The openSUSE project has released several security updates to address vulnerabilities in various packages. The first update, openSUSE-SU-2025:0386-1, fixes one vulnerability in the afterburn package and includes one errata update. Two additional updates, openSUSE-SU-2025:0387-1 and openSUSE-SU-2025:0388-1, address 12 vulnerabilities each in the Chromium package. The chromium updates are available for different versions of openSUSE, including Backports SLE-15-SP6 and Tumbleweed.

openSUSE-SU-2025:0386-1: important: Security update for afterburn
openSUSE-SU-2025:0387-1: important: Security update for chromium
openSUSE-SU-2025:15601-1: moderate: chromedriver-141.0.7390.54-1.1 on GA media
openSUSE-SU-2025:0388-1: important: Security update for chromium

openSUSE-SU-2025:0386-1: important: Security update for afterburn

openSUSE Security Update: Security update for afterburn
_______________________________

Announcement ID: openSUSE-SU-2025:0386-1
Rating: important
References: #1244675 #1250471
Cross-References: CVE-2025-5791
CVSS scores:
CVE-2025-5791 (SUSE): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for afterburn fixes the following issues:

- Update to version 5.9.0.git21.a73f509:
* docs/release-notes: update for release 5.10.0
* cargo: update dependencies
* microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat
* docs/release-notes: Add entry for Azure SharedConfig XML parsing fix
* microsoft/azure: Fix SharedConfig parsing of XML attributes
* microsoft/azure: Mock goalstate.SharedConfig output in tests
* providers/azure: switch SSH key retrieval from certs endpoint to IMDS
as azure stopped providing keys in the old one, fixes boo#1250471
* build(deps): bump the build group with 8 updates
* build(deps): bump slab from 0.4.10 to 0.4.11
* build(deps): bump actions/checkout from 4 to 5
* upcloud: implement UpCloud provider
* build(deps): bump the build group with 4 updates
* Sync repo templates ???

- Update to version 5.9.0:
* cargo: Afterburn release 5.9.0
* docs/release-notes: update for release 5.9.0
* cargo: update dependencies
* Add TMT test structure and basic smoke test
* build(deps): bump openssl from 0.10.72 to 0.10.73
* build(deps): bump reqwest from 0.12.15 to 0.12.18
* docs/release-notes: Update changelog entry
* dracut: Return 255 in module-setup
* oraclecloud: add release note and move base URL to constant
* oraclecloud: implement oraclecloud provider
* build(deps): bump nix from 0.29.0 to 0.30.1
* build(deps): bump zbus from 5.7.0 to 5.7.1
* build(deps): bump serde-xml-rs from 0.6.0 to 0.8.1
* build(deps): bump ipnetwork from 0.20.0 to 0.21.1
* build(deps): bump clap from 4.5.38 to 4.5.39

- Fix Requires in noarch package (boo#1244675)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-386=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

afterburn-5.9.0.git21.a73f509-bp156.2.8.1
afterburn-debuginfo-5.9.0.git21.a73f509-bp156.2.8.1
afterburn-debugsource-5.9.0.git21.a73f509-bp156.2.8.1

- openSUSE Backports SLE-15-SP6 (noarch):

afterburn-dracut-5.9.0.git21.a73f509-bp156.2.8.1

References:

https://www.suse.com/security/cve/CVE-2025-5791.html
https://bugzilla.suse.com/1244675
https://bugzilla.suse.com/1250471

openSUSE-SU-2025:0387-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2025:0387-1
Rating: important
References: #1250780
Cross-References: CVE-2025-11205 CVE-2025-11206 CVE-2025-11207
CVE-2025-11208 CVE-2025-11209 CVE-2025-11210
CVE-2025-11211 CVE-2025-11212 CVE-2025-11213
CVE-2025-11215 CVE-2025-11216 CVE-2025-11219

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes 12 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

- Chromium 141.0.7390.54 (stable released 2025-09-30) (boo#1250780)
* CVE-2025-11205: Heap buffer overflow in WebGPU
* CVE-2025-11206: Heap buffer overflow in Video
* CVE-2025-11207: Side-channel information leakage in Storage
* CVE-2025-11208: Inappropriate implementation in Media
* CVE-2025-11209: Inappropriate implementation in Omnibox
* CVE-2025-11210: Side-channel information leakage in Tab
* CVE-2025-11211: Out of bounds read in Media
* CVE-2025-11212: Inappropriate implementation in Media
* CVE-2025-11213: Inappropriate implementation in Omnibox
* CVE-2025-11215: Off by one error in V8
* CVE-2025-11216: Inappropriate implementation in Storage
* CVE-2025-11219: Use after free in V8
* Various fixes from internal audits, fuzzing and other initiatives

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2025-387=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le x86_64):

chromedriver-141.0.7390.54-bp157.2.58.1
chromium-141.0.7390.54-bp157.2.58.1

References:

https://www.suse.com/security/cve/CVE-2025-11205.html
https://www.suse.com/security/cve/CVE-2025-11206.html
https://www.suse.com/security/cve/CVE-2025-11207.html
https://www.suse.com/security/cve/CVE-2025-11208.html
https://www.suse.com/security/cve/CVE-2025-11209.html
https://www.suse.com/security/cve/CVE-2025-11210.html
https://www.suse.com/security/cve/CVE-2025-11211.html
https://www.suse.com/security/cve/CVE-2025-11212.html
https://www.suse.com/security/cve/CVE-2025-11213.html
https://www.suse.com/security/cve/CVE-2025-11215.html
https://www.suse.com/security/cve/CVE-2025-11216.html
https://www.suse.com/security/cve/CVE-2025-11219.html
https://bugzilla.suse.com/1250780

openSUSE-SU-2025:15601-1: moderate: chromedriver-141.0.7390.54-1.1 on GA media

# chromedriver-141.0.7390.54-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15601-1
Rating: moderate

Cross-References:

* CVE-2025-11205
* CVE-2025-11206
* CVE-2025-11207
* CVE-2025-11208
* CVE-2025-11209
* CVE-2025-11210
* CVE-2025-11211
* CVE-2025-11212
* CVE-2025-11213
* CVE-2025-11215
* CVE-2025-11216
* CVE-2025-11219

Affected Products:

* openSUSE Tumbleweed

An update that solves 12 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the chromedriver-141.0.7390.54-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* chromedriver 141.0.7390.54-1.1
* chromium 141.0.7390.54-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-11205.html
* https://www.suse.com/security/cve/CVE-2025-11206.html
* https://www.suse.com/security/cve/CVE-2025-11207.html
* https://www.suse.com/security/cve/CVE-2025-11208.html
* https://www.suse.com/security/cve/CVE-2025-11209.html
* https://www.suse.com/security/cve/CVE-2025-11210.html
* https://www.suse.com/security/cve/CVE-2025-11211.html
* https://www.suse.com/security/cve/CVE-2025-11212.html
* https://www.suse.com/security/cve/CVE-2025-11213.html
* https://www.suse.com/security/cve/CVE-2025-11215.html
* https://www.suse.com/security/cve/CVE-2025-11216.html
* https://www.suse.com/security/cve/CVE-2025-11219.html

openSUSE-SU-2025:0388-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2025:0388-1
Rating: important
References: #1250780
Cross-References: CVE-2025-11205 CVE-2025-11206 CVE-2025-11207
CVE-2025-11208 CVE-2025-11209 CVE-2025-11210
CVE-2025-11211 CVE-2025-11212 CVE-2025-11213
CVE-2025-11215 CVE-2025-11216 CVE-2025-11219

Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes 12 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

- Chromium 141.0.7390.54 (stable released 2025-09-30) (boo#1250780)
* CVE-2025-11205: Heap buffer overflow in WebGPU
* CVE-2025-11206: Heap buffer overflow in Video
* CVE-2025-11207: Side-channel information leakage in Storage
* CVE-2025-11208: Inappropriate implementation in Media
* CVE-2025-11209: Inappropriate implementation in Omnibox
* CVE-2025-11210: Side-channel information leakage in Tab
* CVE-2025-11211: Out of bounds read in Media
* CVE-2025-11212: Inappropriate implementation in Media
* CVE-2025-11213: Inappropriate implementation in Omnibox
* CVE-2025-11215: Off by one error in V8
* CVE-2025-11216: Inappropriate implementation in Storage
* CVE-2025-11219: Use after free in V8
* Various fixes from internal audits, fuzzing and other initiatives

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-388=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le x86_64):

chromedriver-141.0.7390.54-bp156.2.176.1
chromium-141.0.7390.54-bp156.2.176.1

References:

https://www.suse.com/security/cve/CVE-2025-11205.html
https://www.suse.com/security/cve/CVE-2025-11206.html
https://www.suse.com/security/cve/CVE-2025-11207.html
https://www.suse.com/security/cve/CVE-2025-11208.html
https://www.suse.com/security/cve/CVE-2025-11209.html
https://www.suse.com/security/cve/CVE-2025-11210.html
https://www.suse.com/security/cve/CVE-2025-11211.html
https://www.suse.com/security/cve/CVE-2025-11212.html
https://www.suse.com/security/cve/CVE-2025-11213.html
https://www.suse.com/security/cve/CVE-2025-11215.html
https://www.suse.com/security/cve/CVE-2025-11216.html
https://www.suse.com/security/cve/CVE-2025-11219.html
https://bugzilla.suse.com/1250780