SUSE-SU-2026:0060-1 Release Date: 2026-01-07T16:02:54Z Rating: moderate References: * bsc#1255309 * bsc#1255310 Cross-References: * CVE-2025-67873 * CVE-2025-68114 CVSS scores: * CVE-2025-67873 ( SUSE ): 2.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-67873 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2025-67873 ( NVD ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2025-67873 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-68114 ( SUSE ): 2.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-68114 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2025-68114 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68114 ( NVD ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for capstone fixes the following issues: Security issues fixed: * CVE-2025-67873: missing bounds check on user-provided skipdata callback can lead to a heap buffer overflow (bsc#1255309). * CVE-2025-68114: unchecked `vsnprintf` return value can lead to a stack buffer overflow (bsc#1255310). Other updates and bugfixes: * Enable static library, and add `libcapstone-devel-static` subpackage. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-60=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-60=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-60=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-60=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libcapstone4-debuginfo-4.0.2-150500.3.3.1 * capstone-4.0.2-150500.3.3.1 * capstone-debuginfo-4.0.2-150500.3.3.1 * capstone-debugsource-4.0.2-150500.3.3.1 * libcapstone4-4.0.2-150500.3.3.1 * libcapstone-devel-4.0.2-150500.3.3.1 * libcapstone-devel-static-4.0.2-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * capstone-doc-4.0.2-150500.3.3.1 * python3-capstone-4.0.2-150500.3.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libcapstone4-debuginfo-4.0.2-150500.3.3.1 * capstone-4.0.2-150500.3.3.1 * capstone-debuginfo-4.0.2-150500.3.3.1 * capstone-debugsource-4.0.2-150500.3.3.1 * libcapstone4-4.0.2-150500.3.3.1 * libcapstone-devel-4.0.2-150500.3.3.1 * openSUSE Leap 15.6 (noarch) * capstone-doc-4.0.2-150500.3.3.1 * python3-capstone-4.0.2-150500.3.3.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libcapstone4-debuginfo-4.0.2-150500.3.3.1 * capstone-debuginfo-4.0.2-150500.3.3.1 * capstone-debugsource-4.0.2-150500.3.3.1 * libcapstone4-4.0.2-150500.3.3.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libcapstone4-debuginfo-4.0.2-150500.3.3.1 * capstone-debuginfo-4.0.2-150500.3.3.1 * capstone-debugsource-4.0.2-150500.3.3.1 * libcapstone4-4.0.2-150500.3.3.1 * libcapstone-devel-4.0.2-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67873.html * https://www.suse.com/security/cve/CVE-2025-68114.html * https://bugzilla.suse.com/show_bug.cgi?id=1255309 * https://bugzilla.suse.com/show_bug.cgi?id=1255310 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Jan 8 08:30:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 08 Jan 2026 08:30:12 -0000 Subject: SUSE-SU-2026:0059-1: moderate: Security update for ImageMagick Message-ID: <176786101203.22154.10384943509885664665@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:0059-1 Release Date: 2026-01-07T16:01:56Z Rating: moderate References: * bsc#1255391 Cross-References: * CVE-2025-68469 CVSS scores: * CVE-2025-68469 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-68469 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-68469 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-68469 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2025-68469: crash due to heap buffer overflow when processing a specially crafted TIFF file (bsc#1255391). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-59=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libMagick++-devel-6.8.8.1-71.221.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.221.1 * libMagickWand-6_Q16-1-6.8.8.1-71.221.1 * libMagickCore-6_Q16-1-6.8.8.1-71.221.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.221.1 * ImageMagick-debuginfo-6.8.8.1-71.221.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.221.1 * ImageMagick-config-6-upstream-6.8.8.1-71.221.1 * ImageMagick-devel-6.8.8.1-71.221.1 * ImageMagick-debugsource-6.8.8.1-71.221.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68469.html * https://bugzilla.suse.com/show_bug.cgi?id=1255391 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Jan 8 16:30:06 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 08 Jan 2026 16:30:06 -0000 Subject: SUSE-SU-2026:0063-1: low: Security update for libpcap Message-ID: <176788980604.22173.16615617318579292098@smelt2.prg2.suse.org> # Security update for libpcap Announcement ID: SUSE-SU-2026:0063-1 Release Date: 2026-01-08T09:36:26Z Rating: low References: * bsc#1255765 Cross-References: * CVE-2025-11961 CVSS scores: * CVE-2025-11961 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-11961 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-11961 ( NVD ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for libpcap fixes the following issues: * CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds read and write (bsc#1255765). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-63=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-63=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libpcap-debugsource-1.10.5-150700.3.7.1 * libpcap1-debuginfo-1.10.5-150700.3.7.1 * libpcap-devel-1.10.5-150700.3.7.1 * libpcap1-1.10.5-150700.3.7.1 * SUSE Package Hub 15 15-SP7 (x86_64) * libpcap1-32bit-debuginfo-1.10.5-150700.3.7.1 * libpcap1-32bit-1.10.5-150700.3.7.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11961.html * https://bugzilla.suse.com/show_bug.cgi?id=1255765 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Jan 8 16:30:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 08 Jan 2026 16:30:08 -0000 Subject: SUSE-SU-2026:0062-1: low: Security update for libpcap Message-ID: <176788980843.22173.16659366296788301176@smelt2.prg2.suse.org> # Security update for libpcap Announcement ID: SUSE-SU-2026:0062-1 Release Date: 2026-01-08T09:36:12Z Rating: low References: * bsc#1255765 Cross-References: * CVE-2025-11961 CVSS scores: * CVE-2025-11961 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-11961 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-11961 ( NVD ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libpcap fixes the following issues: * CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds read and write (bsc#1255765). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-62=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpcap1-debuginfo-1.8.1-10.9.1 * libpcap1-1.8.1-10.9.1 * libpcap-devel-1.8.1-10.9.1 * libpcap-debugsource-1.8.1-10.9.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11961.html * https://bugzilla.suse.com/show_bug.cgi?id=1255765 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Jan 8 20:30:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 08 Jan 2026 20:30:05 -0000 Subject: SUSE-SU-2026:0073-1: moderate: Security update for ImageMagick Message-ID: <176790420574.22173.15340653977534998772@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:0073-1 Release Date: 2026-01-08T13:22:44Z Rating: moderate References: * bsc#1255821 * bsc#1255822 * bsc#1255823 Cross-References: * CVE-2025-68618 * CVE-2025-68950 * CVE-2025-69204 CVSS scores: * CVE-2025-68618 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-68618 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-68618 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68618 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-68950 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-68950 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-68950 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-68950 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-69204 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-69204 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-69204 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-69204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP7 * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2025-68618: read a malicious SVG file may result in a DoS attack (bsc#1255821). * CVE-2025-68950: check for circular references in mvg files may lead to stack overflow (bsc#1255822). * CVE-2025-69204: an integer overflow can lead to a DoS attack (bsc#1255823). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-73=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-73=1 ## Package List: * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * perl-PerlMagick-7.1.1.43-150700.3.30.1 * ImageMagick-debuginfo-7.1.1.43-150700.3.30.1 * perl-PerlMagick-debuginfo-7.1.1.43-150700.3.30.1 * ImageMagick-debugsource-7.1.1.43-150700.3.30.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ImageMagick-devel-7.1.1.43-150700.3.30.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.43-150700.3.30.1 * ImageMagick-config-7-upstream-limited-7.1.1.43-150700.3.30.1 * libMagick++-devel-7.1.1.43-150700.3.30.1 * ImageMagick-debuginfo-7.1.1.43-150700.3.30.1 * libMagickWand-7_Q16HDRI10-7.1.1.43-150700.3.30.1 * ImageMagick-config-7-SUSE-7.1.1.43-150700.3.30.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.43-150700.3.30.1 * libMagickCore-7_Q16HDRI10-7.1.1.43-150700.3.30.1 * ImageMagick-config-7-upstream-websafe-7.1.1.43-150700.3.30.1 * ImageMagick-debugsource-7.1.1.43-150700.3.30.1 * ImageMagick-7.1.1.43-150700.3.30.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.43-150700.3.30.1 * ImageMagick-config-7-upstream-open-7.1.1.43-150700.3.30.1 * libMagick++-7_Q16HDRI5-7.1.1.43-150700.3.30.1 * ImageMagick-config-7-upstream-secure-7.1.1.43-150700.3.30.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68618.html * https://www.suse.com/security/cve/CVE-2025-68950.html * https://www.suse.com/security/cve/CVE-2025-69204.html * https://bugzilla.suse.com/show_bug.cgi?id=1255821 * https://bugzilla.suse.com/show_bug.cgi?id=1255822 * https://bugzilla.suse.com/show_bug.cgi?id=1255823 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Jan 8 20:30:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 08 Jan 2026 20:30:10 -0000 Subject: SUSE-SU-2026:0072-1: moderate: Security update for ImageMagick Message-ID: <176790421034.22173.9283351617194662938@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:0072-1 Release Date: 2026-01-08T13:22:28Z Rating: moderate References: * bsc#1255821 * bsc#1255822 Cross-References: * CVE-2025-68618 * CVE-2025-68950 CVSS scores: * CVE-2025-68618 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-68618 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-68618 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-68618 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68950 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-68950 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-68950 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68950 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Desktop Applications Module 15-SP7 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2025-68618: read a malicious SVG file may result in a DoS attack (bsc#1255821). * CVE-2025-68950: check for circular references in mvg files may lead to stack overflow (bsc#1255822). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-72=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-72=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.61.1 * ImageMagick-extra-debuginfo-7.1.0.9-150400.6.61.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.61.1 * ImageMagick-devel-7.1.0.9-150400.6.61.1 * libMagick++-devel-7.1.0.9-150400.6.61.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.61.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.61.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.61.1 * ImageMagick-7.1.0.9-150400.6.61.1 * ImageMagick-debugsource-7.1.0.9-150400.6.61.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.61.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.61.1 * ImageMagick-extra-7.1.0.9-150400.6.61.1 * perl-PerlMagick-7.1.0.9-150400.6.61.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.61.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.61.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.61.1 * openSUSE Leap 15.4 (x86_64) * libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.61.1 * libMagick++-devel-32bit-7.1.0.9-150400.6.61.1 * ImageMagick-devel-32bit-7.1.0.9-150400.6.61.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.61.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.61.1 * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.61.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.61.1 * libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.61.1 * openSUSE Leap 15.4 (noarch) * ImageMagick-doc-7.1.0.9-150400.6.61.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libMagick++-devel-64bit-7.1.0.9-150400.6.61.1 * libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.0.9-150400.6.61.1 * libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.61.1 * libMagickCore-7_Q16HDRI10-64bit-7.1.0.9-150400.6.61.1 * libMagick++-7_Q16HDRI5-64bit-7.1.0.9-150400.6.61.1 * libMagickWand-7_Q16HDRI10-64bit-7.1.0.9-150400.6.61.1 * libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.61.1 * ImageMagick-devel-64bit-7.1.0.9-150400.6.61.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ImageMagick-config-7-upstream-7.1.0.9-150400.6.61.1 * ImageMagick-debugsource-7.1.0.9-150400.6.61.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.61.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68618.html * https://www.suse.com/security/cve/CVE-2025-68950.html * https://bugzilla.suse.com/show_bug.cgi?id=1255821 * https://bugzilla.suse.com/show_bug.cgi?id=1255822 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Jan 8 20:30:14 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 08 Jan 2026 20:30:14 -0000 Subject: SUSE-SU-2026:0071-1: moderate: Security update for php8 Message-ID: <176790421421.22173.12892862476332119385@smelt2.prg2.suse.org> # Security update for php8 Announcement ID: SUSE-SU-2026:0071-1 Release Date: 2026-01-08T13:22:08Z Rating: moderate References: * bsc#1255710 * bsc#1255711 * bsc#1255712 Cross-References: * CVE-2025-14177 * CVE-2025-14178 * CVE-2025-14180 CVSS scores: * CVE-2025-14177 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N * CVE-2025-14177 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2025-14177 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-14178 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-14178 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2025-14178 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2025-14180 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-14180 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-14180 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 An update that solves three vulnerabilities can now be installed. ## Description: This update for php8 fixes the following issues: Security fixes: * CVE-2025-14177: getimagesize() function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode (bsc#1255710). * CVE-2025-14178: heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE (bsc#1255711). * CVE-2025-14180: null pointer dereference in pdo_parse_params() function when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled (bsc#1255712). Other fixes: * Update to 8.2.30: Curl: Fix curl build and test failures with version 8.16. Opcache: Reset global pointers to prevent use-after-free in zend_jit_status(). PDO: Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180) Standard: Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()). Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178) Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-71=1 openSUSE-SLE-15.6-2026-71=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * php8-pgsql-debuginfo-8.2.30-150600.3.25.1 * php8-posix-debuginfo-8.2.30-150600.3.25.1 * php8-odbc-8.2.30-150600.3.25.1 * php8-sodium-debuginfo-8.2.30-150600.3.25.1 * php8-bz2-debuginfo-8.2.30-150600.3.25.1 * php8-debuginfo-8.2.30-150600.3.25.1 * php8-sysvmsg-debuginfo-8.2.30-150600.3.25.1 * php8-openssl-debuginfo-8.2.30-150600.3.25.1 * php8-snmp-8.2.30-150600.3.25.1 * php8-mbstring-8.2.30-150600.3.25.1 * php8-mbstring-debuginfo-8.2.30-150600.3.25.1 * php8-fpm-debugsource-8.2.30-150600.3.25.1 * php8-sockets-debuginfo-8.2.30-150600.3.25.1 * php8-devel-8.2.30-150600.3.25.1 * php8-cli-debuginfo-8.2.30-150600.3.25.1 * php8-opcache-8.2.30-150600.3.25.1 * php8-dba-debuginfo-8.2.30-150600.3.25.1 * php8-tokenizer-8.2.30-150600.3.25.1 * php8-xmlreader-8.2.30-150600.3.25.1 * php8-posix-8.2.30-150600.3.25.1 * php8-embed-8.2.30-150600.3.25.1 * php8-embed-debugsource-8.2.30-150600.3.25.1 * php8-gmp-8.2.30-150600.3.25.1 * php8-sysvshm-debuginfo-8.2.30-150600.3.25.1 * php8-odbc-debuginfo-8.2.30-150600.3.25.1 * php8-xsl-8.2.30-150600.3.25.1 * php8-tidy-8.2.30-150600.3.25.1 * php8-fileinfo-8.2.30-150600.3.25.1 * php8-bz2-8.2.30-150600.3.25.1 * php8-ctype-8.2.30-150600.3.25.1 * php8-ffi-8.2.30-150600.3.25.1 * php8-snmp-debuginfo-8.2.30-150600.3.25.1 * php8-mysql-debuginfo-8.2.30-150600.3.25.1 * php8-gd-debuginfo-8.2.30-150600.3.25.1 * php8-ldap-8.2.30-150600.3.25.1 * php8-fpm-8.2.30-150600.3.25.1 * php8-calendar-8.2.30-150600.3.25.1 * php8-xsl-debuginfo-8.2.30-150600.3.25.1 * php8-pcntl-debuginfo-8.2.30-150600.3.25.1 * php8-curl-debuginfo-8.2.30-150600.3.25.1 * php8-sodium-8.2.30-150600.3.25.1 * php8-bcmath-debuginfo-8.2.30-150600.3.25.1 * php8-readline-8.2.30-150600.3.25.1 * php8-fastcgi-8.2.30-150600.3.25.1 * php8-zip-8.2.30-150600.3.25.1 * php8-xmlreader-debuginfo-8.2.30-150600.3.25.1 * php8-intl-8.2.30-150600.3.25.1 * php8-dom-debuginfo-8.2.30-150600.3.25.1 * php8-sqlite-debuginfo-8.2.30-150600.3.25.1 * php8-sysvmsg-8.2.30-150600.3.25.1 * php8-zlib-debuginfo-8.2.30-150600.3.25.1 * php8-tokenizer-debuginfo-8.2.30-150600.3.25.1 * php8-xmlwriter-8.2.30-150600.3.25.1 * php8-phar-8.2.30-150600.3.25.1 * php8-enchant-8.2.30-150600.3.25.1 * php8-intl-debuginfo-8.2.30-150600.3.25.1 * php8-soap-8.2.30-150600.3.25.1 * php8-curl-8.2.30-150600.3.25.1 * php8-tidy-debuginfo-8.2.30-150600.3.25.1 * php8-exif-8.2.30-150600.3.25.1 * php8-opcache-debuginfo-8.2.30-150600.3.25.1 * php8-fastcgi-debugsource-8.2.30-150600.3.25.1 * php8-ftp-8.2.30-150600.3.25.1 * php8-fpm-debuginfo-8.2.30-150600.3.25.1 * php8-enchant-debuginfo-8.2.30-150600.3.25.1 * php8-openssl-8.2.30-150600.3.25.1 * php8-cli-8.2.30-150600.3.25.1 * apache2-mod_php8-debugsource-8.2.30-150600.3.25.1 * php8-8.2.30-150600.3.25.1 * php8-sysvsem-debuginfo-8.2.30-150600.3.25.1 * php8-gmp-debuginfo-8.2.30-150600.3.25.1 * php8-ffi-debuginfo-8.2.30-150600.3.25.1 * php8-pdo-debuginfo-8.2.30-150600.3.25.1 * php8-dom-8.2.30-150600.3.25.1 * php8-shmop-8.2.30-150600.3.25.1 * php8-bcmath-8.2.30-150600.3.25.1 * php8-gd-8.2.30-150600.3.25.1 * apache2-mod_php8-8.2.30-150600.3.25.1 * php8-pcntl-8.2.30-150600.3.25.1 * php8-zlib-8.2.30-150600.3.25.1 * php8-phar-debuginfo-8.2.30-150600.3.25.1 * php8-debugsource-8.2.30-150600.3.25.1 * php8-sqlite-8.2.30-150600.3.25.1 * php8-embed-debuginfo-8.2.30-150600.3.25.1 * php8-sockets-8.2.30-150600.3.25.1 * php8-zip-debuginfo-8.2.30-150600.3.25.1 * php8-gettext-8.2.30-150600.3.25.1 * php8-test-8.2.30-150600.3.25.1 * php8-ctype-debuginfo-8.2.30-150600.3.25.1 * php8-calendar-debuginfo-8.2.30-150600.3.25.1 * php8-ldap-debuginfo-8.2.30-150600.3.25.1 * php8-exif-debuginfo-8.2.30-150600.3.25.1 * php8-gettext-debuginfo-8.2.30-150600.3.25.1 * php8-pdo-8.2.30-150600.3.25.1 * apache2-mod_php8-debuginfo-8.2.30-150600.3.25.1 * php8-shmop-debuginfo-8.2.30-150600.3.25.1 * php8-iconv-debuginfo-8.2.30-150600.3.25.1 * php8-iconv-8.2.30-150600.3.25.1 * php8-fastcgi-debuginfo-8.2.30-150600.3.25.1 * php8-soap-debuginfo-8.2.30-150600.3.25.1 * php8-mysql-8.2.30-150600.3.25.1 * php8-dba-8.2.30-150600.3.25.1 * php8-sysvshm-8.2.30-150600.3.25.1 * php8-fileinfo-debuginfo-8.2.30-150600.3.25.1 * php8-pgsql-8.2.30-150600.3.25.1 * php8-xmlwriter-debuginfo-8.2.30-150600.3.25.1 * php8-readline-debuginfo-8.2.30-150600.3.25.1 * php8-ftp-debuginfo-8.2.30-150600.3.25.1 * php8-sysvsem-8.2.30-150600.3.25.1 * openSUSE Leap 15.6 (noarch) * php8-fpm-apache-8.2.30-150600.3.25.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14177.html * https://www.suse.com/security/cve/CVE-2025-14178.html * https://www.suse.com/security/cve/CVE-2025-14180.html * https://bugzilla.suse.com/show_bug.cgi?id=1255710 * https://bugzilla.suse.com/show_bug.cgi?id=1255711 * https://bugzilla.suse.com/show_bug.cgi?id=1255712 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Jan 8 20:30:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 08 Jan 2026 20:30:17 -0000 Subject: SUSE-SU-2026:0070-1: important: Security update for qemu Message-ID: <176790421756.22173.5576018118880668703@smelt2.prg2.suse.org> # Security update for qemu Announcement ID: SUSE-SU-2026:0070-1 Release Date: 2026-01-08T13:22:00Z Rating: important References: * bsc#1209554 * bsc#1227397 Cross-References: * CVE-2023-1544 * CVE-2024-6505 CVSS scores: * CVE-2023-1544 ( SUSE ): 7.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H * CVE-2023-1544 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H * CVE-2023-1544 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2024-6505 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2024-6505 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2024-6505 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for qemu fixes the following issues: * CVE-2024-6505: Fixed queue index out-of-bounds access in software RSS (bsc#1227397) * CVE-2023-1544: Fixed out-of-bounds read in pvrdma_ring_next_elem_read() (bsc#1209554) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-70=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-70=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-70=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * qemu-s390x-5.2.0-150300.138.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.138.1 * qemu-tools-5.2.0-150300.138.1 * qemu-block-dmg-5.2.0-150300.138.1 * qemu-extra-5.2.0-150300.138.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.138.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.138.1 * qemu-testsuite-5.2.0-150300.138.2 * qemu-block-dmg-debuginfo-5.2.0-150300.138.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.138.1 * qemu-hw-usb-smartcard-debuginfo-5.2.0-150300.138.1 * qemu-ui-opengl-5.2.0-150300.138.1 * qemu-ui-spice-app-5.2.0-150300.138.1 * qemu-audio-spice-debuginfo-5.2.0-150300.138.1 * qemu-ui-gtk-5.2.0-150300.138.1 * qemu-linux-user-debuginfo-5.2.0-150300.138.1 * qemu-guest-agent-debuginfo-5.2.0-150300.138.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.138.1 * qemu-5.2.0-150300.138.1 * qemu-arm-5.2.0-150300.138.1 * qemu-chardev-spice-debuginfo-5.2.0-150300.138.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.138.1 * qemu-audio-pa-debuginfo-5.2.0-150300.138.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.138.1 * qemu-block-iscsi-5.2.0-150300.138.1 * qemu-guest-agent-5.2.0-150300.138.1 * qemu-ivshmem-tools-debuginfo-5.2.0-150300.138.1 * qemu-block-gluster-5.2.0-150300.138.1 * qemu-s390x-debuginfo-5.2.0-150300.138.1 * qemu-ui-curses-debuginfo-5.2.0-150300.138.1 * qemu-ui-spice-core-5.2.0-150300.138.1 * qemu-audio-alsa-5.2.0-150300.138.1 * qemu-vhost-user-gpu-debuginfo-5.2.0-150300.138.1 * qemu-lang-5.2.0-150300.138.1 * qemu-block-nfs-5.2.0-150300.138.1 * qemu-block-ssh-debuginfo-5.2.0-150300.138.1 * qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.138.1 * qemu-ksm-5.2.0-150300.138.1 * qemu-arm-debuginfo-5.2.0-150300.138.1 * qemu-block-curl-debuginfo-5.2.0-150300.138.1 * qemu-x86-5.2.0-150300.138.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.138.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.138.1 * qemu-chardev-spice-5.2.0-150300.138.1 * qemu-audio-pa-5.2.0-150300.138.1 * qemu-hw-display-qxl-5.2.0-150300.138.1 * qemu-linux-user-debugsource-5.2.0-150300.138.1 * qemu-audio-alsa-debuginfo-5.2.0-150300.138.1 * qemu-debugsource-5.2.0-150300.138.1 * qemu-debuginfo-5.2.0-150300.138.1 * qemu-extra-debuginfo-5.2.0-150300.138.1 * qemu-x86-debuginfo-5.2.0-150300.138.1 * qemu-block-nfs-debuginfo-5.2.0-150300.138.1 * qemu-ppc-debuginfo-5.2.0-150300.138.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.138.1 * qemu-ivshmem-tools-5.2.0-150300.138.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.138.1 * qemu-block-ssh-5.2.0-150300.138.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.138.1 * qemu-ppc-5.2.0-150300.138.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.138.1 * qemu-hw-display-virtio-vga-5.2.0-150300.138.1 * qemu-tools-debuginfo-5.2.0-150300.138.1 * qemu-block-gluster-debuginfo-5.2.0-150300.138.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.138.1 * qemu-audio-spice-5.2.0-150300.138.1 * qemu-hw-usb-redirect-5.2.0-150300.138.1 * qemu-block-curl-5.2.0-150300.138.1 * qemu-vhost-user-gpu-5.2.0-150300.138.1 * qemu-hw-usb-smartcard-5.2.0-150300.138.1 * qemu-linux-user-5.2.0-150300.138.1 * qemu-chardev-baum-5.2.0-150300.138.1 * qemu-ui-curses-5.2.0-150300.138.1 * openSUSE Leap 15.3 (s390x x86_64 i586) * qemu-kvm-5.2.0-150300.138.1 * openSUSE Leap 15.3 (noarch) * qemu-microvm-5.2.0-150300.138.1 * qemu-SLOF-5.2.0-150300.138.1 * qemu-seabios-1.14.0_0_g155821a-150300.138.1 * qemu-skiboot-5.2.0-150300.138.1 * qemu-sgabios-8-150300.138.1 * qemu-vgabios-1.14.0_0_g155821a-150300.138.1 * qemu-ipxe-1.0.0+-150300.138.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * qemu-block-rbd-debuginfo-5.2.0-150300.138.1 * qemu-block-rbd-5.2.0-150300.138.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * qemu-tools-5.2.0-150300.138.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.138.1 * qemu-ui-opengl-5.2.0-150300.138.1 * qemu-audio-spice-debuginfo-5.2.0-150300.138.1 * qemu-guest-agent-debuginfo-5.2.0-150300.138.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.138.1 * qemu-5.2.0-150300.138.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.138.1 * qemu-chardev-spice-debuginfo-5.2.0-150300.138.1 * qemu-guest-agent-5.2.0-150300.138.1 * qemu-ui-spice-core-5.2.0-150300.138.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.138.1 * qemu-chardev-spice-5.2.0-150300.138.1 * qemu-hw-display-qxl-5.2.0-150300.138.1 * qemu-debugsource-5.2.0-150300.138.1 * qemu-debuginfo-5.2.0-150300.138.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.138.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.138.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.138.1 * qemu-hw-display-virtio-vga-5.2.0-150300.138.1 * qemu-tools-debuginfo-5.2.0-150300.138.1 * qemu-audio-spice-5.2.0-150300.138.1 * qemu-hw-usb-redirect-5.2.0-150300.138.1 * SUSE Linux Enterprise Micro 5.2 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.138.1 * qemu-arm-5.2.0-150300.138.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * qemu-seabios-1.14.0_0_g155821a-150300.138.1 * qemu-sgabios-8-150300.138.1 * qemu-vgabios-1.14.0_0_g155821a-150300.138.1 * qemu-ipxe-1.0.0+-150300.138.1 * SUSE Linux Enterprise Micro 5.2 (s390x) * qemu-s390x-5.2.0-150300.138.1 * qemu-s390x-debuginfo-5.2.0-150300.138.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * qemu-x86-5.2.0-150300.138.1 * qemu-x86-debuginfo-5.2.0-150300.138.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * qemu-tools-5.2.0-150300.138.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.138.1 * qemu-ui-opengl-5.2.0-150300.138.1 * qemu-audio-spice-debuginfo-5.2.0-150300.138.1 * qemu-guest-agent-debuginfo-5.2.0-150300.138.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.138.1 * qemu-5.2.0-150300.138.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.138.1 * qemu-chardev-spice-debuginfo-5.2.0-150300.138.1 * qemu-guest-agent-5.2.0-150300.138.1 * qemu-ui-spice-core-5.2.0-150300.138.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.138.1 * qemu-chardev-spice-5.2.0-150300.138.1 * qemu-hw-display-qxl-5.2.0-150300.138.1 * qemu-debugsource-5.2.0-150300.138.1 * qemu-debuginfo-5.2.0-150300.138.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.138.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.138.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.138.1 * qemu-hw-display-virtio-vga-5.2.0-150300.138.1 * qemu-tools-debuginfo-5.2.0-150300.138.1 * qemu-audio-spice-5.2.0-150300.138.1 * qemu-hw-usb-redirect-5.2.0-150300.138.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.138.1 * qemu-arm-5.2.0-150300.138.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * qemu-seabios-1.14.0_0_g155821a-150300.138.1 * qemu-sgabios-8-150300.138.1 * qemu-vgabios-1.14.0_0_g155821a-150300.138.1 * qemu-ipxe-1.0.0+-150300.138.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (s390x) * qemu-s390x-5.2.0-150300.138.1 * qemu-s390x-debuginfo-5.2.0-150300.138.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * qemu-x86-5.2.0-150300.138.1 * qemu-x86-debuginfo-5.2.0-150300.138.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1544.html * https://www.suse.com/security/cve/CVE-2024-6505.html * https://bugzilla.suse.com/show_bug.cgi?id=1209554 * https://bugzilla.suse.com/show_bug.cgi?id=1227397 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Jan 8 20:30:23 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 08 Jan 2026 20:30:23 -0000 Subject: SUSE-SU-2026:0068-1: moderate: Security update for libvirt Message-ID: <176790422358.22173.3322759658735230583@smelt2.prg2.suse.org> # Security update for libvirt Announcement ID: SUSE-SU-2026:0068-1 Release Date: 2026-01-08T12:22:41Z Rating: moderate References: * bsc#1253278 * bsc#1253703 Cross-References: * CVE-2025-12748 * CVE-2025-13193 CVSS scores: * CVE-2025-12748 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-12748 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-12748 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-13193 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-13193 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-13193 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.6 An update that solves two vulnerabilities can now be installed. ## Description: This update for libvirt fixes the following issues: * CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots (bsc#1253703) * CVE-2025-12748: Fixed Check ACLs before parsing the whole domain XML (bsc#1253278) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-68=1 openSUSE-SLE-15.6-2026-68=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libvirt-daemon-log-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-driver-storage-iscsi-direct-10.0.0-150600.8.12.1 * libvirt-client-10.0.0-150600.8.12.1 * libvirt-daemon-driver-storage-scsi-10.0.0-150600.8.12.1 * libvirt-libs-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-driver-nwfilter-10.0.0-150600.8.12.1 * libvirt-daemon-plugin-sanlock-10.0.0-150600.8.12.1 * libvirt-daemon-driver-lxc-10.0.0-150600.8.12.1 * libvirt-client-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-driver-nodedev-10.0.0-150600.8.12.1 * wireshark-plugin-libvirt-10.0.0-150600.8.12.1 * libvirt-daemon-lock-10.0.0-150600.8.12.1 * libvirt-daemon-config-network-10.0.0-150600.8.12.1 * libvirt-daemon-driver-storage-gluster-10.0.0-150600.8.12.1 * libvirt-daemon-driver-interface-10.0.0-150600.8.12.1 * libvirt-10.0.0-150600.8.12.1 * libvirt-daemon-driver-secret-10.0.0-150600.8.12.1 * libvirt-daemon-driver-interface-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-driver-qemu-10.0.0-150600.8.12.1 * libvirt-libs-10.0.0-150600.8.12.1 * libvirt-daemon-driver-network-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-driver-nodedev-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-10.0.0-150600.8.12.1 * libvirt-daemon-driver-qemu-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-lxc-10.0.0-150600.8.12.1 * libvirt-daemon-plugin-sanlock-debuginfo-10.0.0-150600.8.12.1 * libvirt-client-qemu-10.0.0-150600.8.12.1 * libvirt-daemon-qemu-10.0.0-150600.8.12.1 * libvirt-daemon-driver-storage-scsi-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-common-10.0.0-150600.8.12.1 * libvirt-nss-debuginfo-10.0.0-150600.8.12.1 * wireshark-plugin-libvirt-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-config-nwfilter-10.0.0-150600.8.12.1 * libvirt-daemon-plugin-lockd-10.0.0-150600.8.12.1 * libvirt-debugsource-10.0.0-150600.8.12.1 * libvirt-daemon-log-10.0.0-150600.8.12.1 * libvirt-daemon-plugin-lockd-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-driver-storage-10.0.0-150600.8.12.1 * libvirt-daemon-driver-storage-iscsi-10.0.0-150600.8.12.1 * libvirt-nss-10.0.0-150600.8.12.1 * libvirt-daemon-lock-debuginfo-10.0.0-150600.8.12.1 * libvirt-devel-10.0.0-150600.8.12.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-driver-nwfilter-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-driver-storage-logical-10.0.0-150600.8.12.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-driver-lxc-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-driver-storage-core-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-driver-storage-disk-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-driver-secret-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-driver-storage-mpath-10.0.0-150600.8.12.1 * libvirt-daemon-hooks-10.0.0-150600.8.12.1 * libvirt-daemon-proxy-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-driver-storage-logical-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-driver-storage-disk-10.0.0-150600.8.12.1 * libvirt-daemon-driver-storage-core-10.0.0-150600.8.12.1 * libvirt-daemon-driver-storage-mpath-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-driver-network-10.0.0-150600.8.12.1 * libvirt-daemon-proxy-10.0.0-150600.8.12.1 * libvirt-daemon-common-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-driver-storage-gluster-debuginfo-10.0.0-150600.8.12.1 * openSUSE Leap 15.6 (x86_64) * libvirt-daemon-driver-libxl-10.0.0-150600.8.12.1 * libvirt-daemon-driver-libxl-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-xen-10.0.0-150600.8.12.1 * libvirt-client-32bit-debuginfo-10.0.0-150600.8.12.1 * libvirt-devel-32bit-10.0.0-150600.8.12.1 * openSUSE Leap 15.6 (noarch) * libvirt-doc-10.0.0-150600.8.12.1 * openSUSE Leap 15.6 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-10.0.0-150600.8.12.1 * libvirt-daemon-driver-storage-rbd-10.0.0-150600.8.12.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libvirt-client-64bit-debuginfo-10.0.0-150600.8.12.1 * libvirt-devel-64bit-10.0.0-150600.8.12.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12748.html * https://www.suse.com/security/cve/CVE-2025-13193.html * https://bugzilla.suse.com/show_bug.cgi?id=1253278 * https://bugzilla.suse.com/show_bug.cgi?id=1253703 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Jan 8 20:30:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 08 Jan 2026 20:30:20 -0000 Subject: SUSE-SU-2026:0069-1: moderate: Security update for rsync Message-ID: <176790422013.22173.1646278886668806842@smelt2.prg2.suse.org> # Security update for rsync Announcement ID: SUSE-SU-2026:0069-1 Release Date: 2026-01-08T13:21:48Z Rating: moderate References: * bsc#1254441 Cross-References: * CVE-2025-10158 CVSS scores: * CVE-2025-10158 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-10158 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for rsync fixes the following issues: * CVE-2025-10158: Fixed out of bounds array access via negative index (bsc#1254441) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-69=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-69=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * rsync-debugsource-3.2.3-150000.4.39.1 * rsync-debuginfo-3.2.3-150000.4.39.1 * rsync-3.2.3-150000.4.39.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * rsync-debugsource-3.2.3-150000.4.39.1 * rsync-debuginfo-3.2.3-150000.4.39.1 * rsync-3.2.3-150000.4.39.1 ## References: * https://www.suse.com/security/cve/CVE-2025-10158.html * https://bugzilla.suse.com/show_bug.cgi?id=1254441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Jan 8 20:30:26 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 08 Jan 2026 20:30:26 -0000 Subject: SUSE-SU-2026:0067-1: moderate: Security update for podman Message-ID: <176790422609.22173.4946973075985505658@smelt2.prg2.suse.org> # Security update for podman Announcement ID: SUSE-SU-2026:0067-1 Release Date: 2026-01-08T12:22:22Z Rating: moderate References: * bsc#1253993 Cross-References: * CVE-2025-47914 CVSS scores: * CVE-2025-47914 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47914 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Containers Module 15-SP7 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for podman fixes the following issues: * CVE-2025-47914: Fixed ssh-agent that could cause a panic due to an out-of- bounds read with non validated message size (bsc#1253993) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-67=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-67=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-67=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-67=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * podman-debuginfo-4.9.5-150500.3.62.2 * podman-4.9.5-150500.3.62.2 * podmansh-4.9.5-150500.3.62.2 * podman-remote-4.9.5-150500.3.62.2 * podman-remote-debuginfo-4.9.5-150500.3.62.2 * openSUSE Leap 15.5 (noarch) * podman-docker-4.9.5-150500.3.62.2 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * podman-debuginfo-4.9.5-150500.3.62.2 * podman-4.9.5-150500.3.62.2 * podmansh-4.9.5-150500.3.62.2 * podman-remote-4.9.5-150500.3.62.2 * podman-remote-debuginfo-4.9.5-150500.3.62.2 * openSUSE Leap 15.6 (noarch) * podman-docker-4.9.5-150500.3.62.2 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * podman-debuginfo-4.9.5-150500.3.62.2 * podman-4.9.5-150500.3.62.2 * podmansh-4.9.5-150500.3.62.2 * podman-remote-4.9.5-150500.3.62.2 * podman-remote-debuginfo-4.9.5-150500.3.62.2 * SUSE Linux Enterprise Micro 5.5 (noarch) * podman-docker-4.9.5-150500.3.62.2 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * podman-debuginfo-4.9.5-150500.3.62.2 * podman-4.9.5-150500.3.62.2 * podmansh-4.9.5-150500.3.62.2 * podman-remote-4.9.5-150500.3.62.2 * podman-remote-debuginfo-4.9.5-150500.3.62.2 * Containers Module 15-SP7 (noarch) * podman-docker-4.9.5-150500.3.62.2 ## References: * https://www.suse.com/security/cve/CVE-2025-47914.html * https://bugzilla.suse.com/show_bug.cgi?id=1253993 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Jan 8 20:30:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 08 Jan 2026 20:30:30 -0000 Subject: SUSE-SU-2026:0066-1: moderate: Security update for curl Message-ID: <176790423028.22173.15069824653044671279@smelt2.prg2.suse.org> # Security update for curl Announcement ID: SUSE-SU-2026:0066-1 Release Date: 2026-01-08T12:21:35Z Rating: moderate References: * bsc#1255731 * bsc#1255732 * bsc#1255733 Cross-References: * CVE-2025-14524 * CVE-2025-14819 * CVE-2025-15079 CVSS scores: * CVE-2025-14524 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-14524 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-14819 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-14819 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-14819 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-15079 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-15079 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-15079 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2025-14524: Fixed bearer token leak on cross-protocol redirect (bsc#1255731) * CVE-2025-15079: Fixed unknown host connection acceptance when set in the global knownhostsfile (bsc#1255733) * CVE-2025-14819: Fixed issue where alteration of CURLSSLOPT_NO_PARTIALCHAIN could accidentally lead to CA cache reuse for which partial chain was reversed (bsc#1255732) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-66=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * curl-debugsource-8.0.1-11.111.1 * libcurl4-debuginfo-8.0.1-11.111.1 * curl-8.0.1-11.111.1 * curl-debuginfo-8.0.1-11.111.1 * libcurl-devel-8.0.1-11.111.1 * libcurl4-debuginfo-32bit-8.0.1-11.111.1 * libcurl4-32bit-8.0.1-11.111.1 * libcurl4-8.0.1-11.111.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14524.html * https://www.suse.com/security/cve/CVE-2025-14819.html * https://www.suse.com/security/cve/CVE-2025-15079.html * https://bugzilla.suse.com/show_bug.cgi?id=1255731 * https://bugzilla.suse.com/show_bug.cgi?id=1255732 * https://bugzilla.suse.com/show_bug.cgi?id=1255733 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Jan 9 08:30:04 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 Jan 2026 08:30:04 -0000 Subject: SUSE-SU-2026:0077-1: moderate: Security update for curl Message-ID: <176794740415.22147.14083838521400067653@smelt2.prg2.suse.org> # Security update for curl Announcement ID: SUSE-SU-2026:0077-1 Release Date: 2026-01-08T19:04:01Z Rating: moderate References: * bsc#1256105 Cross-References: * CVE-2025-14017 CVSS scores: * CVE-2025-14017 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-14017 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-77=1 openSUSE-SLE-15.6-2026-77=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libcurl4-8.14.1-150600.4.37.1 * curl-8.14.1-150600.4.37.1 * curl-debuginfo-8.14.1-150600.4.37.1 * libcurl4-debuginfo-8.14.1-150600.4.37.1 * curl-mini-debugsource-8.14.1-150600.4.37.1 * libcurl-mini4-8.14.1-150600.4.37.1 * libcurl-mini4-debuginfo-8.14.1-150600.4.37.1 * curl-debugsource-8.14.1-150600.4.37.1 * libcurl-devel-8.14.1-150600.4.37.1 * openSUSE Leap 15.6 (noarch) * curl-fish-completion-8.14.1-150600.4.37.1 * curl-zsh-completion-8.14.1-150600.4.37.1 * libcurl-devel-doc-8.14.1-150600.4.37.1 * openSUSE Leap 15.6 (x86_64) * libcurl4-32bit-8.14.1-150600.4.37.1 * libcurl-devel-32bit-8.14.1-150600.4.37.1 * libcurl4-32bit-debuginfo-8.14.1-150600.4.37.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libcurl-devel-64bit-8.14.1-150600.4.37.1 * libcurl4-64bit-8.14.1-150600.4.37.1 * libcurl4-64bit-debuginfo-8.14.1-150600.4.37.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14017.html * https://bugzilla.suse.com/show_bug.cgi?id=1256105 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Jan 9 12:30:03 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 Jan 2026 12:30:03 -0000 Subject: SUSE-SU-2026:0078-1: moderate: Security update for curl Message-ID: <176796180353.22173.10413695527208785492@smelt2.prg2.suse.org> # Security update for curl Announcement ID: SUSE-SU-2026:0078-1 Release Date: 2026-01-09T07:07:10Z Rating: moderate References: * bsc#1256105 Cross-References: * CVE-2025-14017 CVSS scores: * CVE-2025-14017 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-14017 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-78=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-78=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * curl-8.14.1-150200.4.100.1 * libcurl4-debuginfo-8.14.1-150200.4.100.1 * libcurl4-8.14.1-150200.4.100.1 * curl-debugsource-8.14.1-150200.4.100.1 * curl-debuginfo-8.14.1-150200.4.100.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * curl-8.14.1-150200.4.100.1 * libcurl4-debuginfo-8.14.1-150200.4.100.1 * libcurl4-8.14.1-150200.4.100.1 * curl-debugsource-8.14.1-150200.4.100.1 * curl-debuginfo-8.14.1-150200.4.100.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14017.html * https://bugzilla.suse.com/show_bug.cgi?id=1256105 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Jan 9 16:30:07 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 Jan 2026 16:30:07 -0000 Subject: SUSE-SU-2026:20014-1: important: Security update for sssd Message-ID: <176797620716.22173.4637286509735213342@smelt2.prg2.suse.org> # Security update for sssd Announcement ID: SUSE-SU-2026:20014-1 Release Date: 2026-01-02T16:58:31Z Rating: important References: * bsc#1244325 * bsc#1251827 Cross-References: * CVE-2025-11561 CVSS scores: * CVE-2025-11561 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-11561 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-11561 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for sssd fixes the following issues: * CVE-2025-11561: Fixed default Kerberos configuration allowing privilege escalation on AD-joined Linux systems (bsc#1244325) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-119=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * sssd-ad-2.9.5-160000.3.1 * libsss_certmap0-2.9.5-160000.3.1 * sssd-krb5-common-2.9.5-160000.3.1 * sssd-ldap-2.9.5-160000.3.1 * sssd-tools-debuginfo-2.9.5-160000.3.1 * python3-sssd-config-2.9.5-160000.3.1 * libsss_certmap0-debuginfo-2.9.5-160000.3.1 * sssd-krb5-2.9.5-160000.3.1 * sssd-krb5-common-debuginfo-2.9.5-160000.3.1 * sssd-debugsource-2.9.5-160000.3.1 * sssd-ad-debuginfo-2.9.5-160000.3.1 * libsss_idmap0-2.9.5-160000.3.1 * sssd-ldap-debuginfo-2.9.5-160000.3.1 * sssd-debuginfo-2.9.5-160000.3.1 * libsss_idmap0-debuginfo-2.9.5-160000.3.1 * sssd-2.9.5-160000.3.1 * sssd-dbus-2.9.5-160000.3.1 * sssd-krb5-debuginfo-2.9.5-160000.3.1 * sssd-dbus-debuginfo-2.9.5-160000.3.1 * sssd-tools-2.9.5-160000.3.1 * python3-sssd-config-debuginfo-2.9.5-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11561.html * https://bugzilla.suse.com/show_bug.cgi?id=1244325 * https://bugzilla.suse.com/show_bug.cgi?id=1251827 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Jan 9 16:31:48 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 Jan 2026 16:31:48 -0000 Subject: SUSE-SU-2026:20012-1: important: Security update for the Linux Kernel Message-ID: <176797630854.22173.13768945945171137573@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:20012-1 Release Date: 2025-12-19T15:33:12Z Rating: important References: * bsc#1235463 * bsc#1243474 * bsc#1245193 * bsc#1245431 * bsc#1245498 * bsc#1245499 * bsc#1246328 * bsc#1246843 * bsc#1247500 * bsc#1248792 * bsc#1249256 * bsc#1249397 * bsc#1249912 * bsc#1249977 * bsc#1249982 * bsc#1250034 * bsc#1250176 * bsc#1250237 * bsc#1250252 * bsc#1250705 * bsc#1250723 * bsc#1250746 * bsc#1251120 * bsc#1251817 * bsc#1252054 * bsc#1252063 * bsc#1252301 * bsc#1252303 * bsc#1252342 * bsc#1252352 * bsc#1252357 * bsc#1252681 * bsc#1252686 * bsc#1252763 * bsc#1252776 * bsc#1252779 * bsc#1252790 * bsc#1252794 * bsc#1252795 * bsc#1252808 * bsc#1252809 * bsc#1252817 * bsc#1252821 * bsc#1252824 * bsc#1252836 * bsc#1252845 * bsc#1252901 * bsc#1252912 * bsc#1252917 * bsc#1252919 * bsc#1252923 * bsc#1252928 * bsc#1253018 * bsc#1253155 * bsc#1253176 * bsc#1253238 * bsc#1253275 * bsc#1253318 * bsc#1253324 * bsc#1253328 * bsc#1253330 * bsc#1253342 * bsc#1253348 * bsc#1253349 * bsc#1253352 * bsc#1253355 * bsc#1253360 * bsc#1253362 * bsc#1253363 * bsc#1253367 * bsc#1253369 * bsc#1253386 * bsc#1253394 * bsc#1253395 * bsc#1253402 * bsc#1253403 * bsc#1253405 * bsc#1253407 * bsc#1253408 * bsc#1253409 * bsc#1253410 * bsc#1253412 * bsc#1253416 * bsc#1253421 * bsc#1253422 * bsc#1253423 * bsc#1253424 * bsc#1253425 * bsc#1253426 * bsc#1253427 * bsc#1253428 * bsc#1253431 * bsc#1253433 * bsc#1253436 * bsc#1253438 * bsc#1253440 * bsc#1253441 * bsc#1253443 * bsc#1253445 * bsc#1253448 * bsc#1253449 * bsc#1253450 * bsc#1253451 * bsc#1253453 * bsc#1253455 * bsc#1253456 * bsc#1253457 * bsc#1253463 * bsc#1253472 * bsc#1253622 * bsc#1253624 * bsc#1253635 * bsc#1253643 * bsc#1253647 * bsc#1254119 * bsc#1254181 * bsc#1254221 * bsc#1254308 * bsc#1254315 * jsc#PED-13611 * jsc#PED-13949 * jsc#PED-14062 * jsc#PED-14115 * jsc#PED-14353 Cross-References: * CVE-2022-50253 * CVE-2025-37916 * CVE-2025-38084 * CVE-2025-38085 * CVE-2025-38321 * CVE-2025-38728 * CVE-2025-39805 * CVE-2025-39819 * CVE-2025-39822 * CVE-2025-39831 * CVE-2025-39859 * CVE-2025-39897 * CVE-2025-39917 * CVE-2025-39944 * CVE-2025-39961 * CVE-2025-39980 * CVE-2025-39990 * CVE-2025-40001 * CVE-2025-40003 * CVE-2025-40006 * CVE-2025-40021 * CVE-2025-40024 * CVE-2025-40027 * CVE-2025-40031 * CVE-2025-40033 * CVE-2025-40038 * CVE-2025-40047 * CVE-2025-40053 * CVE-2025-40055 * CVE-2025-40059 * CVE-2025-40064 * CVE-2025-40070 * CVE-2025-40074 * CVE-2025-40075 * CVE-2025-40081 * CVE-2025-40083 * CVE-2025-40086 * CVE-2025-40098 * CVE-2025-40101 * CVE-2025-40102 * CVE-2025-40105 * CVE-2025-40107 * CVE-2025-40109 * CVE-2025-40110 * CVE-2025-40111 * CVE-2025-40115 * CVE-2025-40116 * CVE-2025-40118 * CVE-2025-40120 * CVE-2025-40121 * CVE-2025-40127 * CVE-2025-40129 * CVE-2025-40132 * CVE-2025-40133 * CVE-2025-40134 * CVE-2025-40135 * CVE-2025-40139 * CVE-2025-40140 * CVE-2025-40141 * CVE-2025-40142 * CVE-2025-40149 * CVE-2025-40153 * CVE-2025-40154 * CVE-2025-40156 * CVE-2025-40157 * CVE-2025-40158 * CVE-2025-40159 * CVE-2025-40161 * CVE-2025-40162 * CVE-2025-40164 * CVE-2025-40165 * CVE-2025-40166 * CVE-2025-40168 * CVE-2025-40169 * CVE-2025-40171 * CVE-2025-40172 * CVE-2025-40173 * CVE-2025-40175 * CVE-2025-40176 * CVE-2025-40177 * CVE-2025-40178 * CVE-2025-40180 * CVE-2025-40183 * CVE-2025-40185 * CVE-2025-40186 * CVE-2025-40187 * CVE-2025-40188 * CVE-2025-40192 * CVE-2025-40194 * CVE-2025-40196 * CVE-2025-40197 * CVE-2025-40198 * CVE-2025-40200 * CVE-2025-40201 * CVE-2025-40202 * CVE-2025-40203 * CVE-2025-40204 * CVE-2025-40205 * CVE-2025-40206 * CVE-2025-40207 CVSS scores: * CVE-2022-50253 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2022-50253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-50253 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-37916 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-37916 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37916 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38084 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38084 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-38084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38085 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38085 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-38085 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38321 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-38321 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2025-38321 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38728 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38728 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38728 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39805 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39805 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39819 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-39819 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39822 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39822 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39831 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39831 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39859 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39859 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39897 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39897 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-39897 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39917 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-39917 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2025-39917 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39944 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39961 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39961 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-39980 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-39980 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39990 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-39990 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40001 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40001 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-40003 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40003 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40006 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40006 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40021 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-40021 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2025-40024 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40024 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40027 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40027 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40031 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40031 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40033 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40033 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40038 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40038 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40047 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40047 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40053 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40053 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40055 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40055 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40059 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40059 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40064 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40070 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40074 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40075 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40081 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40083 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40086 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40086 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40098 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40098 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40101 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40101 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40102 ( SUSE ): 0.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-40102 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N * CVE-2025-40105 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40105 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40107 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40107 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40109 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40109 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40110 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40110 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40111 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40115 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40115 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40116 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40116 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40118 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40118 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40120 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40121 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40121 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40127 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40127 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40129 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40129 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40132 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40132 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40133 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40133 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H * CVE-2025-40134 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40134 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40135 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40135 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40139 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40139 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40140 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40140 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40141 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40141 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-40142 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40142 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40149 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40149 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-40153 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40153 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40154 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40154 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40156 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40156 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40157 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40157 ( SUSE ): 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H * CVE-2025-40158 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40158 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40161 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40161 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40162 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40162 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40164 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40164 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40165 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40165 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40166 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40168 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40168 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-40169 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40169 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-40171 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40171 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40172 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40172 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40173 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40173 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40175 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40175 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40176 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40176 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40177 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40177 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-40178 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40180 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40180 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-40183 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40183 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40185 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40185 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40186 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40186 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40187 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40188 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40188 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40192 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40192 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40194 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40196 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40196 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40197 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40197 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40198 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40198 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40200 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40200 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40202 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40202 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40203 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40203 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40204 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-40205 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40205 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40206 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40206 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40207 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40207 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 * SUSE Linux Micro Extras 6.2 An update that solves 100 vulnerabilities, contains five features and has 19 fixes can now be installed. ## Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912). * CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474). * CVE-2025-38084: mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431 bsc#1245498). * CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431 bsc#1245499). * CVE-2025-38321: smb: Log an error when close_all_cached_dirs fails (bsc#1246328). * CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256). * CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982). * CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176). * CVE-2025-39822: io_uring/kbuf: fix signedness in this_len calculation (bsc#1250034). * CVE-2025-39831: fbnic: Move phylink resume out of service_task and into open/close (bsc#1249977). * CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252). * CVE-2025-39897: net: xilinx: axienet: Add error handling for RX metadata pointer retrieval (bsc#1250746). * CVE-2025-39917: bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt (bsc#1250723). * CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120). * CVE-2025-39961: iommu/amd/pgtbl: Fix possible race while increase page table level (bsc#1251817). * CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063). * CVE-2025-39990: bpf: Check the helper function is valid in get_helper_proto (bsc#1252054). * CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303). * CVE-2025-40003: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work (bsc#1252301). * CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342). * CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681). * CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task (bsc#1252686). * CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763). * CVE-2025-40031: tee: fix register_shm_helper() (bsc#1252779). * CVE-2025-40033: remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (bsc#1252824). * CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817). * CVE-2025-40047: io_uring/waitid: always prune wait queue entry in io_waitid_wait() (bsc#1252790). * CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808). * CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821). * CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809). * CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845). * CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836). * CVE-2025-40074: tcp: convert to dev_net_rcu() (bsc#1252794). * CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795). * CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776). * CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912). * CVE-2025-40086: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds (bsc#1252923). * CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917). * CVE-2025-40101: btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST (bsc#1252901). * CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919). * CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928). * CVE-2025-40133: mptcp: Call dst_release() in mptcp_active_enable() (bsc#1253328). * CVE-2025-40134: dm: fix NULL pointer dereference in __dm_suspend() (bsc#1253386). * CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342). * CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409). * CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355). * CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408). * CVE-2025-40157: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (bsc#1253423). * CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403). * CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427). * CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416). * CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421). * CVE-2025-40175: idpf: cleanup remaining SKBs in PTP flows (bsc#1253426). * CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425). * CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463). * CVE-2025-40185: ice: ice_adapter: release xa entry on adapter allocation failure (bsc#1253394). * CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455). * CVE-2025-40203: listmount: don't call path_put() under namespace semaphore (bsc#1253457). The following non security issues were fixed: * ACPI: scan: Update honor list for RPMI System MSI (stable-fixes). * ACPICA: Update dsmethod.c to get rid of unused variable warning (stable- fixes). * Disable CONFIG_CPU5_WDT The cpu5wdt driver doesn't implement a proper watchdog interface and has many code issues. It only handles obscure and obsolete hardware. Stop building and supporting this driver (jsc#PED-14062). * Fix "drm/xe: Don't allow evicting of BOs in same VM in array of VM binds" (bsc#1252923) * KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git- fixes). * KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes). * KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git- fixes). * KVM: s390: improve interrupt cpu for wakeup (bsc#1235463). * KVM: s390: kABI backport for 'last_sleep_cpu' (bsc#1252352). * KVM: x86/mmu: Return -EAGAIN if userspace deletes/moves memslot during prefault (git-fixes). * PCI/ERR: Update device error_state already after reset (stable-fixes). * PM: EM: Slightly reduce em_check_capacity_update() overhead (stable-fixes). * Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" (git-fixes). * Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" (git-fixes). * Update config files: enable zstd module decompression (jsc#PED-14115). * bpf/selftests: Fix test_tcpnotify_user (bsc#1253635). * btrfs: do not clear read-only when adding sprout device (bsc#1253238). * btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes). * dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386) * drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes). * drm/amd/display: update color on atomic commit time (stable-fixes). * drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes). * drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (stable- fixes). * hwmon: (lenovo-ec-sensors) Update P8 supprt (stable-fixes). * media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes). * mount: handle NULL values in mnt_ns_release() (bsc#1254308) * net/smc: Remove validation of reserved bits in CLC Decline (bsc#1252357). * net: phy: move realtek PHY driver to its own subdirectory (jsc#PED-14353). * net: phy: realtek: add defines for shadowed c45 standard registers (jsc#PED-14353). * net: phy: realtek: add helper RTL822X_VND2_C22_REG (jsc#PED-14353). * net: phy: realtek: change order of calls in C22 read_status() (jsc#PED-14353). * net: phy: realtek: clear 1000Base-T link partner advertisement (jsc#PED-14353). * net: phy: realtek: improve mmd register access for internal PHY's (jsc#PED-14353). * net: phy: realtek: read duplex and gbit master from PHYSR register (jsc#PED-14353). * net: phy: realtek: switch from paged to MMD ops in rtl822x functions (jsc#PED-14353). * net: phy: realtek: use string choices helpers (jsc#PED-14353). * net: xilinx: axienet: Fix IRQ coalescing packet count overflow (bsc#1250746) * net: xilinx: axienet: Fix RX skb ring management in DMAengine mode (bsc#1250746) * net: xilinx: axienet: Fix Tx skb circular buffer occupancy check in dmaengine xmit (bsc#1250746) * nvmet-auth: update sc_c in host response (git-fixes bsc#1249397). * nvmet-auth: update sc_c in target host hash calculation (git-fixes). * perf list: Add IBM z17 event descriptions (jsc#PED-13611). * platform/x86:intel/pmc: Update Arrow Lake telemetry GUID (git-fixes). * powercap: intel_rapl: Add support for Panther Lake platform (jsc#PED-13949). * pwm: pca9685: Use bulk write to atomicially update registers (stable-fixes). * r8169: add PHY c45 ops for MDIO_MMD_VENDOR2 registers (jsc#PED-14353). * r8169: add support for Intel Killer E5000 (jsc#PED-14353). * r8169: add support for RTL8125BP rev.b (jsc#PED-14353). * r8169: add support for RTL8125D rev.b (jsc#PED-14353). * r8169: adjust version numbering for RTL8126 (jsc#PED-14353). * r8169: align RTL8125 EEE config with vendor driver (jsc#PED-14353). * r8169: align RTL8125/RTL8126 PHY config with vendor driver (jsc#PED-14353). * r8169: align RTL8126 EEE config with vendor driver (jsc#PED-14353). * r8169: align WAKE_PHY handling with r8125/r8126 vendor drivers (jsc#PED-14353). * r8169: avoid duplicated messages if loading firmware fails and switch to warn level (jsc#PED-14353). * r8169: don't take RTNL lock in rtl_task() (jsc#PED-14353). * r8169: enable EEE at 2.5G per default on RTL8125B (jsc#PED-14353). * r8169: enable RTL8168H/RTL8168EP/RTL8168FP ASPM support (jsc#PED-14353). * r8169: fix inconsistent indenting in rtl8169_get_eth_mac_stats (jsc#PED-14353). * r8169: implement additional ethtool stats ops (jsc#PED-14353). * r8169: improve __rtl8169_set_wol (jsc#PED-14353). * r8169: improve initialization of RSS registers on RTL8125/RTL8126 (jsc#PED-14353). * r8169: improve rtl_set_d3_pll_down (jsc#PED-14353). * r8169: increase max jumbo packet size on RTL8125/RTL8126 (jsc#PED-14353). * r8169: remove leftover locks after reverted change (jsc#PED-14353). * r8169: remove original workaround for RTL8125 broken rx issue (jsc#PED-14353). * r8169: remove rtl_dash_loop_wait_high/low (jsc#PED-14353). * r8169: remove support for chip version 11 (jsc#PED-14353). * r8169: remove unused flag RTL_FLAG_TASK_RESET_NO_QUEUE_WAKE (jsc#PED-14353). * r8169: replace custom flag with disable_work() et al (jsc#PED-14353). * r8169: switch away from deprecated pcim_iomap_table (jsc#PED-14353). * r8169: use helper r8169_mod_reg8_cond to simplify rtl_jumbo_config (jsc#PED-14353). * ring-buffer: Update pages_touched to reflect persistent buffer content (git- fixes). * s390/mm: Fix __ptep_rdp() inline assembly (bsc#1253643). * sched/fair: Get rid of sched_domains_curr_level hack for tl->cpumask() (bsc#1246843). * sched/fair: Have SD_SERIALIZE affect newidle balancing (bsc#1248792). * sched/fair: Proportional newidle balance (bsc#1248792). * sched/fair: Proportional newidle balance -KABI (bsc#1248792). * sched/fair: Revert max_newidle_lb_cost bump (bsc#1248792). * sched/fair: Skip sched_balance_running cmpxchg when balance is not due (bsc#1248792). * sched/fair: Small cleanup to sched_balance_newidle() (bsc#1248792). * sched/fair: Small cleanup to update_newidle_cost() (bsc#1248792). * scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119). * scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119). * scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119). * scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119). * scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119). * scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119). * scsi: lpfc: Remove redundant NULL ptr assignment in lpfc_els_free_iocb() (bsc#1254119). * scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119). * scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119). * scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119). * selftests/run_kselftest.sh: Add `--skip` argument option (bsc#1254221). * smpboot: introduce SDTL_INIT() helper to tidy sched topology setup (bsc#1246843). * soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes). * spi: tegra210-quad: Check hardware status on timeout (bsc#1253155) * spi: tegra210-quad: Fix timeout handling (bsc#1253155) * spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155) * spi: tegra210-quad: Update dummy sequence configuration (git-fixes) * tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705). * wifi: ath11k: Add quirk entries for Thinkpad T14s Gen3 AMD (bsc#1254181). * wifi: mt76: do not add wcid entries to sta poll list during MCU reset (bsc#1254315). * wifi: mt76: introduce mt792x_config_mac_addr_list routine (bsc#1254315). * wifi: mt76: mt7925: Fix logical vs bitwise typo (bsc#1254315). * wifi: mt76: mt7925: Remove unnecessary if-check (bsc#1254315). * wifi: mt76: mt7925: Simplify HIF suspend handling to avoid suspend fail (bsc#1254315). * wifi: mt76: mt7925: add EHT control support based on the CLC data (bsc#1254315). * wifi: mt76: mt7925: add handler to hif suspend/resume event (bsc#1254315). * wifi: mt76: mt7925: add pci restore for hibernate (bsc#1254315). * wifi: mt76: mt7925: config the dwell time by firmware (bsc#1254315). * wifi: mt76: mt7925: extend MCU support for testmode (bsc#1254315). * wifi: mt76: mt7925: fix CLC command timeout when suspend/resume (bsc#1254315). * wifi: mt76: mt7925: fix missing hdr_trans_tlv command for broadcast wtbl (bsc#1254315). * wifi: mt76: mt7925: fix the unfinished command of regd_notifier before suspend (bsc#1254315). * wifi: mt76: mt7925: refine the txpower initialization flow (bsc#1254315). * wifi: mt76: mt7925: replace zero-length array with flexible-array member (bsc#1254315). * wifi: mt76: mt7925: update the channel usage when the regd domain changed (bsc#1254315). * wifi: mt76: mt7925e: fix too long of wifi resume time (bsc#1254315). * x86/smpboot: avoid SMT domain attach/destroy if SMT is not enabled (bsc#1246843). * x86/smpboot: moves x86_topology to static initialize and truncate (bsc#1246843). * x86/smpboot: remove redundant CONFIG_SCHED_SMT (bsc#1246843). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-113=1 * SUSE Linux Micro Extras 6.2 zypper in -t patch SUSE-SL-Micro-6.2-113=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * kernel-devel-6.12.0-160000.8.1 * kernel-source-6.12.0-160000.8.1 * kernel-macros-6.12.0-160000.8.1 * SUSE Linux Micro 6.2 (aarch64 ppc64le x86_64) * kernel-default-base-6.12.0-160000.8.1.160000.2.5 * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.12.0-160000.8.1 * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-6.12.0-160000.8.1 * kernel-default-devel-6.12.0-160000.8.1 * kernel-default-debuginfo-6.12.0-160000.8.1 * kernel-default-extra-6.12.0-160000.8.1 * kernel-default-extra-debuginfo-6.12.0-160000.8.1 * SUSE Linux Micro 6.2 (x86_64) * kernel-rt-livepatch-6.12.0-160000.8.1 * kernel-rt-devel-debuginfo-6.12.0-160000.8.1 * kernel-default-devel-debuginfo-6.12.0-160000.8.1 * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-default-livepatch-6.12.0-160000.8.1 * SUSE Linux Micro 6.2 (aarch64 nosrc x86_64) * kernel-rt-6.12.0-160000.8.1 * SUSE Linux Micro 6.2 (aarch64 x86_64) * kernel-rt-debugsource-6.12.0-160000.8.1 * kernel-rt-debuginfo-6.12.0-160000.8.1 * kernel-rt-devel-6.12.0-160000.8.1 * SUSE Linux Micro 6.2 (aarch64 nosrc) * kernel-64kb-6.12.0-160000.8.1 * SUSE Linux Micro 6.2 (aarch64) * kernel-64kb-debugsource-6.12.0-160000.8.1 * kernel-64kb-debuginfo-6.12.0-160000.8.1 * kernel-64kb-devel-6.12.0-160000.8.1 * SUSE Linux Micro Extras 6.2 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-6.12.0-160000.8.1 * kernel-obs-build-debugsource-6.12.0-160000.8.1 * kernel-syms-6.12.0-160000.8.1 ## References: * https://www.suse.com/security/cve/CVE-2022-50253.html * https://www.suse.com/security/cve/CVE-2025-37916.html * https://www.suse.com/security/cve/CVE-2025-38084.html * https://www.suse.com/security/cve/CVE-2025-38085.html * https://www.suse.com/security/cve/CVE-2025-38321.html * https://www.suse.com/security/cve/CVE-2025-38728.html * https://www.suse.com/security/cve/CVE-2025-39805.html * https://www.suse.com/security/cve/CVE-2025-39819.html * https://www.suse.com/security/cve/CVE-2025-39822.html * https://www.suse.com/security/cve/CVE-2025-39831.html * https://www.suse.com/security/cve/CVE-2025-39859.html * https://www.suse.com/security/cve/CVE-2025-39897.html * https://www.suse.com/security/cve/CVE-2025-39917.html * https://www.suse.com/security/cve/CVE-2025-39944.html * https://www.suse.com/security/cve/CVE-2025-39961.html * https://www.suse.com/security/cve/CVE-2025-39980.html * https://www.suse.com/security/cve/CVE-2025-39990.html * https://www.suse.com/security/cve/CVE-2025-40001.html * https://www.suse.com/security/cve/CVE-2025-40003.html * https://www.suse.com/security/cve/CVE-2025-40006.html * https://www.suse.com/security/cve/CVE-2025-40021.html * https://www.suse.com/security/cve/CVE-2025-40024.html * https://www.suse.com/security/cve/CVE-2025-40027.html * https://www.suse.com/security/cve/CVE-2025-40031.html * https://www.suse.com/security/cve/CVE-2025-40033.html * https://www.suse.com/security/cve/CVE-2025-40038.html * https://www.suse.com/security/cve/CVE-2025-40047.html * https://www.suse.com/security/cve/CVE-2025-40053.html * https://www.suse.com/security/cve/CVE-2025-40055.html * https://www.suse.com/security/cve/CVE-2025-40059.html * https://www.suse.com/security/cve/CVE-2025-40064.html * https://www.suse.com/security/cve/CVE-2025-40070.html * https://www.suse.com/security/cve/CVE-2025-40074.html * https://www.suse.com/security/cve/CVE-2025-40075.html * https://www.suse.com/security/cve/CVE-2025-40081.html * https://www.suse.com/security/cve/CVE-2025-40083.html * https://www.suse.com/security/cve/CVE-2025-40086.html * https://www.suse.com/security/cve/CVE-2025-40098.html * https://www.suse.com/security/cve/CVE-2025-40101.html * https://www.suse.com/security/cve/CVE-2025-40102.html * https://www.suse.com/security/cve/CVE-2025-40105.html * https://www.suse.com/security/cve/CVE-2025-40107.html * https://www.suse.com/security/cve/CVE-2025-40109.html * https://www.suse.com/security/cve/CVE-2025-40110.html * https://www.suse.com/security/cve/CVE-2025-40111.html * https://www.suse.com/security/cve/CVE-2025-40115.html * https://www.suse.com/security/cve/CVE-2025-40116.html * https://www.suse.com/security/cve/CVE-2025-40118.html * https://www.suse.com/security/cve/CVE-2025-40120.html * https://www.suse.com/security/cve/CVE-2025-40121.html * https://www.suse.com/security/cve/CVE-2025-40127.html * https://www.suse.com/security/cve/CVE-2025-40129.html * https://www.suse.com/security/cve/CVE-2025-40132.html * https://www.suse.com/security/cve/CVE-2025-40133.html * https://www.suse.com/security/cve/CVE-2025-40134.html * https://www.suse.com/security/cve/CVE-2025-40135.html * https://www.suse.com/security/cve/CVE-2025-40139.html * https://www.suse.com/security/cve/CVE-2025-40140.html * https://www.suse.com/security/cve/CVE-2025-40141.html * https://www.suse.com/security/cve/CVE-2025-40142.html * https://www.suse.com/security/cve/CVE-2025-40149.html * https://www.suse.com/security/cve/CVE-2025-40153.html * https://www.suse.com/security/cve/CVE-2025-40154.html * https://www.suse.com/security/cve/CVE-2025-40156.html * https://www.suse.com/security/cve/CVE-2025-40157.html * https://www.suse.com/security/cve/CVE-2025-40158.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-40161.html * https://www.suse.com/security/cve/CVE-2025-40162.html * https://www.suse.com/security/cve/CVE-2025-40164.html * https://www.suse.com/security/cve/CVE-2025-40165.html * https://www.suse.com/security/cve/CVE-2025-40166.html * https://www.suse.com/security/cve/CVE-2025-40168.html * https://www.suse.com/security/cve/CVE-2025-40169.html * https://www.suse.com/security/cve/CVE-2025-40171.html * https://www.suse.com/security/cve/CVE-2025-40172.html * https://www.suse.com/security/cve/CVE-2025-40173.html * https://www.suse.com/security/cve/CVE-2025-40175.html * https://www.suse.com/security/cve/CVE-2025-40176.html * https://www.suse.com/security/cve/CVE-2025-40177.html * https://www.suse.com/security/cve/CVE-2025-40178.html * https://www.suse.com/security/cve/CVE-2025-40180.html * https://www.suse.com/security/cve/CVE-2025-40183.html * https://www.suse.com/security/cve/CVE-2025-40185.html * https://www.suse.com/security/cve/CVE-2025-40186.html * https://www.suse.com/security/cve/CVE-2025-40187.html * https://www.suse.com/security/cve/CVE-2025-40188.html * https://www.suse.com/security/cve/CVE-2025-40192.html * https://www.suse.com/security/cve/CVE-2025-40194.html * https://www.suse.com/security/cve/CVE-2025-40196.html * https://www.suse.com/security/cve/CVE-2025-40197.html * https://www.suse.com/security/cve/CVE-2025-40198.html * https://www.suse.com/security/cve/CVE-2025-40200.html * https://www.suse.com/security/cve/CVE-2025-40201.html * https://www.suse.com/security/cve/CVE-2025-40202.html * https://www.suse.com/security/cve/CVE-2025-40203.html * https://www.suse.com/security/cve/CVE-2025-40204.html * https://www.suse.com/security/cve/CVE-2025-40205.html * https://www.suse.com/security/cve/CVE-2025-40206.html * https://www.suse.com/security/cve/CVE-2025-40207.html * https://bugzilla.suse.com/show_bug.cgi?id=1235463 * https://bugzilla.suse.com/show_bug.cgi?id=1243474 * https://bugzilla.suse.com/show_bug.cgi?id=1245193 * https://bugzilla.suse.com/show_bug.cgi?id=1245431 * https://bugzilla.suse.com/show_bug.cgi?id=1245498 * https://bugzilla.suse.com/show_bug.cgi?id=1245499 * https://bugzilla.suse.com/show_bug.cgi?id=1246328 * https://bugzilla.suse.com/show_bug.cgi?id=1246843 * https://bugzilla.suse.com/show_bug.cgi?id=1247500 * https://bugzilla.suse.com/show_bug.cgi?id=1248792 * https://bugzilla.suse.com/show_bug.cgi?id=1249256 * https://bugzilla.suse.com/show_bug.cgi?id=1249397 * https://bugzilla.suse.com/show_bug.cgi?id=1249912 * https://bugzilla.suse.com/show_bug.cgi?id=1249977 * https://bugzilla.suse.com/show_bug.cgi?id=1249982 * https://bugzilla.suse.com/show_bug.cgi?id=1250034 * https://bugzilla.suse.com/show_bug.cgi?id=1250176 * https://bugzilla.suse.com/show_bug.cgi?id=1250237 * https://bugzilla.suse.com/show_bug.cgi?id=1250252 * https://bugzilla.suse.com/show_bug.cgi?id=1250705 * https://bugzilla.suse.com/show_bug.cgi?id=1250723 * https://bugzilla.suse.com/show_bug.cgi?id=1250746 * https://bugzilla.suse.com/show_bug.cgi?id=1251120 * https://bugzilla.suse.com/show_bug.cgi?id=1251817 * https://bugzilla.suse.com/show_bug.cgi?id=1252054 * https://bugzilla.suse.com/show_bug.cgi?id=1252063 * https://bugzilla.suse.com/show_bug.cgi?id=1252301 * https://bugzilla.suse.com/show_bug.cgi?id=1252303 * https://bugzilla.suse.com/show_bug.cgi?id=1252342 * https://bugzilla.suse.com/show_bug.cgi?id=1252352 * https://bugzilla.suse.com/show_bug.cgi?id=1252357 * https://bugzilla.suse.com/show_bug.cgi?id=1252681 * https://bugzilla.suse.com/show_bug.cgi?id=1252686 * https://bugzilla.suse.com/show_bug.cgi?id=1252763 * https://bugzilla.suse.com/show_bug.cgi?id=1252776 * https://bugzilla.suse.com/show_bug.cgi?id=1252779 * https://bugzilla.suse.com/show_bug.cgi?id=1252790 * https://bugzilla.suse.com/show_bug.cgi?id=1252794 * https://bugzilla.suse.com/show_bug.cgi?id=1252795 * https://bugzilla.suse.com/show_bug.cgi?id=1252808 * https://bugzilla.suse.com/show_bug.cgi?id=1252809 * https://bugzilla.suse.com/show_bug.cgi?id=1252817 * https://bugzilla.suse.com/show_bug.cgi?id=1252821 * https://bugzilla.suse.com/show_bug.cgi?id=1252824 * https://bugzilla.suse.com/show_bug.cgi?id=1252836 * https://bugzilla.suse.com/show_bug.cgi?id=1252845 * https://bugzilla.suse.com/show_bug.cgi?id=1252901 * https://bugzilla.suse.com/show_bug.cgi?id=1252912 * https://bugzilla.suse.com/show_bug.cgi?id=1252917 * https://bugzilla.suse.com/show_bug.cgi?id=1252919 * https://bugzilla.suse.com/show_bug.cgi?id=1252923 * https://bugzilla.suse.com/show_bug.cgi?id=1252928 * https://bugzilla.suse.com/show_bug.cgi?id=1253018 * https://bugzilla.suse.com/show_bug.cgi?id=1253155 * https://bugzilla.suse.com/show_bug.cgi?id=1253176 * https://bugzilla.suse.com/show_bug.cgi?id=1253238 * https://bugzilla.suse.com/show_bug.cgi?id=1253275 * https://bugzilla.suse.com/show_bug.cgi?id=1253318 * https://bugzilla.suse.com/show_bug.cgi?id=1253324 * https://bugzilla.suse.com/show_bug.cgi?id=1253328 * https://bugzilla.suse.com/show_bug.cgi?id=1253330 * https://bugzilla.suse.com/show_bug.cgi?id=1253342 * https://bugzilla.suse.com/show_bug.cgi?id=1253348 * https://bugzilla.suse.com/show_bug.cgi?id=1253349 * https://bugzilla.suse.com/show_bug.cgi?id=1253352 * https://bugzilla.suse.com/show_bug.cgi?id=1253355 * https://bugzilla.suse.com/show_bug.cgi?id=1253360 * https://bugzilla.suse.com/show_bug.cgi?id=1253362 * https://bugzilla.suse.com/show_bug.cgi?id=1253363 * https://bugzilla.suse.com/show_bug.cgi?id=1253367 * https://bugzilla.suse.com/show_bug.cgi?id=1253369 * https://bugzilla.suse.com/show_bug.cgi?id=1253386 * https://bugzilla.suse.com/show_bug.cgi?id=1253394 * https://bugzilla.suse.com/show_bug.cgi?id=1253395 * https://bugzilla.suse.com/show_bug.cgi?id=1253402 * https://bugzilla.suse.com/show_bug.cgi?id=1253403 * https://bugzilla.suse.com/show_bug.cgi?id=1253405 * https://bugzilla.suse.com/show_bug.cgi?id=1253407 * https://bugzilla.suse.com/show_bug.cgi?id=1253408 * https://bugzilla.suse.com/show_bug.cgi?id=1253409 * https://bugzilla.suse.com/show_bug.cgi?id=1253410 * https://bugzilla.suse.com/show_bug.cgi?id=1253412 * https://bugzilla.suse.com/show_bug.cgi?id=1253416 * https://bugzilla.suse.com/show_bug.cgi?id=1253421 * https://bugzilla.suse.com/show_bug.cgi?id=1253422 * https://bugzilla.suse.com/show_bug.cgi?id=1253423 * https://bugzilla.suse.com/show_bug.cgi?id=1253424 * https://bugzilla.suse.com/show_bug.cgi?id=1253425 * https://bugzilla.suse.com/show_bug.cgi?id=1253426 * https://bugzilla.suse.com/show_bug.cgi?id=1253427 * https://bugzilla.suse.com/show_bug.cgi?id=1253428 * https://bugzilla.suse.com/show_bug.cgi?id=1253431 * https://bugzilla.suse.com/show_bug.cgi?id=1253433 * https://bugzilla.suse.com/show_bug.cgi?id=1253436 * https://bugzilla.suse.com/show_bug.cgi?id=1253438 * https://bugzilla.suse.com/show_bug.cgi?id=1253440 * https://bugzilla.suse.com/show_bug.cgi?id=1253441 * https://bugzilla.suse.com/show_bug.cgi?id=1253443 * https://bugzilla.suse.com/show_bug.cgi?id=1253445 * https://bugzilla.suse.com/show_bug.cgi?id=1253448 * https://bugzilla.suse.com/show_bug.cgi?id=1253449 * https://bugzilla.suse.com/show_bug.cgi?id=1253450 * https://bugzilla.suse.com/show_bug.cgi?id=1253451 * https://bugzilla.suse.com/show_bug.cgi?id=1253453 * https://bugzilla.suse.com/show_bug.cgi?id=1253455 * https://bugzilla.suse.com/show_bug.cgi?id=1253456 * https://bugzilla.suse.com/show_bug.cgi?id=1253457 * https://bugzilla.suse.com/show_bug.cgi?id=1253463 * https://bugzilla.suse.com/show_bug.cgi?id=1253472 * https://bugzilla.suse.com/show_bug.cgi?id=1253622 * https://bugzilla.suse.com/show_bug.cgi?id=1253624 * https://bugzilla.suse.com/show_bug.cgi?id=1253635 * https://bugzilla.suse.com/show_bug.cgi?id=1253643 * https://bugzilla.suse.com/show_bug.cgi?id=1253647 * https://bugzilla.suse.com/show_bug.cgi?id=1254119 * https://bugzilla.suse.com/show_bug.cgi?id=1254181 * https://bugzilla.suse.com/show_bug.cgi?id=1254221 * https://bugzilla.suse.com/show_bug.cgi?id=1254308 * https://bugzilla.suse.com/show_bug.cgi?id=1254315 * https://jira.suse.com/browse/PED-13611 * https://jira.suse.com/browse/PED-13949 * https://jira.suse.com/browse/PED-14062 * https://jira.suse.com/browse/PED-14115 * https://jira.suse.com/browse/PED-14353 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Jan 9 16:32:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 Jan 2026 16:32:12 -0000 Subject: SUSE-SU-2026:20008-1: important: Security update for qemu Message-ID: <176797633213.22173.8040508041730917074@smelt2.prg2.suse.org> # Security update for qemu Announcement ID: SUSE-SU-2026:20008-1 Release Date: 2025-12-22T15:48:07Z Rating: important References: * bsc#1250984 * bsc#1252768 * bsc#1253002 * bsc#1254286 Cross-References: * CVE-2025-11234 * CVE-2025-12464 CVSS scores: * CVE-2025-11234 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-11234 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-11234 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-12464 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-12464 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-12464 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities and has two fixes can now be installed. ## Description: This update for qemu fixes the following issues: Security issues fixed: * CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host (bsc#1253002). * CVE-2025-11234: use-after-free in WebSocket handshake operations can be exploited by a malicious client with network access to the VNC WebSocket port to cause a denial-of-service (bsc#1250984). Other updates and bugfixes: * [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286). * block/curl: fix curl internal handles handling (bsc#1252768). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-357=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * qemu-tools-8.2.10-slfo.1.1_3.1 * qemu-hw-usb-redirect-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-block-ssh-8.2.10-slfo.1.1_3.1 * qemu-ksm-8.2.10-slfo.1.1_3.1 * qemu-block-ssh-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-chardev-spice-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-img-8.2.10-slfo.1.1_3.1 * qemu-hw-display-virtio-gpu-8.2.10-slfo.1.1_3.1 * qemu-hw-usb-host-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-block-rbd-8.2.10-slfo.1.1_3.1 * qemu-hw-display-qxl-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-block-iscsi-8.2.10-slfo.1.1_3.1 * qemu-block-nfs-8.2.10-slfo.1.1_3.1 * qemu-block-curl-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-ui-opengl-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-hw-display-virtio-gpu-pci-8.2.10-slfo.1.1_3.1 * qemu-ui-opengl-8.2.10-slfo.1.1_3.1 * qemu-audio-spice-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-guest-agent-8.2.10-slfo.1.1_3.1 * qemu-hw-display-virtio-vga-8.2.10-slfo.1.1_3.1 * qemu-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-chardev-spice-8.2.10-slfo.1.1_3.1 * qemu-block-nfs-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-guest-agent-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-hw-display-virtio-gpu-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-hw-display-virtio-vga-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-ui-spice-core-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-block-curl-8.2.10-slfo.1.1_3.1 * qemu-debugsource-8.2.10-slfo.1.1_3.1 * qemu-spice-8.2.10-slfo.1.1_3.1 * qemu-block-iscsi-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-audio-spice-8.2.10-slfo.1.1_3.1 * qemu-hw-display-qxl-8.2.10-slfo.1.1_3.1 * qemu-hw-usb-host-8.2.10-slfo.1.1_3.1 * qemu-pr-helper-8.2.10-slfo.1.1_3.1 * qemu-block-rbd-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-tools-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-hw-usb-redirect-8.2.10-slfo.1.1_3.1 * qemu-ui-spice-core-8.2.10-slfo.1.1_3.1 * qemu-headless-8.2.10-slfo.1.1_3.1 * qemu-pr-helper-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-8.2.10-slfo.1.1_3.1 * qemu-img-debuginfo-8.2.10-slfo.1.1_3.1 * SUSE Linux Micro 6.1 (aarch64) * qemu-arm-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-arm-8.2.10-slfo.1.1_3.1 * SUSE Linux Micro 6.1 (noarch) * qemu-vgabios-8.2.101.16.3_3_ga95067eb-slfo.1.1_3.1 * qemu-ipxe-8.2.10-slfo.1.1_3.1 * qemu-seabios-8.2.101.16.3_3_ga95067eb-slfo.1.1_3.1 * qemu-SLOF-8.2.10-slfo.1.1_3.1 * qemu-lang-8.2.10-slfo.1.1_3.1 * SUSE Linux Micro 6.1 (ppc64le) * qemu-ppc-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-ppc-8.2.10-slfo.1.1_3.1 * SUSE Linux Micro 6.1 (s390x) * qemu-s390x-8.2.10-slfo.1.1_3.1 * qemu-s390x-debuginfo-8.2.10-slfo.1.1_3.1 * SUSE Linux Micro 6.1 (x86_64) * qemu-accel-tcg-x86-8.2.10-slfo.1.1_3.1 * qemu-x86-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-accel-tcg-x86-debuginfo-8.2.10-slfo.1.1_3.1 * qemu-x86-8.2.10-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11234.html * https://www.suse.com/security/cve/CVE-2025-12464.html * https://bugzilla.suse.com/show_bug.cgi?id=1250984 * https://bugzilla.suse.com/show_bug.cgi?id=1252768 * https://bugzilla.suse.com/show_bug.cgi?id=1253002 * https://bugzilla.suse.com/show_bug.cgi?id=1254286 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Jan 9 16:32:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 Jan 2026 16:32:16 -0000 Subject: SUSE-SU-2026:20007-1: important: Security update for python-tornado6 Message-ID: <176797633618.22173.5175650085613251494@smelt2.prg2.suse.org> # Security update for python-tornado6 Announcement ID: SUSE-SU-2026:20007-1 Release Date: 2025-12-22T13:30:40Z Rating: important References: * bsc#1254903 * bsc#1254904 * bsc#1254905 Cross-References: * CVE-2025-67724 * CVE-2025-67725 * CVE-2025-67726 CVSS scores: * CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves three vulnerabilities can now be installed. ## Description: This update for python-tornado6 fixes the following issues: * CVE-2025-67724: unescaped `reason` argument used in HTTP headers and in HTML default error pages can be used by attackers to launch header injection or XSS attacks (bsc#1254903). * CVE-2025-67725: quadratic complexity of string concatenation operations used by the `HTTPHeaders.add` method can lead to DoS when processing a maliciously crafted HTTP request (bsc#1254905). * CVE-2025-67726: quadratic complexity algorithm used in the `_parseparam` function of `httputil.py` can lead to DoS when processing maliciously crafted parameters in a `Content-Disposition` header (bsc#1254904). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-356=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * python-tornado6-debugsource-6.4-slfo.1.1_3.1 * python311-tornado6-6.4-slfo.1.1_3.1 * python311-tornado6-debuginfo-6.4-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67724.html * https://www.suse.com/security/cve/CVE-2025-67725.html * https://www.suse.com/security/cve/CVE-2025-67726.html * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254904 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Jan 9 16:32:51 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 Jan 2026 16:32:51 -0000 Subject: SUSE-SU-2026:0083-1: important: Security update for gimp Message-ID: <176797637129.22173.4721908604834710774@smelt2.prg2.suse.org> # Security update for gimp Announcement ID: SUSE-SU-2026:0083-1 Release Date: 2026-01-09T09:13:06Z Rating: important References: * bsc#1255766 Cross-References: * CVE-2025-15059 CVSS scores: * CVE-2025-15059 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-15059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for gimp fixes the following issues: * CVE-2025-15059: Fixed Heap-based Buffer Overflow Remote Code Execution Vulnerability in GIMP PSP File Parsing (bsc#1255766). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-83=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-83=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-83=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-83=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gimp-devel-debuginfo-2.10.30-150400.3.35.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.35.1 * gimp-plugin-aa-2.10.30-150400.3.35.1 * gimp-devel-2.10.30-150400.3.35.1 * gimp-2.10.30-150400.3.35.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.35.1 * gimp-debuginfo-2.10.30-150400.3.35.1 * libgimp-2_0-0-2.10.30-150400.3.35.1 * gimp-debugsource-2.10.30-150400.3.35.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.35.1 * libgimpui-2_0-0-2.10.30-150400.3.35.1 * openSUSE Leap 15.4 (noarch) * gimp-lang-2.10.30-150400.3.35.1 * openSUSE Leap 15.4 (x86_64) * libgimp-2_0-0-32bit-2.10.30-150400.3.35.1 * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.35.1 * libgimpui-2_0-0-32bit-2.10.30-150400.3.35.1 * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.35.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgimpui-2_0-0-64bit-2.10.30-150400.3.35.1 * libgimpui-2_0-0-64bit-debuginfo-2.10.30-150400.3.35.1 * libgimp-2_0-0-64bit-2.10.30-150400.3.35.1 * libgimp-2_0-0-64bit-debuginfo-2.10.30-150400.3.35.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * gimp-devel-debuginfo-2.10.30-150400.3.35.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.35.1 * gimp-plugin-aa-2.10.30-150400.3.35.1 * gimp-devel-2.10.30-150400.3.35.1 * gimp-2.10.30-150400.3.35.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.35.1 * gimp-debuginfo-2.10.30-150400.3.35.1 * libgimp-2_0-0-2.10.30-150400.3.35.1 * gimp-debugsource-2.10.30-150400.3.35.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.35.1 * libgimpui-2_0-0-2.10.30-150400.3.35.1 * openSUSE Leap 15.6 (noarch) * gimp-lang-2.10.30-150400.3.35.1 * openSUSE Leap 15.6 (x86_64) * libgimp-2_0-0-32bit-2.10.30-150400.3.35.1 * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.35.1 * libgimpui-2_0-0-32bit-2.10.30-150400.3.35.1 * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.35.1 * SUSE Package Hub 15 15-SP7 (aarch64) * gimp-devel-debuginfo-2.10.30-150400.3.35.1 * gimp-plugin-aa-2.10.30-150400.3.35.1 * gimp-devel-2.10.30-150400.3.35.1 * gimp-2.10.30-150400.3.35.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.35.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * libgimp-2_0-0-debuginfo-2.10.30-150400.3.35.1 * gimp-debuginfo-2.10.30-150400.3.35.1 * libgimp-2_0-0-2.10.30-150400.3.35.1 * gimp-debugsource-2.10.30-150400.3.35.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.35.1 * libgimpui-2_0-0-2.10.30-150400.3.35.1 * SUSE Package Hub 15 15-SP7 (noarch) * gimp-lang-2.10.30-150400.3.35.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * gimp-devel-debuginfo-2.10.30-150400.3.35.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.35.1 * gimp-devel-2.10.30-150400.3.35.1 * gimp-2.10.30-150400.3.35.1 * gimp-debuginfo-2.10.30-150400.3.35.1 * libgimp-2_0-0-2.10.30-150400.3.35.1 * gimp-debugsource-2.10.30-150400.3.35.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.35.1 * libgimpui-2_0-0-2.10.30-150400.3.35.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * gimp-lang-2.10.30-150400.3.35.1 ## References: * https://www.suse.com/security/cve/CVE-2025-15059.html * https://bugzilla.suse.com/show_bug.cgi?id=1255766 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Jan 9 16:32:54 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 Jan 2026 16:32:54 -0000 Subject: SUSE-SU-2026:0082-1: moderate: Security update for python-filelock Message-ID: <176797637465.22173.10183973988991153401@smelt2.prg2.suse.org> # Security update for python-filelock Announcement ID: SUSE-SU-2026:0082-1 Release Date: 2026-01-09T09:12:48Z Rating: moderate References: * bsc#1255244 Cross-References: * CVE-2025-68146 CVSS scores: * CVE-2025-68146 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-68146 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2025-68146 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H Affected Products: * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-filelock fixes the following issues: * CVE-2025-68146: TOCTOU race condition may allow local attackers to corrupt or truncate arbitrary user files (bsc#1255244). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-82=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-82=1 ## Package List: * Development Tools Module 15-SP7 (noarch) * python3-filelock-3.0.12-150100.3.6.1 * SUSE Package Hub 15 15-SP7 (noarch) * python3-filelock-3.0.12-150100.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68146.html * https://bugzilla.suse.com/show_bug.cgi?id=1255244 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Jan 9 16:32:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 Jan 2026 16:32:56 -0000 Subject: SUSE-SU-2026:0081-1: low: Security update for poppler Message-ID: <176797637677.22173.774658130152600329@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2026:0081-1 Release Date: 2026-01-09T08:02:03Z Rating: low References: * bsc#1252337 Cross-References: * CVE-2025-11896 CVSS scores: * CVE-2025-11896 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-11896 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-11896 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2025-11896: Fixed infinite recursion leading to stack overflow due to object loop in PDF CMap (bsc#1252337) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-81=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpoppler-glib8-0.43.0-16.70.1 * libpoppler-qt4-4-debuginfo-0.43.0-16.70.1 * libpoppler-glib-devel-0.43.0-16.70.1 * poppler-tools-debuginfo-0.43.0-16.70.1 * poppler-tools-0.43.0-16.70.1 * poppler-debugsource-0.43.0-16.70.1 * libpoppler60-debuginfo-0.43.0-16.70.1 * libpoppler60-0.43.0-16.70.1 * libpoppler-glib8-debuginfo-0.43.0-16.70.1 * libpoppler-devel-0.43.0-16.70.1 * libpoppler-qt4-4-0.43.0-16.70.1 * libpoppler-qt4-devel-0.43.0-16.70.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11896.html * https://bugzilla.suse.com/show_bug.cgi?id=1252337 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Jan 9 16:33:01 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 Jan 2026 16:33:01 -0000 Subject: SUSE-SU-2026:0080-1: moderate: Security update for libvirt Message-ID: <176797638102.22173.15974522441822604276@smelt2.prg2.suse.org> # Security update for libvirt Announcement ID: SUSE-SU-2026:0080-1 Release Date: 2026-01-09T08:01:49Z Rating: moderate References: * bsc#1251822 * bsc#1253278 * bsc#1253703 Cross-References: * CVE-2025-12748 * CVE-2025-13193 CVSS scores: * CVE-2025-12748 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-12748 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-12748 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-13193 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-13193 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-13193 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Micro 5.5 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for libvirt fixes the following issues: Security fixes: * CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots (bsc#1253703) * CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML (bsc#1253278) Other fixes: * libvirt-supportconfig: Add support for supportconfig.rc (bsc#1251822) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-80=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-80=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libvirt-daemon-driver-storage-iscsi-direct-9.0.0-150500.6.26.1 * libvirt-libs-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-core-debuginfo-9.0.0-150500.6.26.1 * libvirt-libs-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-9.0.0-150500.6.26.1 * libvirt-daemon-config-nwfilter-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-scsi-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-nodedev-9.0.0-150500.6.26.1 * libvirt-nss-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-gluster-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-network-9.0.0-150500.6.26.1 * libvirt-daemon-driver-nwfilter-9.0.0-150500.6.26.1 * libvirt-daemon-driver-qemu-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-disk-9.0.0-150500.6.26.1 * libvirt-daemon-driver-lxc-debuginfo-9.0.0-150500.6.26.1 * libvirt-lock-sanlock-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-core-9.0.0-150500.6.26.1 * wireshark-plugin-libvirt-9.0.0-150500.6.26.1 * libvirt-daemon-lxc-9.0.0-150500.6.26.1 * libvirt-daemon-driver-qemu-9.0.0-150500.6.26.1 * libvirt-daemon-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-interface-9.0.0-150500.6.26.1 * libvirt-daemon-driver-secret-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-config-network-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-disk-debuginfo-9.0.0-150500.6.26.1 * libvirt-debugsource-9.0.0-150500.6.26.1 * libvirt-9.0.0-150500.6.26.1 * wireshark-plugin-libvirt-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-network-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-iscsi-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-logical-debuginfo-9.0.0-150500.6.26.1 * libvirt-devel-9.0.0-150500.6.26.1 * libvirt-daemon-9.0.0-150500.6.26.1 * libvirt-daemon-driver-nodedev-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-gluster-9.0.0-150500.6.26.1 * libvirt-daemon-driver-interface-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-scsi-9.0.0-150500.6.26.1 * libvirt-lock-sanlock-debuginfo-9.0.0-150500.6.26.1 * libvirt-nss-debuginfo-9.0.0-150500.6.26.1 * libvirt-client-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-qemu-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-9.0.0-150500.6.26.1 * libvirt-client-qemu-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-logical-9.0.0-150500.6.26.1 * libvirt-daemon-driver-secret-9.0.0-150500.6.26.1 * libvirt-daemon-driver-lxc-9.0.0-150500.6.26.1 * libvirt-daemon-hooks-9.0.0-150500.6.26.1 * libvirt-daemon-driver-nwfilter-debuginfo-9.0.0-150500.6.26.1 * libvirt-client-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-mpath-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-mpath-9.0.0-150500.6.26.1 * openSUSE Leap 15.5 (x86_64) * libvirt-devel-32bit-9.0.0-150500.6.26.1 * libvirt-daemon-driver-libxl-9.0.0-150500.6.26.1 * libvirt-daemon-xen-9.0.0-150500.6.26.1 * libvirt-client-32bit-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-libxl-debuginfo-9.0.0-150500.6.26.1 * openSUSE Leap 15.5 (noarch) * libvirt-doc-9.0.0-150500.6.26.1 * openSUSE Leap 15.5 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-rbd-debuginfo-9.0.0-150500.6.26.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libvirt-devel-64bit-9.0.0-150500.6.26.1 * libvirt-client-64bit-debuginfo-9.0.0-150500.6.26.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libvirt-daemon-driver-storage-iscsi-direct-9.0.0-150500.6.26.1 * libvirt-libs-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-core-debuginfo-9.0.0-150500.6.26.1 * libvirt-libs-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-scsi-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-nodedev-9.0.0-150500.6.26.1 * libvirt-daemon-driver-network-9.0.0-150500.6.26.1 * libvirt-daemon-driver-nwfilter-9.0.0-150500.6.26.1 * libvirt-daemon-driver-qemu-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-disk-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-core-9.0.0-150500.6.26.1 * libvirt-daemon-driver-qemu-9.0.0-150500.6.26.1 * libvirt-daemon-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-interface-9.0.0-150500.6.26.1 * libvirt-daemon-driver-secret-debuginfo-9.0.0-150500.6.26.1 * libvirt-debugsource-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-disk-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-network-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-iscsi-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-logical-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-9.0.0-150500.6.26.1 * libvirt-daemon-driver-nodedev-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-interface-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-scsi-9.0.0-150500.6.26.1 * libvirt-client-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-qemu-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-logical-9.0.0-150500.6.26.1 * libvirt-daemon-driver-secret-9.0.0-150500.6.26.1 * libvirt-daemon-driver-nwfilter-debuginfo-9.0.0-150500.6.26.1 * libvirt-client-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-mpath-debuginfo-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-mpath-9.0.0-150500.6.26.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-9.0.0-150500.6.26.1 * libvirt-daemon-driver-storage-rbd-debuginfo-9.0.0-150500.6.26.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12748.html * https://www.suse.com/security/cve/CVE-2025-13193.html * https://bugzilla.suse.com/show_bug.cgi?id=1251822 * https://bugzilla.suse.com/show_bug.cgi?id=1253278 * https://bugzilla.suse.com/show_bug.cgi?id=1253703 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Jan 9 16:33:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 Jan 2026 16:33:05 -0000 Subject: SUSE-SU-2026:0079-1: moderate: Security update for libvirt Message-ID: <176797638511.22173.1767562091216108884@smelt2.prg2.suse.org> # Security update for libvirt Announcement ID: SUSE-SU-2026:0079-1 Release Date: 2026-01-09T08:01:29Z Rating: moderate References: * bsc#1251822 * bsc#1253278 * bsc#1253703 Cross-References: * CVE-2025-12748 * CVE-2025-13193 CVSS scores: * CVE-2025-12748 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-12748 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-12748 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-13193 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-13193 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-13193 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for libvirt fixes the following issues: Security fixes: * CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots (bsc#1253703) * CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML (bsc#1253278) Other fixes: * libvirt-supportconfig: Add support for supportconfig.rc (bsc#1251822) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-79=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-79=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-79=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-hooks-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-gluster-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-config-nwfilter-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-7.1.0-150300.6.44.1 * wireshark-plugin-libvirt-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-disk-7.1.0-150300.6.44.1 * libvirt-admin-debuginfo-7.1.0-150300.6.44.1 * libvirt-client-7.1.0-150300.6.44.1 * libvirt-7.1.0-150300.6.44.1 * libvirt-nss-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-nwfilter-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.44.1 * libvirt-libs-debuginfo-7.1.0-150300.6.44.1 * libvirt-debugsource-7.1.0-150300.6.44.1 * libvirt-daemon-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-core-7.1.0-150300.6.44.1 * libvirt-lock-sanlock-7.1.0-150300.6.44.1 * libvirt-libs-7.1.0-150300.6.44.1 * libvirt-daemon-config-network-7.1.0-150300.6.44.1 * libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.44.1 * libvirt-daemon-driver-network-7.1.0-150300.6.44.1 * libvirt-nss-7.1.0-150300.6.44.1 * libvirt-client-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-secret-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.44.1 * libvirt-lock-sanlock-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-qemu-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-gluster-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-interface-7.1.0-150300.6.44.1 * libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-lxc-debuginfo-7.1.0-150300.6.44.1 * libvirt-admin-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.44.1 * libvirt-devel-7.1.0-150300.6.44.1 * libvirt-daemon-driver-nodedev-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.44.1 * wireshark-plugin-libvirt-7.1.0-150300.6.44.1 * libvirt-daemon-lxc-7.1.0-150300.6.44.1 * libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-logical-7.1.0-150300.6.44.1 * libvirt-daemon-driver-lxc-7.1.0-150300.6.44.1 * libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-qemu-7.1.0-150300.6.44.1 * openSUSE Leap 15.3 (noarch) * libvirt-doc-7.1.0-150300.6.44.1 * libvirt-bash-completion-7.1.0-150300.6.44.1 * openSUSE Leap 15.3 (x86_64) * libvirt-daemon-xen-7.1.0-150300.6.44.1 * libvirt-devel-32bit-7.1.0-150300.6.44.1 * libvirt-daemon-driver-libxl-7.1.0-150300.6.44.1 * libvirt-daemon-driver-libxl-debuginfo-7.1.0-150300.6.44.1 * libvirt-client-32bit-debuginfo-7.1.0-150300.6.44.1 * openSUSE Leap 15.3 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.44.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libvirt-client-64bit-debuginfo-7.1.0-150300.6.44.1 * libvirt-devel-64bit-7.1.0-150300.6.44.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-disk-7.1.0-150300.6.44.1 * libvirt-client-7.1.0-150300.6.44.1 * libvirt-daemon-driver-nwfilter-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.44.1 * libvirt-libs-debuginfo-7.1.0-150300.6.44.1 * libvirt-debugsource-7.1.0-150300.6.44.1 * libvirt-daemon-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-core-7.1.0-150300.6.44.1 * libvirt-libs-7.1.0-150300.6.44.1 * libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.44.1 * libvirt-daemon-driver-network-7.1.0-150300.6.44.1 * libvirt-client-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-secret-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.44.1 * libvirt-daemon-qemu-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-interface-7.1.0-150300.6.44.1 * libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-nodedev-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-logical-7.1.0-150300.6.44.1 * libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-qemu-7.1.0-150300.6.44.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.44.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-disk-7.1.0-150300.6.44.1 * libvirt-client-7.1.0-150300.6.44.1 * libvirt-daemon-driver-nwfilter-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.44.1 * libvirt-libs-debuginfo-7.1.0-150300.6.44.1 * libvirt-debugsource-7.1.0-150300.6.44.1 * libvirt-daemon-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-core-7.1.0-150300.6.44.1 * libvirt-libs-7.1.0-150300.6.44.1 * libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.44.1 * libvirt-daemon-driver-network-7.1.0-150300.6.44.1 * libvirt-client-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-secret-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.44.1 * libvirt-daemon-qemu-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-interface-7.1.0-150300.6.44.1 * libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-nodedev-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-logical-7.1.0-150300.6.44.1 * libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-qemu-7.1.0-150300.6.44.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.44.1 * libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.44.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12748.html * https://www.suse.com/security/cve/CVE-2025-13193.html * https://bugzilla.suse.com/show_bug.cgi?id=1251822 * https://bugzilla.suse.com/show_bug.cgi?id=1253278 * https://bugzilla.suse.com/show_bug.cgi?id=1253703 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Jan 9 20:31:32 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 Jan 2026 20:31:32 -0000 Subject: SUSE-SU-2026:20021-1: important: Security update for the Linux Kernel Message-ID: <176799069206.22169.2912691225420277637@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:20021-1 Release Date: 2025-12-19T16:19:41Z Rating: important References: * bsc#1235463 * bsc#1243474 * bsc#1245193 * bsc#1245431 * bsc#1245498 * bsc#1245499 * bsc#1246328 * bsc#1246843 * bsc#1247500 * bsc#1248792 * bsc#1249256 * bsc#1249397 * bsc#1249912 * bsc#1249977 * bsc#1249982 * bsc#1250034 * bsc#1250176 * bsc#1250237 * bsc#1250252 * bsc#1250705 * bsc#1250723 * bsc#1250746 * bsc#1251120 * bsc#1251817 * bsc#1252054 * bsc#1252063 * bsc#1252301 * bsc#1252303 * bsc#1252342 * bsc#1252352 * bsc#1252357 * bsc#1252681 * bsc#1252686 * bsc#1252763 * bsc#1252776 * bsc#1252779 * bsc#1252790 * bsc#1252794 * bsc#1252795 * bsc#1252808 * bsc#1252809 * bsc#1252817 * bsc#1252821 * bsc#1252824 * bsc#1252836 * bsc#1252845 * bsc#1252901 * bsc#1252912 * bsc#1252917 * bsc#1252919 * bsc#1252923 * bsc#1252928 * bsc#1253018 * bsc#1253155 * bsc#1253176 * bsc#1253238 * bsc#1253275 * bsc#1253318 * bsc#1253324 * bsc#1253328 * bsc#1253330 * bsc#1253342 * bsc#1253348 * bsc#1253349 * bsc#1253352 * bsc#1253355 * bsc#1253360 * bsc#1253362 * bsc#1253363 * bsc#1253367 * bsc#1253369 * bsc#1253386 * bsc#1253394 * bsc#1253395 * bsc#1253402 * bsc#1253403 * bsc#1253405 * bsc#1253407 * bsc#1253408 * bsc#1253409 * bsc#1253410 * bsc#1253412 * bsc#1253416 * bsc#1253421 * bsc#1253422 * bsc#1253423 * bsc#1253424 * bsc#1253425 * bsc#1253426 * bsc#1253427 * bsc#1253428 * bsc#1253431 * bsc#1253433 * bsc#1253436 * bsc#1253438 * bsc#1253440 * bsc#1253441 * bsc#1253443 * bsc#1253445 * bsc#1253448 * bsc#1253449 * bsc#1253450 * bsc#1253451 * bsc#1253453 * bsc#1253455 * bsc#1253456 * bsc#1253457 * bsc#1253463 * bsc#1253472 * bsc#1253622 * bsc#1253624 * bsc#1253635 * bsc#1253643 * bsc#1253647 * bsc#1254119 * bsc#1254181 * bsc#1254221 * bsc#1254308 * bsc#1254315 * jsc#PED-13611 * jsc#PED-13949 * jsc#PED-14062 * jsc#PED-14115 * jsc#PED-14353 Cross-References: * CVE-2022-50253 * CVE-2025-37916 * CVE-2025-38084 * CVE-2025-38085 * CVE-2025-38321 * CVE-2025-38728 * CVE-2025-39805 * CVE-2025-39819 * CVE-2025-39822 * CVE-2025-39831 * CVE-2025-39859 * CVE-2025-39897 * CVE-2025-39917 * CVE-2025-39944 * CVE-2025-39961 * CVE-2025-39980 * CVE-2025-39990 * CVE-2025-40001 * CVE-2025-40003 * CVE-2025-40006 * CVE-2025-40021 * CVE-2025-40024 * CVE-2025-40027 * CVE-2025-40031 * CVE-2025-40033 * CVE-2025-40038 * CVE-2025-40047 * CVE-2025-40053 * CVE-2025-40055 * CVE-2025-40059 * CVE-2025-40064 * CVE-2025-40070 * CVE-2025-40074 * CVE-2025-40075 * CVE-2025-40081 * CVE-2025-40083 * CVE-2025-40086 * CVE-2025-40098 * CVE-2025-40101 * CVE-2025-40102 * CVE-2025-40105 * CVE-2025-40107 * CVE-2025-40109 * CVE-2025-40110 * CVE-2025-40111 * CVE-2025-40115 * CVE-2025-40116 * CVE-2025-40118 * CVE-2025-40120 * CVE-2025-40121 * CVE-2025-40127 * CVE-2025-40129 * CVE-2025-40132 * CVE-2025-40133 * CVE-2025-40134 * CVE-2025-40135 * CVE-2025-40139 * CVE-2025-40140 * CVE-2025-40141 * CVE-2025-40142 * CVE-2025-40149 * CVE-2025-40153 * CVE-2025-40154 * CVE-2025-40156 * CVE-2025-40157 * CVE-2025-40158 * CVE-2025-40159 * CVE-2025-40161 * CVE-2025-40162 * CVE-2025-40164 * CVE-2025-40165 * CVE-2025-40166 * CVE-2025-40168 * CVE-2025-40169 * CVE-2025-40171 * CVE-2025-40172 * CVE-2025-40173 * CVE-2025-40175 * CVE-2025-40176 * CVE-2025-40177 * CVE-2025-40178 * CVE-2025-40180 * CVE-2025-40183 * CVE-2025-40185 * CVE-2025-40186 * CVE-2025-40187 * CVE-2025-40188 * CVE-2025-40192 * CVE-2025-40194 * CVE-2025-40196 * CVE-2025-40197 * CVE-2025-40198 * CVE-2025-40200 * CVE-2025-40201 * CVE-2025-40202 * CVE-2025-40203 * CVE-2025-40204 * CVE-2025-40205 * CVE-2025-40206 * CVE-2025-40207 CVSS scores: * CVE-2022-50253 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2022-50253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-50253 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-37916 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-37916 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37916 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38084 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38084 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-38084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38085 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38085 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-38085 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38321 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-38321 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2025-38321 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38728 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38728 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38728 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39805 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39805 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39819 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-39819 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39822 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39822 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39831 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39831 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39859 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39859 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39897 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39897 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-39897 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39917 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-39917 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2025-39917 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39944 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39961 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39961 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-39980 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-39980 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39990 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-39990 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40001 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40001 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-40003 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40003 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40006 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40006 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40021 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-40021 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2025-40024 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40024 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40027 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40027 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40031 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40031 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40033 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40033 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40038 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40038 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40047 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40047 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40053 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40053 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40055 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40055 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40059 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40059 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40064 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40070 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40074 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40075 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40081 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40083 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40086 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40086 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40098 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40098 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40101 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40101 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40102 ( SUSE ): 0.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-40102 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N * CVE-2025-40105 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40105 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40107 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40107 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40109 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40109 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40110 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40110 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40111 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40115 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40115 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40116 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40116 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40118 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40118 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40120 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40121 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40121 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40127 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40127 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40129 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40129 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40132 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40132 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40133 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40133 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H * CVE-2025-40134 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40134 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40135 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40135 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40139 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40139 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40140 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40140 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40141 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40141 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-40142 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40142 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40149 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40149 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-40153 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40153 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40154 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40154 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40156 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40156 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40157 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40157 ( SUSE ): 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H * CVE-2025-40158 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40158 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40161 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40161 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40162 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40162 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40164 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40164 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40165 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40165 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40166 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40168 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40168 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-40169 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40169 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-40171 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40171 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40172 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40172 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40173 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40173 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40175 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40175 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40176 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40176 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40177 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40177 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-40178 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40180 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40180 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-40183 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40183 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40185 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40185 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40186 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40186 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40187 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40188 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40188 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40192 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40192 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40194 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40196 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40196 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40197 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40197 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40198 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40198 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40200 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40200 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40202 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40202 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40203 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40203 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40204 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-40205 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40205 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40206 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40206 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40207 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40207 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server High Availability Extension 16.0 An update that solves 100 vulnerabilities, contains five features and has 19 fixes can now be installed. ## Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912). * CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474). * CVE-2025-38084: mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431 bsc#1245498). * CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431 bsc#1245499). * CVE-2025-38321: smb: Log an error when close_all_cached_dirs fails (bsc#1246328). * CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256). * CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982). * CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176). * CVE-2025-39822: io_uring/kbuf: fix signedness in this_len calculation (bsc#1250034). * CVE-2025-39831: fbnic: Move phylink resume out of service_task and into open/close (bsc#1249977). * CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252). * CVE-2025-39897: net: xilinx: axienet: Add error handling for RX metadata pointer retrieval (bsc#1250746). * CVE-2025-39917: bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt (bsc#1250723). * CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120). * CVE-2025-39961: iommu/amd/pgtbl: Fix possible race while increase page table level (bsc#1251817). * CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063). * CVE-2025-39990: bpf: Check the helper function is valid in get_helper_proto (bsc#1252054). * CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303). * CVE-2025-40003: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work (bsc#1252301). * CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342). * CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681). * CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task (bsc#1252686). * CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763). * CVE-2025-40031: tee: fix register_shm_helper() (bsc#1252779). * CVE-2025-40033: remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (bsc#1252824). * CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817). * CVE-2025-40047: io_uring/waitid: always prune wait queue entry in io_waitid_wait() (bsc#1252790). * CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808). * CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821). * CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809). * CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845). * CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836). * CVE-2025-40074: tcp: convert to dev_net_rcu() (bsc#1252794). * CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795). * CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776). * CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912). * CVE-2025-40086: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds (bsc#1252923). * CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917). * CVE-2025-40101: btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST (bsc#1252901). * CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919). * CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928). * CVE-2025-40133: mptcp: Call dst_release() in mptcp_active_enable() (bsc#1253328). * CVE-2025-40134: dm: fix NULL pointer dereference in __dm_suspend() (bsc#1253386). * CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342). * CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409). * CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355). * CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408). * CVE-2025-40157: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (bsc#1253423). * CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403). * CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427). * CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416). * CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421). * CVE-2025-40175: idpf: cleanup remaining SKBs in PTP flows (bsc#1253426). * CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425). * CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463). * CVE-2025-40185: ice: ice_adapter: release xa entry on adapter allocation failure (bsc#1253394). * CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455). * CVE-2025-40203: listmount: don't call path_put() under namespace semaphore (bsc#1253457). The following non security issues were fixed: * ACPI: scan: Update honor list for RPMI System MSI (stable-fixes). * ACPICA: Update dsmethod.c to get rid of unused variable warning (stable- fixes). * Disable CONFIG_CPU5_WDT The cpu5wdt driver doesn't implement a proper watchdog interface and has many code issues. It only handles obscure and obsolete hardware. Stop building and supporting this driver (jsc#PED-14062). * Fix "drm/xe: Don't allow evicting of BOs in same VM in array of VM binds" (bsc#1252923) * KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git- fixes). * KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes). * KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git- fixes). * KVM: s390: improve interrupt cpu for wakeup (bsc#1235463). * KVM: s390: kABI backport for 'last_sleep_cpu' (bsc#1252352). * KVM: x86/mmu: Return -EAGAIN if userspace deletes/moves memslot during prefault (git-fixes). * PCI/ERR: Update device error_state already after reset (stable-fixes). * PM: EM: Slightly reduce em_check_capacity_update() overhead (stable-fixes). * Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" (git-fixes). * Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" (git-fixes). * Update config files: enable zstd module decompression (jsc#PED-14115). * bpf/selftests: Fix test_tcpnotify_user (bsc#1253635). * btrfs: do not clear read-only when adding sprout device (bsc#1253238). * btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes). * dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386) * drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes). * drm/amd/display: update color on atomic commit time (stable-fixes). * drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes). * drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (stable- fixes). * hwmon: (lenovo-ec-sensors) Update P8 supprt (stable-fixes). * media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes). * mount: handle NULL values in mnt_ns_release() (bsc#1254308) * net/smc: Remove validation of reserved bits in CLC Decline (bsc#1252357). * net: phy: move realtek PHY driver to its own subdirectory (jsc#PED-14353). * net: phy: realtek: add defines for shadowed c45 standard registers (jsc#PED-14353). * net: phy: realtek: add helper RTL822X_VND2_C22_REG (jsc#PED-14353). * net: phy: realtek: change order of calls in C22 read_status() (jsc#PED-14353). * net: phy: realtek: clear 1000Base-T link partner advertisement (jsc#PED-14353). * net: phy: realtek: improve mmd register access for internal PHY's (jsc#PED-14353). * net: phy: realtek: read duplex and gbit master from PHYSR register (jsc#PED-14353). * net: phy: realtek: switch from paged to MMD ops in rtl822x functions (jsc#PED-14353). * net: phy: realtek: use string choices helpers (jsc#PED-14353). * net: xilinx: axienet: Fix IRQ coalescing packet count overflow (bsc#1250746) * net: xilinx: axienet: Fix RX skb ring management in DMAengine mode (bsc#1250746) * net: xilinx: axienet: Fix Tx skb circular buffer occupancy check in dmaengine xmit (bsc#1250746) * nvmet-auth: update sc_c in host response (git-fixes bsc#1249397). * nvmet-auth: update sc_c in target host hash calculation (git-fixes). * perf list: Add IBM z17 event descriptions (jsc#PED-13611). * platform/x86:intel/pmc: Update Arrow Lake telemetry GUID (git-fixes). * powercap: intel_rapl: Add support for Panther Lake platform (jsc#PED-13949). * pwm: pca9685: Use bulk write to atomicially update registers (stable-fixes). * r8169: add PHY c45 ops for MDIO_MMD_VENDOR2 registers (jsc#PED-14353). * r8169: add support for Intel Killer E5000 (jsc#PED-14353). * r8169: add support for RTL8125BP rev.b (jsc#PED-14353). * r8169: add support for RTL8125D rev.b (jsc#PED-14353). * r8169: adjust version numbering for RTL8126 (jsc#PED-14353). * r8169: align RTL8125 EEE config with vendor driver (jsc#PED-14353). * r8169: align RTL8125/RTL8126 PHY config with vendor driver (jsc#PED-14353). * r8169: align RTL8126 EEE config with vendor driver (jsc#PED-14353). * r8169: align WAKE_PHY handling with r8125/r8126 vendor drivers (jsc#PED-14353). * r8169: avoid duplicated messages if loading firmware fails and switch to warn level (jsc#PED-14353). * r8169: don't take RTNL lock in rtl_task() (jsc#PED-14353). * r8169: enable EEE at 2.5G per default on RTL8125B (jsc#PED-14353). * r8169: enable RTL8168H/RTL8168EP/RTL8168FP ASPM support (jsc#PED-14353). * r8169: fix inconsistent indenting in rtl8169_get_eth_mac_stats (jsc#PED-14353). * r8169: implement additional ethtool stats ops (jsc#PED-14353). * r8169: improve __rtl8169_set_wol (jsc#PED-14353). * r8169: improve initialization of RSS registers on RTL8125/RTL8126 (jsc#PED-14353). * r8169: improve rtl_set_d3_pll_down (jsc#PED-14353). * r8169: increase max jumbo packet size on RTL8125/RTL8126 (jsc#PED-14353). * r8169: remove leftover locks after reverted change (jsc#PED-14353). * r8169: remove original workaround for RTL8125 broken rx issue (jsc#PED-14353). * r8169: remove rtl_dash_loop_wait_high/low (jsc#PED-14353). * r8169: remove support for chip version 11 (jsc#PED-14353). * r8169: remove unused flag RTL_FLAG_TASK_RESET_NO_QUEUE_WAKE (jsc#PED-14353). * r8169: replace custom flag with disable_work() et al (jsc#PED-14353). * r8169: switch away from deprecated pcim_iomap_table (jsc#PED-14353). * r8169: use helper r8169_mod_reg8_cond to simplify rtl_jumbo_config (jsc#PED-14353). * ring-buffer: Update pages_touched to reflect persistent buffer content (git- fixes). * s390/mm: Fix __ptep_rdp() inline assembly (bsc#1253643). * sched/fair: Get rid of sched_domains_curr_level hack for tl->cpumask() (bsc#1246843). * sched/fair: Have SD_SERIALIZE affect newidle balancing (bsc#1248792). * sched/fair: Proportional newidle balance (bsc#1248792). * sched/fair: Proportional newidle balance -KABI (bsc#1248792). * sched/fair: Revert max_newidle_lb_cost bump (bsc#1248792). * sched/fair: Skip sched_balance_running cmpxchg when balance is not due (bsc#1248792). * sched/fair: Small cleanup to sched_balance_newidle() (bsc#1248792). * sched/fair: Small cleanup to update_newidle_cost() (bsc#1248792). * scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119). * scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119). * scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119). * scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119). * scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119). * scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119). * scsi: lpfc: Remove redundant NULL ptr assignment in lpfc_els_free_iocb() (bsc#1254119). * scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119). * scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119). * scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119). * selftests/run_kselftest.sh: Add `--skip` argument option (bsc#1254221). * smpboot: introduce SDTL_INIT() helper to tidy sched topology setup (bsc#1246843). * soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes). * spi: tegra210-quad: Check hardware status on timeout (bsc#1253155) * spi: tegra210-quad: Fix timeout handling (bsc#1253155) * spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155) * spi: tegra210-quad: Update dummy sequence configuration (git-fixes) * tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705). * wifi: ath11k: Add quirk entries for Thinkpad T14s Gen3 AMD (bsc#1254181). * wifi: mt76: do not add wcid entries to sta poll list during MCU reset (bsc#1254315). * wifi: mt76: introduce mt792x_config_mac_addr_list routine (bsc#1254315). * wifi: mt76: mt7925: Fix logical vs bitwise typo (bsc#1254315). * wifi: mt76: mt7925: Remove unnecessary if-check (bsc#1254315). * wifi: mt76: mt7925: Simplify HIF suspend handling to avoid suspend fail (bsc#1254315). * wifi: mt76: mt7925: add EHT control support based on the CLC data (bsc#1254315). * wifi: mt76: mt7925: add handler to hif suspend/resume event (bsc#1254315). * wifi: mt76: mt7925: add pci restore for hibernate (bsc#1254315). * wifi: mt76: mt7925: config the dwell time by firmware (bsc#1254315). * wifi: mt76: mt7925: extend MCU support for testmode (bsc#1254315). * wifi: mt76: mt7925: fix CLC command timeout when suspend/resume (bsc#1254315). * wifi: mt76: mt7925: fix missing hdr_trans_tlv command for broadcast wtbl (bsc#1254315). * wifi: mt76: mt7925: fix the unfinished command of regd_notifier before suspend (bsc#1254315). * wifi: mt76: mt7925: refine the txpower initialization flow (bsc#1254315). * wifi: mt76: mt7925: replace zero-length array with flexible-array member (bsc#1254315). * wifi: mt76: mt7925: update the channel usage when the regd domain changed (bsc#1254315). * wifi: mt76: mt7925e: fix too long of wifi resume time (bsc#1254315). * x86/smpboot: avoid SMT domain attach/destroy if SMT is not enabled (bsc#1246843). * x86/smpboot: moves x86_topology to static initialize and truncate (bsc#1246843). * x86/smpboot: remove redundant CONFIG_SCHED_SMT (bsc#1246843). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server High Availability Extension 16.0 zypper in -t patch SUSE-SLES-HA-16.0-113=1 ## Package List: * SUSE Linux Enterprise Server High Availability Extension 16.0 (ppc64le s390x x86_64) * dlm-kmp-default-6.12.0-160000.8.1 * kernel-default-debugsource-6.12.0-160000.8.1 * cluster-md-kmp-default-debuginfo-6.12.0-160000.8.1 * dlm-kmp-default-debuginfo-6.12.0-160000.8.1 * gfs2-kmp-default-debuginfo-6.12.0-160000.8.1 * gfs2-kmp-default-6.12.0-160000.8.1 * kernel-default-debuginfo-6.12.0-160000.8.1 * cluster-md-kmp-default-6.12.0-160000.8.1 * SUSE Linux Enterprise Server High Availability Extension 16.0 (nosrc) * kernel-default-6.12.0-160000.8.1 ## References: * https://www.suse.com/security/cve/CVE-2022-50253.html * https://www.suse.com/security/cve/CVE-2025-37916.html * https://www.suse.com/security/cve/CVE-2025-38084.html * https://www.suse.com/security/cve/CVE-2025-38085.html * https://www.suse.com/security/cve/CVE-2025-38321.html * https://www.suse.com/security/cve/CVE-2025-38728.html * https://www.suse.com/security/cve/CVE-2025-39805.html * https://www.suse.com/security/cve/CVE-2025-39819.html * https://www.suse.com/security/cve/CVE-2025-39822.html * https://www.suse.com/security/cve/CVE-2025-39831.html * https://www.suse.com/security/cve/CVE-2025-39859.html * https://www.suse.com/security/cve/CVE-2025-39897.html * https://www.suse.com/security/cve/CVE-2025-39917.html * https://www.suse.com/security/cve/CVE-2025-39944.html * https://www.suse.com/security/cve/CVE-2025-39961.html * https://www.suse.com/security/cve/CVE-2025-39980.html * https://www.suse.com/security/cve/CVE-2025-39990.html * https://www.suse.com/security/cve/CVE-2025-40001.html * https://www.suse.com/security/cve/CVE-2025-40003.html * https://www.suse.com/security/cve/CVE-2025-40006.html * https://www.suse.com/security/cve/CVE-2025-40021.html * https://www.suse.com/security/cve/CVE-2025-40024.html * https://www.suse.com/security/cve/CVE-2025-40027.html * https://www.suse.com/security/cve/CVE-2025-40031.html * https://www.suse.com/security/cve/CVE-2025-40033.html * https://www.suse.com/security/cve/CVE-2025-40038.html * https://www.suse.com/security/cve/CVE-2025-40047.html * https://www.suse.com/security/cve/CVE-2025-40053.html * https://www.suse.com/security/cve/CVE-2025-40055.html * https://www.suse.com/security/cve/CVE-2025-40059.html * https://www.suse.com/security/cve/CVE-2025-40064.html * https://www.suse.com/security/cve/CVE-2025-40070.html * https://www.suse.com/security/cve/CVE-2025-40074.html * https://www.suse.com/security/cve/CVE-2025-40075.html * https://www.suse.com/security/cve/CVE-2025-40081.html * https://www.suse.com/security/cve/CVE-2025-40083.html * https://www.suse.com/security/cve/CVE-2025-40086.html * https://www.suse.com/security/cve/CVE-2025-40098.html * https://www.suse.com/security/cve/CVE-2025-40101.html * https://www.suse.com/security/cve/CVE-2025-40102.html * https://www.suse.com/security/cve/CVE-2025-40105.html * https://www.suse.com/security/cve/CVE-2025-40107.html * https://www.suse.com/security/cve/CVE-2025-40109.html * https://www.suse.com/security/cve/CVE-2025-40110.html * https://www.suse.com/security/cve/CVE-2025-40111.html * https://www.suse.com/security/cve/CVE-2025-40115.html * https://www.suse.com/security/cve/CVE-2025-40116.html * https://www.suse.com/security/cve/CVE-2025-40118.html * https://www.suse.com/security/cve/CVE-2025-40120.html * https://www.suse.com/security/cve/CVE-2025-40121.html * https://www.suse.com/security/cve/CVE-2025-40127.html * https://www.suse.com/security/cve/CVE-2025-40129.html * https://www.suse.com/security/cve/CVE-2025-40132.html * https://www.suse.com/security/cve/CVE-2025-40133.html * https://www.suse.com/security/cve/CVE-2025-40134.html * https://www.suse.com/security/cve/CVE-2025-40135.html * https://www.suse.com/security/cve/CVE-2025-40139.html * https://www.suse.com/security/cve/CVE-2025-40140.html * https://www.suse.com/security/cve/CVE-2025-40141.html * https://www.suse.com/security/cve/CVE-2025-40142.html * https://www.suse.com/security/cve/CVE-2025-40149.html * https://www.suse.com/security/cve/CVE-2025-40153.html * https://www.suse.com/security/cve/CVE-2025-40154.html * https://www.suse.com/security/cve/CVE-2025-40156.html * https://www.suse.com/security/cve/CVE-2025-40157.html * https://www.suse.com/security/cve/CVE-2025-40158.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-40161.html * https://www.suse.com/security/cve/CVE-2025-40162.html * https://www.suse.com/security/cve/CVE-2025-40164.html * https://www.suse.com/security/cve/CVE-2025-40165.html * https://www.suse.com/security/cve/CVE-2025-40166.html * https://www.suse.com/security/cve/CVE-2025-40168.html * https://www.suse.com/security/cve/CVE-2025-40169.html * https://www.suse.com/security/cve/CVE-2025-40171.html * https://www.suse.com/security/cve/CVE-2025-40172.html * https://www.suse.com/security/cve/CVE-2025-40173.html * https://www.suse.com/security/cve/CVE-2025-40175.html * https://www.suse.com/security/cve/CVE-2025-40176.html * https://www.suse.com/security/cve/CVE-2025-40177.html * https://www.suse.com/security/cve/CVE-2025-40178.html * https://www.suse.com/security/cve/CVE-2025-40180.html * https://www.suse.com/security/cve/CVE-2025-40183.html * https://www.suse.com/security/cve/CVE-2025-40185.html * https://www.suse.com/security/cve/CVE-2025-40186.html * https://www.suse.com/security/cve/CVE-2025-40187.html * https://www.suse.com/security/cve/CVE-2025-40188.html * https://www.suse.com/security/cve/CVE-2025-40192.html * https://www.suse.com/security/cve/CVE-2025-40194.html * https://www.suse.com/security/cve/CVE-2025-40196.html * https://www.suse.com/security/cve/CVE-2025-40197.html * https://www.suse.com/security/cve/CVE-2025-40198.html * https://www.suse.com/security/cve/CVE-2025-40200.html * https://www.suse.com/security/cve/CVE-2025-40201.html * https://www.suse.com/security/cve/CVE-2025-40202.html * https://www.suse.com/security/cve/CVE-2025-40203.html * https://www.suse.com/security/cve/CVE-2025-40204.html * https://www.suse.com/security/cve/CVE-2025-40205.html * https://www.suse.com/security/cve/CVE-2025-40206.html * https://www.suse.com/security/cve/CVE-2025-40207.html * https://bugzilla.suse.com/show_bug.cgi?id=1235463 * https://bugzilla.suse.com/show_bug.cgi?id=1243474 * https://bugzilla.suse.com/show_bug.cgi?id=1245193 * https://bugzilla.suse.com/show_bug.cgi?id=1245431 * https://bugzilla.suse.com/show_bug.cgi?id=1245498 * https://bugzilla.suse.com/show_bug.cgi?id=1245499 * https://bugzilla.suse.com/show_bug.cgi?id=1246328 * https://bugzilla.suse.com/show_bug.cgi?id=1246843 * https://bugzilla.suse.com/show_bug.cgi?id=1247500 * https://bugzilla.suse.com/show_bug.cgi?id=1248792 * https://bugzilla.suse.com/show_bug.cgi?id=1249256 * https://bugzilla.suse.com/show_bug.cgi?id=1249397 * https://bugzilla.suse.com/show_bug.cgi?id=1249912 * https://bugzilla.suse.com/show_bug.cgi?id=1249977 * https://bugzilla.suse.com/show_bug.cgi?id=1249982 * https://bugzilla.suse.com/show_bug.cgi?id=1250034 * https://bugzilla.suse.com/show_bug.cgi?id=1250176 * https://bugzilla.suse.com/show_bug.cgi?id=1250237 * https://bugzilla.suse.com/show_bug.cgi?id=1250252 * https://bugzilla.suse.com/show_bug.cgi?id=1250705 * https://bugzilla.suse.com/show_bug.cgi?id=1250723 * https://bugzilla.suse.com/show_bug.cgi?id=1250746 * https://bugzilla.suse.com/show_bug.cgi?id=1251120 * https://bugzilla.suse.com/show_bug.cgi?id=1251817 * https://bugzilla.suse.com/show_bug.cgi?id=1252054 * https://bugzilla.suse.com/show_bug.cgi?id=1252063 * https://bugzilla.suse.com/show_bug.cgi?id=1252301 * https://bugzilla.suse.com/show_bug.cgi?id=1252303 * https://bugzilla.suse.com/show_bug.cgi?id=1252342 * https://bugzilla.suse.com/show_bug.cgi?id=1252352 * https://bugzilla.suse.com/show_bug.cgi?id=1252357 * https://bugzilla.suse.com/show_bug.cgi?id=1252681 * https://bugzilla.suse.com/show_bug.cgi?id=1252686 * https://bugzilla.suse.com/show_bug.cgi?id=1252763 * https://bugzilla.suse.com/show_bug.cgi?id=1252776 * https://bugzilla.suse.com/show_bug.cgi?id=1252779 * https://bugzilla.suse.com/show_bug.cgi?id=1252790 * https://bugzilla.suse.com/show_bug.cgi?id=1252794 * https://bugzilla.suse.com/show_bug.cgi?id=1252795 * https://bugzilla.suse.com/show_bug.cgi?id=1252808 * https://bugzilla.suse.com/show_bug.cgi?id=1252809 * https://bugzilla.suse.com/show_bug.cgi?id=1252817 * https://bugzilla.suse.com/show_bug.cgi?id=1252821 * https://bugzilla.suse.com/show_bug.cgi?id=1252824 * https://bugzilla.suse.com/show_bug.cgi?id=1252836 * https://bugzilla.suse.com/show_bug.cgi?id=1252845 * https://bugzilla.suse.com/show_bug.cgi?id=1252901 * https://bugzilla.suse.com/show_bug.cgi?id=1252912 * https://bugzilla.suse.com/show_bug.cgi?id=1252917 * https://bugzilla.suse.com/show_bug.cgi?id=1252919 * https://bugzilla.suse.com/show_bug.cgi?id=1252923 * https://bugzilla.suse.com/show_bug.cgi?id=1252928 * https://bugzilla.suse.com/show_bug.cgi?id=1253018 * https://bugzilla.suse.com/show_bug.cgi?id=1253155 * https://bugzilla.suse.com/show_bug.cgi?id=1253176 * https://bugzilla.suse.com/show_bug.cgi?id=1253238 * https://bugzilla.suse.com/show_bug.cgi?id=1253275 * https://bugzilla.suse.com/show_bug.cgi?id=1253318 * https://bugzilla.suse.com/show_bug.cgi?id=1253324 * https://bugzilla.suse.com/show_bug.cgi?id=1253328 * https://bugzilla.suse.com/show_bug.cgi?id=1253330 * https://bugzilla.suse.com/show_bug.cgi?id=1253342 * https://bugzilla.suse.com/show_bug.cgi?id=1253348 * https://bugzilla.suse.com/show_bug.cgi?id=1253349 * https://bugzilla.suse.com/show_bug.cgi?id=1253352 * https://bugzilla.suse.com/show_bug.cgi?id=1253355 * https://bugzilla.suse.com/show_bug.cgi?id=1253360 * https://bugzilla.suse.com/show_bug.cgi?id=1253362 * https://bugzilla.suse.com/show_bug.cgi?id=1253363 * https://bugzilla.suse.com/show_bug.cgi?id=1253367 * https://bugzilla.suse.com/show_bug.cgi?id=1253369 * https://bugzilla.suse.com/show_bug.cgi?id=1253386 * https://bugzilla.suse.com/show_bug.cgi?id=1253394 * https://bugzilla.suse.com/show_bug.cgi?id=1253395 * https://bugzilla.suse.com/show_bug.cgi?id=1253402 * https://bugzilla.suse.com/show_bug.cgi?id=1253403 * https://bugzilla.suse.com/show_bug.cgi?id=1253405 * https://bugzilla.suse.com/show_bug.cgi?id=1253407 * https://bugzilla.suse.com/show_bug.cgi?id=1253408 * https://bugzilla.suse.com/show_bug.cgi?id=1253409 * https://bugzilla.suse.com/show_bug.cgi?id=1253410 * https://bugzilla.suse.com/show_bug.cgi?id=1253412 * https://bugzilla.suse.com/show_bug.cgi?id=1253416 * https://bugzilla.suse.com/show_bug.cgi?id=1253421 * https://bugzilla.suse.com/show_bug.cgi?id=1253422 * https://bugzilla.suse.com/show_bug.cgi?id=1253423 * https://bugzilla.suse.com/show_bug.cgi?id=1253424 * https://bugzilla.suse.com/show_bug.cgi?id=1253425 * https://bugzilla.suse.com/show_bug.cgi?id=1253426 * https://bugzilla.suse.com/show_bug.cgi?id=1253427 * https://bugzilla.suse.com/show_bug.cgi?id=1253428 * https://bugzilla.suse.com/show_bug.cgi?id=1253431 * https://bugzilla.suse.com/show_bug.cgi?id=1253433 * https://bugzilla.suse.com/show_bug.cgi?id=1253436 * https://bugzilla.suse.com/show_bug.cgi?id=1253438 * https://bugzilla.suse.com/show_bug.cgi?id=1253440 * https://bugzilla.suse.com/show_bug.cgi?id=1253441 * https://bugzilla.suse.com/show_bug.cgi?id=1253443 * https://bugzilla.suse.com/show_bug.cgi?id=1253445 * https://bugzilla.suse.com/show_bug.cgi?id=1253448 * https://bugzilla.suse.com/show_bug.cgi?id=1253449 * https://bugzilla.suse.com/show_bug.cgi?id=1253450 * https://bugzilla.suse.com/show_bug.cgi?id=1253451 * https://bugzilla.suse.com/show_bug.cgi?id=1253453 * https://bugzilla.suse.com/show_bug.cgi?id=1253455 * https://bugzilla.suse.com/show_bug.cgi?id=1253456 * https://bugzilla.suse.com/show_bug.cgi?id=1253457 * https://bugzilla.suse.com/show_bug.cgi?id=1253463 * https://bugzilla.suse.com/show_bug.cgi?id=1253472 * https://bugzilla.suse.com/show_bug.cgi?id=1253622 * https://bugzilla.suse.com/show_bug.cgi?id=1253624 * https://bugzilla.suse.com/show_bug.cgi?id=1253635 * https://bugzilla.suse.com/show_bug.cgi?id=1253643 * https://bugzilla.suse.com/show_bug.cgi?id=1253647 * https://bugzilla.suse.com/show_bug.cgi?id=1254119 * https://bugzilla.suse.com/show_bug.cgi?id=1254181 * https://bugzilla.suse.com/show_bug.cgi?id=1254221 * https://bugzilla.suse.com/show_bug.cgi?id=1254308 * https://bugzilla.suse.com/show_bug.cgi?id=1254315 * https://jira.suse.com/browse/PED-13611 * https://jira.suse.com/browse/PED-13949 * https://jira.suse.com/browse/PED-14062 * https://jira.suse.com/browse/PED-14115 * https://jira.suse.com/browse/PED-14353 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Jan 9 20:31:37 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 Jan 2026 20:31:37 -0000 Subject: SUSE-SU-2026:20019-1: important: Security update for sssd Message-ID: <176799069769.22169.9889961458048657506@smelt2.prg2.suse.org> # Security update for sssd Announcement ID: SUSE-SU-2026:20019-1 Release Date: 2026-01-02T16:58:16Z Rating: important References: * bsc#1244325 * bsc#1251827 Cross-References: * CVE-2025-11561 CVSS scores: * CVE-2025-11561 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-11561 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-11561 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for sssd fixes the following issues: * CVE-2025-11561: Fixed default Kerberos configuration allowing privilege escalation on AD-joined Linux systems (bsc#1244325) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-119=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-119=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libipa_hbac-devel-2.9.5-160000.3.1 * libsss_idmap-devel-2.9.5-160000.3.1 * libipa_hbac0-debuginfo-2.9.5-160000.3.1 * sssd-ipa-debuginfo-2.9.5-160000.3.1 * sssd-ad-2.9.5-160000.3.1 * libsss_certmap0-2.9.5-160000.3.1 * libipa_hbac0-2.9.5-160000.3.1 * sssd-krb5-common-2.9.5-160000.3.1 * sssd-ldap-2.9.5-160000.3.1 * sssd-tools-debuginfo-2.9.5-160000.3.1 * libsss_nss_idmap0-debuginfo-2.9.5-160000.3.1 * libsss_certmap0-debuginfo-2.9.5-160000.3.1 * python3-sssd-config-2.9.5-160000.3.1 * sssd-krb5-2.9.5-160000.3.1 * sssd-proxy-2.9.5-160000.3.1 * sssd-ipa-2.9.5-160000.3.1 * sssd-kcm-debuginfo-2.9.5-160000.3.1 * sssd-krb5-common-debuginfo-2.9.5-160000.3.1 * python3-ipa_hbac-debuginfo-2.9.5-160000.3.1 * sssd-debugsource-2.9.5-160000.3.1 * python3-sss_nss_idmap-debuginfo-2.9.5-160000.3.1 * sssd-winbind-idmap-2.9.5-160000.3.1 * libnfsidmap-sss-debuginfo-2.9.5-160000.3.1 * sssd-ad-debuginfo-2.9.5-160000.3.1 * libsss_idmap0-2.9.5-160000.3.1 * libsss_nss_idmap0-2.9.5-160000.3.1 * sssd-ldap-debuginfo-2.9.5-160000.3.1 * sssd-debuginfo-2.9.5-160000.3.1 * python3-sss-murmur-2.9.5-160000.3.1 * sssd-winbind-idmap-debuginfo-2.9.5-160000.3.1 * libnfsidmap-sss-2.9.5-160000.3.1 * libsss_nss_idmap-devel-2.9.5-160000.3.1 * libsss_idmap0-debuginfo-2.9.5-160000.3.1 * python3-sss_nss_idmap-2.9.5-160000.3.1 * libsss_certmap-devel-2.9.5-160000.3.1 * sssd-2.9.5-160000.3.1 * python3-sss-murmur-debuginfo-2.9.5-160000.3.1 * sssd-dbus-2.9.5-160000.3.1 * sssd-proxy-debuginfo-2.9.5-160000.3.1 * sssd-krb5-debuginfo-2.9.5-160000.3.1 * sssd-kcm-2.9.5-160000.3.1 * sssd-dbus-debuginfo-2.9.5-160000.3.1 * python3-ipa_hbac-2.9.5-160000.3.1 * sssd-tools-2.9.5-160000.3.1 * python3-sssd-config-debuginfo-2.9.5-160000.3.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * libipa_hbac-devel-2.9.5-160000.3.1 * libsss_idmap-devel-2.9.5-160000.3.1 * libipa_hbac0-debuginfo-2.9.5-160000.3.1 * sssd-ipa-debuginfo-2.9.5-160000.3.1 * sssd-ad-2.9.5-160000.3.1 * libsss_certmap0-2.9.5-160000.3.1 * libipa_hbac0-2.9.5-160000.3.1 * sssd-krb5-common-2.9.5-160000.3.1 * sssd-ldap-2.9.5-160000.3.1 * sssd-tools-debuginfo-2.9.5-160000.3.1 * libsss_nss_idmap0-debuginfo-2.9.5-160000.3.1 * libsss_certmap0-debuginfo-2.9.5-160000.3.1 * python3-sssd-config-2.9.5-160000.3.1 * sssd-krb5-2.9.5-160000.3.1 * sssd-proxy-2.9.5-160000.3.1 * sssd-ipa-2.9.5-160000.3.1 * sssd-kcm-debuginfo-2.9.5-160000.3.1 * sssd-krb5-common-debuginfo-2.9.5-160000.3.1 * python3-ipa_hbac-debuginfo-2.9.5-160000.3.1 * sssd-debugsource-2.9.5-160000.3.1 * python3-sss_nss_idmap-debuginfo-2.9.5-160000.3.1 * sssd-winbind-idmap-2.9.5-160000.3.1 * libnfsidmap-sss-debuginfo-2.9.5-160000.3.1 * sssd-ad-debuginfo-2.9.5-160000.3.1 * libsss_idmap0-2.9.5-160000.3.1 * libsss_nss_idmap0-2.9.5-160000.3.1 * sssd-ldap-debuginfo-2.9.5-160000.3.1 * sssd-debuginfo-2.9.5-160000.3.1 * python3-sss-murmur-2.9.5-160000.3.1 * sssd-winbind-idmap-debuginfo-2.9.5-160000.3.1 * libnfsidmap-sss-2.9.5-160000.3.1 * libsss_nss_idmap-devel-2.9.5-160000.3.1 * libsss_idmap0-debuginfo-2.9.5-160000.3.1 * python3-sss_nss_idmap-2.9.5-160000.3.1 * libsss_certmap-devel-2.9.5-160000.3.1 * sssd-2.9.5-160000.3.1 * python3-sss-murmur-debuginfo-2.9.5-160000.3.1 * sssd-dbus-2.9.5-160000.3.1 * sssd-proxy-debuginfo-2.9.5-160000.3.1 * sssd-krb5-debuginfo-2.9.5-160000.3.1 * sssd-kcm-2.9.5-160000.3.1 * sssd-dbus-debuginfo-2.9.5-160000.3.1 * python3-ipa_hbac-2.9.5-160000.3.1 * sssd-tools-2.9.5-160000.3.1 * python3-sssd-config-debuginfo-2.9.5-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11561.html * https://bugzilla.suse.com/show_bug.cgi?id=1244325 * https://bugzilla.suse.com/show_bug.cgi?id=1251827 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Jan 9 20:31:41 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 Jan 2026 20:31:41 -0000 Subject: SUSE-SU-2026:20018-1: important: Security update for mariadb Message-ID: <176799070179.22169.12561318658215228550@smelt2.prg2.suse.org> # Security update for mariadb Announcement ID: SUSE-SU-2026:20018-1 Release Date: 2025-12-22T11:44:04Z Rating: important References: * bsc#1243040 * bsc#1252162 * bsc#1254313 * bsc#1254476 Cross-References: * CVE-2025-13699 CVSS scores: * CVE-2025-13699 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-13699 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-13699 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves one vulnerability and has three fixes can now be installed. ## Description: This update for mariadb fixes the following issues: * Update to 11.8.5: * CVE-2025-13699: Fixed Directory Traversal Remote Code Execution Vulnerability (bsc#1254313) Other fixes: * Add %license tags to license files (bsc#1252162) * Add INSTALL_DOCREADMEDIR cmake flag to install readme and license files * Remove client plugin parsec.so, it is shipped by libmariadb_plugins (bsc#1243040, bsc#1254476) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-116=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-116=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * mariadb-debuginfo-11.8.5-160000.1.1 * mariadb-debugsource-11.8.5-160000.1.1 * libmariadbd19-11.8.5-160000.1.1 * libmariadbd-devel-11.8.5-160000.1.1 * mariadb-bench-debuginfo-11.8.5-160000.1.1 * mariadb-client-11.8.5-160000.1.1 * mariadb-client-debuginfo-11.8.5-160000.1.1 * mariadb-bench-11.8.5-160000.1.1 * mariadb-11.8.5-160000.1.1 * mariadb-tools-11.8.5-160000.1.1 * libmariadbd19-debuginfo-11.8.5-160000.1.1 * mariadb-tools-debuginfo-11.8.5-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * mariadb-errormessages-11.8.5-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * mariadb-debuginfo-11.8.5-160000.1.1 * mariadb-debugsource-11.8.5-160000.1.1 * libmariadbd19-11.8.5-160000.1.1 * libmariadbd-devel-11.8.5-160000.1.1 * mariadb-bench-debuginfo-11.8.5-160000.1.1 * mariadb-client-11.8.5-160000.1.1 * mariadb-client-debuginfo-11.8.5-160000.1.1 * mariadb-bench-11.8.5-160000.1.1 * mariadb-11.8.5-160000.1.1 * mariadb-tools-11.8.5-160000.1.1 * libmariadbd19-debuginfo-11.8.5-160000.1.1 * mariadb-tools-debuginfo-11.8.5-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * mariadb-errormessages-11.8.5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13699.html * https://bugzilla.suse.com/show_bug.cgi?id=1243040 * https://bugzilla.suse.com/show_bug.cgi?id=1252162 * https://bugzilla.suse.com/show_bug.cgi?id=1254313 * https://bugzilla.suse.com/show_bug.cgi?id=1254476 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Jan 9 20:31:45 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 Jan 2026 20:31:45 -0000 Subject: SUSE-SU-2026:20016-1: low: Security update for fontforge Message-ID: <176799070505.22169.16682611244817586926@smelt2.prg2.suse.org> # Security update for fontforge Announcement ID: SUSE-SU-2026:20016-1 Release Date: 2025-12-22T10:04:31Z Rating: low References: * bsc#1252652 Cross-References: * CVE-2025-50949 CVSS scores: * CVE-2025-50949 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-50949 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-50949 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for fontforge fixes the following issues: * CVE-2025-50949: Fixed memory leak in function DlgCreate8 (bsc#1252652). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-115=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-115=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * fontforge-debugsource-20230101-160000.3.1 * fontforge-devel-20230101-160000.3.1 * fontforge-debuginfo-20230101-160000.3.1 * fontforge-20230101-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * fontforge-doc-20230101-160000.3.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * fontforge-debugsource-20230101-160000.3.1 * fontforge-devel-20230101-160000.3.1 * fontforge-debuginfo-20230101-160000.3.1 * fontforge-20230101-160000.3.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * fontforge-doc-20230101-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-50949.html * https://bugzilla.suse.com/show_bug.cgi?id=1252652 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Jan 9 20:33:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 Jan 2026 20:33:13 -0000 Subject: SUSE-SU-2026:20015-1: important: Security update for the Linux Kernel Message-ID: <176799079387.22169.10769140075099530390@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:20015-1 Release Date: 2025-12-19T17:38:16Z Rating: important References: * bsc#1235463 * bsc#1243474 * bsc#1245193 * bsc#1245431 * bsc#1245498 * bsc#1245499 * bsc#1246328 * bsc#1246843 * bsc#1247500 * bsc#1248792 * bsc#1249256 * bsc#1249397 * bsc#1249912 * bsc#1249977 * bsc#1249982 * bsc#1250034 * bsc#1250176 * bsc#1250237 * bsc#1250252 * bsc#1250705 * bsc#1250723 * bsc#1250746 * bsc#1251120 * bsc#1251817 * bsc#1252054 * bsc#1252063 * bsc#1252301 * bsc#1252303 * bsc#1252342 * bsc#1252352 * bsc#1252357 * bsc#1252681 * bsc#1252686 * bsc#1252763 * bsc#1252776 * bsc#1252779 * bsc#1252790 * bsc#1252794 * bsc#1252795 * bsc#1252808 * bsc#1252809 * bsc#1252817 * bsc#1252821 * bsc#1252824 * bsc#1252836 * bsc#1252845 * bsc#1252901 * bsc#1252912 * bsc#1252917 * bsc#1252919 * bsc#1252923 * bsc#1252928 * bsc#1253018 * bsc#1253155 * bsc#1253176 * bsc#1253238 * bsc#1253275 * bsc#1253318 * bsc#1253324 * bsc#1253328 * bsc#1253330 * bsc#1253342 * bsc#1253348 * bsc#1253349 * bsc#1253352 * bsc#1253355 * bsc#1253360 * bsc#1253362 * bsc#1253363 * bsc#1253367 * bsc#1253369 * bsc#1253386 * bsc#1253394 * bsc#1253395 * bsc#1253402 * bsc#1253403 * bsc#1253405 * bsc#1253407 * bsc#1253408 * bsc#1253409 * bsc#1253410 * bsc#1253412 * bsc#1253416 * bsc#1253421 * bsc#1253422 * bsc#1253423 * bsc#1253424 * bsc#1253425 * bsc#1253426 * bsc#1253427 * bsc#1253428 * bsc#1253431 * bsc#1253433 * bsc#1253436 * bsc#1253438 * bsc#1253440 * bsc#1253441 * bsc#1253443 * bsc#1253445 * bsc#1253448 * bsc#1253449 * bsc#1253450 * bsc#1253451 * bsc#1253453 * bsc#1253455 * bsc#1253456 * bsc#1253457 * bsc#1253463 * bsc#1253472 * bsc#1253622 * bsc#1253624 * bsc#1253635 * bsc#1253643 * bsc#1253647 * bsc#1254119 * bsc#1254181 * bsc#1254221 * bsc#1254308 * bsc#1254315 * jsc#PED-13611 * jsc#PED-13949 * jsc#PED-14062 * jsc#PED-14115 * jsc#PED-14353 Cross-References: * CVE-2022-50253 * CVE-2025-37916 * CVE-2025-38084 * CVE-2025-38085 * CVE-2025-38321 * CVE-2025-38728 * CVE-2025-39805 * CVE-2025-39819 * CVE-2025-39822 * CVE-2025-39831 * CVE-2025-39859 * CVE-2025-39897 * CVE-2025-39917 * CVE-2025-39944 * CVE-2025-39961 * CVE-2025-39980 * CVE-2025-39990 * CVE-2025-40001 * CVE-2025-40003 * CVE-2025-40006 * CVE-2025-40021 * CVE-2025-40024 * CVE-2025-40027 * CVE-2025-40031 * CVE-2025-40033 * CVE-2025-40038 * CVE-2025-40047 * CVE-2025-40053 * CVE-2025-40055 * CVE-2025-40059 * CVE-2025-40064 * CVE-2025-40070 * CVE-2025-40074 * CVE-2025-40075 * CVE-2025-40081 * CVE-2025-40083 * CVE-2025-40086 * CVE-2025-40098 * CVE-2025-40101 * CVE-2025-40102 * CVE-2025-40105 * CVE-2025-40107 * CVE-2025-40109 * CVE-2025-40110 * CVE-2025-40111 * CVE-2025-40115 * CVE-2025-40116 * CVE-2025-40118 * CVE-2025-40120 * CVE-2025-40121 * CVE-2025-40127 * CVE-2025-40129 * CVE-2025-40132 * CVE-2025-40133 * CVE-2025-40134 * CVE-2025-40135 * CVE-2025-40139 * CVE-2025-40140 * CVE-2025-40141 * CVE-2025-40142 * CVE-2025-40149 * CVE-2025-40153 * CVE-2025-40154 * CVE-2025-40156 * CVE-2025-40157 * CVE-2025-40158 * CVE-2025-40159 * CVE-2025-40161 * CVE-2025-40162 * CVE-2025-40164 * CVE-2025-40165 * CVE-2025-40166 * CVE-2025-40168 * CVE-2025-40169 * CVE-2025-40171 * CVE-2025-40172 * CVE-2025-40173 * CVE-2025-40175 * CVE-2025-40176 * CVE-2025-40177 * CVE-2025-40178 * CVE-2025-40180 * CVE-2025-40183 * CVE-2025-40185 * CVE-2025-40186 * CVE-2025-40187 * CVE-2025-40188 * CVE-2025-40192 * CVE-2025-40194 * CVE-2025-40196 * CVE-2025-40197 * CVE-2025-40198 * CVE-2025-40200 * CVE-2025-40201 * CVE-2025-40202 * CVE-2025-40203 * CVE-2025-40204 * CVE-2025-40205 * CVE-2025-40206 * CVE-2025-40207 CVSS scores: * CVE-2022-50253 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2022-50253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-50253 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-37916 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-37916 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37916 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38084 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38084 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-38084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38085 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-38085 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-38085 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38321 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-38321 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2025-38321 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38728 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38728 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38728 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39805 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39805 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39819 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-39819 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39822 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39822 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39831 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39831 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39859 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39859 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39897 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39897 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-39897 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39917 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-39917 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2025-39917 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39944 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39961 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39961 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-39980 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-39980 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39990 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-39990 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40001 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40001 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-40003 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40003 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40006 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40006 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40021 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-40021 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2025-40024 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40024 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40027 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40027 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40031 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40031 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40033 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40033 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40038 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40038 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40047 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40047 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40053 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40053 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40055 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40055 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40059 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40059 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40064 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40070 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40074 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40075 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40081 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40083 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40086 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40086 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40098 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40098 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40101 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40101 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40102 ( SUSE ): 0.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-40102 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N * CVE-2025-40105 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40105 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40107 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40107 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40109 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40109 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40110 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40110 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40111 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40115 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40115 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40116 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40116 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40118 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40118 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40120 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40121 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40121 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40127 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40127 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40129 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40129 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40132 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40132 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40133 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40133 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H * CVE-2025-40134 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40134 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40135 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40135 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40139 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40139 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40140 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40140 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40141 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40141 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-40142 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40142 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40149 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40149 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-40153 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40153 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40154 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40154 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40156 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40156 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40157 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40157 ( SUSE ): 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H * CVE-2025-40158 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40158 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40161 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40161 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40162 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40162 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40164 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40164 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40165 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40165 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40166 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40168 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40168 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-40169 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40169 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-40171 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40171 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40172 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40172 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40173 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40173 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40175 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40175 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40176 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40176 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40177 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40177 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-40178 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40180 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40180 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-40183 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40183 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40185 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40185 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40186 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40186 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40187 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40188 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40188 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40192 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40192 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40194 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40196 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40196 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40197 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40197 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40198 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40198 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40200 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40200 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40202 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40202 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40203 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40203 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40204 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-40205 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40205 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40206 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40206 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40207 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40207 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves 100 vulnerabilities, contains five features and has 19 fixes can now be installed. ## Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912). * CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474). * CVE-2025-38084: mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431 bsc#1245498). * CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431 bsc#1245499). * CVE-2025-38321: smb: Log an error when close_all_cached_dirs fails (bsc#1246328). * CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256). * CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982). * CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176). * CVE-2025-39822: io_uring/kbuf: fix signedness in this_len calculation (bsc#1250034). * CVE-2025-39831: fbnic: Move phylink resume out of service_task and into open/close (bsc#1249977). * CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252). * CVE-2025-39897: net: xilinx: axienet: Add error handling for RX metadata pointer retrieval (bsc#1250746). * CVE-2025-39917: bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt (bsc#1250723). * CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120). * CVE-2025-39961: iommu/amd/pgtbl: Fix possible race while increase page table level (bsc#1251817). * CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063). * CVE-2025-39990: bpf: Check the helper function is valid in get_helper_proto (bsc#1252054). * CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303). * CVE-2025-40003: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work (bsc#1252301). * CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342). * CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681). * CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task (bsc#1252686). * CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763). * CVE-2025-40031: tee: fix register_shm_helper() (bsc#1252779). * CVE-2025-40033: remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (bsc#1252824). * CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817). * CVE-2025-40047: io_uring/waitid: always prune wait queue entry in io_waitid_wait() (bsc#1252790). * CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808). * CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821). * CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809). * CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845). * CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836). * CVE-2025-40074: tcp: convert to dev_net_rcu() (bsc#1252794). * CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795). * CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776). * CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912). * CVE-2025-40086: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds (bsc#1252923). * CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917). * CVE-2025-40101: btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST (bsc#1252901). * CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919). * CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928). * CVE-2025-40133: mptcp: Call dst_release() in mptcp_active_enable() (bsc#1253328). * CVE-2025-40134: dm: fix NULL pointer dereference in __dm_suspend() (bsc#1253386). * CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342). * CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409). * CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355). * CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408). * CVE-2025-40157: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (bsc#1253423). * CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403). * CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427). * CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416). * CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421). * CVE-2025-40175: idpf: cleanup remaining SKBs in PTP flows (bsc#1253426). * CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425). * CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463). * CVE-2025-40185: ice: ice_adapter: release xa entry on adapter allocation failure (bsc#1253394). * CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455). * CVE-2025-40203: listmount: don't call path_put() under namespace semaphore (bsc#1253457). The following non security issues were fixed: * ACPI: scan: Update honor list for RPMI System MSI (stable-fixes). * ACPICA: Update dsmethod.c to get rid of unused variable warning (stable- fixes). * Disable CONFIG_CPU5_WDT The cpu5wdt driver doesn't implement a proper watchdog interface and has many code issues. It only handles obscure and obsolete hardware. Stop building and supporting this driver (jsc#PED-14062). * Fix "drm/xe: Don't allow evicting of BOs in same VM in array of VM binds" (bsc#1252923) * KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git- fixes). * KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes). * KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git- fixes). * KVM: s390: improve interrupt cpu for wakeup (bsc#1235463). * KVM: s390: kABI backport for 'last_sleep_cpu' (bsc#1252352). * KVM: x86/mmu: Return -EAGAIN if userspace deletes/moves memslot during prefault (git-fixes). * PCI/ERR: Update device error_state already after reset (stable-fixes). * PM: EM: Slightly reduce em_check_capacity_update() overhead (stable-fixes). * Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" (git-fixes). * Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" (git-fixes). * Update config files: enable zstd module decompression (jsc#PED-14115). * bpf/selftests: Fix test_tcpnotify_user (bsc#1253635). * btrfs: do not clear read-only when adding sprout device (bsc#1253238). * btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes). * dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386) * drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes). * drm/amd/display: update color on atomic commit time (stable-fixes). * drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes). * drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (stable- fixes). * hwmon: (lenovo-ec-sensors) Update P8 supprt (stable-fixes). * media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes). * mount: handle NULL values in mnt_ns_release() (bsc#1254308) * net/smc: Remove validation of reserved bits in CLC Decline (bsc#1252357). * net: phy: move realtek PHY driver to its own subdirectory (jsc#PED-14353). * net: phy: realtek: add defines for shadowed c45 standard registers (jsc#PED-14353). * net: phy: realtek: add helper RTL822X_VND2_C22_REG (jsc#PED-14353). * net: phy: realtek: change order of calls in C22 read_status() (jsc#PED-14353). * net: phy: realtek: clear 1000Base-T link partner advertisement (jsc#PED-14353). * net: phy: realtek: improve mmd register access for internal PHY's (jsc#PED-14353). * net: phy: realtek: read duplex and gbit master from PHYSR register (jsc#PED-14353). * net: phy: realtek: switch from paged to MMD ops in rtl822x functions (jsc#PED-14353). * net: phy: realtek: use string choices helpers (jsc#PED-14353). * net: xilinx: axienet: Fix IRQ coalescing packet count overflow (bsc#1250746) * net: xilinx: axienet: Fix RX skb ring management in DMAengine mode (bsc#1250746) * net: xilinx: axienet: Fix Tx skb circular buffer occupancy check in dmaengine xmit (bsc#1250746) * nvmet-auth: update sc_c in host response (git-fixes bsc#1249397). * nvmet-auth: update sc_c in target host hash calculation (git-fixes). * perf list: Add IBM z17 event descriptions (jsc#PED-13611). * platform/x86:intel/pmc: Update Arrow Lake telemetry GUID (git-fixes). * powercap: intel_rapl: Add support for Panther Lake platform (jsc#PED-13949). * pwm: pca9685: Use bulk write to atomicially update registers (stable-fixes). * r8169: add PHY c45 ops for MDIO_MMD_VENDOR2 registers (jsc#PED-14353). * r8169: add support for Intel Killer E5000 (jsc#PED-14353). * r8169: add support for RTL8125BP rev.b (jsc#PED-14353). * r8169: add support for RTL8125D rev.b (jsc#PED-14353). * r8169: adjust version numbering for RTL8126 (jsc#PED-14353). * r8169: align RTL8125 EEE config with vendor driver (jsc#PED-14353). * r8169: align RTL8125/RTL8126 PHY config with vendor driver (jsc#PED-14353). * r8169: align RTL8126 EEE config with vendor driver (jsc#PED-14353). * r8169: align WAKE_PHY handling with r8125/r8126 vendor drivers (jsc#PED-14353). * r8169: avoid duplicated messages if loading firmware fails and switch to warn level (jsc#PED-14353). * r8169: don't take RTNL lock in rtl_task() (jsc#PED-14353). * r8169: enable EEE at 2.5G per default on RTL8125B (jsc#PED-14353). * r8169: enable RTL8168H/RTL8168EP/RTL8168FP ASPM support (jsc#PED-14353). * r8169: fix inconsistent indenting in rtl8169_get_eth_mac_stats (jsc#PED-14353). * r8169: implement additional ethtool stats ops (jsc#PED-14353). * r8169: improve __rtl8169_set_wol (jsc#PED-14353). * r8169: improve initialization of RSS registers on RTL8125/RTL8126 (jsc#PED-14353). * r8169: improve rtl_set_d3_pll_down (jsc#PED-14353). * r8169: increase max jumbo packet size on RTL8125/RTL8126 (jsc#PED-14353). * r8169: remove leftover locks after reverted change (jsc#PED-14353). * r8169: remove original workaround for RTL8125 broken rx issue (jsc#PED-14353). * r8169: remove rtl_dash_loop_wait_high/low (jsc#PED-14353). * r8169: remove support for chip version 11 (jsc#PED-14353). * r8169: remove unused flag RTL_FLAG_TASK_RESET_NO_QUEUE_WAKE (jsc#PED-14353). * r8169: replace custom flag with disable_work() et al (jsc#PED-14353). * r8169: switch away from deprecated pcim_iomap_table (jsc#PED-14353). * r8169: use helper r8169_mod_reg8_cond to simplify rtl_jumbo_config (jsc#PED-14353). * ring-buffer: Update pages_touched to reflect persistent buffer content (git- fixes). * s390/mm: Fix __ptep_rdp() inline assembly (bsc#1253643). * sched/fair: Get rid of sched_domains_curr_level hack for tl->cpumask() (bsc#1246843). * sched/fair: Have SD_SERIALIZE affect newidle balancing (bsc#1248792). * sched/fair: Proportional newidle balance (bsc#1248792). * sched/fair: Proportional newidle balance -KABI (bsc#1248792). * sched/fair: Revert max_newidle_lb_cost bump (bsc#1248792). * sched/fair: Skip sched_balance_running cmpxchg when balance is not due (bsc#1248792). * sched/fair: Small cleanup to sched_balance_newidle() (bsc#1248792). * sched/fair: Small cleanup to update_newidle_cost() (bsc#1248792). * scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119). * scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119). * scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119). * scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119). * scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119). * scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119). * scsi: lpfc: Remove redundant NULL ptr assignment in lpfc_els_free_iocb() (bsc#1254119). * scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119). * scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119). * scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119). * selftests/run_kselftest.sh: Add `--skip` argument option (bsc#1254221). * smpboot: introduce SDTL_INIT() helper to tidy sched topology setup (bsc#1246843). * soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes). * spi: tegra210-quad: Check hardware status on timeout (bsc#1253155) * spi: tegra210-quad: Fix timeout handling (bsc#1253155) * spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155) * spi: tegra210-quad: Update dummy sequence configuration (git-fixes) * tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705). * wifi: ath11k: Add quirk entries for Thinkpad T14s Gen3 AMD (bsc#1254181). * wifi: mt76: do not add wcid entries to sta poll list during MCU reset (bsc#1254315). * wifi: mt76: introduce mt792x_config_mac_addr_list routine (bsc#1254315). * wifi: mt76: mt7925: Fix logical vs bitwise typo (bsc#1254315). * wifi: mt76: mt7925: Remove unnecessary if-check (bsc#1254315). * wifi: mt76: mt7925: Simplify HIF suspend handling to avoid suspend fail (bsc#1254315). * wifi: mt76: mt7925: add EHT control support based on the CLC data (bsc#1254315). * wifi: mt76: mt7925: add handler to hif suspend/resume event (bsc#1254315). * wifi: mt76: mt7925: add pci restore for hibernate (bsc#1254315). * wifi: mt76: mt7925: config the dwell time by firmware (bsc#1254315). * wifi: mt76: mt7925: extend MCU support for testmode (bsc#1254315). * wifi: mt76: mt7925: fix CLC command timeout when suspend/resume (bsc#1254315). * wifi: mt76: mt7925: fix missing hdr_trans_tlv command for broadcast wtbl (bsc#1254315). * wifi: mt76: mt7925: fix the unfinished command of regd_notifier before suspend (bsc#1254315). * wifi: mt76: mt7925: refine the txpower initialization flow (bsc#1254315). * wifi: mt76: mt7925: replace zero-length array with flexible-array member (bsc#1254315). * wifi: mt76: mt7925: update the channel usage when the regd domain changed (bsc#1254315). * wifi: mt76: mt7925e: fix too long of wifi resume time (bsc#1254315). * x86/smpboot: avoid SMT domain attach/destroy if SMT is not enabled (bsc#1246843). * x86/smpboot: moves x86_topology to static initialize and truncate (bsc#1246843). * x86/smpboot: remove redundant CONFIG_SCHED_SMT (bsc#1246843). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-113=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-113=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * kernel-devel-6.12.0-160000.8.1 * kernel-source-vanilla-6.12.0-160000.8.1 * kernel-source-6.12.0-160000.8.1 * kernel-macros-6.12.0-160000.8.1 * kernel-docs-html-6.12.0-160000.8.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le x86_64) * kernel-default-base-6.12.0-160000.8.1.160000.2.5 * kernel-kvmsmall-debugsource-6.12.0-160000.8.1 * kernel-kvmsmall-debuginfo-6.12.0-160000.8.1 * kernel-kvmsmall-devel-6.12.0-160000.8.1 * SUSE Linux Enterprise Server 16.0 (aarch64 nosrc) * kernel-64kb-6.12.0-160000.8.1 * SUSE Linux Enterprise Server 16.0 (aarch64) * kernel-64kb-debugsource-6.12.0-160000.8.1 * kernel-64kb-devel-6.12.0-160000.8.1 * kernel-64kb-extra-6.12.0-160000.8.1 * kernel-64kb-debuginfo-6.12.0-160000.8.1 * kernel-64kb-extra-debuginfo-6.12.0-160000.8.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.12.0-160000.8.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-6.12.0-160000.8.1 * kernel-default-devel-6.12.0-160000.8.1 * kernel-syms-6.12.0-160000.8.1 * kernel-obs-qa-6.12.0-160000.8.1 * kernel-default-debuginfo-6.12.0-160000.8.1 * kernel-default-extra-6.12.0-160000.8.1 * kernel-default-extra-debuginfo-6.12.0-160000.8.1 * SUSE Linux Enterprise Server 16.0 (noarch nosrc) * kernel-docs-6.12.0-160000.8.1 * SUSE Linux Enterprise Server 16.0 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-6.12.0-160000.8.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * kernel-default-vdso-6.12.0-160000.8.1 * kernel-kvmsmall-vdso-debuginfo-6.12.0-160000.8.1 * kernel-default-vdso-debuginfo-6.12.0-160000.8.1 * kernel-kvmsmall-vdso-6.12.0-160000.8.1 * kernel-default-devel-debuginfo-6.12.0-160000.8.1 * kernel-kvmsmall-devel-debuginfo-6.12.0-160000.8.1 * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-default-livepatch-6.12.0-160000.8.1 * SUSE Linux Enterprise Server 16.0 (nosrc s390x) * kernel-zfcpdump-6.12.0-160000.8.1 * SUSE Linux Enterprise Server 16.0 (s390x) * kernel-zfcpdump-debuginfo-6.12.0-160000.8.1 * kernel-zfcpdump-debugsource-6.12.0-160000.8.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * kernel-devel-6.12.0-160000.8.1 * kernel-source-vanilla-6.12.0-160000.8.1 * kernel-source-6.12.0-160000.8.1 * kernel-macros-6.12.0-160000.8.1 * kernel-docs-html-6.12.0-160000.8.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * dlm-kmp-default-6.12.0-160000.8.1 * kernel-default-debugsource-6.12.0-160000.8.1 * kernel-default-base-6.12.0-160000.8.1.160000.2.5 * cluster-md-kmp-default-debuginfo-6.12.0-160000.8.1 * dlm-kmp-default-debuginfo-6.12.0-160000.8.1 * gfs2-kmp-default-debuginfo-6.12.0-160000.8.1 * kernel-default-devel-6.12.0-160000.8.1 * kernel-default-livepatch-6.12.0-160000.8.1 * kernel-syms-6.12.0-160000.8.1 * gfs2-kmp-default-6.12.0-160000.8.1 * kernel-obs-qa-6.12.0-160000.8.1 * kernel-kvmsmall-devel-6.12.0-160000.8.1 * kernel-default-debuginfo-6.12.0-160000.8.1 * kernel-kvmsmall-debuginfo-6.12.0-160000.8.1 * kernel-default-extra-6.12.0-160000.8.1 * kernel-default-extra-debuginfo-6.12.0-160000.8.1 * kernel-kvmsmall-debugsource-6.12.0-160000.8.1 * cluster-md-kmp-default-6.12.0-160000.8.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (nosrc ppc64le x86_64) * kernel-kvmsmall-6.12.0-160000.8.1 * kernel-default-6.12.0-160000.8.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (x86_64) * kernel-default-vdso-6.12.0-160000.8.1 * kernel-kvmsmall-vdso-debuginfo-6.12.0-160000.8.1 * kernel-default-vdso-debuginfo-6.12.0-160000.8.1 * kernel-kvmsmall-vdso-6.12.0-160000.8.1 * kernel-default-devel-debuginfo-6.12.0-160000.8.1 * kernel-kvmsmall-devel-debuginfo-6.12.0-160000.8.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch nosrc) * kernel-docs-6.12.0-160000.8.1 ## References: * https://www.suse.com/security/cve/CVE-2022-50253.html * https://www.suse.com/security/cve/CVE-2025-37916.html * https://www.suse.com/security/cve/CVE-2025-38084.html * https://www.suse.com/security/cve/CVE-2025-38085.html * https://www.suse.com/security/cve/CVE-2025-38321.html * https://www.suse.com/security/cve/CVE-2025-38728.html * https://www.suse.com/security/cve/CVE-2025-39805.html * https://www.suse.com/security/cve/CVE-2025-39819.html * https://www.suse.com/security/cve/CVE-2025-39822.html * https://www.suse.com/security/cve/CVE-2025-39831.html * https://www.suse.com/security/cve/CVE-2025-39859.html * https://www.suse.com/security/cve/CVE-2025-39897.html * https://www.suse.com/security/cve/CVE-2025-39917.html * https://www.suse.com/security/cve/CVE-2025-39944.html * https://www.suse.com/security/cve/CVE-2025-39961.html * https://www.suse.com/security/cve/CVE-2025-39980.html * https://www.suse.com/security/cve/CVE-2025-39990.html * https://www.suse.com/security/cve/CVE-2025-40001.html * https://www.suse.com/security/cve/CVE-2025-40003.html * https://www.suse.com/security/cve/CVE-2025-40006.html * https://www.suse.com/security/cve/CVE-2025-40021.html * https://www.suse.com/security/cve/CVE-2025-40024.html * https://www.suse.com/security/cve/CVE-2025-40027.html * https://www.suse.com/security/cve/CVE-2025-40031.html * https://www.suse.com/security/cve/CVE-2025-40033.html * https://www.suse.com/security/cve/CVE-2025-40038.html * https://www.suse.com/security/cve/CVE-2025-40047.html * https://www.suse.com/security/cve/CVE-2025-40053.html * https://www.suse.com/security/cve/CVE-2025-40055.html * https://www.suse.com/security/cve/CVE-2025-40059.html * https://www.suse.com/security/cve/CVE-2025-40064.html * https://www.suse.com/security/cve/CVE-2025-40070.html * https://www.suse.com/security/cve/CVE-2025-40074.html * https://www.suse.com/security/cve/CVE-2025-40075.html * https://www.suse.com/security/cve/CVE-2025-40081.html * https://www.suse.com/security/cve/CVE-2025-40083.html * https://www.suse.com/security/cve/CVE-2025-40086.html * https://www.suse.com/security/cve/CVE-2025-40098.html * https://www.suse.com/security/cve/CVE-2025-40101.html * https://www.suse.com/security/cve/CVE-2025-40102.html * https://www.suse.com/security/cve/CVE-2025-40105.html * https://www.suse.com/security/cve/CVE-2025-40107.html * https://www.suse.com/security/cve/CVE-2025-40109.html * https://www.suse.com/security/cve/CVE-2025-40110.html * https://www.suse.com/security/cve/CVE-2025-40111.html * https://www.suse.com/security/cve/CVE-2025-40115.html * https://www.suse.com/security/cve/CVE-2025-40116.html * https://www.suse.com/security/cve/CVE-2025-40118.html * https://www.suse.com/security/cve/CVE-2025-40120.html * https://www.suse.com/security/cve/CVE-2025-40121.html * https://www.suse.com/security/cve/CVE-2025-40127.html * https://www.suse.com/security/cve/CVE-2025-40129.html * https://www.suse.com/security/cve/CVE-2025-40132.html * https://www.suse.com/security/cve/CVE-2025-40133.html * https://www.suse.com/security/cve/CVE-2025-40134.html * https://www.suse.com/security/cve/CVE-2025-40135.html * https://www.suse.com/security/cve/CVE-2025-40139.html * https://www.suse.com/security/cve/CVE-2025-40140.html * https://www.suse.com/security/cve/CVE-2025-40141.html * https://www.suse.com/security/cve/CVE-2025-40142.html * https://www.suse.com/security/cve/CVE-2025-40149.html * https://www.suse.com/security/cve/CVE-2025-40153.html * https://www.suse.com/security/cve/CVE-2025-40154.html * https://www.suse.com/security/cve/CVE-2025-40156.html * https://www.suse.com/security/cve/CVE-2025-40157.html * https://www.suse.com/security/cve/CVE-2025-40158.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-40161.html * https://www.suse.com/security/cve/CVE-2025-40162.html * https://www.suse.com/security/cve/CVE-2025-40164.html * https://www.suse.com/security/cve/CVE-2025-40165.html * https://www.suse.com/security/cve/CVE-2025-40166.html * https://www.suse.com/security/cve/CVE-2025-40168.html * https://www.suse.com/security/cve/CVE-2025-40169.html * https://www.suse.com/security/cve/CVE-2025-40171.html * https://www.suse.com/security/cve/CVE-2025-40172.html * https://www.suse.com/security/cve/CVE-2025-40173.html * https://www.suse.com/security/cve/CVE-2025-40175.html * https://www.suse.com/security/cve/CVE-2025-40176.html * https://www.suse.com/security/cve/CVE-2025-40177.html * https://www.suse.com/security/cve/CVE-2025-40178.html * https://www.suse.com/security/cve/CVE-2025-40180.html * https://www.suse.com/security/cve/CVE-2025-40183.html * https://www.suse.com/security/cve/CVE-2025-40185.html * https://www.suse.com/security/cve/CVE-2025-40186.html * https://www.suse.com/security/cve/CVE-2025-40187.html * https://www.suse.com/security/cve/CVE-2025-40188.html * https://www.suse.com/security/cve/CVE-2025-40192.html * https://www.suse.com/security/cve/CVE-2025-40194.html * https://www.suse.com/security/cve/CVE-2025-40196.html * https://www.suse.com/security/cve/CVE-2025-40197.html * https://www.suse.com/security/cve/CVE-2025-40198.html * https://www.suse.com/security/cve/CVE-2025-40200.html * https://www.suse.com/security/cve/CVE-2025-40201.html * https://www.suse.com/security/cve/CVE-2025-40202.html * https://www.suse.com/security/cve/CVE-2025-40203.html * https://www.suse.com/security/cve/CVE-2025-40204.html * https://www.suse.com/security/cve/CVE-2025-40205.html * https://www.suse.com/security/cve/CVE-2025-40206.html * https://www.suse.com/security/cve/CVE-2025-40207.html * https://bugzilla.suse.com/show_bug.cgi?id=1235463 * https://bugzilla.suse.com/show_bug.cgi?id=1243474 * https://bugzilla.suse.com/show_bug.cgi?id=1245193 * https://bugzilla.suse.com/show_bug.cgi?id=1245431 * https://bugzilla.suse.com/show_bug.cgi?id=1245498 * https://bugzilla.suse.com/show_bug.cgi?id=1245499 * https://bugzilla.suse.com/show_bug.cgi?id=1246328 * https://bugzilla.suse.com/show_bug.cgi?id=1246843 * https://bugzilla.suse.com/show_bug.cgi?id=1247500 * https://bugzilla.suse.com/show_bug.cgi?id=1248792 * https://bugzilla.suse.com/show_bug.cgi?id=1249256 * https://bugzilla.suse.com/show_bug.cgi?id=1249397 * https://bugzilla.suse.com/show_bug.cgi?id=1249912 * https://bugzilla.suse.com/show_bug.cgi?id=1249977 * https://bugzilla.suse.com/show_bug.cgi?id=1249982 * https://bugzilla.suse.com/show_bug.cgi?id=1250034 * https://bugzilla.suse.com/show_bug.cgi?id=1250176 * https://bugzilla.suse.com/show_bug.cgi?id=1250237 * https://bugzilla.suse.com/show_bug.cgi?id=1250252 * https://bugzilla.suse.com/show_bug.cgi?id=1250705 * https://bugzilla.suse.com/show_bug.cgi?id=1250723 * https://bugzilla.suse.com/show_bug.cgi?id=1250746 * https://bugzilla.suse.com/show_bug.cgi?id=1251120 * https://bugzilla.suse.com/show_bug.cgi?id=1251817 * https://bugzilla.suse.com/show_bug.cgi?id=1252054 * https://bugzilla.suse.com/show_bug.cgi?id=1252063 * https://bugzilla.suse.com/show_bug.cgi?id=1252301 * https://bugzilla.suse.com/show_bug.cgi?id=1252303 * https://bugzilla.suse.com/show_bug.cgi?id=1252342 * https://bugzilla.suse.com/show_bug.cgi?id=1252352 * https://bugzilla.suse.com/show_bug.cgi?id=1252357 * https://bugzilla.suse.com/show_bug.cgi?id=1252681 * https://bugzilla.suse.com/show_bug.cgi?id=1252686 * https://bugzilla.suse.com/show_bug.cgi?id=1252763 * https://bugzilla.suse.com/show_bug.cgi?id=1252776 * https://bugzilla.suse.com/show_bug.cgi?id=1252779 * https://bugzilla.suse.com/show_bug.cgi?id=1252790 * https://bugzilla.suse.com/show_bug.cgi?id=1252794 * https://bugzilla.suse.com/show_bug.cgi?id=1252795 * https://bugzilla.suse.com/show_bug.cgi?id=1252808 * https://bugzilla.suse.com/show_bug.cgi?id=1252809 * https://bugzilla.suse.com/show_bug.cgi?id=1252817 * https://bugzilla.suse.com/show_bug.cgi?id=1252821 * https://bugzilla.suse.com/show_bug.cgi?id=1252824 * https://bugzilla.suse.com/show_bug.cgi?id=1252836 * https://bugzilla.suse.com/show_bug.cgi?id=1252845 * https://bugzilla.suse.com/show_bug.cgi?id=1252901 * https://bugzilla.suse.com/show_bug.cgi?id=1252912 * https://bugzilla.suse.com/show_bug.cgi?id=1252917 * https://bugzilla.suse.com/show_bug.cgi?id=1252919 * https://bugzilla.suse.com/show_bug.cgi?id=1252923 * https://bugzilla.suse.com/show_bug.cgi?id=1252928 * https://bugzilla.suse.com/show_bug.cgi?id=1253018 * https://bugzilla.suse.com/show_bug.cgi?id=1253155 * https://bugzilla.suse.com/show_bug.cgi?id=1253176 * https://bugzilla.suse.com/show_bug.cgi?id=1253238 * https://bugzilla.suse.com/show_bug.cgi?id=1253275 * https://bugzilla.suse.com/show_bug.cgi?id=1253318 * https://bugzilla.suse.com/show_bug.cgi?id=1253324 * https://bugzilla.suse.com/show_bug.cgi?id=1253328 * https://bugzilla.suse.com/show_bug.cgi?id=1253330 * https://bugzilla.suse.com/show_bug.cgi?id=1253342 * https://bugzilla.suse.com/show_bug.cgi?id=1253348 * https://bugzilla.suse.com/show_bug.cgi?id=1253349 * https://bugzilla.suse.com/show_bug.cgi?id=1253352 * https://bugzilla.suse.com/show_bug.cgi?id=1253355 * https://bugzilla.suse.com/show_bug.cgi?id=1253360 * https://bugzilla.suse.com/show_bug.cgi?id=1253362 * https://bugzilla.suse.com/show_bug.cgi?id=1253363 * https://bugzilla.suse.com/show_bug.cgi?id=1253367 * https://bugzilla.suse.com/show_bug.cgi?id=1253369 * https://bugzilla.suse.com/show_bug.cgi?id=1253386 * https://bugzilla.suse.com/show_bug.cgi?id=1253394 * https://bugzilla.suse.com/show_bug.cgi?id=1253395 * https://bugzilla.suse.com/show_bug.cgi?id=1253402 * https://bugzilla.suse.com/show_bug.cgi?id=1253403 * https://bugzilla.suse.com/show_bug.cgi?id=1253405 * https://bugzilla.suse.com/show_bug.cgi?id=1253407 * https://bugzilla.suse.com/show_bug.cgi?id=1253408 * https://bugzilla.suse.com/show_bug.cgi?id=1253409 * https://bugzilla.suse.com/show_bug.cgi?id=1253410 * https://bugzilla.suse.com/show_bug.cgi?id=1253412 * https://bugzilla.suse.com/show_bug.cgi?id=1253416 * https://bugzilla.suse.com/show_bug.cgi?id=1253421 * https://bugzilla.suse.com/show_bug.cgi?id=1253422 * https://bugzilla.suse.com/show_bug.cgi?id=1253423 * https://bugzilla.suse.com/show_bug.cgi?id=1253424 * https://bugzilla.suse.com/show_bug.cgi?id=1253425 * https://bugzilla.suse.com/show_bug.cgi?id=1253426 * https://bugzilla.suse.com/show_bug.cgi?id=1253427 * https://bugzilla.suse.com/show_bug.cgi?id=1253428 * https://bugzilla.suse.com/show_bug.cgi?id=1253431 * https://bugzilla.suse.com/show_bug.cgi?id=1253433 * https://bugzilla.suse.com/show_bug.cgi?id=1253436 * https://bugzilla.suse.com/show_bug.cgi?id=1253438 * https://bugzilla.suse.com/show_bug.cgi?id=1253440 * https://bugzilla.suse.com/show_bug.cgi?id=1253441 * https://bugzilla.suse.com/show_bug.cgi?id=1253443 * https://bugzilla.suse.com/show_bug.cgi?id=1253445 * https://bugzilla.suse.com/show_bug.cgi?id=1253448 * https://bugzilla.suse.com/show_bug.cgi?id=1253449 * https://bugzilla.suse.com/show_bug.cgi?id=1253450 * https://bugzilla.suse.com/show_bug.cgi?id=1253451 * https://bugzilla.suse.com/show_bug.cgi?id=1253453 * https://bugzilla.suse.com/show_bug.cgi?id=1253455 * https://bugzilla.suse.com/show_bug.cgi?id=1253456 * https://bugzilla.suse.com/show_bug.cgi?id=1253457 * https://bugzilla.suse.com/show_bug.cgi?id=1253463 * https://bugzilla.suse.com/show_bug.cgi?id=1253472 * https://bugzilla.suse.com/show_bug.cgi?id=1253622 * https://bugzilla.suse.com/show_bug.cgi?id=1253624 * https://bugzilla.suse.com/show_bug.cgi?id=1253635 * https://bugzilla.suse.com/show_bug.cgi?id=1253643 * https://bugzilla.suse.com/show_bug.cgi?id=1253647 * https://bugzilla.suse.com/show_bug.cgi?id=1254119 * https://bugzilla.suse.com/show_bug.cgi?id=1254181 * https://bugzilla.suse.com/show_bug.cgi?id=1254221 * https://bugzilla.suse.com/show_bug.cgi?id=1254308 * https://bugzilla.suse.com/show_bug.cgi?id=1254315 * https://jira.suse.com/browse/PED-13611 * https://jira.suse.com/browse/PED-13949 * https://jira.suse.com/browse/PED-14062 * https://jira.suse.com/browse/PED-14115 * https://jira.suse.com/browse/PED-14353 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Jan 9 20:33:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 Jan 2026 20:33:16 -0000 Subject: SUSE-SU-2026:0087-1: moderate: Security update for libheif Message-ID: <176799079663.22169.7954639971414996024@smelt2.prg2.suse.org> # Security update for libheif Announcement ID: SUSE-SU-2026:0087-1 Release Date: 2026-01-09T15:19:45Z Rating: moderate References: * bsc#1255735 Cross-References: * CVE-2025-68431 CVSS scores: * CVE-2025-68431 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68431 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-68431 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for libheif fixes the following issues: * CVE-2025-68431: Fixed heap buffer over-read in `HeifPixelImage::overlay()` via crafted HEIF that exercises the overlay image item (bsc#1255735) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-87=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-87=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * libheif-devel-1.19.5-150700.3.3.1 * gdk-pixbuf-loader-libheif-1.19.5-150700.3.3.1 * libheif-debugsource-1.19.5-150700.3.3.1 * gdk-pixbuf-loader-libheif-debuginfo-1.19.5-150700.3.3.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libheif-debugsource-1.19.5-150700.3.3.1 * libheif1-1.19.5-150700.3.3.1 * libheif1-debuginfo-1.19.5-150700.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68431.html * https://bugzilla.suse.com/show_bug.cgi?id=1255735 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Jan 9 20:33:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 Jan 2026 20:33:20 -0000 Subject: SUSE-SU-2026:0086-1: moderate: Security update for php8 Message-ID: <176799080074.22169.17441398521254137438@smelt2.prg2.suse.org> # Security update for php8 Announcement ID: SUSE-SU-2026:0086-1 Release Date: 2026-01-09T15:01:56Z Rating: moderate References: * bsc#1255710 * bsc#1255711 * bsc#1255712 Cross-References: * CVE-2025-14177 * CVE-2025-14178 * CVE-2025-14180 CVSS scores: * CVE-2025-14177 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N * CVE-2025-14177 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2025-14177 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-14177 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-14178 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-14178 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2025-14178 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2025-14180 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-14180 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-14180 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * Web and Scripting Module 15-SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for php8 fixes the following issues: Security fixes: * CVE-2025-14177: getimagesize() function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode (bsc#1255710). * CVE-2025-14178: heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE (bsc#1255711). * CVE-2025-14180: null pointer dereference in pdo_parse_params() function when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled (bsc#1255712). Other fixes: Version 8.3.29 Core: Sync all boost.context files with release 1.86.0. Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter). Fixed bug GH-20286 (use-after-destroy during userland stream_close()). Bz2: Fix assertion failures resulting in crashes with stream filter object parameters. Date: Fix crashes when trying to instantiate uninstantiable classes via date static constructors. DOM: Fix missing NUL byte check on C14NFile(). Fibers: Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value). FTP: Fixed bug GH-20601 (ftp_connect overflow on timeout). GD: Fixed bug GH-20511 (imagegammacorrect out of range input/output values). Fixed bug GH-20602 (imagescale overflow with large height values). Intl: Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message suggests missing constants). LibXML: Fix some deprecations on newer libxml versions regarding input buffer/parser handling. MbString: Fixed bug GH-20491 (SLES15 compile error with mbstring oniguruma). Fixed bug GH-20492 (mbstring compile warning due to non-strings). MySQLnd: Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address enclosed in square brackets). Opcache: Fixed bug GH-20329 (opcache.file_cache broken with full interned string buffer). PDO: Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180) Phar: Fixed bug GH-20442 (Phar does not respect case- insensitiveness of __halt_compiler() when reading stub). Fix broken return value of fflush() for phar file entries. Fix assertion failure when fseeking a phar file out of bounds. PHPDBG: Fixed ZPP type violation in phpdbg_get_executable() and phpdbg_end_oplog(). SPL: Fixed bug GH-20614 (SplFixedArray incorrectly handles references in deserialization). Standard: Fix memory leak in array_diff() with custom type checks. Fixed bug GH-20583 (Stack overflow in http_build_query via deep structures). Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()). Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178) Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177) Tidy: Fixed bug GH-20374 (PHP with tidy and custom-tags). XML: Fixed bug GH-20439 (xml_set_default_handler() does not properly handle special characters in attributes when passing data to callback). Zip: Fix crash in property existence test. Don't truncate return value of zip_fread() with user sizes. Zlib: Fix assertion failures resulting in crashes with stream filter object parameters. Version 8.3.28 Core: Fixed bug GH-19934 (CGI with auto_globals_jit=0 causes uouv). Fixed bug GH-20073 (Assertion failure in WeakMap offset operations on reference). Fixed bug GH-19844 (Don't bail when closing resources on shutdown). Fixed bug GH-20177 (Accessing overridden private property in get_object_vars() triggers assertion error). Fixed bug GH-20183 (Stale EG(opline_before_exception) pointer through eval). DOM: Partially fixed bug GH-16317 (DOM classes do not allow __debugInfo() overrides to work). Exif: Fix possible memory leak when tag is empty. FPM: Fixed bug GH-19974 (fpm_status_export_to_zval segfault for parallel execution). FTP: Fixed bug GH-20240 (FTP with SSL: ftp_fput(): Connection timed out on successful writes). GD: Fixed bug GH-20070 (Return type violation in imagefilter when an invalid filter is provided). Intl: Fix memory leak on error in locale_filter_matches(). LibXML: Fix not thread safe schema/relaxng calls. MySQLnd: Fixed bug GH-8978 (SSL certificate verification fails (port doubled)). Fixed bug GH-20122 (getColumnMeta() for JSON-column in MySQL). Opcache: Fixed bug GH-20081 (access to uninitialized vars in preload_load()). Fixed bug GH-20121 (JIT broken in ZTS builds on MacOS 15). PgSql: Fix memory leak when first string conversion fails. Fix segfaults when attempting to fetch row into a non-instantiable class name. Phar: Fix memory leak of argument in webPhar. Fix memory leak when setAlias() fails. Fix a bunch of memory leaks in phar_parse_zipfile() error handling. Fix file descriptor/memory leak when opening central fp fails. Fix memleak+UAF when opening temp stream in buildFromDirectory() fails. Fix potential buffer length truncation due to usage of type int instead of type size_t. Fix memory leak when openssl polyfill returns garbage. Fix file descriptor leak in phar_zip_flush() on failure. Fix memory leak when opening temp file fails while trying to open gzip-compressed archive. Fixed bug GH-20302 (Freeing a phar alias may invalidate PharFileInfo objects). Random: Fix Randomizer::__serialize() w.r.t. INDIRECTs. SimpleXML: Partially fixed bug GH-16317 (SimpleXML does not allow __debugInfo() overrides to work). Standard: Fix shm corruption with coercion in options of unserialize(). Streams: Fixed bug GH-19798: XP_SOCKET XP_SSL (Socket stream modules): Incorrect condition for Win32/Win64. Tidy: Fixed GH-19021 (improved tidyOptGetCategory detection). Fix UAF in tidy when tidySetErrorBuffer() fails. XMLReader: Fix arginfo/zpp violations when LIBXML_SCHEMAS_ENABLED is not available. Windows: Fix GH-19722 ( _get_osfhandle asserts in debug mode when given a socket). Zip: Fix memory leak when passing enc_method/enc_password is passed as option for ZipArchive::addGlob()/addPattern() and with consecutive calls. Version 8.3.27 Core: Fixed bug GH-19765 (object_properties_load() bypasses readonly property checks). Fixed hard_timeout with --enable-zend-max- execution-timers. Fixed bug GH-19792 (SCCP causes UAF for return value if both warning and exception are triggered). Fixed bug GH-19653 (Closure named argument unpacking between temporary closures can cause a crash). Fixed bug GH-19839 (Incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland array). Fixed bug GH-19480 (error_log php.ini cannot be unset when open_basedir is configured). Fixed bug GH-20002 (Broken build on *BSD with MSAN). CLI: Fix useless "Failed to poll event" error logs due to EAGAIN in CLI server with PHP_CLI_SERVER_WORKERS. Curl: Fix cloning of CURLOPT_POSTFIELDS when using the clone operator instead of the curl_copy_handle() function to clone a CurlHandle. Fix curl build and test failures with version 8.16. Date: Fixed GH-17159: "P" format for ::createFromFormat swallows string literals. DBA: Fixed GH-19885 (dba_fetch() overflow on skip argument). GD: Fixed GH-19955 (imagefttext() memory leak). MySQLnd: Fixed bug #67563 (mysqli compiled with mysqlnd does not take ipv6 adress as parameter). Phar: Fix memory leak and invalid continuation after tar header writing fails. Fix memory leaks when creating temp file fails when applying zip signature. SimpleXML: Fixed bug GH-19988 (zend_string_init with NULL pointer in simplexml (UB)). Soap: Fixed bug GH-19784 (SoapServer memory leak). Fixed bug GH-20011 (Array of SoapVar of unknown type causes crash). Standard: Fixed bug GH-12265 (Cloning an object breaks serialization recursion). Fixed bug GH-19701 (Serialize/deserialize loses some data). Fixed bug GH-19801 (leaks in var_dump() and debug_zval_dump()). Fixed bug GH-20043 (array_unique assertion failure with RC1 array causing an exception on sort). Fixed bug GH-19926 (reset internal pointer earlier while splicing array while COW violation flag is still set). Fixed bug GH-19570 (unable to fseek in /dev/zero and /dev/null). Streams: Fixed bug GH-19248 (Use strerror_r instead of strerror in main). Fixed bug GH-17345 (Bug #35916 was not completely fixed). Fixed bug GH-19705 (segmentation when attempting to flush on non seekable stream. XMLReader: Fixed bug GH-20009 (XMLReader leak on RelaxNG schema failure). Zip: Fixed bug GH-19688 (Remove pattern overflow in zip addGlob()). Fixed bug GH-19932 (Memory leak in zip setEncryptionName()/setEncryptionIndex()). Zlib: Fixed bug GH-19922 (Double free on gzopen). Version 8.3.26 Core: Fixed bug GH-18850 (Repeated inclusion of file with __halt_compiler() triggers "Constant already defined" warning). Partially fixed bug GH-19542 (Scanning of string literals >=2GB will fail due to signed int overflow). Fixed bug GH-19544 (GC treats ZEND_WEAKREF_TAG_MAP references as WeakMap references). Fixed bug GH-19613 (Stale array iterator pointer). Fixed bug GH-19679 (zend_ssa_range_widening may fail to converge). Fixed bug GH-19681 (PHP_EXPAND_PATH broken with bash 5.3.0). Fixed bug GH-19720 (Assertion failure when error handler throws when accessing a deprecated constant). CLI: Fixed bug GH-19461 (Improve error message on listening error with IPv6 address). Date: Fixed date_sunrise() and date_sunset() with partial-hour UTC offset. DOM: Fixed bug GH-19612 (Mitigate libxml2 tree dictionary bug). FPM: Fixed failed debug assertion when php_admin_value setting fails. GD: Fixed bug GH-19579 (imagefilledellipse underflow on width argument). Intl: Fixed bug GH-11952 (Fix locale strings canonicalization for IntlDateFormatter and NumberFormatter). OpenSSL: Fixed bug GH-19245 (Success error message on TLS stream accept failure). PGSQL: Fixed bug GH-19485 (potential use after free when using persistent pgsql connections). Phar: Fixed memory leaks when verifying OpenSSL signature. Fix memory leak in phar tar temporary file error handling code. Fix metadata leak when phar convert logic fails. Fix memory leak on failure in phar_convert_to_other(). Fixed bug GH-19752 (Phar decompression with invalid extension can cause UAF). Standard: Fixed bug GH-16649 (UAF during array_splice). Fixed bug GH-19577 (Avoid integer overflow when using a small offset and PHP_INT_MAX with LimitIterator). Streams: Remove incorrect call to zval_ptr_dtor() in user_wrapper_metadata(). Fix OSS-Fuzz #385993744. Tidy: Fixed GH-19021 build issue with libtidy in regard of tidyOptIsReadonly deprecation and TidyInternalCategory being available later than tidyOptGetCategory. Zip: Fix memory leak in zip when encountering empty glob result. Version 8.3.25 Core: Fixed GH-19169 build issue with C++17 and ZEND_STATIC_ASSERT macro. Fixed bug GH-18581 (Coerce numeric string keys from iterators when argument unpacking). Fixed OSS-Fuzz #434346548 (Failed assertion with throwing __toString in binary const expr). Fixed bug GH-19305 (Operands may be being released during comparison). Fixed bug GH-19303 (Unpacking empty packed array into uninitialized array causes assertion failure). Fixed bug GH-19306 (Generator can be resumed while fetching next value from delegated Generator). Fixed bug GH-19326 (Calling Generator::throw() on a running generator with a non-Generator delegate crashes). Fixed bug GH-18736 (Circumvented type check with return by ref + finally). Fixed zend call stack size for macOs/arm64. Fixed bug GH-19065 (Long match statement can segfault compiler during recursive SSA renaming). Calendar: Fixed bug GH-19371 (integer overflow in calendar.c). FTP: Fix theoretical issues with hrtime() not being available. GD: Fix incorrect comparison with result of php_stream_can_cast(). Hash: Fix crash on clone failure. Intl: Fixed GH-19261: msgfmt_parse_message leaks on message creation failure. Fix return value on failure for resourcebundle count handler. LDAP: Fixed bug GH-18529 (additional inheriting of TLS int options). LibXML: Fixed bug GH-19098 (libxml<2.13 segmentation fault caused by php_libxml_node_free). MbString: Fixed bug GH-19397 (mb_list_encodings() can cause crashes on shutdown). Opcache: Reset global pointers to prevent use-after-free in zend_jit_status(). OpenSSL: Fixed bug GH-18986 (OpenSSL backend: incorrect RAND__file() return value check). Fix error return check of EVP_CIPHER_CTX_ctrl(). Fixed bug GH-19428 (openssl_pkey_derive segfaults for DH derive with low key_length param). PDO Pgsql: Fixed dangling pointer access on _pdo_pgsql_trim_message helper. Readline: Fixed bug GH-19250 and bug #51360 (Invalid conftest for rl_pending_input). SOAP: Fixed bug GH-18640 (heap-use-after-free ext/soap/php_encoding.c:299:32 in soap_check_zval_ref). Sockets: Fix some potential crashes on incorrect argument value. Standard: Fixed OSS Fuzz #433303828 (Leak in failed unserialize() with opcache). Fix theoretical issues with hrtime() not being available. Fixed bug GH-19300 (Nested array_multisort invocation with error breaks). Windows: Free opened_path when opened_path_len >= MAXPATHLEN. Version 8.3.24 Calendar: Fixed jewishtojd overflow on year argument. Core: Fixed bug GH-18833 (Use after free with weakmaps dependent on destruction order). Fix OSS-Fuzz #427814456. Fix OSS-Fuzz #428983568 and #428760800. Fixed bug GH-17204 -Wuseless-escape warnings emitted by re2c. Curl: Fix memory leaks when returning refcounted value from curl callback. Remove incorrect string release. LDAP: Fixed GH-18902 ldap_exop/ldap_exop_sync assert triggered on empty request OID. MbString: Fixed bug GH-18901 (integer overflow mb_split). OCI8: Fixed bug GH-18873 (OCI_RETURN_LOBS flag causes oci8 to leak memory). Opcache: Fixed bug GH-18639 (Internal class aliases can break preloading + JIT). Fixed bug GH-14082 (Segmentation fault on unknown address 0x600000000018 in ext/opcache/jit/zend_jit.c). OpenSSL: Fixed bug #80770 (It is not possible to get client peer certificate with stream_socket_server). PCNTL: Fixed bug GH-18958 (Fatal error during shutdown after pcntl_rfork() or pcntl_forkx() with zend-max-execution-timers). Phar: Fix stream double free in phar. Fix phar crash and file corruption with SplFileObject. SOAP: Fixed bug GH-18990, bug #81029, bug #47314 (SOAP HTTP socket not closing on object destruction). Fix memory leak when URL parsing fails in redirect. SPL: Fixed bug GH-19094 (Attaching class with no Iterator implementation to MultipleIterator causes crash). Standard: Fix misleading errors in printf(). Fix RCN violations in array functions. Fixed GH-18976 pack() overflow with h/H format and INT_MAX repeater value. Streams: Fixed GH-13264 (fgets() and stream_get_line() do not return false on filter fatal error). Zip: Fix leak when path is too long in ZipArchive::extractTo(). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-86=1 ## Package List: * Web and Scripting Module 15-SP7 (aarch64 ppc64le s390x x86_64) * php8-phar-8.3.29-150700.3.9.1 * php8-ftp-8.3.29-150700.3.9.1 * php8-calendar-debuginfo-8.3.29-150700.3.9.1 * php8-opcache-8.3.29-150700.3.9.1 * php8-sockets-debuginfo-8.3.29-150700.3.9.1 * php8-xmlreader-debuginfo-8.3.29-150700.3.9.1 * php8-embed-debugsource-8.3.29-150700.3.9.1 * php8-ftp-debuginfo-8.3.29-150700.3.9.1 * php8-intl-debuginfo-8.3.29-150700.3.9.1 * php8-dom-debuginfo-8.3.29-150700.3.9.1 * php8-posix-debuginfo-8.3.29-150700.3.9.1 * php8-sockets-8.3.29-150700.3.9.1 * php8-calendar-8.3.29-150700.3.9.1 * apache2-mod_php8-debuginfo-8.3.29-150700.3.9.1 * php8-pcntl-8.3.29-150700.3.9.1 * php8-tokenizer-8.3.29-150700.3.9.1 * php8-shmop-8.3.29-150700.3.9.1 * php8-xmlwriter-debuginfo-8.3.29-150700.3.9.1 * php8-embed-8.3.29-150700.3.9.1 * php8-test-8.3.29-150700.3.9.1 * php8-exif-8.3.29-150700.3.9.1 * php8-sodium-8.3.29-150700.3.9.1 * php8-curl-8.3.29-150700.3.9.1 * php8-intl-8.3.29-150700.3.9.1 * php8-xmlwriter-8.3.29-150700.3.9.1 * php8-posix-8.3.29-150700.3.9.1 * php8-tidy-8.3.29-150700.3.9.1 * php8-exif-debuginfo-8.3.29-150700.3.9.1 * php8-openssl-debuginfo-8.3.29-150700.3.9.1 * php8-pgsql-8.3.29-150700.3.9.1 * php8-sysvsem-8.3.29-150700.3.9.1 * php8-sqlite-8.3.29-150700.3.9.1 * php8-sqlite-debuginfo-8.3.29-150700.3.9.1 * php8-fpm-debugsource-8.3.29-150700.3.9.1 * php8-sysvshm-debuginfo-8.3.29-150700.3.9.1 * php8-fastcgi-debugsource-8.3.29-150700.3.9.1 * php8-sysvmsg-8.3.29-150700.3.9.1 * php8-pdo-debuginfo-8.3.29-150700.3.9.1 * php8-debuginfo-8.3.29-150700.3.9.1 * php8-sysvmsg-debuginfo-8.3.29-150700.3.9.1 * php8-gettext-8.3.29-150700.3.9.1 * php8-ctype-8.3.29-150700.3.9.1 * php8-cli-8.3.29-150700.3.9.1 * php8-gd-8.3.29-150700.3.9.1 * php8-mbstring-debuginfo-8.3.29-150700.3.9.1 * php8-fastcgi-debuginfo-8.3.29-150700.3.9.1 * php8-gmp-debuginfo-8.3.29-150700.3.9.1 * php8-bz2-debuginfo-8.3.29-150700.3.9.1 * php8-readline-8.3.29-150700.3.9.1 * php8-ctype-debuginfo-8.3.29-150700.3.9.1 * php8-8.3.29-150700.3.9.1 * php8-embed-debuginfo-8.3.29-150700.3.9.1 * php8-pgsql-debuginfo-8.3.29-150700.3.9.1 * php8-phar-debuginfo-8.3.29-150700.3.9.1 * php8-bcmath-debuginfo-8.3.29-150700.3.9.1 * php8-snmp-debuginfo-8.3.29-150700.3.9.1 * php8-fileinfo-debuginfo-8.3.29-150700.3.9.1 * php8-bz2-8.3.29-150700.3.9.1 * php8-dom-8.3.29-150700.3.9.1 * php8-xsl-debuginfo-8.3.29-150700.3.9.1 * php8-xmlreader-8.3.29-150700.3.9.1 * php8-enchant-8.3.29-150700.3.9.1 * php8-curl-debuginfo-8.3.29-150700.3.9.1 * php8-fpm-debuginfo-8.3.29-150700.3.9.1 * php8-gd-debuginfo-8.3.29-150700.3.9.1 * php8-debugsource-8.3.29-150700.3.9.1 * php8-fileinfo-8.3.29-150700.3.9.1 * php8-odbc-debuginfo-8.3.29-150700.3.9.1 * php8-ldap-8.3.29-150700.3.9.1 * php8-devel-8.3.29-150700.3.9.1 * php8-zip-debuginfo-8.3.29-150700.3.9.1 * php8-fpm-8.3.29-150700.3.9.1 * php8-tokenizer-debuginfo-8.3.29-150700.3.9.1 * php8-soap-debuginfo-8.3.29-150700.3.9.1 * php8-zip-8.3.29-150700.3.9.1 * php8-gmp-8.3.29-150700.3.9.1 * php8-openssl-8.3.29-150700.3.9.1 * php8-sysvsem-debuginfo-8.3.29-150700.3.9.1 * php8-readline-debuginfo-8.3.29-150700.3.9.1 * php8-sysvshm-8.3.29-150700.3.9.1 * php8-cli-debuginfo-8.3.29-150700.3.9.1 * php8-gettext-debuginfo-8.3.29-150700.3.9.1 * php8-enchant-debuginfo-8.3.29-150700.3.9.1 * php8-iconv-8.3.29-150700.3.9.1 * php8-dba-8.3.29-150700.3.9.1 * php8-opcache-debuginfo-8.3.29-150700.3.9.1 * php8-odbc-8.3.29-150700.3.9.1 * php8-mysql-8.3.29-150700.3.9.1 * php8-pcntl-debuginfo-8.3.29-150700.3.9.1 * php8-snmp-8.3.29-150700.3.9.1 * php8-dba-debuginfo-8.3.29-150700.3.9.1 * apache2-mod_php8-debugsource-8.3.29-150700.3.9.1 * php8-sodium-debuginfo-8.3.29-150700.3.9.1 * php8-zlib-debuginfo-8.3.29-150700.3.9.1 * php8-mysql-debuginfo-8.3.29-150700.3.9.1 * php8-ldap-debuginfo-8.3.29-150700.3.9.1 * php8-zlib-8.3.29-150700.3.9.1 * php8-mbstring-8.3.29-150700.3.9.1 * php8-bcmath-8.3.29-150700.3.9.1 * apache2-mod_php8-8.3.29-150700.3.9.1 * php8-fastcgi-8.3.29-150700.3.9.1 * php8-shmop-debuginfo-8.3.29-150700.3.9.1 * php8-soap-8.3.29-150700.3.9.1 * php8-tidy-debuginfo-8.3.29-150700.3.9.1 * php8-xsl-8.3.29-150700.3.9.1 * php8-pdo-8.3.29-150700.3.9.1 * php8-iconv-debuginfo-8.3.29-150700.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14177.html * https://www.suse.com/security/cve/CVE-2025-14178.html * https://www.suse.com/security/cve/CVE-2025-14180.html * https://bugzilla.suse.com/show_bug.cgi?id=1255710 * https://bugzilla.suse.com/show_bug.cgi?id=1255711 * https://bugzilla.suse.com/show_bug.cgi?id=1255712 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Jan 9 20:33:24 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 09 Jan 2026 20:33:24 -0000 Subject: SUSE-SU-2026:0085-1: important: Security update for libpng16 Message-ID: <176799080401.22169.13564390971856471441@smelt2.prg2.suse.org> # Security update for libpng16 Announcement ID: SUSE-SU-2026:0085-1 Release Date: 2026-01-09T15:01:42Z Rating: important References: * bsc#1254480 Cross-References: * CVE-2025-66293 CVSS scores: * CVE-2025-66293 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-66293 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2025-66293 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libpng16 fixes the following issues: * CVE-2025-66293: out-of-bounds read of the `png_sRGB_base` array when processing palette PNG images with partial transparency and gamma correction (bsc#1254480). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-85=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-85=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libpng16-16-debuginfo-1.6.8-15.12.1 * libpng16-16-1.6.8-15.12.1 * libpng16-debugsource-1.6.8-15.12.1 * libpng16-devel-1.6.8-15.12.1 * libpng16-compat-devel-1.6.8-15.12.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libpng16-16-debuginfo-32bit-1.6.8-15.12.1 * libpng16-16-32bit-1.6.8-15.12.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpng16-16-debuginfo-1.6.8-15.12.1 * libpng16-16-1.6.8-15.12.1 * libpng16-debugsource-1.6.8-15.12.1 * libpng16-16-32bit-1.6.8-15.12.1 * libpng16-16-debuginfo-32bit-1.6.8-15.12.1 * libpng16-devel-1.6.8-15.12.1 * libpng16-compat-devel-1.6.8-15.12.1 ## References: * https://www.suse.com/security/cve/CVE-2025-66293.html * https://bugzilla.suse.com/show_bug.cgi?id=1254480 -------------- next part -------------- An HTML attachment was scrubbed... URL: