From null at suse.de  Mon Feb  3 12:33:23 2025
From: null at suse.de (SUSE-MANAGER-UPDATES)
Date: Mon, 03 Feb 2025 12:33:23 -0000
Subject: SUSE-SU-2025:0325-1: important: Security update for clamav
Message-ID: <173858600369.22572.14364280946580937032@smelt2.prg2.suse.org>



# Security update for clamav

Announcement ID: SUSE-SU-2025:0325-1  
Release Date: 2025-02-03T09:39:26Z  
Rating: important  
References:

  * bsc#1102840
  * bsc#1103032
  * bsc#1180296
  * bsc#1202986
  * bsc#1211594
  * bsc#1214342
  * bsc#1232242
  * bsc#1236307
  * jsc#PED-4596
  * jsc#SMO-494
  * jsc#SMO-495

  
Cross-References:

  * CVE-2018-14679
  * CVE-2023-20197
  * CVE-2024-20380
  * CVE-2024-20505
  * CVE-2024-20506
  * CVE-2025-20128

  
CVSS scores:

  * CVE-2018-14679 ( SUSE ):  4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
  * CVE-2018-14679 ( NVD ):  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  * CVE-2023-20197 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-20197 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-20380 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-20505 ( SUSE ):  8.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-20505 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-20505 ( NVD ):  4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  * CVE-2024-20505 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-20506 ( SUSE ):  6.8
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
  * CVE-2024-20506 ( SUSE ):  6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
  * CVE-2024-20506 ( NVD ):  6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
  * CVE-2024-20506 ( NVD ):  6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
  * CVE-2025-20128 ( SUSE ):  6.8
    CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2025-20128 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  * CVE-2025-20128 ( NVD ):  5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  * CVE-2025-20128 ( NVD ):  5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

  
Affected Products:

  * SUSE Enterprise Storage 7.1
  * SUSE Linux Enterprise High Performance Computing 15 SP3
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP5
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
  * SUSE Linux Enterprise Micro 5.5
  * SUSE Linux Enterprise Server 15 SP3
  * SUSE Linux Enterprise Server 15 SP3 LTSS
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP4 LTSS
  * SUSE Linux Enterprise Server 15 SP5
  * SUSE Linux Enterprise Server 15 SP5 LTSS
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that solves six vulnerabilities, contains three features and has two
security fixes can now be installed.

## Description:

This update for clamav fixes the following issues:

New version 1.4.2:

  * CVE-2025-20128, bsc#1236307: Fixed a possible buffer overflow read bug in
    the OLE2 file parser that could cause a denial-of-service (DoS) condition.

  * Start clamonacc with --fdpass to avoid errors due to clamd not being able to
    access user files. (bsc#1232242)

  * New version 1.4.1:

  * https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html

  * New version 1.4.0:

  * Added support for extracting ALZ archives.

  * Added support for extracting LHA/LZH archives.
  * Added the ability to disable image fuzzy hashing, if needed. For context,
    image fuzzy hashing is a detection mechanism useful for identifying malware
    by matching images included with the malware or phishing email/document.
  * https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html

  * New version 1.3.2:

  * CVE-2024-20506: Changed the logging module to disable following symlinks on
    Linux and Unix systems so as to prevent an attacker with existing access to
    the 'clamd' or 'freshclam' services from using a symlink to corrupt system
    files.

  * CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file
    parser that could cause a denial-of-service condition.
  * Removed unused Python modules from freshclam tests including deprecated
    'cgi' module that is expected to cause test failures in Python 3.13.
  * Fix unit test caused by expiring signing certificate.
  * Fixed a build issue on Windows with newer versions of Rust. Also upgraded
    GitHub Actions imports to fix CI failures.
  * Fixed an unaligned pointer dereference issue on select architectures.
  * Fixes to Jenkins CI pipeline.

  * New Version: 1.3.1:

  * CVE-2024-20380: Fixed a possible crash in the HTML file parser that could
    cause a denial-of-service (DoS) condition.

  * Updated select Rust dependencies to the latest versions.
  * Fixed a bug causing some text to be truncated when converting from UTF-16.
  * Fixed assorted complaints identified by Coverity static analysis.
  * Fixed a bug causing CVDs downloaded by the DatabaseCustomURL
  * Added the new 'valhalla' database name to the list of optional databases in
    preparation for future work.

  * New version: 1.3.0:

  * Added support for extracting and scanning attachments found in Microsoft
    OneNote section files. OneNote parsing will be enabled by default, but may
    be optionally disabled.

  * Added file type recognition for compiled Python ('.pyc') files.
  * Improved support for decrypting PDFs with empty passwords.
  * Fixed a warning when scanning some HTML files.
  * ClamOnAcc: Fixed an infinite loop when a watched directory does not exist.
  * ClamOnAcc: Fixed an infinite loop when a file has been deleted before a
    scan.

  * New version: 1.2.0:

  * Added support for extracting Universal Disk Format (UDF) partitions.

  * Added an option to customize the size of ClamAV's clean file cache.
  * Raised the MaxScanSize limit so the total amount of data scanned when
    scanning a file or archive may exceed 4 gigabytes.
  * Added ability for Freshclam to use a client certificate PEM file and a
    private key PEM file for authentication to a private mirror.
  * Fix an issue extracting files from ISO9660 partitions where the files are
    listed in the plain ISO tree and there also exists an empty Joliet tree.
  * PID and socket are now located under /run/clamav/clamd.pid and
    /run/clamav/clamd.sock .
  * bsc#1211594: Fixed an issue where ClamAV does not abort the signature load
    process after partially loading an invalid signature.

  * New version 1.1.0:

  * https://blog.clamav.net/2023/05/clamav-110-released.html

  * Added the ability to extract images embedded in HTML CSS <style> blocks.
  * Updated to Sigtool so that the '\--vba' option will extract VBA code from
    Microsoft Office documents the same way that libclamav extracts VBA.
  * Added a new option --fail-if-cvd-older-than=days to clamscan and clamd, and
    FailIfCvdOlderThan to clamd.conf
  * Added a new function 'cl_cvdgetage()' to the libclamav API.
  * Added a new function 'cl_engine_set_clcb_vba()' to the libclamav API.
  * bsc#1180296: Integrate clamonacc as a service.
  * New version 1.0.1 LTS (including changes in 0.104 and 0.105):
  * As of ClamAV 0.104, CMake is required to build ClamAV.
  * As of ClamAV 0.105, Rust is now required to compile ClamAV.
  * Increased the default limits for file and scan size:
    * MaxScanSize: 100M to 400M
    * MaxFileSize: 25M to 100M
    * StreamMaxLength: 25M to 100M
    * PCREMaxFileSize: 25M to 100M
    * MaxEmbeddedPE: 10M to 40M
    * MaxHTMLNormalize: 10M to 40M
    * MaxScriptNormalize: 5M to 20M
    * MaxHTMLNoTags: 2M to 8M
  * Added image fuzzy hash subsignatures for logical signatures.
  * Support for decrypting read-only OLE2-based XLS files that are encrypted
    with the default password.
  * Overhauled the implementation of the all-match feature.
  * Added a new callback to the public API for inspecting file content during a
    scan at each layer of archive extraction.
  * Added a new function to the public API for unpacking CVD signature archives.
  * The option to build with an external TomsFastMath library has been removed.
    ClamAV requires non-default build options for TomsFastMath to support bigger
    floating point numbers.
  * For a full list of changes see the release announcements:
    * https://blog.clamav.net/2022/11/clamav-100-lts-released.html
    * https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
    * https://blog.clamav.net/2021/09/clamav-01040-released.html
  * Build clamd with systemd support.

  * CVE-2023-20197: Fixed a possible denial of service vulnerability in the HFS+
    file parser. (bsc#1214342)

  * CVE-2018-14679: Fixed that an issue was discovered in mspack/chmd.c in
    libmspack before 0.7alpha. There isan off-by-one error in the CHM PMGI/PMGL
    chunk number validity checks, which could lead to denial of service
    (uninitialized da (bsc#1103032)

  * Package huge .html documentation in a separate subpackage.

  * Update to 0.103.7 (bsc#1202986)

  * Zip parser: tolerate 2-byte overlap in file entries

  * Fix bug with logical signature Intermediates feature
  * Update to UnRAR v6.1.7
  * Patch UnRAR: allow skipping files in solid archives
  * Patch UnRAR: limit dict winsize to 1GB

  * Use a split-provides for clamav-milter instead of recommending it.

  * Package clamav-milter in a subpackage
  * Remove virus signatures upon uninstall
  * Check for database existence before starting clamd
  * Restart clamd when it exits
  * Don't daemonize freshclam, but use a systemd timer instead to trigger
    updates

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Micro 5.5  
    zypper in -t patch SUSE-SLE-Micro-5.5-2025-325=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-325=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-325=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-325=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-325=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-325=1

  * SUSE Linux Enterprise Server 15 SP3 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-325=1

  * SUSE Linux Enterprise Server 15 SP4 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-325=1

  * SUSE Linux Enterprise Server 15 SP5 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-325=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP3  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-325=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP4  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-325=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP5  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-325=1

  * SUSE Manager Proxy 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-325=1

  * SUSE Manager Retail Branch Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-325=1

  * SUSE Manager Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-325=1

  * SUSE Enterprise Storage 7.1  
    zypper in -t patch SUSE-Storage-7.1-2025-325=1

## Package List:

  * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
    * libclammspack0-1.4.2-150200.8.3.1
    * clamav-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-1.4.2-150200.8.3.1
    * libclamav12-debuginfo-1.4.2-150200.8.3.1
    * clamav-debugsource-1.4.2-150200.8.3.1
    * libclammspack0-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-debuginfo-1.4.2-150200.8.3.1
    * clamav-1.4.2-150200.8.3.1
    * libclamav12-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
    x86_64)
    * libclammspack0-1.4.2-150200.8.3.1
    * clamav-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-1.4.2-150200.8.3.1
    * clamav-milter-1.4.2-150200.8.3.1
    * libclamav12-debuginfo-1.4.2-150200.8.3.1
    * clamav-devel-1.4.2-150200.8.3.1
    * clamav-debugsource-1.4.2-150200.8.3.1
    * libclammspack0-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-debuginfo-1.4.2-150200.8.3.1
    * clamav-1.4.2-150200.8.3.1
    * clamav-milter-debuginfo-1.4.2-150200.8.3.1
    * libclamav12-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
    * clamav-docs-html-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    x86_64)
    * libclammspack0-1.4.2-150200.8.3.1
    * clamav-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-1.4.2-150200.8.3.1
    * clamav-milter-1.4.2-150200.8.3.1
    * libclamav12-debuginfo-1.4.2-150200.8.3.1
    * clamav-devel-1.4.2-150200.8.3.1
    * clamav-debugsource-1.4.2-150200.8.3.1
    * libclammspack0-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-debuginfo-1.4.2-150200.8.3.1
    * clamav-1.4.2-150200.8.3.1
    * clamav-milter-debuginfo-1.4.2-150200.8.3.1
    * libclamav12-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
    * clamav-docs-html-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
    x86_64)
    * libclammspack0-1.4.2-150200.8.3.1
    * clamav-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-1.4.2-150200.8.3.1
    * clamav-milter-1.4.2-150200.8.3.1
    * libclamav12-debuginfo-1.4.2-150200.8.3.1
    * clamav-devel-1.4.2-150200.8.3.1
    * clamav-debugsource-1.4.2-150200.8.3.1
    * libclammspack0-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-debuginfo-1.4.2-150200.8.3.1
    * clamav-1.4.2-150200.8.3.1
    * clamav-milter-debuginfo-1.4.2-150200.8.3.1
    * libclamav12-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
    * clamav-docs-html-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
    x86_64)
    * libclammspack0-1.4.2-150200.8.3.1
    * clamav-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-1.4.2-150200.8.3.1
    * clamav-milter-1.4.2-150200.8.3.1
    * libclamav12-debuginfo-1.4.2-150200.8.3.1
    * clamav-devel-1.4.2-150200.8.3.1
    * clamav-debugsource-1.4.2-150200.8.3.1
    * libclammspack0-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-debuginfo-1.4.2-150200.8.3.1
    * clamav-1.4.2-150200.8.3.1
    * clamav-milter-debuginfo-1.4.2-150200.8.3.1
    * libclamav12-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
    * clamav-docs-html-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
    x86_64)
    * libclammspack0-1.4.2-150200.8.3.1
    * clamav-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-1.4.2-150200.8.3.1
    * clamav-milter-1.4.2-150200.8.3.1
    * libclamav12-debuginfo-1.4.2-150200.8.3.1
    * clamav-devel-1.4.2-150200.8.3.1
    * clamav-debugsource-1.4.2-150200.8.3.1
    * libclammspack0-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-debuginfo-1.4.2-150200.8.3.1
    * clamav-1.4.2-150200.8.3.1
    * clamav-milter-debuginfo-1.4.2-150200.8.3.1
    * libclamav12-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
    * clamav-docs-html-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
    * libclammspack0-1.4.2-150200.8.3.1
    * clamav-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-1.4.2-150200.8.3.1
    * clamav-milter-1.4.2-150200.8.3.1
    * libclamav12-debuginfo-1.4.2-150200.8.3.1
    * clamav-devel-1.4.2-150200.8.3.1
    * clamav-debugsource-1.4.2-150200.8.3.1
    * libclammspack0-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-debuginfo-1.4.2-150200.8.3.1
    * clamav-1.4.2-150200.8.3.1
    * clamav-milter-debuginfo-1.4.2-150200.8.3.1
    * libclamav12-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
    * clamav-docs-html-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
    * libclammspack0-1.4.2-150200.8.3.1
    * clamav-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-1.4.2-150200.8.3.1
    * clamav-milter-1.4.2-150200.8.3.1
    * libclamav12-debuginfo-1.4.2-150200.8.3.1
    * clamav-devel-1.4.2-150200.8.3.1
    * clamav-debugsource-1.4.2-150200.8.3.1
    * libclammspack0-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-debuginfo-1.4.2-150200.8.3.1
    * clamav-1.4.2-150200.8.3.1
    * clamav-milter-debuginfo-1.4.2-150200.8.3.1
    * libclamav12-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
    * clamav-docs-html-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
    * libclammspack0-1.4.2-150200.8.3.1
    * clamav-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-1.4.2-150200.8.3.1
    * clamav-milter-1.4.2-150200.8.3.1
    * libclamav12-debuginfo-1.4.2-150200.8.3.1
    * clamav-devel-1.4.2-150200.8.3.1
    * clamav-debugsource-1.4.2-150200.8.3.1
    * libclammspack0-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-debuginfo-1.4.2-150200.8.3.1
    * clamav-1.4.2-150200.8.3.1
    * clamav-milter-debuginfo-1.4.2-150200.8.3.1
    * libclamav12-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
    * clamav-docs-html-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
    * libclammspack0-1.4.2-150200.8.3.1
    * clamav-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-1.4.2-150200.8.3.1
    * clamav-milter-1.4.2-150200.8.3.1
    * libclamav12-debuginfo-1.4.2-150200.8.3.1
    * clamav-devel-1.4.2-150200.8.3.1
    * clamav-debugsource-1.4.2-150200.8.3.1
    * libclammspack0-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-debuginfo-1.4.2-150200.8.3.1
    * clamav-1.4.2-150200.8.3.1
    * clamav-milter-debuginfo-1.4.2-150200.8.3.1
    * libclamav12-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
    * clamav-docs-html-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
    * libclammspack0-1.4.2-150200.8.3.1
    * clamav-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-1.4.2-150200.8.3.1
    * clamav-milter-1.4.2-150200.8.3.1
    * libclamav12-debuginfo-1.4.2-150200.8.3.1
    * clamav-devel-1.4.2-150200.8.3.1
    * clamav-debugsource-1.4.2-150200.8.3.1
    * libclammspack0-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-debuginfo-1.4.2-150200.8.3.1
    * clamav-1.4.2-150200.8.3.1
    * clamav-milter-debuginfo-1.4.2-150200.8.3.1
    * libclamav12-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
    * clamav-docs-html-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
    * libclammspack0-1.4.2-150200.8.3.1
    * clamav-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-1.4.2-150200.8.3.1
    * clamav-milter-1.4.2-150200.8.3.1
    * libclamav12-debuginfo-1.4.2-150200.8.3.1
    * clamav-devel-1.4.2-150200.8.3.1
    * clamav-debugsource-1.4.2-150200.8.3.1
    * libclammspack0-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-debuginfo-1.4.2-150200.8.3.1
    * clamav-1.4.2-150200.8.3.1
    * clamav-milter-debuginfo-1.4.2-150200.8.3.1
    * libclamav12-1.4.2-150200.8.3.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
    * clamav-docs-html-1.4.2-150200.8.3.1
  * SUSE Manager Proxy 4.3 (x86_64)
    * libclammspack0-1.4.2-150200.8.3.1
    * clamav-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-1.4.2-150200.8.3.1
    * clamav-milter-1.4.2-150200.8.3.1
    * libclamav12-debuginfo-1.4.2-150200.8.3.1
    * clamav-devel-1.4.2-150200.8.3.1
    * clamav-debugsource-1.4.2-150200.8.3.1
    * libclammspack0-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-debuginfo-1.4.2-150200.8.3.1
    * clamav-1.4.2-150200.8.3.1
    * clamav-milter-debuginfo-1.4.2-150200.8.3.1
    * libclamav12-1.4.2-150200.8.3.1
  * SUSE Manager Proxy 4.3 (noarch)
    * clamav-docs-html-1.4.2-150200.8.3.1
  * SUSE Manager Retail Branch Server 4.3 (x86_64)
    * libclammspack0-1.4.2-150200.8.3.1
    * clamav-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-1.4.2-150200.8.3.1
    * clamav-milter-1.4.2-150200.8.3.1
    * libclamav12-debuginfo-1.4.2-150200.8.3.1
    * clamav-devel-1.4.2-150200.8.3.1
    * clamav-debugsource-1.4.2-150200.8.3.1
    * libclammspack0-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-debuginfo-1.4.2-150200.8.3.1
    * clamav-1.4.2-150200.8.3.1
    * clamav-milter-debuginfo-1.4.2-150200.8.3.1
    * libclamav12-1.4.2-150200.8.3.1
  * SUSE Manager Retail Branch Server 4.3 (noarch)
    * clamav-docs-html-1.4.2-150200.8.3.1
  * SUSE Manager Server 4.3 (ppc64le s390x x86_64)
    * libclammspack0-1.4.2-150200.8.3.1
    * clamav-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-1.4.2-150200.8.3.1
    * clamav-milter-1.4.2-150200.8.3.1
    * libclamav12-debuginfo-1.4.2-150200.8.3.1
    * clamav-devel-1.4.2-150200.8.3.1
    * clamav-debugsource-1.4.2-150200.8.3.1
    * libclammspack0-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-debuginfo-1.4.2-150200.8.3.1
    * clamav-1.4.2-150200.8.3.1
    * clamav-milter-debuginfo-1.4.2-150200.8.3.1
    * libclamav12-1.4.2-150200.8.3.1
  * SUSE Manager Server 4.3 (noarch)
    * clamav-docs-html-1.4.2-150200.8.3.1
  * SUSE Enterprise Storage 7.1 (aarch64 x86_64)
    * libclammspack0-1.4.2-150200.8.3.1
    * clamav-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-1.4.2-150200.8.3.1
    * clamav-milter-1.4.2-150200.8.3.1
    * libclamav12-debuginfo-1.4.2-150200.8.3.1
    * clamav-devel-1.4.2-150200.8.3.1
    * clamav-debugsource-1.4.2-150200.8.3.1
    * libclammspack0-debuginfo-1.4.2-150200.8.3.1
    * libfreshclam3-debuginfo-1.4.2-150200.8.3.1
    * clamav-1.4.2-150200.8.3.1
    * clamav-milter-debuginfo-1.4.2-150200.8.3.1
    * libclamav12-1.4.2-150200.8.3.1
  * SUSE Enterprise Storage 7.1 (noarch)
    * clamav-docs-html-1.4.2-150200.8.3.1

## References:

  * https://www.suse.com/security/cve/CVE-2018-14679.html
  * https://www.suse.com/security/cve/CVE-2023-20197.html
  * https://www.suse.com/security/cve/CVE-2024-20380.html
  * https://www.suse.com/security/cve/CVE-2024-20505.html
  * https://www.suse.com/security/cve/CVE-2024-20506.html
  * https://www.suse.com/security/cve/CVE-2025-20128.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1102840
  * https://bugzilla.suse.com/show_bug.cgi?id=1103032
  * https://bugzilla.suse.com/show_bug.cgi?id=1180296
  * https://bugzilla.suse.com/show_bug.cgi?id=1202986
  * https://bugzilla.suse.com/show_bug.cgi?id=1211594
  * https://bugzilla.suse.com/show_bug.cgi?id=1214342
  * https://bugzilla.suse.com/show_bug.cgi?id=1232242
  * https://bugzilla.suse.com/show_bug.cgi?id=1236307
  * https://jira.suse.com/browse/PED-4596
  * https://jira.suse.com/browse/SMO-494
  * https://jira.suse.com/browse/SMO-495

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/suma-updates/attachments/20250203/90889b4e/attachment.htm>

From null at suse.de  Mon Feb  3 16:30:05 2025
From: null at suse.de (SUSE-MANAGER-UPDATES)
Date: Mon, 03 Feb 2025 16:30:05 -0000
Subject: SUSE-SU-2025:0339-1: moderate: Security update for java-17-openjdk
Message-ID: <173860020599.22572.2500266769167440585@smelt2.prg2.suse.org>



# Security update for java-17-openjdk

Announcement ID: SUSE-SU-2025:0339-1  
Release Date: 2025-02-03T15:14:56Z  
Rating: moderate  
References:

  * bsc#1236278

  
Cross-References:

  * CVE-2025-21502

  
CVSS scores:

  * CVE-2025-21502 ( SUSE ):  6.3
    CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
  * CVE-2025-21502 ( SUSE ):  4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
  * CVE-2025-21502 ( NVD ):  4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

  
Affected Products:

  * Basesystem Module 15-SP6
  * Legacy Module 15-SP6
  * openSUSE Leap 15.4
  * openSUSE Leap 15.6
  * SUSE Linux Enterprise Desktop 15 SP6
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP5
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
  * SUSE Linux Enterprise Real Time 15 SP6
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP4 LTSS
  * SUSE Linux Enterprise Server 15 SP5
  * SUSE Linux Enterprise Server 15 SP5 LTSS
  * SUSE Linux Enterprise Server 15 SP6
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5
  * SUSE Linux Enterprise Server for SAP Applications 15 SP6
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that solves one vulnerability can now be installed.

## Description:

This update for java-17-openjdk fixes the following issues:

Update to upstream tag jdk-17.0.14+7 (January 2025 CPU):

Security fixes:

  * CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278)

Other changes:

  * JDK-7093691: Nimbus LAF: disabled JComboBox using renderer has bad font
    color
  * JDK-8028127: Regtest java/security/Security/SynchronizedAccess.java is
    incorrect
  * JDK-8071693: Introspector ignores default interface methods
  * JDK-8195675: Call to insertText with single character from custom Input
    Method ignored
  * JDK-8202926: Test
    java/awt/Focus/WindowUpdateFocusabilityTest/WindowUpdateFocusabilityTest.html
    fails
  * JDK-8207908: JMXStatusTest.java fails assertion intermittently
  * JDK-8225220: When the Tab Policy is checked,the scroll button direction
    displayed incorrectly.
  * JDK-8240343: JDI stopListening/stoplis001 "FAILED: listening is successfully
    stopped without starting listening"
  * JDK-8254759: [TEST_BUG] [macosx]
    javax/swing/JInternalFrame/4202966/IntFrameCoord.html fails
  * JDK-8258734: jdk/jfr/event/oldobject/TestClassLoaderLeak.java failed with
    "RuntimeException: Could not find class leak"
  * JDK-8268364: jmethod clearing should be done during unloading
  * JDK-8269770: nsk tests should start IOPipe channel before launch debuggee -
    Debugee.prepareDebugee
  * JDK-8271003: hs_err improvement: handle CLASSPATH env setting longer than
    O_BUFLEN
  * JDK-8271456: Avoid looking up standard charsets in "java.desktop" module
  * JDK-8271821: mark hotspot runtime/MinimalVM tests which ignore external VM
    flags
  * JDK-8271825: mark hotspot runtime/LoadClass tests which ignore external VM
    flags
  * JDK-8271836: runtime/ErrorHandling/ClassPathEnvVar.java fails with release
    VMs
  * JDK-8272746: ZipFile can't open big file (NegativeArraySizeException)
  * JDK-8273914: Indy string concat changes order of operations
  * JDK-8274170: Add hooks for custom makefiles to augment jtreg test execution
  * JDK-8274505: Too weak variable type leads to unnecessary cast in
    java.desktop
  * JDK-8276763: java/nio/channels/SocketChannel/AdaptorStreams.java fails with
    "SocketTimeoutException: Read timed out"
  * JDK-8278527: java/util/concurrent/tck/JSR166TestCase.java fails nanoTime
    test
  * JDK-8280131: jcmd reports "Module jdk.jfr not found." when
    "jdk.management.jfr" is missing
  * JDK-8281379: Assign package declarations to all jtreg test cases under gc
  * JDK-8282578: AIOOBE in javax.sound.sampled.Clip
  * JDK-8283214: [macos] Screen magnifier does not show the magnified text for
    JComboBox
  * JDK-8283222: improve diagnosability of runtime/8176717/TestInheritFD.java
    timeouts
  * JDK-8284291: sun/security/krb5/auto/Renew.java fails intermittently on
    Windows 11
  * JDK-8284874: Add comment to ProcessHandle/OnExitTest to describe zombie
    problem
  * JDK-8286160: (fs) Files.exists returns unexpected results with
    C:\pagefile.sys because it's not readable
  * JDK-8287003: InputStreamReader::read() can return zero despite writing a
    char in the buffer
  * JDK-8288976: classfile parser 'wrong name' error message has the names the
    wrong way around
  * JDK-8289184: runtime/ClassUnload/DictionaryDependsTest.java failed with
    "Test failed: should be unloaded"
  * JDK-8290023: Remove use of IgnoreUnrecognizedVMOptions in gc tests
  * JDK-8290269: gc/shenandoah/TestVerifyJCStress.java fails due to invalid tag:
    required after JDK-8290023
  * JDK-8292309: Fix
    "java/awt/PrintJob/ConstrainedPrintingTest/ConstrainedPrintingTest.java"
    test
  * JDK-8293061: Combine CDSOptions and AppCDSOptions test utility classes
  * JDK-8293877: Rewrite MineField test
  * JDK-8294193: Files.createDirectories throws FileAlreadyExistsException for a
    symbolic link whose target is an existing directory
  * JDK-8294726: Update URLs in minefield tests
  * JDK-8295239: Refactor java/util/Formatter/Basic script into a Java native
    test launcher
  * JDK-8295344: Harden runtime/StackGuardPages/TestStackGuardPages.java
  * JDK-8295859: Update Manual Test Groups
  * JDK-8296709: WARNING: JNI call made without checking exceptions
  * JDK-8296718: Refactor bootstrap Test Common Functionalities to
    test/lib/Utils
  * JDK-8296787: Unify debug printing format of X.509 cert serial numbers
  * JDK-8296972: [macos13]
    java/awt/Frame/MaximizedToIconified/MaximizedToIconified.java:
    getExtendedState() != 6 as expected.
  * JDK-8298513:
    vmTestbase/nsk/jdi/EventSet/suspendPolicy/suspendpolicy009/TestDescription.java
    fails with usage tracker
  * JDK-8300416: java.security.MessageDigestSpi clone can result in thread-
    unsafe clones
  * JDK-8301379: Verify TLS_ECDH_* cipher suites cannot be negotiated
  * JDK-8302225: SunJCE Provider doesn't validate key sizes when using
    'constrained' transforms for AES/KW and AES/KWP
  * JDK-8303697: ProcessTools doesn't print last line of process output
  * JDK-8303705: Field sleeper.started should be volatile JdbLockTestTarg.java
  * JDK-8303742: CompletableFuture.orTimeout leaks if the future completes
    exceptionally
  * JDK-8304020: Speed up test/jdk/java/util/zip/ZipFile/TestTooManyEntries.java
    and clarify its purpose
  * JDK-8304557:
    java/util/concurrent/CompletableFuture/CompletableFutureOrTimeoutExceptionallyTest.java
    times out
  * JDK-8306015: Update sun.security.ssl TLS tests to use SSLContextTemplate or
    SSLEngineTemplate
  * JDK-8307297: Move some DnD tests to open
  * JDK-8307408: Some jdk/sun/tools/jhsdb tests don't pass test JVM args to the
    debuggee JVM
  * JDK-8309109: AArch64: [TESTBUG]
    compiler/intrinsics/sha/cli/TestUseSHA3IntrinsicsOptionOnSupportedCPU.java
    fails on Neoverse N2 and V1
  * JDK-8309303: jdk/internal/misc/VM/RuntimeArguments test ignores
    jdk/internal/vm/options
  * JDK-8309532: java/lang/Class/getDeclaredField/FieldSetAccessibleTest should
    filter modules that depend on JVMCI
  * JDK-8310072: JComboBox/DisabledComboBoxFontTestAuto: Enabled and disabled
    ComboBox does not match in these LAFs: GTK-
  * JDK-8310731: Configure a javax.net.ssl.SNIMatcher for the HTTP/1.1 test
    servers in java/net/httpclient tests
  * JDK-8312111:
    open/test/jdk/java/awt/Robot/ModifierRobotKey/ModifierRobotKeyTest.java
    fails on ubuntu 23.04
  * JDK-8313374: --enable-ccache's CCACHE_BASEDIR breaks builds
  * JDK-8313638: Add test for dump of resolved references
  * JDK-8313854: Some tests in serviceability area fail on localized Windows
    platform
  * JDK-8313878: Exclude two compiler/rtm/locking tests on ppc64le
  * JDK-8314333: Update com/sun/jdi/ProcessAttachTest.java to use
    ProcessTools.createTestJvm(..)
  * JDK-8314824: Fix serviceability/jvmti/8036666/GetObjectLockCount.java to use
    vm flags
  * JDK-8314829: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java
    ignores vm flags
  * JDK-8314831: NMT tests ignore vm flags
  * JDK-8315097: Rename createJavaProcessBuilder
  * JDK-8315406: [REDO] serviceability/jdwp/AllModulesCommandTest.java ignores
    VM flags
  * JDK-8315988: Parallel: Make TestAggressiveHeap use createTestJvm
  * JDK-8316410: GC: Make TestCompressedClassFlags use createTestJvm
  * JDK-8316446: 4 sun/management/jdp tests ignore VM flags
  * JDK-8316447: 8 sun/management/jmxremote tests ignore VM flags
  * JDK-8316464: 3 sun/tools tests ignore VM flags
  * JDK-8316562: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java times
    out after JDK-8314829
  * JDK-8316581: Improve performance of Symbol::print_value_on()
  * JDK-8317042: G1: Make TestG1ConcMarkStepDurationMillis use createTestJvm
  * JDK-8317116: Provide layouts for multiple test UI in PassFailJFrame
  * JDK-8317188: G1: Make TestG1ConcRefinementThreads use createTestJvm
  * JDK-8317218: G1: Make TestG1HeapRegionSize use createTestJvm
  * JDK-8317347: Parallel: Make TestInitialTenuringThreshold use createTestJvm
  * JDK-8317738: CodeCacheFullCountTest failed with "VirtualMachineError: Out of
    space in CodeCache for method handle intrinsic"
  * JDK-8318964: Fix build failures caused by 8315097
  * JDK-8319574: Exec/process tests should be marked as flagless
  * JDK-8319640: ClassicFormat::parseObject (from DateTimeFormatter) does not
    conform to the javadoc and may leak DateTimeException
  * JDK-8319651: Several network tests ignore vm flags when start java process
  * JDK-8319817: Charset constructor should make defensive copy of aliases
  * JDK-8320586: update manual test/jdk/TEST.groups
  * JDK-8320665: update jdk_core at open/test/jdk/TEST.groups
  * JDK-8320673: PageFormat/CustomPaper.java has no Pass/Fail buttons; multiple
    instructions
  * JDK-8320675: PrinterJob/SecurityDialogTest.java hangs
  * JDK-8321163: [test] OutputAnalyzer.getExitValue() unnecessarily logs even
    when process has already completed
  * JDK-8321299: runtime/logging/ClassLoadUnloadTest.java doesn't reliably
    trigger class unloading
  * JDK-8321470: ThreadLocal.nextHashCode can be static final
  * JDK-8321543: Update NSS to version 3.96
  * JDK-8321616: Retire binary test vectors in test/jdk/java/util/zip/ZipFile
  * JDK-8322754: click JComboBox when dialog about to close causes
    IllegalComponentStateException
  * JDK-8322766: Micro bench SSLHandshake should use default algorithms
  * JDK-8322809: SystemModulesMap::classNames and moduleNames arrays do not
    match the order
  * JDK-8322830: Add test case for ZipFile opening a ZIP with no entries
  * JDK-8323562: SaslInputStream.read() may return wrong value
  * JDK-8323688: C2: Fix UB of jlong overflow in
    PhaseIdealLoop::is_counted_loop()
  * JDK-8324808: Manual printer tests have no Pass/Fail buttons, instructions
    close set 3
  * JDK-8324841: PKCS11 tests still skip execution
  * JDK-8325038: runtime/cds/appcds/ProhibitedPackage.java can fail with
    UseLargePages
  * JDK-8325525: Create jtreg test case for JDK-8325203
  * JDK-8325587: Shenandoah: ShenandoahLock should allow blocking in VM
  * JDK-8325610: CTW: Add StressIncrementalInlining to stress options
  * JDK-8325616: JFR ZGC Allocation Stall events should record stack traces
  * JDK-8325762: Use PassFailJFrame.Builder.splitUI() in PrintLatinCJKTest.java
  * JDK-8325851: Hide PassFailJFrame.Builder constructor
  * JDK-8326100: DeflaterDictionaryTests should use Deflater.getBytesWritten
    instead of Deflater.getTotalOut
  * JDK-8326121:
    vmTestbase/gc/g1/unloading/tests/unloading_keepRef_rootClass_inMemoryCompilation_keep_cl
    failed with Full gc happened. Test was useless.
  * JDK-8326611: Clean up vmTestbase/nsk/stress/stack tests
  * JDK-8326898: NSK tests should listen on loopback addresses only
  * JDK-8326948: Force English locale for timeout formatting
  * JDK-8327401: Some jtreg tests fail on Wayland without any tracking bug
  * JDK-8327474: Review use of java.io.tmpdir in jdk tests
  * JDK-8327924: Simplify TrayIconScalingTest.java
  * JDK-8328021: Convert applet test java/awt/List/SetFontTest/SetFontTest.html
    to main program
  * JDK-8328242: Add a log area to the PassFailJFrame
  * JDK-8328303: 3 JDI tests timed out with UT enabled
  * JDK-8328379: Convert URLDragTest.html applet test to main
  * JDK-8328402: Implement pausing functionality for the PassFailJFrame
  * JDK-8328619:
    sun/management/jmxremote/bootstrap/SSLConfigFilePermissionTest.java failed
    with BindException: Address already in use
  * JDK-8328697: SubMenuShowTest and SwallowKeyEvents tests stabilization
  * JDK-8328723: IP Address error when client enables HTTPS endpoint check on
    server socket
  * JDK-8328957: Update PKCS11Test.java to not use hardcoded path
  * JDK-8330278: Have SSLSocketTemplate.doClientSide use loopback address
  * JDK-8330464: hserr generic events - add entry for the before_exit calls
  * JDK-8330621: Make 5 compiler tests use ProcessTools.executeProcess
  * JDK-8330814: Cleanups for KeepAliveCache tests
  * JDK-8331142: Add test for number of loader threads in BasicDirectoryModel
  * JDK-8331391: Enhance the keytool code by invoking the buildTrustedCerts
    method for essential options
  * JDK-8331405: Shenandoah: Optimize ShenandoahLock with TTAS
  * JDK-8331411: Shenandoah: Reconsider spinning duration in ShenandoahLock
  * JDK-8331495: Limit BasicDirectoryModel/LoaderThreadCount.java to Windows
    only
  * JDK-8331626: unsafe.cpp:162:38: runtime error in
    index_oop_from_field_offset_long - applying non-zero offset 4563897424 to
    null pointer
  * JDK-8331789: ubsan: deoptimization.cpp:403:29: runtime error: load of value
    208, which is not a valid value for type 'bool'
  * JDK-8331863: DUIterator_Fast used before it is constructed
  * JDK-8331864: Update Public Suffix List to 1cbd6e7
  * JDK-8331999: BasicDirectoryModel/LoaderThreadCount.java frequently fails on
    Windows in CI
  * JDK-8332340: Add JavacBench as a test case for CDS
  * JDK-8332473: ubsan: growableArray.hpp:290:10: runtime error: null pointer
    passed as argument 1, which is declared to never be null
  * JDK-8332589: ubsan: unix/native/libjava/ProcessImpl_md.c:562:5: runtime
    error: null pointer passed as argument 2, which is declared to never be null
  * JDK-8332720: ubsan: instanceKlass.cpp:3550:76: runtime error: member call on
    null pointer of type 'struct Array'
  * JDK-8332724: x86 MacroAssembler may over-align code
  * JDK-8332777: Update JCStress test suite
  * JDK-8332825: ubsan: guardedMemory.cpp:35:11: runtime error: null pointer
    passed as argument 2, which is declared to never be null
  * JDK-8332866: Crash in ImageIO JPEG decoding when MEM_STATS in enabled
  * JDK-8332901: Select{Current,New}ItemTest.java for Choice don't open popup on
    macOS
  * JDK-8332903: ubsan: opto/output.cpp:1002:18: runtime error: load of value
    171, which is not a valid value for type 'bool'
  * JDK-8332904: ubsan ppc64le: c1_LIRGenerator_ppc.cpp:581:21: runtime error:
    signed integer overflow: 9223372036854775807 - 1 cannot be represented in
    type 'long int'
  * JDK-8332935: Crash: assert(*lastPtr != 0) failed: Mismatched
    JNINativeInterface tables, check for new entries
  * JDK-8333317: Test sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
    failed with: Invalid ECDH ServerKeyExchange signature
  * JDK-8333824: Unused ClassValue in VarHandles
  * JDK-8334057: JLinkReproducibleTest.java support receive test.tool.vm.opts
  * JDK-8334405: java/nio/channels/Selector/SelectWithConsumer.java#id0 failed
    in testWakeupDuringSelect
  * JDK-8334562: Automate
    com/sun/security/auth/callback/TextCallbackHandler/Default.java test
  * JDK-8334567: [test] runtime/os/TestTracePageSizes move ppc handling
  * JDK-8335142: compiler/c1/TestTraceLinearScanLevel.java occasionally times
    out with -Xcomp
  * JDK-8335267: [XWayland] move screencast tokens from .awt to .java folder
  * JDK-8335344: test/jdk/sun/security/tools/keytool/NssTest.java fails to
    compile
  * JDK-8335428: Enhanced Building of Processes
  * JDK-8335449: runtime/cds/DeterministicDump.java fails with File content
    different at byte ...
  * JDK-8335493: check_gc_overhead_limit should reset
    SoftRefPolicy::_should_clear_all_soft_refs
  * JDK-8335530: Java file extension missing in AuthenticatorTest
  * JDK-8335709: C2: assert(!loop->is_member(get_loop(useblock))) failed: must
    be outside loop
  * JDK-8335904: Fix invalid comment in ShenandoahLock
  * JDK-8335912, JDK-8337499: Add an operation mode to the jar command when
    extracting to not overwriting existing files
  * JDK-8336240: Test com/sun/crypto/provider/Cipher/DES/PerformanceTest.java
    fails with java.lang.ArithmeticException
  * JDK-8336257: Additional tests in jmxremote/startstop to match on PID not app
    name
  * JDK-8336315: tools/jpackage/windows/WinChildProcessTest.java Failed: Check
    is calculator process is alive
  * JDK-8336342: Fix known X11 library locations in sysroot
  * JDK-8336343: Add more known sysroot library locations for ALSA
  * JDK-8336413: gtk headers : Fix typedef redeclaration of GMainContext and
    GdkPixbuf
  * JDK-8336564: Enhance mask blit functionality redux
  * JDK-8336854: CAInterop.java#actalisauthenticationrootca conflicted with
    /manual and /timeout
  * JDK-8337066: Repeated call of StringBuffer.reverse with double byte string
    returns wrong result
  * JDK-8337320: Update ProblemList.txt with tests known to fail on XWayland
  * JDK-8337410: The makefiles should set problemlist and adjust timeout basing
    on the given VM flags
  * JDK-8337780: RISC-V: C2: Change C calling convention for sp to NS
  * JDK-8337810: ProblemList BasicDirectoryModel/LoaderThreadCount.java on
    Windows
  * JDK-8337851: Some tests have name which confuse jtreg
  * JDK-8337966: (fs) Files.readAttributes fails with Operation not permitted on
    older docker releases
  * JDK-8338058: map_or_reserve_memory_aligned Windows enhance remap assertion
  * JDK-8338101: remove old remap assertion in map_or_reserve_memory_aligned
    after JDK-8338058
  * JDK-8338109: java/awt/Mouse/EnterExitEvents/ResizingFrameTest.java duplicate
    in ProblemList
  * JDK-8338286: GHA: Demote x86_32 to hotspot build only
  * JDK-8338380: Update TLSCommon/interop/AbstractServer to specify an interface
    to listen for connections
  * JDK-8338402: GHA: some of bundles may not get removed
  * JDK-8338748: [17u,21u] Test Disconnect.java compile error: cannot find
    symbol after JDK-8299813
  * JDK-8338751: ConfigureNotify behavior has changed in KWin 6.2
  * JDK-8338759: Add extra diagnostic to java/net/InetAddress/ptr/Lookup.java
  * JDK-8339081: Bump update version for OpenJDK: jdk-17.0.14
  * JDK-8339180: Enhanced Building of Processes: Follow-on Issue
  * JDK-8339248: RISC-V: Remove li64 macro assembler routine and related code
  * JDK-8339384: Unintentional IOException in jdk.jdi module when JDWP end of
    stream occurs
  * JDK-8339470: [17u] More defensive fix for 8163921
  * JDK-8339487: ProcessHandleImpl os_getChildren sysctl call - retry in case of
    ENOMEM and enhance exception message
  * JDK-8339548: GHA: RISC-V: Use Debian snapshot archive for bootstrap
  * JDK-8339560: Unaddressed comments during code review of JDK-8337664
  * JDK-8339591: Mark jdk/jshell/ExceptionMessageTest.java intermittent
  * JDK-8339637: (tz) Update Timezone Data to 2024b
  * JDK-8339644: Improve parsing of Day/Month in tzdata rules
  * JDK-8339731: java.desktop/share/classes/javax/swing/text/html/default.css
    typo in margin settings
  * JDK-8339741: RISC-V: C ABI breakage for integer on stack
  * JDK-8339787: Add some additional diagnostic output to
    java/net/ipv6tests/UdpTest.java
  * JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata
    files
  * JDK-8339892: Several security shell tests don't set TESTJAVAOPTS
  * JDK-8339931: Update problem list for WindowUpdateFocusabilityTest.java
  * JDK-8340007: Refactor KeyEvent/FunctionKeyTest.java
  * JDK-8340008: KeyEvent/KeyTyped/Numpad1KeyTyped.java has 15 seconds timeout
  * JDK-8340210: Add positionTestUI() to PassFailJFrame.Builder
  * JDK-8340230: Tests crash: assert(is_in_encoding_range || k->is_interface()
    || k->is_abstract()) failed: sanity
  * JDK-8340306: Add border around instructions in PassFailJFrame
  * JDK-8340308: PassFailJFrame: Make rows default to number of lines in
    instructions
  * JDK-8340365: Position the first window of a window list
  * JDK-8340387: Update OS detection code to recognize Windows Server 2025
  * JDK-8340418: GHA: MacOS AArch64 bundles can be removed prematurely
  * JDK-8340461: Amend description for logArea
  * JDK-8340466: Add description for PassFailJFrame constructors
  * JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names
  * JDK-8340632: ProblemList java/nio/channels/DatagramChannel/ for Macos
  * JDK-8340657: [PPC64] SA determines wrong unextendedSP
  * JDK-8340684: Reading from an input stream backed by a closed ZipFile has no
    test coverage
  * JDK-8340785: Update description of PassFailJFrame and samples
  * JDK-8340799: Add border inside instruction frame in PassFailJFrame
  * JDK-8340812: LambdaForm customization via MethodHandle::updateForm is not
    thread safe
  * JDK-8340815: Add SECURITY.md file
  * JDK-8340899: Remove wildcard bound in PositionWindows.positionTestWindows
  * JDK-8341146: RISC-V: Unnecessary fences used for load-acquire in template
    interpreter
  * JDK-8341235: Improve default instruction frame title in PassFailJFrame
  * JDK-8341562: RISC-V: Generate comments in -XX:-PrintInterpreter to link to
    source code
  * JDK-8341635: [17u] runtime/ErrorHandling/ClassPathEnvVar test ignores
    external VM flags
  * JDK-8341688: Aarch64: Generate comments in -XX:-PrintInterpreter to link to
    source code
  * JDK-8341806: Gcc version detection failure on Alinux3
  * JDK-8341927: Replace hardcoded security providers with new
    test.provider.name system property
  * JDK-8341997: Tests create files in src tree instead of scratch dir
  * JDK-8342181: Update tests to use stronger Key and Salt size
  * JDK-8342183: Update tests to use stronger algorithms and keys
  * JDK-8342188: Update tests to use stronger key parameters and certificates
  * JDK-8342496: C2/Shenandoah: SEGV in compiled code when running jcstress
  * JDK-8342578: GHA: RISC-V: Bootstrap using Debian snapshot is still failing
  * JDK-8342669: [21u] Fix TestArrayAllocatorMallocLimit after backport of
    JDK-8315097
  * JDK-8342681: TestLoadBypassesNullCheck.java fails improperly specified VM
    option
  * JDK-8342701: [PPC64] TestOSRLotsOfLocals.java crashes
  * JDK-8342962: [s390x] TestOSRLotsOfLocals.java crashes
  * JDK-8343285: java.lang.Process is unresponsive and CPU usage spikes to 100%
  * JDK-8343474: [updates] Customize README.md to specifics of update project
  * JDK-8343687: [17u] TestAntiDependencyForPinnedLoads requires UTF-8
  * JDK-8343848: Fix typo of property name in TestOAEPPadding after 8341927
  * JDK-8343877: Test AsyncClose.java intermittent fails -
    Socket.getInputStream().read() wasn't preempted
  * JDK-8343923: GHA: Switch to Xcode 15 on MacOS AArch64 runners
  * JDK-8347011: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for
    release 17.0.14

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.4  
    zypper in -t patch SUSE-2025-339=1

  * openSUSE Leap 15.6  
    zypper in -t patch openSUSE-SLE-15.6-2025-339=1

  * Basesystem Module 15-SP6  
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-339=1

  * Legacy Module 15-SP6  
    zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-339=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-339=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-339=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-339=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-339=1

  * SUSE Linux Enterprise Server 15 SP4 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-339=1

  * SUSE Linux Enterprise Server 15 SP5 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-339=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP4  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-339=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP5  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-339=1

  * SUSE Manager Proxy 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-339=1

  * SUSE Manager Retail Branch Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-339=1

  * SUSE Manager Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-339=1

## Package List:

  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
    * java-17-openjdk-devel-17.0.14.0-150400.3.51.1
    * java-17-openjdk-jmods-17.0.14.0-150400.3.51.1
    * java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-17.0.14.0-150400.3.51.1
    * java-17-openjdk-src-17.0.14.0-150400.3.51.1
    * java-17-openjdk-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-demo-17.0.14.0-150400.3.51.1
  * openSUSE Leap 15.4 (noarch)
    * java-17-openjdk-javadoc-17.0.14.0-150400.3.51.1
  * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
    * java-17-openjdk-devel-17.0.14.0-150400.3.51.1
    * java-17-openjdk-jmods-17.0.14.0-150400.3.51.1
    * java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-17.0.14.0-150400.3.51.1
    * java-17-openjdk-src-17.0.14.0-150400.3.51.1
    * java-17-openjdk-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-demo-17.0.14.0-150400.3.51.1
  * openSUSE Leap 15.6 (noarch)
    * java-17-openjdk-javadoc-17.0.14.0-150400.3.51.1
  * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
    * java-17-openjdk-devel-17.0.14.0-150400.3.51.1
    * java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-17.0.14.0-150400.3.51.1
    * java-17-openjdk-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
  * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
    * java-17-openjdk-demo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    x86_64)
    * java-17-openjdk-devel-17.0.14.0-150400.3.51.1
    * java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-17.0.14.0-150400.3.51.1
    * java-17-openjdk-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-demo-17.0.14.0-150400.3.51.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
    x86_64)
    * java-17-openjdk-devel-17.0.14.0-150400.3.51.1
    * java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-17.0.14.0-150400.3.51.1
    * java-17-openjdk-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-demo-17.0.14.0-150400.3.51.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
    x86_64)
    * java-17-openjdk-devel-17.0.14.0-150400.3.51.1
    * java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-17.0.14.0-150400.3.51.1
    * java-17-openjdk-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-demo-17.0.14.0-150400.3.51.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
    x86_64)
    * java-17-openjdk-devel-17.0.14.0-150400.3.51.1
    * java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-17.0.14.0-150400.3.51.1
    * java-17-openjdk-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-demo-17.0.14.0-150400.3.51.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
    * java-17-openjdk-devel-17.0.14.0-150400.3.51.1
    * java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-17.0.14.0-150400.3.51.1
    * java-17-openjdk-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-demo-17.0.14.0-150400.3.51.1
  * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
    * java-17-openjdk-devel-17.0.14.0-150400.3.51.1
    * java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-17.0.14.0-150400.3.51.1
    * java-17-openjdk-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-demo-17.0.14.0-150400.3.51.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
    * java-17-openjdk-devel-17.0.14.0-150400.3.51.1
    * java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-17.0.14.0-150400.3.51.1
    * java-17-openjdk-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-demo-17.0.14.0-150400.3.51.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
    * java-17-openjdk-devel-17.0.14.0-150400.3.51.1
    * java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-17.0.14.0-150400.3.51.1
    * java-17-openjdk-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-demo-17.0.14.0-150400.3.51.1
  * SUSE Manager Proxy 4.3 (x86_64)
    * java-17-openjdk-devel-17.0.14.0-150400.3.51.1
    * java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-17.0.14.0-150400.3.51.1
    * java-17-openjdk-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-demo-17.0.14.0-150400.3.51.1
  * SUSE Manager Retail Branch Server 4.3 (x86_64)
    * java-17-openjdk-devel-17.0.14.0-150400.3.51.1
    * java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-17.0.14.0-150400.3.51.1
    * java-17-openjdk-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-demo-17.0.14.0-150400.3.51.1
  * SUSE Manager Server 4.3 (ppc64le s390x x86_64)
    * java-17-openjdk-devel-17.0.14.0-150400.3.51.1
    * java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-17.0.14.0-150400.3.51.1
    * java-17-openjdk-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
    * java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
    * java-17-openjdk-demo-17.0.14.0-150400.3.51.1

## References:

  * https://www.suse.com/security/cve/CVE-2025-21502.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1236278

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/suma-updates/attachments/20250203/226aa2a5/attachment.htm>

From null at suse.de  Mon Feb  3 16:30:09 2025
From: null at suse.de (SUSE-MANAGER-UPDATES)
Date: Mon, 03 Feb 2025 16:30:09 -0000
Subject: SUSE-SU-2025:0338-1: moderate: Security update for java-11-openjdk
Message-ID: <173860020986.22572.3325144075527685600@smelt2.prg2.suse.org>



# Security update for java-11-openjdk

Announcement ID: SUSE-SU-2025:0338-1  
Release Date: 2025-02-03T15:13:42Z  
Rating: moderate  
References:

  * bsc#1236278

  
Cross-References:

  * CVE-2025-21502

  
CVSS scores:

  * CVE-2025-21502 ( SUSE ):  6.3
    CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
  * CVE-2025-21502 ( SUSE ):  4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
  * CVE-2025-21502 ( NVD ):  4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

  
Affected Products:

  * Legacy Module 15-SP6
  * openSUSE Leap 15.6
  * SUSE Enterprise Storage 7.1
  * SUSE Linux Enterprise Desktop 15 SP6
  * SUSE Linux Enterprise High Performance Computing 15 SP3
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP5
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
  * SUSE Linux Enterprise Real Time 15 SP6
  * SUSE Linux Enterprise Server 15 SP3
  * SUSE Linux Enterprise Server 15 SP3 LTSS
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP4 LTSS
  * SUSE Linux Enterprise Server 15 SP5
  * SUSE Linux Enterprise Server 15 SP5 LTSS
  * SUSE Linux Enterprise Server 15 SP6
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5
  * SUSE Linux Enterprise Server for SAP Applications 15 SP6
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3
  * SUSE Package Hub 15 15-SP6

  
  
An update that solves one vulnerability can now be installed.

## Description:

This update for java-11-openjdk fixes the following issues:

Upgrade to upstream tag jdk-11.0.26+4 (January 2025 CPU)

Security fixes:

  * CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278)

Other changes:

  * JDK-8224624: Inefficiencies in CodeStrings::add_comment cause - timeouts
  * JDK-8225045: javax/swing/JInternalFrame/8146321//JInternalFrameIconTest.java
    fails on linux-x64
  * JDK-8232367: Update Reactive Streams to 1.0.3 -- tests only
  * JDK-8247706: Unintentional use of new Date(year...) with absolute year
  * JDK-8299254: Support dealing with standard assert macro
  * JDK-8303920: Avoid calling out to python in DataDescriptorSignatureMissing
    test
  * JDK-8315936: Parallelize gc/stress/TestStressG1Humongous.java test
  * JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java
    java.lang.Exception: Could not find leak
  * JDK-8328300: Convert PrintDialogsTest.java from Applet to main program
  * JDK-8328642: Convert applet test MouseDraggedOutCauseScrollingTest.html to
    main
  * JDK-8334332: TestIOException.java fails if run by root
  * JDK-8335428: Enhanced Building of Processes
  * JDK-8335801: [11u] Backport of 8210988 to 11u removes gcc warnings
  * JDK-8335912, JDK-8337499: Add an operation mode to the jar command when
    extracting to not overwriting existing files
  * JDK-8336564: Enhance mask blit functionality redux
  * JDK-8338402: GHA: some of bundles may not get removed
  * JDK-8339082: Bump update version for OpenJDK: jdk-11.0.26
  * JDK-8339180: Enhanced Building of Processes: Follow-on Issue
  * JDK-8339470: [17u] More defensive fix for 8163921
  * JDK-8339637: (tz) Update Timezone Data to 2024b
  * JDK-8339644: Improve parsing of Day/Month in tzdata rules
  * JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata
    files
  * JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names
  * JDK-8340671: GHA: Bump macOS and Xcode versions to macos-12 and XCode 13.4.1
  * JDK-8340815: Add SECURITY.md file
  * JDK-8342426: [11u] javax/naming/module/RunBasic.java javac compile fails
  * JDK-8342629: [11u] Properly message out that shenandoah is disabled
  * JDK-8347483: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for
    release 11.0.26

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Manager Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-338=1

  * SUSE Enterprise Storage 7.1  
    zypper in -t patch SUSE-Storage-7.1-2025-338=1

  * openSUSE Leap 15.6  
    zypper in -t patch openSUSE-SLE-15.6-2025-338=1

  * Legacy Module 15-SP6  
    zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-338=1

  * SUSE Package Hub 15 15-SP6  
    zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-338=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-338=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-338=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-338=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-338=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-338=1

  * SUSE Linux Enterprise Server 15 SP3 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-338=1

  * SUSE Linux Enterprise Server 15 SP4 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-338=1

  * SUSE Linux Enterprise Server 15 SP5 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-338=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP3  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-338=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP4  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-338=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP5  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-338=1

  * SUSE Manager Proxy 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-338=1

  * SUSE Manager Retail Branch Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-338=1

## Package List:

  * SUSE Manager Server 4.3 (ppc64le s390x x86_64)
    * java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
    * java-11-openjdk-devel-11.0.26.0-150000.3.122.1
    * java-11-openjdk-headless-11.0.26.0-150000.3.122.1
    * java-11-openjdk-demo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-11.0.26.0-150000.3.122.1
  * SUSE Enterprise Storage 7.1 (aarch64 x86_64)
    * java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
    * java-11-openjdk-devel-11.0.26.0-150000.3.122.1
    * java-11-openjdk-debuginfo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-headless-11.0.26.0-150000.3.122.1
    * java-11-openjdk-demo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-11.0.26.0-150000.3.122.1
  * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
    * java-11-openjdk-src-11.0.26.0-150000.3.122.1
    * java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
    * java-11-openjdk-jmods-11.0.26.0-150000.3.122.1
    * java-11-openjdk-devel-11.0.26.0-150000.3.122.1
    * java-11-openjdk-debuginfo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-headless-11.0.26.0-150000.3.122.1
    * java-11-openjdk-devel-debuginfo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-demo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-11.0.26.0-150000.3.122.1
    * java-11-openjdk-headless-debuginfo-11.0.26.0-150000.3.122.1
  * openSUSE Leap 15.6 (noarch)
    * java-11-openjdk-javadoc-11.0.26.0-150000.3.122.1
  * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
    * java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
    * java-11-openjdk-devel-11.0.26.0-150000.3.122.1
    * java-11-openjdk-debuginfo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-headless-11.0.26.0-150000.3.122.1
    * java-11-openjdk-devel-debuginfo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-demo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-11.0.26.0-150000.3.122.1
    * java-11-openjdk-headless-debuginfo-11.0.26.0-150000.3.122.1
  * SUSE Package Hub 15 15-SP6 (noarch)
    * java-11-openjdk-javadoc-11.0.26.0-150000.3.122.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
    x86_64)
    * java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
    * java-11-openjdk-devel-11.0.26.0-150000.3.122.1
    * java-11-openjdk-debuginfo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-headless-11.0.26.0-150000.3.122.1
    * java-11-openjdk-demo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-11.0.26.0-150000.3.122.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    x86_64)
    * java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
    * java-11-openjdk-devel-11.0.26.0-150000.3.122.1
    * java-11-openjdk-headless-11.0.26.0-150000.3.122.1
    * java-11-openjdk-demo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-11.0.26.0-150000.3.122.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
    x86_64)
    * java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
    * java-11-openjdk-devel-11.0.26.0-150000.3.122.1
    * java-11-openjdk-headless-11.0.26.0-150000.3.122.1
    * java-11-openjdk-demo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-11.0.26.0-150000.3.122.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
    x86_64)
    * java-11-openjdk-devel-11.0.26.0-150000.3.122.1
    * java-11-openjdk-demo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-11.0.26.0-150000.3.122.1
    * java-11-openjdk-headless-11.0.26.0-150000.3.122.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
    x86_64)
    * java-11-openjdk-devel-11.0.26.0-150000.3.122.1
    * java-11-openjdk-demo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-11.0.26.0-150000.3.122.1
    * java-11-openjdk-headless-11.0.26.0-150000.3.122.1
  * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
    * java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
    * java-11-openjdk-devel-11.0.26.0-150000.3.122.1
    * java-11-openjdk-debuginfo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-headless-11.0.26.0-150000.3.122.1
    * java-11-openjdk-demo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-11.0.26.0-150000.3.122.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
    * java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
    * java-11-openjdk-devel-11.0.26.0-150000.3.122.1
    * java-11-openjdk-headless-11.0.26.0-150000.3.122.1
    * java-11-openjdk-demo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-11.0.26.0-150000.3.122.1
  * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
    * java-11-openjdk-devel-11.0.26.0-150000.3.122.1
    * java-11-openjdk-demo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-11.0.26.0-150000.3.122.1
    * java-11-openjdk-headless-11.0.26.0-150000.3.122.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
    * java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
    * java-11-openjdk-devel-11.0.26.0-150000.3.122.1
    * java-11-openjdk-debuginfo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-headless-11.0.26.0-150000.3.122.1
    * java-11-openjdk-demo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-11.0.26.0-150000.3.122.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
    * java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
    * java-11-openjdk-devel-11.0.26.0-150000.3.122.1
    * java-11-openjdk-headless-11.0.26.0-150000.3.122.1
    * java-11-openjdk-demo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-11.0.26.0-150000.3.122.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
    * java-11-openjdk-devel-11.0.26.0-150000.3.122.1
    * java-11-openjdk-demo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-11.0.26.0-150000.3.122.1
    * java-11-openjdk-headless-11.0.26.0-150000.3.122.1
  * SUSE Manager Proxy 4.3 (x86_64)
    * java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
    * java-11-openjdk-devel-11.0.26.0-150000.3.122.1
    * java-11-openjdk-headless-11.0.26.0-150000.3.122.1
    * java-11-openjdk-demo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-11.0.26.0-150000.3.122.1
  * SUSE Manager Retail Branch Server 4.3 (x86_64)
    * java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
    * java-11-openjdk-devel-11.0.26.0-150000.3.122.1
    * java-11-openjdk-headless-11.0.26.0-150000.3.122.1
    * java-11-openjdk-demo-11.0.26.0-150000.3.122.1
    * java-11-openjdk-11.0.26.0-150000.3.122.1

## References:

  * https://www.suse.com/security/cve/CVE-2025-21502.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1236278

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/suma-updates/attachments/20250203/46dd6fef/attachment.htm>

From null at suse.de  Mon Feb  3 16:30:13 2025
From: null at suse.de (SUSE-MANAGER-UPDATES)
Date: Mon, 03 Feb 2025 16:30:13 -0000
Subject: SUSE-SU-2025:0337-1: important: Security update for bind
Message-ID: <173860021383.22572.7676179768879134206@smelt2.prg2.suse.org>



# Security update for bind

Announcement ID: SUSE-SU-2025:0337-1  
Release Date: 2025-02-03T15:10:35Z  
Rating: important  
References:

  * bsc#1236596

  
Cross-References:

  * CVE-2024-11187

  
CVSS scores:

  * CVE-2024-11187 ( SUSE ):  8.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-11187 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-11187 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

  
Affected Products:

  * SUSE Linux Enterprise Micro 5.0
  * SUSE Linux Enterprise Micro 5.1
  * SUSE Linux Enterprise Micro 5.2
  * SUSE Linux Enterprise Micro 5.3
  * SUSE Linux Enterprise Micro 5.4
  * SUSE Linux Enterprise Micro 5.5
  * SUSE Manager Client Tools for SLE Micro 5

  
  
An update that solves one vulnerability can now be installed.

## Description:

This update for bind fixes the following issues:

  * CVE-2024-11187: Fixes CPU exhaustion caused by many records in the
    additional section (bsc#1236596)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Manager Client Tools for SLE Micro 5  
    zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2025-337=1

## Package List:

  * SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64)
    * libirs1601-9.16.6-150000.12.80.1
    * libbind9-1600-9.16.6-150000.12.80.1
    * libisccc1600-9.16.6-150000.12.80.1
    * libisc1606-9.16.6-150000.12.80.1
    * bind-utils-9.16.6-150000.12.80.1
    * libns1604-debuginfo-9.16.6-150000.12.80.1
    * libns1604-9.16.6-150000.12.80.1
    * libdns1605-9.16.6-150000.12.80.1
    * libisccfg1600-9.16.6-150000.12.80.1
  * SUSE Manager Client Tools for SLE Micro 5 (aarch64_ilp32)
    * libisccc1600-64bit-9.16.6-150000.12.80.1
    * libisccfg1600-64bit-9.16.6-150000.12.80.1
    * libbind9-1600-64bit-9.16.6-150000.12.80.1
    * libisc1606-64bit-9.16.6-150000.12.80.1
    * libdns1605-64bit-9.16.6-150000.12.80.1
    * libirs1601-64bit-9.16.6-150000.12.80.1
  * SUSE Manager Client Tools for SLE Micro 5 (noarch)
    * python3-bind-9.16.6-150000.12.80.1

## References:

  * https://www.suse.com/security/cve/CVE-2024-11187.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1236596

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/suma-updates/attachments/20250203/5b4a0410/attachment.htm>

From null at suse.de  Mon Feb  3 20:30:07 2025
From: null at suse.de (SUSE-MANAGER-UPDATES)
Date: Mon, 03 Feb 2025 20:30:07 -0000
Subject: SUSE-SU-2025:0344-1: important: Security update for orc
Message-ID: <173861460762.22227.1339280597782581547@smelt2.prg2.suse.org>



# Security update for orc

Announcement ID: SUSE-SU-2025:0344-1  
Release Date: 2025-02-03T17:06:05Z  
Rating: important  
References:

  * bsc#1228184

  
Cross-References:

  * CVE-2024-40897

  
CVSS scores:

  * CVE-2024-40897 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
  * CVE-2024-40897 ( NVD ):  6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

  
Affected Products:

  * Basesystem Module 15-SP6
  * openSUSE Leap 15.6
  * SUSE Enterprise Storage 7.1
  * SUSE Linux Enterprise Desktop 15 SP6
  * SUSE Linux Enterprise High Performance Computing 15 SP3
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP5
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
  * SUSE Linux Enterprise Micro 5.2
  * SUSE Linux Enterprise Micro 5.3
  * SUSE Linux Enterprise Micro 5.4
  * SUSE Linux Enterprise Micro 5.5
  * SUSE Linux Enterprise Micro for Rancher 5.2
  * SUSE Linux Enterprise Micro for Rancher 5.3
  * SUSE Linux Enterprise Micro for Rancher 5.4
  * SUSE Linux Enterprise Real Time 15 SP6
  * SUSE Linux Enterprise Server 15 SP3
  * SUSE Linux Enterprise Server 15 SP3 LTSS
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP4 LTSS
  * SUSE Linux Enterprise Server 15 SP5
  * SUSE Linux Enterprise Server 15 SP5 LTSS
  * SUSE Linux Enterprise Server 15 SP6
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5
  * SUSE Linux Enterprise Server for SAP Applications 15 SP6
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3
  * SUSE Package Hub 15 15-SP6

  
  
An update that solves one vulnerability can now be installed.

## Description:

This update for orc fixes the following issues:

  * CVE-2024-40897: Fixed stack-based buffer overflow in the Orc compiler when
    formatting error messages for certain input files (bsc#1228184)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.6  
    zypper in -t patch openSUSE-SLE-15.6-2025-344=1

  * SUSE Linux Enterprise Micro for Rancher 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2025-344=1

  * SUSE Linux Enterprise Micro 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2025-344=1

  * SUSE Linux Enterprise Micro for Rancher 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2025-344=1

  * SUSE Linux Enterprise Micro 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2025-344=1

  * SUSE Linux Enterprise Micro 5.5  
    zypper in -t patch SUSE-SLE-Micro-5.5-2025-344=1

  * Basesystem Module 15-SP6  
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-344=1

  * SUSE Package Hub 15 15-SP6  
    zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-344=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-344=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-344=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-344=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-344=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-344=1

  * SUSE Linux Enterprise Server 15 SP3 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-344=1

  * SUSE Linux Enterprise Server 15 SP4 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-344=1

  * SUSE Linux Enterprise Server 15 SP5 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-344=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP3  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-344=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP4  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-344=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP5  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-344=1

  * SUSE Manager Proxy 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-344=1

  * SUSE Manager Retail Branch Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-344=1

  * SUSE Manager Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-344=1

  * SUSE Enterprise Storage 7.1  
    zypper in -t patch SUSE-Storage-7.1-2025-344=1

  * SUSE Linux Enterprise Micro 5.2  
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-344=1

  * SUSE Linux Enterprise Micro for Rancher 5.2  
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-344=1

## Package List:

  * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * orc-doc-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
  * openSUSE Leap 15.6 (x86_64)
    * liborc-0_4-0-32bit-0.4.28-150000.3.9.1
    * liborc-0_4-0-32bit-debuginfo-0.4.28-150000.3.9.1
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
  * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
  * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
  * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
  * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
  * SUSE Package Hub 15 15-SP6 (x86_64)
    * liborc-0_4-0-32bit-0.4.28-150000.3.9.1
    * liborc-0_4-0-32bit-debuginfo-0.4.28-150000.3.9.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
    x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
    x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
    x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
    x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
  * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
  * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
  * SUSE Manager Proxy 4.3 (x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
  * SUSE Manager Retail Branch Server 4.3 (x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
  * SUSE Manager Server 4.3 (ppc64le s390x x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
  * SUSE Enterprise Storage 7.1 (aarch64 x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
  * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1
  * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
    * liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
    * orc-debugsource-0.4.28-150000.3.9.1
    * orc-debuginfo-0.4.28-150000.3.9.1
    * liborc-0_4-0-0.4.28-150000.3.9.1

## References:

  * https://www.suse.com/security/cve/CVE-2024-40897.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1228184

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/suma-updates/attachments/20250203/1760b8d7/attachment.htm>

From null at suse.de  Mon Feb  3 20:30:20 2025
From: null at suse.de (SUSE-MANAGER-UPDATES)
Date: Mon, 03 Feb 2025 20:30:20 -0000
Subject: SUSE-SU-2025:0341-1: important: Security update for libxml2
Message-ID: <173861462075.22227.5844513901059641932@smelt2.prg2.suse.org>



# Security update for libxml2

Announcement ID: SUSE-SU-2025:0341-1  
Release Date: 2025-02-03T16:33:21Z  
Rating: important  
References:

  * bsc#1236460

  
Cross-References:

  * CVE-2022-49043

  
CVSS scores:

  * CVE-2022-49043 ( SUSE ):  7.5
    CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  * CVE-2022-49043 ( SUSE ):  7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-49043 ( NVD ):  8.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

  
Affected Products:

  * openSUSE Leap 15.4
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  * SUSE Linux Enterprise Micro 5.3
  * SUSE Linux Enterprise Micro 5.4
  * SUSE Linux Enterprise Micro for Rancher 5.3
  * SUSE Linux Enterprise Micro for Rancher 5.4
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP4 LTSS
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that solves one vulnerability can now be installed.

## Description:

This update for libxml2 fixes the following issues:

  * CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.4  
    zypper in -t patch SUSE-2025-341=1

  * SUSE Linux Enterprise Micro for Rancher 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2025-341=1

  * SUSE Linux Enterprise Micro 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2025-341=1

  * SUSE Linux Enterprise Micro for Rancher 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2025-341=1

  * SUSE Linux Enterprise Micro 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2025-341=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-341=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-341=1

  * SUSE Linux Enterprise Server 15 SP4 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-341=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP4  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-341=1

  * SUSE Manager Proxy 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-341=1

  * SUSE Manager Retail Branch Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-341=1

  * SUSE Manager Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-341=1

## Package List:

  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
    * libxml2-debugsource-2.9.14-150400.5.35.1
    * libxml2-tools-2.9.14-150400.5.35.1
    * python311-libxml2-2.9.14-150400.5.35.1
    * libxml2-tools-debuginfo-2.9.14-150400.5.35.1
    * libxml2-2-2.9.14-150400.5.35.1
    * libxml2-python-debugsource-2.9.14-150400.5.35.1
    * libxml2-2-debuginfo-2.9.14-150400.5.35.1
    * libxml2-devel-2.9.14-150400.5.35.1
    * python3-libxml2-debuginfo-2.9.14-150400.5.35.1
    * python3-libxml2-2.9.14-150400.5.35.1
    * python311-libxml2-debuginfo-2.9.14-150400.5.35.1
  * openSUSE Leap 15.4 (x86_64)
    * libxml2-2-32bit-debuginfo-2.9.14-150400.5.35.1
    * libxml2-2-32bit-2.9.14-150400.5.35.1
    * libxml2-devel-32bit-2.9.14-150400.5.35.1
  * openSUSE Leap 15.4 (noarch)
    * libxml2-doc-2.9.14-150400.5.35.1
  * openSUSE Leap 15.4 (aarch64_ilp32)
    * libxml2-2-64bit-debuginfo-2.9.14-150400.5.35.1
    * libxml2-2-64bit-2.9.14-150400.5.35.1
    * libxml2-devel-64bit-2.9.14-150400.5.35.1
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
    * libxml2-debugsource-2.9.14-150400.5.35.1
    * libxml2-tools-2.9.14-150400.5.35.1
    * libxml2-tools-debuginfo-2.9.14-150400.5.35.1
    * libxml2-2-2.9.14-150400.5.35.1
    * libxml2-python-debugsource-2.9.14-150400.5.35.1
    * libxml2-2-debuginfo-2.9.14-150400.5.35.1
    * python3-libxml2-debuginfo-2.9.14-150400.5.35.1
    * python3-libxml2-2.9.14-150400.5.35.1
  * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
    * libxml2-debugsource-2.9.14-150400.5.35.1
    * libxml2-tools-2.9.14-150400.5.35.1
    * libxml2-tools-debuginfo-2.9.14-150400.5.35.1
    * libxml2-2-2.9.14-150400.5.35.1
    * libxml2-python-debugsource-2.9.14-150400.5.35.1
    * libxml2-2-debuginfo-2.9.14-150400.5.35.1
    * python3-libxml2-debuginfo-2.9.14-150400.5.35.1
    * python3-libxml2-2.9.14-150400.5.35.1
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
    * libxml2-debugsource-2.9.14-150400.5.35.1
    * libxml2-tools-2.9.14-150400.5.35.1
    * libxml2-tools-debuginfo-2.9.14-150400.5.35.1
    * libxml2-2-2.9.14-150400.5.35.1
    * libxml2-python-debugsource-2.9.14-150400.5.35.1
    * libxml2-2-debuginfo-2.9.14-150400.5.35.1
    * python3-libxml2-debuginfo-2.9.14-150400.5.35.1
    * python3-libxml2-2.9.14-150400.5.35.1
  * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
    * libxml2-debugsource-2.9.14-150400.5.35.1
    * libxml2-tools-2.9.14-150400.5.35.1
    * libxml2-tools-debuginfo-2.9.14-150400.5.35.1
    * libxml2-2-2.9.14-150400.5.35.1
    * libxml2-python-debugsource-2.9.14-150400.5.35.1
    * libxml2-2-debuginfo-2.9.14-150400.5.35.1
    * python3-libxml2-debuginfo-2.9.14-150400.5.35.1
    * python3-libxml2-2.9.14-150400.5.35.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    x86_64)
    * libxml2-debugsource-2.9.14-150400.5.35.1
    * libxml2-tools-2.9.14-150400.5.35.1
    * python311-libxml2-2.9.14-150400.5.35.1
    * libxml2-tools-debuginfo-2.9.14-150400.5.35.1
    * libxml2-2-2.9.14-150400.5.35.1
    * libxml2-2-debuginfo-2.9.14-150400.5.35.1
    * libxml2-devel-2.9.14-150400.5.35.1
    * python3-libxml2-debuginfo-2.9.14-150400.5.35.1
    * python3-libxml2-2.9.14-150400.5.35.1
    * python311-libxml2-debuginfo-2.9.14-150400.5.35.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
    * libxml2-2-32bit-debuginfo-2.9.14-150400.5.35.1
    * libxml2-2-32bit-2.9.14-150400.5.35.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
    x86_64)
    * libxml2-debugsource-2.9.14-150400.5.35.1
    * libxml2-tools-2.9.14-150400.5.35.1
    * python311-libxml2-2.9.14-150400.5.35.1
    * libxml2-tools-debuginfo-2.9.14-150400.5.35.1
    * libxml2-2-2.9.14-150400.5.35.1
    * libxml2-2-debuginfo-2.9.14-150400.5.35.1
    * libxml2-devel-2.9.14-150400.5.35.1
    * python3-libxml2-debuginfo-2.9.14-150400.5.35.1
    * python3-libxml2-2.9.14-150400.5.35.1
    * python311-libxml2-debuginfo-2.9.14-150400.5.35.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
    * libxml2-2-32bit-debuginfo-2.9.14-150400.5.35.1
    * libxml2-2-32bit-2.9.14-150400.5.35.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
    * libxml2-debugsource-2.9.14-150400.5.35.1
    * libxml2-tools-2.9.14-150400.5.35.1
    * python311-libxml2-2.9.14-150400.5.35.1
    * libxml2-tools-debuginfo-2.9.14-150400.5.35.1
    * libxml2-2-2.9.14-150400.5.35.1
    * libxml2-2-debuginfo-2.9.14-150400.5.35.1
    * libxml2-devel-2.9.14-150400.5.35.1
    * python3-libxml2-debuginfo-2.9.14-150400.5.35.1
    * python3-libxml2-2.9.14-150400.5.35.1
    * python311-libxml2-debuginfo-2.9.14-150400.5.35.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
    * libxml2-2-32bit-debuginfo-2.9.14-150400.5.35.1
    * libxml2-2-32bit-2.9.14-150400.5.35.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
    * libxml2-debugsource-2.9.14-150400.5.35.1
    * libxml2-tools-2.9.14-150400.5.35.1
    * python311-libxml2-2.9.14-150400.5.35.1
    * libxml2-tools-debuginfo-2.9.14-150400.5.35.1
    * libxml2-2-2.9.14-150400.5.35.1
    * libxml2-2-debuginfo-2.9.14-150400.5.35.1
    * libxml2-devel-2.9.14-150400.5.35.1
    * python3-libxml2-debuginfo-2.9.14-150400.5.35.1
    * python3-libxml2-2.9.14-150400.5.35.1
    * python311-libxml2-debuginfo-2.9.14-150400.5.35.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
    * libxml2-2-32bit-debuginfo-2.9.14-150400.5.35.1
    * libxml2-2-32bit-2.9.14-150400.5.35.1
  * SUSE Manager Proxy 4.3 (x86_64)
    * libxml2-2-32bit-debuginfo-2.9.14-150400.5.35.1
    * libxml2-debugsource-2.9.14-150400.5.35.1
    * libxml2-tools-2.9.14-150400.5.35.1
    * libxml2-tools-debuginfo-2.9.14-150400.5.35.1
    * libxml2-2-32bit-2.9.14-150400.5.35.1
    * libxml2-2-2.9.14-150400.5.35.1
    * libxml2-2-debuginfo-2.9.14-150400.5.35.1
    * libxml2-devel-2.9.14-150400.5.35.1
    * python3-libxml2-debuginfo-2.9.14-150400.5.35.1
    * python3-libxml2-2.9.14-150400.5.35.1
  * SUSE Manager Retail Branch Server 4.3 (x86_64)
    * libxml2-2-32bit-debuginfo-2.9.14-150400.5.35.1
    * libxml2-debugsource-2.9.14-150400.5.35.1
    * libxml2-tools-2.9.14-150400.5.35.1
    * libxml2-tools-debuginfo-2.9.14-150400.5.35.1
    * libxml2-2-32bit-2.9.14-150400.5.35.1
    * libxml2-2-2.9.14-150400.5.35.1
    * libxml2-2-debuginfo-2.9.14-150400.5.35.1
    * libxml2-devel-2.9.14-150400.5.35.1
    * python3-libxml2-debuginfo-2.9.14-150400.5.35.1
    * python3-libxml2-2.9.14-150400.5.35.1
  * SUSE Manager Server 4.3 (ppc64le s390x x86_64)
    * libxml2-debugsource-2.9.14-150400.5.35.1
    * libxml2-tools-2.9.14-150400.5.35.1
    * libxml2-tools-debuginfo-2.9.14-150400.5.35.1
    * libxml2-2-2.9.14-150400.5.35.1
    * libxml2-2-debuginfo-2.9.14-150400.5.35.1
    * libxml2-devel-2.9.14-150400.5.35.1
    * python3-libxml2-debuginfo-2.9.14-150400.5.35.1
    * python3-libxml2-2.9.14-150400.5.35.1
  * SUSE Manager Server 4.3 (x86_64)
    * libxml2-2-32bit-debuginfo-2.9.14-150400.5.35.1
    * libxml2-2-32bit-2.9.14-150400.5.35.1

## References:

  * https://www.suse.com/security/cve/CVE-2022-49043.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1236460

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/suma-updates/attachments/20250203/84b53a1b/attachment.htm>

From null at suse.de  Mon Feb  3 20:30:24 2025
From: null at suse.de (SUSE-MANAGER-UPDATES)
Date: Mon, 03 Feb 2025 20:30:24 -0000
Subject: SUSE-SU-2025:0340-1: moderate: Security update for rsync
Message-ID: <173861462459.22227.8334386608348431976@smelt2.prg2.suse.org>



# Security update for rsync

Announcement ID: SUSE-SU-2025:0340-1  
Release Date: 2025-02-03T16:32:43Z  
Rating: moderate  
References:

  * bsc#1233760

  
Affected Products:

  * openSUSE Leap 15.4
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP5
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
  * SUSE Linux Enterprise Micro 5.3
  * SUSE Linux Enterprise Micro 5.4
  * SUSE Linux Enterprise Micro 5.5
  * SUSE Linux Enterprise Micro for Rancher 5.3
  * SUSE Linux Enterprise Micro for Rancher 5.4
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP4 LTSS
  * SUSE Linux Enterprise Server 15 SP5
  * SUSE Linux Enterprise Server 15 SP5 LTSS
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that has one security fix can now be installed.

## Description:

This update for rsync fixes the following issues:

  * Bump rsync protocol version to 32 to show server is patched against recent
    vulnerabilities.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.4  
    zypper in -t patch SUSE-2025-340=1

  * SUSE Linux Enterprise Micro for Rancher 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2025-340=1

  * SUSE Linux Enterprise Micro 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2025-340=1

  * SUSE Linux Enterprise Micro for Rancher 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2025-340=1

  * SUSE Linux Enterprise Micro 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2025-340=1

  * SUSE Linux Enterprise Micro 5.5  
    zypper in -t patch SUSE-SLE-Micro-5.5-2025-340=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-340=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-340=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-340=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-340=1

  * SUSE Linux Enterprise Server 15 SP4 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-340=1

  * SUSE Linux Enterprise Server 15 SP5 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-340=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP4  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-340=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP5  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-340=1

  * SUSE Manager Proxy 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-340=1

  * SUSE Manager Retail Branch Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-340=1

  * SUSE Manager Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-340=1

## Package List:

  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
    * rsync-debuginfo-3.2.3-150400.3.20.1
    * rsync-debugsource-3.2.3-150400.3.20.1
    * rsync-3.2.3-150400.3.20.1
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
    * rsync-debuginfo-3.2.3-150400.3.20.1
    * rsync-debugsource-3.2.3-150400.3.20.1
    * rsync-3.2.3-150400.3.20.1
  * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
    * rsync-debuginfo-3.2.3-150400.3.20.1
    * rsync-debugsource-3.2.3-150400.3.20.1
    * rsync-3.2.3-150400.3.20.1
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
    * rsync-debuginfo-3.2.3-150400.3.20.1
    * rsync-debugsource-3.2.3-150400.3.20.1
    * rsync-3.2.3-150400.3.20.1
  * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
    * rsync-debuginfo-3.2.3-150400.3.20.1
    * rsync-debugsource-3.2.3-150400.3.20.1
    * rsync-3.2.3-150400.3.20.1
  * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
    * rsync-debuginfo-3.2.3-150400.3.20.1
    * rsync-debugsource-3.2.3-150400.3.20.1
    * rsync-3.2.3-150400.3.20.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    x86_64)
    * rsync-debuginfo-3.2.3-150400.3.20.1
    * rsync-debugsource-3.2.3-150400.3.20.1
    * rsync-3.2.3-150400.3.20.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
    x86_64)
    * rsync-debuginfo-3.2.3-150400.3.20.1
    * rsync-debugsource-3.2.3-150400.3.20.1
    * rsync-3.2.3-150400.3.20.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
    x86_64)
    * rsync-debuginfo-3.2.3-150400.3.20.1
    * rsync-debugsource-3.2.3-150400.3.20.1
    * rsync-3.2.3-150400.3.20.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
    x86_64)
    * rsync-debuginfo-3.2.3-150400.3.20.1
    * rsync-debugsource-3.2.3-150400.3.20.1
    * rsync-3.2.3-150400.3.20.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
    * rsync-debuginfo-3.2.3-150400.3.20.1
    * rsync-debugsource-3.2.3-150400.3.20.1
    * rsync-3.2.3-150400.3.20.1
  * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
    * rsync-debuginfo-3.2.3-150400.3.20.1
    * rsync-debugsource-3.2.3-150400.3.20.1
    * rsync-3.2.3-150400.3.20.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
    * rsync-debuginfo-3.2.3-150400.3.20.1
    * rsync-debugsource-3.2.3-150400.3.20.1
    * rsync-3.2.3-150400.3.20.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
    * rsync-debuginfo-3.2.3-150400.3.20.1
    * rsync-debugsource-3.2.3-150400.3.20.1
    * rsync-3.2.3-150400.3.20.1
  * SUSE Manager Proxy 4.3 (x86_64)
    * rsync-debuginfo-3.2.3-150400.3.20.1
    * rsync-debugsource-3.2.3-150400.3.20.1
    * rsync-3.2.3-150400.3.20.1
  * SUSE Manager Retail Branch Server 4.3 (x86_64)
    * rsync-debuginfo-3.2.3-150400.3.20.1
    * rsync-debugsource-3.2.3-150400.3.20.1
    * rsync-3.2.3-150400.3.20.1
  * SUSE Manager Server 4.3 (ppc64le s390x x86_64)
    * rsync-debuginfo-3.2.3-150400.3.20.1
    * rsync-debugsource-3.2.3-150400.3.20.1
    * rsync-3.2.3-150400.3.20.1

## References:

  * https://bugzilla.suse.com/show_bug.cgi?id=1233760

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/suma-updates/attachments/20250203/57cfd53a/attachment.htm>

From null at suse.de  Thu Feb  6 16:30:12 2025
From: null at suse.de (SUSE-MANAGER-UPDATES)
Date: Thu, 06 Feb 2025 16:30:12 -0000
Subject: SUSE-OU-2025:0378-1: low: Optional update for cronie
Message-ID: <173885941288.21757.5013144772427985508@smelt2.prg2.suse.org>



# Optional update for cronie

Announcement ID: SUSE-OU-2025:0378-1  
Release Date: 2025-02-06T09:32:18Z  
Rating: low  
References:

  * jsc#PED-11444

  
Affected Products:

  * Basesystem Module 15-SP6
  * openSUSE Leap 15.6
  * Public Cloud Module 15-SP4
  * Public Cloud Module 15-SP5
  * Public Cloud Module 15-SP6
  * SUSE Linux Enterprise Desktop 15 SP6
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP5
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
  * SUSE Linux Enterprise Micro 5.3
  * SUSE Linux Enterprise Micro 5.4
  * SUSE Linux Enterprise Micro 5.5
  * SUSE Linux Enterprise Micro for Rancher 5.3
  * SUSE Linux Enterprise Micro for Rancher 5.4
  * SUSE Linux Enterprise Real Time 15 SP6
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP4 LTSS
  * SUSE Linux Enterprise Server 15 SP5
  * SUSE Linux Enterprise Server 15 SP5 LTSS
  * SUSE Linux Enterprise Server 15 SP6
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5
  * SUSE Linux Enterprise Server for SAP Applications 15 SP6
  * SUSE Linux Enterprise Workstation Extension 15 SP6
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3
  * SUSE Package Hub 15 15-SP6

  
  
An update that contains one feature can now be installed.

## Description:

This update for libOpenCL1 fixes the following issue:

  * Ship existing libOpenCL1 to more products.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.6  
    zypper in -t patch openSUSE-SLE-15.6-2025-378=1

  * SUSE Linux Enterprise Micro for Rancher 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2025-378=1

  * SUSE Linux Enterprise Micro 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2025-378=1

  * SUSE Linux Enterprise Micro for Rancher 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2025-378=1

  * SUSE Linux Enterprise Micro 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2025-378=1

  * SUSE Linux Enterprise Micro 5.5  
    zypper in -t patch SUSE-SLE-Micro-5.5-2025-378=1

  * Basesystem Module 15-SP6  
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-378=1

  * SUSE Package Hub 15 15-SP6  
    zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-378=1

  * Public Cloud Module 15-SP4  
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2025-378=1

  * Public Cloud Module 15-SP5  
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2025-378=1

  * Public Cloud Module 15-SP6  
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2025-378=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-378=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-378=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-378=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-378=1

  * SUSE Linux Enterprise Server 15 SP4 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-378=1

  * SUSE Linux Enterprise Server 15 SP5 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-378=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP4  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-378=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP5  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-378=1

  * SUSE Manager Proxy 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-378=1

  * SUSE Manager Retail Branch Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-378=1

  * SUSE Manager Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-378=1

  * SUSE Linux Enterprise Workstation Extension 15 SP6  
    zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-378=1

## Package List:

  * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-devel-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * openSUSE Leap 15.6 (x86_64)
    * ocl-icd-devel-32bit-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-debuginfo-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-2.3.1-150100.8.17.1
  * openSUSE Leap 15.6 (noarch)
    * opencl-headers-2.2+git.20211214-150000.3.5.1
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-devel-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * Basesystem Module 15-SP6 (noarch)
    * opencl-headers-2.2+git.20211214-150000.3.5.1
  * Basesystem Module 15-SP6 (x86_64)
    * ocl-icd-devel-32bit-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-debuginfo-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-2.3.1-150100.8.17.1
  * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-devel-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * SUSE Package Hub 15 15-SP6 (noarch)
    * opencl-headers-2.2+git.20211214-150000.3.5.1
  * SUSE Package Hub 15 15-SP6 (x86_64)
    * libOpenCL1-32bit-debuginfo-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-2.3.1-150100.8.17.1
  * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * Public Cloud Module 15-SP6 (aarch64 ppc64le s390x x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-devel-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
    * opencl-headers-2.2+git.20211214-150000.3.5.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
    * ocl-icd-devel-32bit-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-debuginfo-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
    x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-devel-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
    * opencl-headers-2.2+git.20211214-150000.3.5.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
    * ocl-icd-devel-32bit-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-debuginfo-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
    x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-devel-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
    * opencl-headers-2.2+git.20211214-150000.3.5.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
    * ocl-icd-devel-32bit-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-debuginfo-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
    x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-devel-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
    * opencl-headers-2.2+git.20211214-150000.3.5.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
    * ocl-icd-devel-32bit-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-debuginfo-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-devel-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
    * opencl-headers-2.2+git.20211214-150000.3.5.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
    * ocl-icd-devel-32bit-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-debuginfo-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-devel-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
    * opencl-headers-2.2+git.20211214-150000.3.5.1
  * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
    * ocl-icd-devel-32bit-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-debuginfo-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-devel-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
    * opencl-headers-2.2+git.20211214-150000.3.5.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
    * ocl-icd-devel-32bit-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-debuginfo-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-devel-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
    * opencl-headers-2.2+git.20211214-150000.3.5.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
    * ocl-icd-devel-32bit-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-debuginfo-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-2.3.1-150100.8.17.1
  * SUSE Manager Proxy 4.3 (x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * SUSE Manager Retail Branch Server 4.3 (x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * SUSE Manager Server 4.3 (ppc64le s390x x86_64)
    * libOpenCL1-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
    * libOpenCL1-32bit-2.3.1-150100.8.17.1
    * ocl-icd-debugsource-2.3.1-150100.8.17.1
    * ocl-icd-devel-2.3.1-150100.8.17.1
    * libOpenCL1-32bit-debuginfo-2.3.1-150100.8.17.1
    * libOpenCL1-2.3.1-150100.8.17.1
    * ocl-icd-devel-32bit-2.3.1-150100.8.17.1
    * libOpenCL1-debuginfo-2.3.1-150100.8.17.1
  * SUSE Linux Enterprise Workstation Extension 15 SP6 (noarch)
    * opencl-headers-2.2+git.20211214-150000.3.5.1

## References:

  * https://jira.suse.com/browse/PED-11444

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/suma-updates/attachments/20250206/96b725b8/attachment.htm>

From null at suse.de  Thu Feb  6 16:30:30 2025
From: null at suse.de (SUSE-MANAGER-UPDATES)
Date: Thu, 06 Feb 2025 16:30:30 -0000
Subject: SUSE-RU-2025:0375-1: moderate: Recommended update for rmt-server
Message-ID: <173885943007.21757.2796117194454587318@smelt2.prg2.suse.org>



# Recommended update for rmt-server

Announcement ID: SUSE-RU-2025:0375-1  
Release Date: 2025-02-05T16:00:43Z  
Rating: moderate  
References:

  * bsc#1230157
  * bsc#1230419
  * bsc#1232808
  * bsc#1234844

  
Affected Products:

  * openSUSE Leap 15.4
  * Public Cloud Module 15-SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP4 LTSS
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that has four fixes can now be installed.

## Description:

This update for rmt-server fixes the following issues:

  * Allow users to configure the SUMA product tree base URL to download
    'product_tree.json' from host other than 'scc.suse.com' (bsc#1234844)
  * Update Micro check due to Micro 6.0 and 6.1 identifier (bsc#1230419)
  * Remove obsolete repositories and associations from rmt during SCC sync
    (bsc#1232808)
  * Do not re-download repomd metadata if already exists and be the latest
    version
  * rmt-server-pubcloud:
    * Update Zypper path allowing check to handle paid extensions (i.e. LTSS) (bsc#1230157)
    * Add data export engine

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * Public Cloud Module 15-SP4  
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2025-375=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-375=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-375=1

  * SUSE Linux Enterprise Server 15 SP4 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-375=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP4  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-375=1

  * SUSE Manager Proxy 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-375=1

  * SUSE Manager Retail Branch Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-375=1

  * SUSE Manager Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-375=1

  * openSUSE Leap 15.4  
    zypper in -t patch SUSE-2025-375=1

## Package List:

  * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
    * rmt-server-debugsource-2.21-150400.3.37.1
    * rmt-server-debuginfo-2.21-150400.3.37.1
    * rmt-server-pubcloud-2.21-150400.3.37.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    x86_64)
    * rmt-server-2.21-150400.3.37.1
    * rmt-server-debuginfo-2.21-150400.3.37.1
    * rmt-server-config-2.21-150400.3.37.1
    * rmt-server-debugsource-2.21-150400.3.37.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
    x86_64)
    * rmt-server-2.21-150400.3.37.1
    * rmt-server-debuginfo-2.21-150400.3.37.1
    * rmt-server-config-2.21-150400.3.37.1
    * rmt-server-debugsource-2.21-150400.3.37.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
    * rmt-server-2.21-150400.3.37.1
    * rmt-server-debuginfo-2.21-150400.3.37.1
    * rmt-server-config-2.21-150400.3.37.1
    * rmt-server-debugsource-2.21-150400.3.37.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
    * rmt-server-2.21-150400.3.37.1
    * rmt-server-debuginfo-2.21-150400.3.37.1
    * rmt-server-config-2.21-150400.3.37.1
    * rmt-server-debugsource-2.21-150400.3.37.1
  * SUSE Manager Proxy 4.3 (x86_64)
    * rmt-server-2.21-150400.3.37.1
    * rmt-server-debuginfo-2.21-150400.3.37.1
    * rmt-server-config-2.21-150400.3.37.1
    * rmt-server-debugsource-2.21-150400.3.37.1
  * SUSE Manager Retail Branch Server 4.3 (x86_64)
    * rmt-server-2.21-150400.3.37.1
    * rmt-server-debuginfo-2.21-150400.3.37.1
    * rmt-server-config-2.21-150400.3.37.1
    * rmt-server-debugsource-2.21-150400.3.37.1
  * SUSE Manager Server 4.3 (ppc64le s390x x86_64)
    * rmt-server-2.21-150400.3.37.1
    * rmt-server-debuginfo-2.21-150400.3.37.1
    * rmt-server-config-2.21-150400.3.37.1
    * rmt-server-debugsource-2.21-150400.3.37.1
  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
    * rmt-server-2.21-150400.3.37.1
    * rmt-server-pubcloud-2.21-150400.3.37.1
    * rmt-server-debuginfo-2.21-150400.3.37.1
    * rmt-server-config-2.21-150400.3.37.1
    * rmt-server-debugsource-2.21-150400.3.37.1

## References:

  * https://bugzilla.suse.com/show_bug.cgi?id=1230157
  * https://bugzilla.suse.com/show_bug.cgi?id=1230419
  * https://bugzilla.suse.com/show_bug.cgi?id=1232808
  * https://bugzilla.suse.com/show_bug.cgi?id=1234844

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/suma-updates/attachments/20250206/e62aff67/attachment.htm>

From null at suse.de  Thu Feb  6 16:30:41 2025
From: null at suse.de (SUSE-MANAGER-UPDATES)
Date: Thu, 06 Feb 2025 16:30:41 -0000
Subject: SUSE-SU-2025:0370-1: moderate: Security update for curl
Message-ID: <173885944180.21757.13328263887726668716@smelt2.prg2.suse.org>



# Security update for curl

Announcement ID: SUSE-SU-2025:0370-1  
Release Date: 2025-02-05T15:34:46Z  
Rating: moderate  
References:

  * bsc#1236588
  * bsc#1236590

  
Cross-References:

  * CVE-2025-0167
  * CVE-2025-0725

  
CVSS scores:

  * CVE-2025-0167 ( SUSE ):  5.9
    CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
  * CVE-2025-0167 ( SUSE ):  5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
  * CVE-2025-0725 ( SUSE ):  5.3
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  * CVE-2025-0725 ( SUSE ):  4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  * CVE-2025-0725 ( NVD ):  7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

  
Affected Products:

  * openSUSE Leap 15.4
  * SUSE Linux Enterprise Desktop 15 SP4
  * SUSE Linux Enterprise Desktop 15 SP5
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP5
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
  * SUSE Linux Enterprise Micro 5.3
  * SUSE Linux Enterprise Micro 5.4
  * SUSE Linux Enterprise Micro 5.5
  * SUSE Linux Enterprise Micro for Rancher 5.3
  * SUSE Linux Enterprise Micro for Rancher 5.4
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP4 LTSS
  * SUSE Linux Enterprise Server 15 SP5
  * SUSE Linux Enterprise Server 15 SP5 LTSS
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that solves two vulnerabilities can now be installed.

## Description:

This update for curl fixes the following issues:

  * CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590)
  * CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-370=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-370=1

  * SUSE Linux Enterprise Server 15 SP4 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-370=1

  * SUSE Linux Enterprise Server 15 SP5 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-370=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP4  
    zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-370=1 SUSE-SLE-Product-
SLES_SAP-15-SP4-2025-370=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP5  
    zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2025-370=1 SUSE-SLE-Product-
SLES_SAP-15-SP5-2025-370=1

  * SUSE Manager Proxy 4.3  
    zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-370=1 SUSE-SLE-Product-SUSE-
Manager-Proxy-4.3-2025-370=1

  * SUSE Manager Retail Branch Server 4.3  
    zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-370=1 SUSE-SLE-Product-SUSE-
Manager-Retail-Branch-Server-4.3-2025-370=1

  * SUSE Manager Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-370=1 SUSE-
SLE-INSTALLER-15-SP4-2025-370=1

  * openSUSE Leap 15.4  
    zypper in -t patch SUSE-2025-370=1

  * SUSE Linux Enterprise High Performance Computing 15 SP4  
    zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-370=1

  * SUSE Linux Enterprise Server 15 SP4  
    zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-370=1

  * SUSE Linux Enterprise Desktop 15 SP4  
    zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-370=1

  * SUSE Linux Enterprise High Performance Computing 15 SP5  
    zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2025-370=1

  * SUSE Linux Enterprise Server 15 SP5  
    zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2025-370=1

  * SUSE Linux Enterprise Desktop 15 SP5  
    zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2025-370=1

  * SUSE Linux Enterprise Micro for Rancher 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2025-370=1

  * SUSE Linux Enterprise Micro 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2025-370=1

  * SUSE Linux Enterprise Micro for Rancher 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2025-370=1

  * SUSE Linux Enterprise Micro 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2025-370=1

  * SUSE Linux Enterprise Micro 5.5  
    zypper in -t patch SUSE-SLE-Micro-5.5-2025-370=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-370=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-370=1

## Package List:

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
    x86_64)
    * curl-debuginfo-8.0.1-150400.5.62.1
    * curl-debugsource-8.0.1-150400.5.62.1
    * libcurl4-8.0.1-150400.5.62.1
    * libcurl-devel-8.0.1-150400.5.62.1
    * libcurl4-debuginfo-8.0.1-150400.5.62.1
    * curl-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
    * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1
    * libcurl4-32bit-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
    x86_64)
    * curl-debuginfo-8.0.1-150400.5.62.1
    * curl-debugsource-8.0.1-150400.5.62.1
    * libcurl4-8.0.1-150400.5.62.1
    * libcurl-devel-8.0.1-150400.5.62.1
    * libcurl4-debuginfo-8.0.1-150400.5.62.1
    * curl-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
    * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1
    * libcurl4-32bit-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
    * curl-debuginfo-8.0.1-150400.5.62.1
    * curl-debugsource-8.0.1-150400.5.62.1
    * libcurl4-8.0.1-150400.5.62.1
    * libcurl-devel-8.0.1-150400.5.62.1
    * libcurl4-debuginfo-8.0.1-150400.5.62.1
    * curl-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
    * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1
    * libcurl4-32bit-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
    * curl-debuginfo-8.0.1-150400.5.62.1
    * curl-debugsource-8.0.1-150400.5.62.1
    * libcurl4-8.0.1-150400.5.62.1
    * libcurl-devel-8.0.1-150400.5.62.1
    * libcurl4-debuginfo-8.0.1-150400.5.62.1
    * curl-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
    * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1
    * libcurl4-32bit-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
    * curl-debuginfo-8.0.1-150400.5.62.1
    * curl-debugsource-8.0.1-150400.5.62.1
    * libcurl4-8.0.1-150400.5.62.1
    * libcurl-devel-8.0.1-150400.5.62.1
    * libcurl4-debuginfo-8.0.1-150400.5.62.1
    * curl-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
    * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1
    * libcurl4-32bit-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
    * curl-debuginfo-8.0.1-150400.5.62.1
    * curl-debugsource-8.0.1-150400.5.62.1
    * libcurl4-8.0.1-150400.5.62.1
    * libcurl-devel-8.0.1-150400.5.62.1
    * libcurl4-debuginfo-8.0.1-150400.5.62.1
    * curl-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
    * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1
    * libcurl4-32bit-8.0.1-150400.5.62.1
  * SUSE Manager Proxy 4.3 (x86_64)
    * curl-debuginfo-8.0.1-150400.5.62.1
    * curl-debugsource-8.0.1-150400.5.62.1
    * libcurl4-8.0.1-150400.5.62.1
    * libcurl-devel-8.0.1-150400.5.62.1
    * libcurl4-debuginfo-8.0.1-150400.5.62.1
    * curl-8.0.1-150400.5.62.1
    * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1
    * libcurl4-32bit-8.0.1-150400.5.62.1
  * SUSE Manager Retail Branch Server 4.3 (x86_64)
    * curl-debuginfo-8.0.1-150400.5.62.1
    * curl-debugsource-8.0.1-150400.5.62.1
    * libcurl4-8.0.1-150400.5.62.1
    * libcurl-devel-8.0.1-150400.5.62.1
    * libcurl4-debuginfo-8.0.1-150400.5.62.1
    * curl-8.0.1-150400.5.62.1
    * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1
    * libcurl4-32bit-8.0.1-150400.5.62.1
  * SUSE Manager Server 4.3 (ppc64le s390x x86_64)
    * curl-debuginfo-8.0.1-150400.5.62.1
    * curl-debugsource-8.0.1-150400.5.62.1
    * libcurl4-8.0.1-150400.5.62.1
    * libcurl-devel-8.0.1-150400.5.62.1
    * libcurl4-debuginfo-8.0.1-150400.5.62.1
    * curl-8.0.1-150400.5.62.1
  * SUSE Manager Server 4.3 (x86_64)
    * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1
    * libcurl4-32bit-8.0.1-150400.5.62.1
  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
    * curl-debuginfo-8.0.1-150400.5.62.1
    * curl-debugsource-8.0.1-150400.5.62.1
    * libcurl4-8.0.1-150400.5.62.1
    * libcurl-devel-8.0.1-150400.5.62.1
    * libcurl4-debuginfo-8.0.1-150400.5.62.1
    * curl-8.0.1-150400.5.62.1
  * openSUSE Leap 15.4 (x86_64)
    * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1
    * libcurl-devel-32bit-8.0.1-150400.5.62.1
    * libcurl4-32bit-8.0.1-150400.5.62.1
  * openSUSE Leap 15.4 (aarch64_ilp32)
    * libcurl4-64bit-debuginfo-8.0.1-150400.5.62.1
    * libcurl-devel-64bit-8.0.1-150400.5.62.1
    * libcurl4-64bit-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64)
    * libcurl4-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64)
    * libcurl4-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise Desktop 15 SP4 (x86_64)
    * libcurl4-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64)
    * libcurl4-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise Server 15 SP5 (aarch64 ppc64le s390x x86_64)
    * libcurl4-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise Desktop 15 SP5 (x86_64)
    * libcurl4-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
    * curl-debuginfo-8.0.1-150400.5.62.1
    * curl-debugsource-8.0.1-150400.5.62.1
    * libcurl4-8.0.1-150400.5.62.1
    * libcurl4-debuginfo-8.0.1-150400.5.62.1
    * curl-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
    * curl-debuginfo-8.0.1-150400.5.62.1
    * curl-debugsource-8.0.1-150400.5.62.1
    * libcurl4-8.0.1-150400.5.62.1
    * libcurl4-debuginfo-8.0.1-150400.5.62.1
    * curl-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
    * curl-debuginfo-8.0.1-150400.5.62.1
    * curl-debugsource-8.0.1-150400.5.62.1
    * libcurl4-8.0.1-150400.5.62.1
    * libcurl4-debuginfo-8.0.1-150400.5.62.1
    * curl-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
    * curl-debuginfo-8.0.1-150400.5.62.1
    * curl-debugsource-8.0.1-150400.5.62.1
    * libcurl4-8.0.1-150400.5.62.1
    * libcurl4-debuginfo-8.0.1-150400.5.62.1
    * curl-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
    * curl-debuginfo-8.0.1-150400.5.62.1
    * curl-debugsource-8.0.1-150400.5.62.1
    * libcurl4-8.0.1-150400.5.62.1
    * libcurl4-debuginfo-8.0.1-150400.5.62.1
    * curl-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    x86_64)
    * curl-debuginfo-8.0.1-150400.5.62.1
    * curl-debugsource-8.0.1-150400.5.62.1
    * libcurl4-8.0.1-150400.5.62.1
    * libcurl-devel-8.0.1-150400.5.62.1
    * libcurl4-debuginfo-8.0.1-150400.5.62.1
    * curl-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
    * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1
    * libcurl4-32bit-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
    x86_64)
    * curl-debuginfo-8.0.1-150400.5.62.1
    * curl-debugsource-8.0.1-150400.5.62.1
    * libcurl4-8.0.1-150400.5.62.1
    * libcurl-devel-8.0.1-150400.5.62.1
    * libcurl4-debuginfo-8.0.1-150400.5.62.1
    * curl-8.0.1-150400.5.62.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
    * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1
    * libcurl4-32bit-8.0.1-150400.5.62.1

## References:

  * https://www.suse.com/security/cve/CVE-2025-0167.html
  * https://www.suse.com/security/cve/CVE-2025-0725.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1236588
  * https://bugzilla.suse.com/show_bug.cgi?id=1236590

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/suma-updates/attachments/20250206/51e4b9d4/attachment.htm>

From null at suse.de  Thu Feb  6 16:31:09 2025
From: null at suse.de (SUSE-MANAGER-UPDATES)
Date: Thu, 06 Feb 2025 16:31:09 -0000
Subject: SUSE-RU-2025:0361-1: moderate: Recommended update for libzypp, zypper
Message-ID: <173885946952.21757.647837304619928896@smelt2.prg2.suse.org>



# Recommended update for libzypp, zypper

Announcement ID: SUSE-RU-2025:0361-1  
Release Date: 2025-02-05T10:01:01Z  
Rating: moderate  
References:

  * bsc#1216091
  * bsc#1229106
  * bsc#1232458
  * bsc#1234752
  * bsc#1235636

  
Affected Products:

  * openSUSE Leap 15.4
  * SUSE Linux Enterprise Desktop 15 SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  * SUSE Linux Enterprise Micro 5.3
  * SUSE Linux Enterprise Micro 5.4
  * SUSE Linux Enterprise Micro for Rancher 5.3
  * SUSE Linux Enterprise Micro for Rancher 5.4
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP4 LTSS
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that has five fixes can now be installed.

## Description:

This update for libzypp, zypper fixes the following issues:

  * Create '.keep_packages' in the package cache dir to enforce keeping
    downloaded packages of all repos cached there (bsc#1232458)
  * Fix missing UID checks in repomanager workflow
  * Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp
  * Fix 'zypper ps' when running in incus container (bsc#1229106) Should apply
    to lxc and lxd containers as well
  * Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091)
  * lr: Show the repositories keep-packages flag (bsc#1232458) It is shown in
    the details view or by using -k,--keep-packages. In addition libyzpp
    supports to enforce keeping downloaded packages of all repos within a
    package cache by creating a '.keep_packages' file there
  * Try to refresh update repos first to have updated GPG keys on the fly
    (bsc#1234752) An update repo may contain a prolonged GPG key for the GA
    repo. Refreshing the update repo first updates a trusted key on the fly and
    avoids a 'key has expired' warning being issued when refreshing the GA repo
  * Refresh: restore legacy behavior and suppress Exception reporting as non-
    root (bsc#1235636)

## Special Instructions and Notes:

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.4  
    zypper in -t patch SUSE-2025-361=1

  * SUSE Linux Enterprise High Performance Computing 15 SP4  
    zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-361=1

  * SUSE Linux Enterprise Server 15 SP4  
    zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-361=1

  * SUSE Manager Server 4.3  
    zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-361=1 SUSE-SLE-Product-SUSE-
Manager-Server-4.3-2025-361=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP4  
    zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-361=1 SUSE-SLE-Product-
SLES_SAP-15-SP4-2025-361=1

  * SUSE Linux Enterprise Desktop 15 SP4  
    zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-361=1

  * SUSE Manager Retail Branch Server 4.3  
    zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-361=1 SUSE-SLE-Product-SUSE-
Manager-Retail-Branch-Server-4.3-2025-361=1

  * SUSE Manager Proxy 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-361=1 SUSE-SLE-
INSTALLER-15-SP4-2025-361=1

  * SUSE Linux Enterprise Micro for Rancher 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2025-361=1

  * SUSE Linux Enterprise Micro 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2025-361=1

  * SUSE Linux Enterprise Micro for Rancher 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2025-361=1

  * SUSE Linux Enterprise Micro 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2025-361=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-361=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-361=1

  * SUSE Linux Enterprise Server 15 SP4 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-361=1

## Package List:

  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
    * libzypp-devel-17.35.19-150400.3.110.1
    * zypper-1.14.81-150400.3.73.1
    * zypper-debugsource-1.14.81-150400.3.73.1
    * libzypp-17.35.19-150400.3.110.1
    * zypper-debuginfo-1.14.81-150400.3.73.1
    * libzypp-debuginfo-17.35.19-150400.3.110.1
    * libzypp-devel-doc-17.35.19-150400.3.110.1
    * libzypp-debugsource-17.35.19-150400.3.110.1
  * openSUSE Leap 15.4 (noarch)
    * zypper-needs-restarting-1.14.81-150400.3.73.1
    * zypper-log-1.14.81-150400.3.73.1
    * zypper-aptitude-1.14.81-150400.3.73.1
  * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64)
    * libzypp-17.35.19-150400.3.110.1
  * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64)
    * libzypp-17.35.19-150400.3.110.1
  * SUSE Manager Server 4.3 (ppc64le s390x x86_64)
    * libzypp-devel-17.35.19-150400.3.110.1
    * zypper-1.14.81-150400.3.73.1
    * zypper-debugsource-1.14.81-150400.3.73.1
    * libzypp-17.35.19-150400.3.110.1
    * zypper-debuginfo-1.14.81-150400.3.73.1
    * libzypp-debuginfo-17.35.19-150400.3.110.1
    * libzypp-debugsource-17.35.19-150400.3.110.1
  * SUSE Manager Server 4.3 (noarch)
    * zypper-needs-restarting-1.14.81-150400.3.73.1
    * zypper-log-1.14.81-150400.3.73.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
    * libzypp-devel-17.35.19-150400.3.110.1
    * zypper-1.14.81-150400.3.73.1
    * zypper-debugsource-1.14.81-150400.3.73.1
    * libzypp-17.35.19-150400.3.110.1
    * zypper-debuginfo-1.14.81-150400.3.73.1
    * libzypp-debuginfo-17.35.19-150400.3.110.1
    * libzypp-debugsource-17.35.19-150400.3.110.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
    * zypper-needs-restarting-1.14.81-150400.3.73.1
    * zypper-log-1.14.81-150400.3.73.1
  * SUSE Linux Enterprise Desktop 15 SP4 (x86_64)
    * libzypp-17.35.19-150400.3.110.1
  * SUSE Manager Retail Branch Server 4.3 (x86_64)
    * libzypp-devel-17.35.19-150400.3.110.1
    * zypper-1.14.81-150400.3.73.1
    * zypper-debugsource-1.14.81-150400.3.73.1
    * libzypp-17.35.19-150400.3.110.1
    * zypper-debuginfo-1.14.81-150400.3.73.1
    * libzypp-debuginfo-17.35.19-150400.3.110.1
    * libzypp-debugsource-17.35.19-150400.3.110.1
  * SUSE Manager Retail Branch Server 4.3 (noarch)
    * zypper-needs-restarting-1.14.81-150400.3.73.1
    * zypper-log-1.14.81-150400.3.73.1
  * SUSE Manager Proxy 4.3 (x86_64)
    * libzypp-devel-17.35.19-150400.3.110.1
    * zypper-1.14.81-150400.3.73.1
    * zypper-debugsource-1.14.81-150400.3.73.1
    * libzypp-17.35.19-150400.3.110.1
    * zypper-debuginfo-1.14.81-150400.3.73.1
    * libzypp-debuginfo-17.35.19-150400.3.110.1
    * libzypp-debugsource-17.35.19-150400.3.110.1
  * SUSE Manager Proxy 4.3 (noarch)
    * zypper-needs-restarting-1.14.81-150400.3.73.1
    * zypper-log-1.14.81-150400.3.73.1
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
    * zypper-1.14.81-150400.3.73.1
    * zypper-debugsource-1.14.81-150400.3.73.1
    * libzypp-17.35.19-150400.3.110.1
    * zypper-debuginfo-1.14.81-150400.3.73.1
    * libzypp-debuginfo-17.35.19-150400.3.110.1
    * libzypp-debugsource-17.35.19-150400.3.110.1
  * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
    * zypper-needs-restarting-1.14.81-150400.3.73.1
  * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
    * zypper-1.14.81-150400.3.73.1
    * zypper-debugsource-1.14.81-150400.3.73.1
    * libzypp-17.35.19-150400.3.110.1
    * zypper-debuginfo-1.14.81-150400.3.73.1
    * libzypp-debuginfo-17.35.19-150400.3.110.1
    * libzypp-debugsource-17.35.19-150400.3.110.1
  * SUSE Linux Enterprise Micro 5.3 (noarch)
    * zypper-needs-restarting-1.14.81-150400.3.73.1
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
    * zypper-1.14.81-150400.3.73.1
    * zypper-debugsource-1.14.81-150400.3.73.1
    * libzypp-17.35.19-150400.3.110.1
    * zypper-debuginfo-1.14.81-150400.3.73.1
    * libzypp-debuginfo-17.35.19-150400.3.110.1
    * libzypp-debugsource-17.35.19-150400.3.110.1
  * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
    * zypper-needs-restarting-1.14.81-150400.3.73.1
  * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
    * zypper-1.14.81-150400.3.73.1
    * zypper-debugsource-1.14.81-150400.3.73.1
    * libzypp-17.35.19-150400.3.110.1
    * zypper-debuginfo-1.14.81-150400.3.73.1
    * libzypp-debuginfo-17.35.19-150400.3.110.1
    * libzypp-debugsource-17.35.19-150400.3.110.1
  * SUSE Linux Enterprise Micro 5.4 (noarch)
    * zypper-needs-restarting-1.14.81-150400.3.73.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    x86_64)
    * libzypp-devel-17.35.19-150400.3.110.1
    * zypper-1.14.81-150400.3.73.1
    * zypper-debugsource-1.14.81-150400.3.73.1
    * libzypp-17.35.19-150400.3.110.1
    * zypper-debuginfo-1.14.81-150400.3.73.1
    * libzypp-debuginfo-17.35.19-150400.3.110.1
    * libzypp-debugsource-17.35.19-150400.3.110.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
    * zypper-needs-restarting-1.14.81-150400.3.73.1
    * zypper-log-1.14.81-150400.3.73.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
    x86_64)
    * libzypp-devel-17.35.19-150400.3.110.1
    * zypper-1.14.81-150400.3.73.1
    * zypper-debugsource-1.14.81-150400.3.73.1
    * libzypp-17.35.19-150400.3.110.1
    * zypper-debuginfo-1.14.81-150400.3.73.1
    * libzypp-debuginfo-17.35.19-150400.3.110.1
    * libzypp-debugsource-17.35.19-150400.3.110.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
    * zypper-needs-restarting-1.14.81-150400.3.73.1
    * zypper-log-1.14.81-150400.3.73.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
    * libzypp-devel-17.35.19-150400.3.110.1
    * zypper-1.14.81-150400.3.73.1
    * zypper-debugsource-1.14.81-150400.3.73.1
    * libzypp-17.35.19-150400.3.110.1
    * zypper-debuginfo-1.14.81-150400.3.73.1
    * libzypp-debuginfo-17.35.19-150400.3.110.1
    * libzypp-debugsource-17.35.19-150400.3.110.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
    * zypper-needs-restarting-1.14.81-150400.3.73.1
    * zypper-log-1.14.81-150400.3.73.1

## References:

  * https://bugzilla.suse.com/show_bug.cgi?id=1216091
  * https://bugzilla.suse.com/show_bug.cgi?id=1229106
  * https://bugzilla.suse.com/show_bug.cgi?id=1232458
  * https://bugzilla.suse.com/show_bug.cgi?id=1234752
  * https://bugzilla.suse.com/show_bug.cgi?id=1235636

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/suma-updates/attachments/20250206/d24ea7b6/attachment.htm>

From null at suse.de  Thu Feb  6 16:31:27 2025
From: null at suse.de (SUSE-MANAGER-UPDATES)
Date: Thu, 06 Feb 2025 16:31:27 -0000
Subject: SUSE-SU-2025:0350-1: important: Security update for xrdp
Message-ID: <173885948713.21757.9826844266483990121@smelt2.prg2.suse.org>



# Security update for xrdp

Announcement ID: SUSE-SU-2025:0350-1  
Release Date: 2025-02-04T09:15:31Z  
Rating: important  
References:

  * bsc#1227769

  
Cross-References:

  * CVE-2024-39917

  
CVSS scores:

  * CVE-2024-39917 ( SUSE ):  7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  * CVE-2024-39917 ( NVD ):  9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * SUSE Enterprise Storage 7.1
  * SUSE Linux Enterprise High Performance Computing 15 SP3
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP5
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
  * SUSE Linux Enterprise Server 15 SP3
  * SUSE Linux Enterprise Server 15 SP3 LTSS
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP4 LTSS
  * SUSE Linux Enterprise Server 15 SP5
  * SUSE Linux Enterprise Server 15 SP5 LTSS
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that solves one vulnerability can now be installed.

## Description:

This update for xrdp fixes the following issues:

  * CVE-2024-39917: Enforce no login screen if require_credentials is set
    (bsc#1227769)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-350=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-350=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-350=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-350=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-350=1

  * SUSE Linux Enterprise Server 15 SP3 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-350=1

  * SUSE Linux Enterprise Server 15 SP4 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-350=1

  * SUSE Linux Enterprise Server 15 SP5 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-350=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP3  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-350=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP4  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-350=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP5  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-350=1

  * SUSE Manager Proxy 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-350=1

  * SUSE Manager Retail Branch Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-350=1

  * SUSE Manager Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-350=1

  * SUSE Enterprise Storage 7.1  
    zypper in -t patch SUSE-Storage-7.1-2025-350=1

## Package List:

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
    x86_64)
    * libpainter0-0.9.13.1-150200.4.33.1
    * xrdp-0.9.13.1-150200.4.33.1
    * librfxencode0-debuginfo-0.9.13.1-150200.4.33.1
    * xrdp-debugsource-0.9.13.1-150200.4.33.1
    * librfxencode0-0.9.13.1-150200.4.33.1
    * xrdp-devel-0.9.13.1-150200.4.33.1
    * xrdp-debuginfo-0.9.13.1-150200.4.33.1
    * libpainter0-debuginfo-0.9.13.1-150200.4.33.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    x86_64)
    * libpainter0-0.9.13.1-150200.4.33.1
    * xrdp-0.9.13.1-150200.4.33.1
    * librfxencode0-debuginfo-0.9.13.1-150200.4.33.1
    * xrdp-debugsource-0.9.13.1-150200.4.33.1
    * librfxencode0-0.9.13.1-150200.4.33.1
    * xrdp-devel-0.9.13.1-150200.4.33.1
    * xrdp-debuginfo-0.9.13.1-150200.4.33.1
    * libpainter0-debuginfo-0.9.13.1-150200.4.33.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
    x86_64)
    * libpainter0-0.9.13.1-150200.4.33.1
    * xrdp-0.9.13.1-150200.4.33.1
    * librfxencode0-debuginfo-0.9.13.1-150200.4.33.1
    * xrdp-debugsource-0.9.13.1-150200.4.33.1
    * librfxencode0-0.9.13.1-150200.4.33.1
    * xrdp-devel-0.9.13.1-150200.4.33.1
    * xrdp-debuginfo-0.9.13.1-150200.4.33.1
    * libpainter0-debuginfo-0.9.13.1-150200.4.33.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
    x86_64)
    * libpainter0-0.9.13.1-150200.4.33.1
    * xrdp-0.9.13.1-150200.4.33.1
    * librfxencode0-debuginfo-0.9.13.1-150200.4.33.1
    * xrdp-debugsource-0.9.13.1-150200.4.33.1
    * librfxencode0-0.9.13.1-150200.4.33.1
    * xrdp-devel-0.9.13.1-150200.4.33.1
    * xrdp-debuginfo-0.9.13.1-150200.4.33.1
    * libpainter0-debuginfo-0.9.13.1-150200.4.33.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
    x86_64)
    * libpainter0-0.9.13.1-150200.4.33.1
    * xrdp-0.9.13.1-150200.4.33.1
    * librfxencode0-debuginfo-0.9.13.1-150200.4.33.1
    * xrdp-debugsource-0.9.13.1-150200.4.33.1
    * librfxencode0-0.9.13.1-150200.4.33.1
    * xrdp-devel-0.9.13.1-150200.4.33.1
    * xrdp-debuginfo-0.9.13.1-150200.4.33.1
    * libpainter0-debuginfo-0.9.13.1-150200.4.33.1
  * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
    * libpainter0-0.9.13.1-150200.4.33.1
    * xrdp-0.9.13.1-150200.4.33.1
    * librfxencode0-debuginfo-0.9.13.1-150200.4.33.1
    * xrdp-debugsource-0.9.13.1-150200.4.33.1
    * librfxencode0-0.9.13.1-150200.4.33.1
    * xrdp-devel-0.9.13.1-150200.4.33.1
    * xrdp-debuginfo-0.9.13.1-150200.4.33.1
    * libpainter0-debuginfo-0.9.13.1-150200.4.33.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
    * libpainter0-0.9.13.1-150200.4.33.1
    * xrdp-0.9.13.1-150200.4.33.1
    * librfxencode0-debuginfo-0.9.13.1-150200.4.33.1
    * xrdp-debugsource-0.9.13.1-150200.4.33.1
    * librfxencode0-0.9.13.1-150200.4.33.1
    * xrdp-devel-0.9.13.1-150200.4.33.1
    * xrdp-debuginfo-0.9.13.1-150200.4.33.1
    * libpainter0-debuginfo-0.9.13.1-150200.4.33.1
  * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
    * libpainter0-0.9.13.1-150200.4.33.1
    * xrdp-0.9.13.1-150200.4.33.1
    * librfxencode0-debuginfo-0.9.13.1-150200.4.33.1
    * xrdp-debugsource-0.9.13.1-150200.4.33.1
    * librfxencode0-0.9.13.1-150200.4.33.1
    * xrdp-devel-0.9.13.1-150200.4.33.1
    * xrdp-debuginfo-0.9.13.1-150200.4.33.1
    * libpainter0-debuginfo-0.9.13.1-150200.4.33.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
    * libpainter0-0.9.13.1-150200.4.33.1
    * xrdp-0.9.13.1-150200.4.33.1
    * librfxencode0-debuginfo-0.9.13.1-150200.4.33.1
    * xrdp-debugsource-0.9.13.1-150200.4.33.1
    * librfxencode0-0.9.13.1-150200.4.33.1
    * xrdp-devel-0.9.13.1-150200.4.33.1
    * xrdp-debuginfo-0.9.13.1-150200.4.33.1
    * libpainter0-debuginfo-0.9.13.1-150200.4.33.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
    * libpainter0-0.9.13.1-150200.4.33.1
    * xrdp-0.9.13.1-150200.4.33.1
    * librfxencode0-debuginfo-0.9.13.1-150200.4.33.1
    * xrdp-debugsource-0.9.13.1-150200.4.33.1
    * librfxencode0-0.9.13.1-150200.4.33.1
    * xrdp-devel-0.9.13.1-150200.4.33.1
    * xrdp-debuginfo-0.9.13.1-150200.4.33.1
    * libpainter0-debuginfo-0.9.13.1-150200.4.33.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
    * libpainter0-0.9.13.1-150200.4.33.1
    * xrdp-0.9.13.1-150200.4.33.1
    * librfxencode0-debuginfo-0.9.13.1-150200.4.33.1
    * xrdp-debugsource-0.9.13.1-150200.4.33.1
    * librfxencode0-0.9.13.1-150200.4.33.1
    * xrdp-devel-0.9.13.1-150200.4.33.1
    * xrdp-debuginfo-0.9.13.1-150200.4.33.1
    * libpainter0-debuginfo-0.9.13.1-150200.4.33.1
  * SUSE Manager Proxy 4.3 (x86_64)
    * libpainter0-0.9.13.1-150200.4.33.1
    * xrdp-0.9.13.1-150200.4.33.1
    * librfxencode0-debuginfo-0.9.13.1-150200.4.33.1
    * xrdp-debugsource-0.9.13.1-150200.4.33.1
    * librfxencode0-0.9.13.1-150200.4.33.1
    * xrdp-devel-0.9.13.1-150200.4.33.1
    * xrdp-debuginfo-0.9.13.1-150200.4.33.1
    * libpainter0-debuginfo-0.9.13.1-150200.4.33.1
  * SUSE Manager Retail Branch Server 4.3 (x86_64)
    * libpainter0-0.9.13.1-150200.4.33.1
    * xrdp-0.9.13.1-150200.4.33.1
    * librfxencode0-debuginfo-0.9.13.1-150200.4.33.1
    * xrdp-debugsource-0.9.13.1-150200.4.33.1
    * librfxencode0-0.9.13.1-150200.4.33.1
    * xrdp-devel-0.9.13.1-150200.4.33.1
    * xrdp-debuginfo-0.9.13.1-150200.4.33.1
    * libpainter0-debuginfo-0.9.13.1-150200.4.33.1
  * SUSE Manager Server 4.3 (ppc64le s390x x86_64)
    * libpainter0-0.9.13.1-150200.4.33.1
    * xrdp-0.9.13.1-150200.4.33.1
    * librfxencode0-debuginfo-0.9.13.1-150200.4.33.1
    * xrdp-debugsource-0.9.13.1-150200.4.33.1
    * librfxencode0-0.9.13.1-150200.4.33.1
    * xrdp-devel-0.9.13.1-150200.4.33.1
    * xrdp-debuginfo-0.9.13.1-150200.4.33.1
    * libpainter0-debuginfo-0.9.13.1-150200.4.33.1
  * SUSE Enterprise Storage 7.1 (aarch64 x86_64)
    * libpainter0-0.9.13.1-150200.4.33.1
    * xrdp-0.9.13.1-150200.4.33.1
    * librfxencode0-debuginfo-0.9.13.1-150200.4.33.1
    * xrdp-debugsource-0.9.13.1-150200.4.33.1
    * librfxencode0-0.9.13.1-150200.4.33.1
    * xrdp-devel-0.9.13.1-150200.4.33.1
    * xrdp-debuginfo-0.9.13.1-150200.4.33.1
    * libpainter0-debuginfo-0.9.13.1-150200.4.33.1

## References:

  * https://www.suse.com/security/cve/CVE-2024-39917.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1227769

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/suma-updates/attachments/20250206/ef859093/attachment.htm>

From null at suse.de  Thu Feb  6 16:31:29 2025
From: null at suse.de (SUSE-MANAGER-UPDATES)
Date: Thu, 06 Feb 2025 16:31:29 -0000
Subject: SUSE-SU-2025:0349-1: moderate: Security update for openssl-1_1
Message-ID: <173885948971.21757.15154285244585928200@smelt2.prg2.suse.org>



# Security update for openssl-1_1

Announcement ID: SUSE-SU-2025:0349-1  
Release Date: 2025-02-04T08:34:49Z  
Rating: moderate  
References:

  * bsc#1236136

  
Cross-References:

  * CVE-2024-13176

  
CVSS scores:

  * CVE-2024-13176 ( SUSE ):  8.2
    CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
  * CVE-2024-13176 ( SUSE ):  5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
  * CVE-2024-13176 ( NVD ):  4.1 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

  
Affected Products:

  * openSUSE Leap 15.4
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  * SUSE Linux Enterprise Micro 5.3
  * SUSE Linux Enterprise Micro 5.4
  * SUSE Linux Enterprise Micro for Rancher 5.3
  * SUSE Linux Enterprise Micro for Rancher 5.4
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP4 LTSS
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that solves one vulnerability can now be installed.

## Description:

This update for openssl-1_1 fixes the following issues:

  * CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation
    (bsc#1236136)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Manager Retail Branch Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-349=1

  * SUSE Manager Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-349=1

  * openSUSE Leap 15.4  
    zypper in -t patch SUSE-2025-349=1

  * SUSE Linux Enterprise Micro for Rancher 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2025-349=1

  * SUSE Linux Enterprise Micro 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2025-349=1

  * SUSE Linux Enterprise Micro for Rancher 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2025-349=1

  * SUSE Linux Enterprise Micro 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2025-349=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-349=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-349=1

  * SUSE Linux Enterprise Server 15 SP4 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-349=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP4  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-349=1

  * SUSE Manager Proxy 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-349=1

## Package List:

  * SUSE Manager Retail Branch Server 4.3 (x86_64)
    * libopenssl1_1-hmac-1.1.1l-150400.7.78.1
    * libopenssl1_1-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-1.1.1l-150400.7.78.1
    * libopenssl1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-debuginfo-1.1.1l-150400.7.78.1
    * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.78.1
    * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1
    * libopenssl1_1-32bit-1.1.1l-150400.7.78.1
    * openssl-1_1-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1
    * openssl-1_1-debugsource-1.1.1l-150400.7.78.1
  * SUSE Manager Server 4.3 (ppc64le s390x x86_64)
    * libopenssl1_1-hmac-1.1.1l-150400.7.78.1
    * libopenssl1_1-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-1.1.1l-150400.7.78.1
    * libopenssl1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-1.1.1l-150400.7.78.1
    * openssl-1_1-debugsource-1.1.1l-150400.7.78.1
  * SUSE Manager Server 4.3 (x86_64)
    * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1
    * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.78.1
    * libopenssl1_1-32bit-1.1.1l-150400.7.78.1
  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
    * libopenssl1_1-hmac-1.1.1l-150400.7.78.1
    * libopenssl1_1-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-1.1.1l-150400.7.78.1
    * libopenssl1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-1.1.1l-150400.7.78.1
    * openssl-1_1-debugsource-1.1.1l-150400.7.78.1
  * openSUSE Leap 15.4 (x86_64)
    * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1
    * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.78.1
    * libopenssl1_1-32bit-1.1.1l-150400.7.78.1
  * openSUSE Leap 15.4 (noarch)
    * openssl-1_1-doc-1.1.1l-150400.7.78.1
  * openSUSE Leap 15.4 (aarch64_ilp32)
    * libopenssl1_1-64bit-1.1.1l-150400.7.78.1
    * libopenssl1_1-64bit-debuginfo-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-64bit-1.1.1l-150400.7.78.1
    * libopenssl1_1-hmac-64bit-1.1.1l-150400.7.78.1
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
    * libopenssl1_1-hmac-1.1.1l-150400.7.78.1
    * libopenssl1_1-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-1.1.1l-150400.7.78.1
    * libopenssl1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-1.1.1l-150400.7.78.1
    * openssl-1_1-debugsource-1.1.1l-150400.7.78.1
  * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
    * libopenssl1_1-hmac-1.1.1l-150400.7.78.1
    * libopenssl1_1-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-1.1.1l-150400.7.78.1
    * libopenssl1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-1.1.1l-150400.7.78.1
    * openssl-1_1-debugsource-1.1.1l-150400.7.78.1
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
    * libopenssl1_1-hmac-1.1.1l-150400.7.78.1
    * libopenssl1_1-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-1.1.1l-150400.7.78.1
    * libopenssl1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-1.1.1l-150400.7.78.1
    * openssl-1_1-debugsource-1.1.1l-150400.7.78.1
  * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
    * libopenssl1_1-hmac-1.1.1l-150400.7.78.1
    * libopenssl1_1-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-1.1.1l-150400.7.78.1
    * libopenssl1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-1.1.1l-150400.7.78.1
    * openssl-1_1-debugsource-1.1.1l-150400.7.78.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    x86_64)
    * libopenssl1_1-hmac-1.1.1l-150400.7.78.1
    * libopenssl1_1-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-1.1.1l-150400.7.78.1
    * libopenssl1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-1.1.1l-150400.7.78.1
    * openssl-1_1-debugsource-1.1.1l-150400.7.78.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
    * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1
    * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.78.1
    * libopenssl1_1-32bit-1.1.1l-150400.7.78.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
    x86_64)
    * libopenssl1_1-hmac-1.1.1l-150400.7.78.1
    * libopenssl1_1-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-1.1.1l-150400.7.78.1
    * libopenssl1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-1.1.1l-150400.7.78.1
    * openssl-1_1-debugsource-1.1.1l-150400.7.78.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
    * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1
    * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.78.1
    * libopenssl1_1-32bit-1.1.1l-150400.7.78.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
    * libopenssl1_1-hmac-1.1.1l-150400.7.78.1
    * libopenssl1_1-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-1.1.1l-150400.7.78.1
    * libopenssl1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-1.1.1l-150400.7.78.1
    * openssl-1_1-debugsource-1.1.1l-150400.7.78.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
    * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1
    * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.78.1
    * libopenssl1_1-32bit-1.1.1l-150400.7.78.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
    * libopenssl1_1-hmac-1.1.1l-150400.7.78.1
    * libopenssl1_1-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-1.1.1l-150400.7.78.1
    * libopenssl1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-1.1.1l-150400.7.78.1
    * openssl-1_1-debugsource-1.1.1l-150400.7.78.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
    * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1
    * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.78.1
    * libopenssl1_1-32bit-1.1.1l-150400.7.78.1
  * SUSE Manager Proxy 4.3 (x86_64)
    * libopenssl1_1-hmac-1.1.1l-150400.7.78.1
    * libopenssl1_1-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-1.1.1l-150400.7.78.1
    * libopenssl1_1-debuginfo-1.1.1l-150400.7.78.1
    * openssl-1_1-debuginfo-1.1.1l-150400.7.78.1
    * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.78.1
    * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1
    * libopenssl1_1-32bit-1.1.1l-150400.7.78.1
    * openssl-1_1-1.1.1l-150400.7.78.1
    * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1
    * openssl-1_1-debugsource-1.1.1l-150400.7.78.1

## References:

  * https://www.suse.com/security/cve/CVE-2024-13176.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1236136

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/suma-updates/attachments/20250206/24e9e155/attachment.htm>

From null at suse.de  Fri Feb  7 16:30:06 2025
From: null at suse.de (SUSE-MANAGER-UPDATES)
Date: Fri, 07 Feb 2025 16:30:06 -0000
Subject: SUSE-SU-2025:0384-1: important: Security update for bind
Message-ID: <173894580650.21757.9678145210713575319@smelt2.prg2.suse.org>



# Security update for bind

Announcement ID: SUSE-SU-2025:0384-1  
Release Date: 2025-02-07T13:00:41Z  
Rating: important  
References:

  * bsc#1236596

  
Cross-References:

  * CVE-2024-11187

  
CVSS scores:

  * CVE-2024-11187 ( SUSE ):  8.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-11187 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-11187 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

  
Affected Products:

  * openSUSE Leap 15.4
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP4 LTSS
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that solves one vulnerability can now be installed.

## Description:

This update for bind fixes the following issues:

  * CVE-2024-11187: Fixes CPU exhaustion caused by many records in the
    additional section (bsc#1236596)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.4  
    zypper in -t patch SUSE-2025-384=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-384=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-384=1

  * SUSE Linux Enterprise Server 15 SP4 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-384=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP4  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-384=1

  * SUSE Manager Proxy 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-384=1

  * SUSE Manager Retail Branch Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-384=1

  * SUSE Manager Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-384=1

## Package List:

  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
    * bind-debuginfo-9.16.50-150400.5.46.1
    * bind-utils-debuginfo-9.16.50-150400.5.46.1
    * bind-debugsource-9.16.50-150400.5.46.1
    * bind-utils-9.16.50-150400.5.46.1
    * bind-9.16.50-150400.5.46.1
  * openSUSE Leap 15.4 (noarch)
    * python3-bind-9.16.50-150400.5.46.1
    * bind-doc-9.16.50-150400.5.46.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    x86_64)
    * bind-debuginfo-9.16.50-150400.5.46.1
    * bind-utils-debuginfo-9.16.50-150400.5.46.1
    * bind-debugsource-9.16.50-150400.5.46.1
    * bind-utils-9.16.50-150400.5.46.1
    * bind-9.16.50-150400.5.46.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
    * python3-bind-9.16.50-150400.5.46.1
    * bind-doc-9.16.50-150400.5.46.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
    x86_64)
    * bind-debuginfo-9.16.50-150400.5.46.1
    * bind-utils-debuginfo-9.16.50-150400.5.46.1
    * bind-debugsource-9.16.50-150400.5.46.1
    * bind-utils-9.16.50-150400.5.46.1
    * bind-9.16.50-150400.5.46.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
    * python3-bind-9.16.50-150400.5.46.1
    * bind-doc-9.16.50-150400.5.46.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
    * bind-debuginfo-9.16.50-150400.5.46.1
    * bind-utils-debuginfo-9.16.50-150400.5.46.1
    * bind-debugsource-9.16.50-150400.5.46.1
    * bind-utils-9.16.50-150400.5.46.1
    * bind-9.16.50-150400.5.46.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
    * python3-bind-9.16.50-150400.5.46.1
    * bind-doc-9.16.50-150400.5.46.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
    * bind-debuginfo-9.16.50-150400.5.46.1
    * bind-utils-debuginfo-9.16.50-150400.5.46.1
    * bind-debugsource-9.16.50-150400.5.46.1
    * bind-utils-9.16.50-150400.5.46.1
    * bind-9.16.50-150400.5.46.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
    * python3-bind-9.16.50-150400.5.46.1
    * bind-doc-9.16.50-150400.5.46.1
  * SUSE Manager Proxy 4.3 (x86_64)
    * bind-debuginfo-9.16.50-150400.5.46.1
    * bind-utils-debuginfo-9.16.50-150400.5.46.1
    * bind-debugsource-9.16.50-150400.5.46.1
    * bind-utils-9.16.50-150400.5.46.1
    * bind-9.16.50-150400.5.46.1
  * SUSE Manager Proxy 4.3 (noarch)
    * python3-bind-9.16.50-150400.5.46.1
    * bind-doc-9.16.50-150400.5.46.1
  * SUSE Manager Retail Branch Server 4.3 (x86_64)
    * bind-debuginfo-9.16.50-150400.5.46.1
    * bind-utils-debuginfo-9.16.50-150400.5.46.1
    * bind-debugsource-9.16.50-150400.5.46.1
    * bind-utils-9.16.50-150400.5.46.1
    * bind-9.16.50-150400.5.46.1
  * SUSE Manager Retail Branch Server 4.3 (noarch)
    * python3-bind-9.16.50-150400.5.46.1
    * bind-doc-9.16.50-150400.5.46.1
  * SUSE Manager Server 4.3 (ppc64le s390x x86_64)
    * bind-debuginfo-9.16.50-150400.5.46.1
    * bind-utils-debuginfo-9.16.50-150400.5.46.1
    * bind-debugsource-9.16.50-150400.5.46.1
    * bind-utils-9.16.50-150400.5.46.1
    * bind-9.16.50-150400.5.46.1
  * SUSE Manager Server 4.3 (noarch)
    * python3-bind-9.16.50-150400.5.46.1
    * bind-doc-9.16.50-150400.5.46.1

## References:

  * https://www.suse.com/security/cve/CVE-2024-11187.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1236596

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/suma-updates/attachments/20250207/1fb0dab6/attachment.htm>

From null at suse.de  Fri Feb  7 20:30:04 2025
From: null at suse.de (SUSE-MANAGER-UPDATES)
Date: Fri, 07 Feb 2025 20:30:04 -0000
Subject: SUSE-SU-2025:0388-1: moderate: Security update for openssl-3
Message-ID: <173896020499.18428.795148038017955326@smelt2.prg2.suse.org>



# Security update for openssl-3

Announcement ID: SUSE-SU-2025:0388-1  
Release Date: 2025-02-07T17:18:45Z  
Rating: moderate  
References:

  * bsc#1236136

  
Cross-References:

  * CVE-2024-13176

  
CVSS scores:

  * CVE-2024-13176 ( SUSE ):  8.2
    CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
  * CVE-2024-13176 ( SUSE ):  5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
  * CVE-2024-13176 ( NVD ):  4.1 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

  
Affected Products:

  * openSUSE Leap 15.4
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  * SUSE Linux Enterprise Micro 5.3
  * SUSE Linux Enterprise Micro 5.4
  * SUSE Linux Enterprise Micro for Rancher 5.3
  * SUSE Linux Enterprise Micro for Rancher 5.4
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP4 LTSS
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that solves one vulnerability can now be installed.

## Description:

This update for openssl-3 fixes the following issues:

  * CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation
    (bsc#1236136).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-388=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-388=1

  * SUSE Linux Enterprise Server 15 SP4 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-388=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP4  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-388=1

  * SUSE Manager Proxy 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-388=1

  * SUSE Manager Retail Branch Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-388=1

  * SUSE Manager Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-388=1

  * openSUSE Leap 15.4  
    zypper in -t patch SUSE-2025-388=1

  * SUSE Linux Enterprise Micro for Rancher 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2025-388=1

  * SUSE Linux Enterprise Micro 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2025-388=1

  * SUSE Linux Enterprise Micro for Rancher 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2025-388=1

  * SUSE Linux Enterprise Micro 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2025-388=1

## Package List:

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    x86_64)
    * libopenssl3-3.0.8-150400.4.72.1
    * openssl-3-3.0.8-150400.4.72.1
    * openssl-3-debuginfo-3.0.8-150400.4.72.1
    * openssl-3-debugsource-3.0.8-150400.4.72.1
    * libopenssl3-debuginfo-3.0.8-150400.4.72.1
    * libopenssl-3-devel-3.0.8-150400.4.72.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
    x86_64)
    * libopenssl3-3.0.8-150400.4.72.1
    * openssl-3-3.0.8-150400.4.72.1
    * openssl-3-debuginfo-3.0.8-150400.4.72.1
    * openssl-3-debugsource-3.0.8-150400.4.72.1
    * libopenssl3-debuginfo-3.0.8-150400.4.72.1
    * libopenssl-3-devel-3.0.8-150400.4.72.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
    * libopenssl3-3.0.8-150400.4.72.1
    * openssl-3-3.0.8-150400.4.72.1
    * openssl-3-debuginfo-3.0.8-150400.4.72.1
    * openssl-3-debugsource-3.0.8-150400.4.72.1
    * libopenssl3-debuginfo-3.0.8-150400.4.72.1
    * libopenssl-3-devel-3.0.8-150400.4.72.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
    * libopenssl3-3.0.8-150400.4.72.1
    * openssl-3-3.0.8-150400.4.72.1
    * openssl-3-debuginfo-3.0.8-150400.4.72.1
    * openssl-3-debugsource-3.0.8-150400.4.72.1
    * libopenssl3-debuginfo-3.0.8-150400.4.72.1
    * libopenssl-3-devel-3.0.8-150400.4.72.1
  * SUSE Manager Proxy 4.3 (x86_64)
    * libopenssl3-3.0.8-150400.4.72.1
    * openssl-3-3.0.8-150400.4.72.1
    * openssl-3-debuginfo-3.0.8-150400.4.72.1
    * openssl-3-debugsource-3.0.8-150400.4.72.1
    * libopenssl3-debuginfo-3.0.8-150400.4.72.1
    * libopenssl-3-devel-3.0.8-150400.4.72.1
  * SUSE Manager Retail Branch Server 4.3 (x86_64)
    * libopenssl3-3.0.8-150400.4.72.1
    * openssl-3-3.0.8-150400.4.72.1
    * openssl-3-debuginfo-3.0.8-150400.4.72.1
    * openssl-3-debugsource-3.0.8-150400.4.72.1
    * libopenssl3-debuginfo-3.0.8-150400.4.72.1
    * libopenssl-3-devel-3.0.8-150400.4.72.1
  * SUSE Manager Server 4.3 (ppc64le s390x x86_64)
    * libopenssl3-3.0.8-150400.4.72.1
    * openssl-3-3.0.8-150400.4.72.1
    * openssl-3-debuginfo-3.0.8-150400.4.72.1
    * openssl-3-debugsource-3.0.8-150400.4.72.1
    * libopenssl3-debuginfo-3.0.8-150400.4.72.1
    * libopenssl-3-devel-3.0.8-150400.4.72.1
  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
    * libopenssl3-3.0.8-150400.4.72.1
    * openssl-3-3.0.8-150400.4.72.1
    * openssl-3-debuginfo-3.0.8-150400.4.72.1
    * openssl-3-debugsource-3.0.8-150400.4.72.1
    * libopenssl3-debuginfo-3.0.8-150400.4.72.1
    * libopenssl-3-devel-3.0.8-150400.4.72.1
  * openSUSE Leap 15.4 (x86_64)
    * libopenssl3-32bit-debuginfo-3.0.8-150400.4.72.1
    * libopenssl-3-devel-32bit-3.0.8-150400.4.72.1
    * libopenssl3-32bit-3.0.8-150400.4.72.1
  * openSUSE Leap 15.4 (noarch)
    * openssl-3-doc-3.0.8-150400.4.72.1
  * openSUSE Leap 15.4 (aarch64_ilp32)
    * libopenssl3-64bit-3.0.8-150400.4.72.1
    * libopenssl-3-devel-64bit-3.0.8-150400.4.72.1
    * libopenssl3-64bit-debuginfo-3.0.8-150400.4.72.1
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
    * libopenssl3-3.0.8-150400.4.72.1
    * libopenssl3-debuginfo-3.0.8-150400.4.72.1
    * openssl-3-debugsource-3.0.8-150400.4.72.1
  * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
    * libopenssl3-3.0.8-150400.4.72.1
    * libopenssl3-debuginfo-3.0.8-150400.4.72.1
    * openssl-3-debugsource-3.0.8-150400.4.72.1
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
    * libopenssl3-3.0.8-150400.4.72.1
    * libopenssl3-debuginfo-3.0.8-150400.4.72.1
    * openssl-3-debugsource-3.0.8-150400.4.72.1
  * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
    * libopenssl3-3.0.8-150400.4.72.1
    * libopenssl3-debuginfo-3.0.8-150400.4.72.1
    * openssl-3-debugsource-3.0.8-150400.4.72.1

## References:

  * https://www.suse.com/security/cve/CVE-2024-13176.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1236136

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/suma-updates/attachments/20250207/e859a58c/attachment.htm>