Amber-CLI, Go, Chromium, and more updates for SUSE

SUSE 5495 Published by

SUSE Linux has received several security updates, including important updates for amber-cli, moderate updates for go1.24, eclipse-jgit, govulncheck-vulndb, webkit2gtk3, go1.23, sccache, tiff, chromium, libxml2, opensc, and grub2:

SUSE-SU-2025:02769-1: important: Security update for amber-cli
SUSE-SU-2025:02760-1: moderate: Security update for go1.24
SUSE-SU-2025:02762-1: moderate: Security update for eclipse-jgit
SUSE-SU-2025:02764-1: moderate: Security update for govulncheck-vulndb
SUSE-SU-2025:02765-1: important: Security update for webkit2gtk3
SUSE-SU-2025:02759-1: moderate: Security update for go1.23
SUSE-SU-2025:02768-1: moderate: Security update for sccache
SUSE-SU-2025:02770-1: important: Security update for tiff
openSUSE-SU-2025:0292-1: important: Security update for chromium
SUSE-SU-2025:02758-1: important: Security update for libxml2
SUSE-SU-2025:02754-1: moderate: Security update for opensc
SUSE-SU-2025:02772-1: moderate: Recommended update for grub2



SUSE-SU-2025:02769-1: important: Security update for amber-cli


# Security update for amber-cli

Announcement ID: SUSE-SU-2025:02769-1
Release Date: 2025-08-12T13:49:39Z
Rating: important
References:

* bsc#1047218
* bsc#1240511

Cross-References:

* CVE-2025-30204

CVSS scores:

* CVE-2025-30204 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-30204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-30204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for amber-cli fixes the following issues:

* Update to version 1.13.1+git20250329.c2e3bb8:
* CVE-2025-30204: Fixed jwt-go excessive memory allocation during header
parsing (bsc#1240511)
* jwt version upgrade (#174)
* Update policy size limit to 20k (#173)
* Update tenant user model with latest changes (#172)
* Fix/workflow (#171)
* Upgrade GO version to 1.23.6 (#170)
* Update golang jwt dependency (#169)
* Update TMS roles struct (#167)
* Update jwt dependency version (#165)
* Add changes to support JWT (#163)
* Update roles struct to be in sync with TMS (#164)
* go upgrade to 1.22.7 (#162)
* CASSINI-22266: Added permissions in ci workflow files (#153)
* Add check for missing Security.md file (#150)
* Go version upgrade to 1.22.5 (#148)
* CLI changes (#140)
* Bump github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7 (#147)
* Update product model to include multiple plan IDs (#146)
* Updated the help section (#145)
* Mark policy type field as not required (#144)
* Upgrade/goversion 1.22.3 (#143)
* Remove policy type and attestation type check for policy creation (#142)
* Go version upgrade 1.22.2 (#141)
* Fix error message to include the correct set of characters (#138)
* UT coverage 80.9% (#137)
* Fix push installer workflow (#136)
* 3rd party versions upgrade (#133)
* GO version upgrade to 1.22.0 (#132)
* Fix/go version 1.21.6 (#127)
* Update API key validation regex as per latest changes (#125)
* Update API key validation regex as per latest changes (#124)
* dependency version upgrade (#123)
* Update tag create model (#121)
* CASSINI-10113: Add scans in CI (#99)
* corrected minor check condition (#120)
* Add check to validate env variable before setting (#119)
* Add version-check script (#118)
* Add file path check for invalid characters (#116)
* Update compoenent version (#117)
* Update README as per suggestions (#113) (#115)
* Added HTTP scheme validation to avoid API Key leakage (#108)
* CASSINI-10987 Golang version upgrade to 1.21.4 (#114)
* Update policy model as per the latest changes (#109)
* Remove branch info from on schedule (#106)
* Add BDBA scan to CI (#104)
* Update CLI URL (#105)
* updated licenses (#102)
* Updated version of all components to v1.0.0 for GA (#100)
* Validate the email id input before requesting list of users (#98)
* Remove redundant print statements (#97)
* Request ID and trace ID should be visible on the console for errors as well
(#96)
* Update sample policy as per token profile update changes (#95)
* Update CLI name from tenantclt to inteltrustauthority (#93)
* Update the headers for request and trace id (#94)
* cassini-9466-Go version update to 1.20.6 (#91)
* Add retry logic to client in tenant CLI (#92)
* Add request-id optional parameter for each command (#90)

* Override build date with SOURCE_DATE_EPOCH (bsc#1047218)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2769=1 openSUSE-SLE-15.6-2025-2769=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-2769=1

* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-2769=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* amber-cli-1.13.1+git20250329.c2e3bb8-150600.3.3.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* amber-cli-1.13.1+git20250329.c2e3bb8-150600.3.3.1
* Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* amber-cli-1.13.1+git20250329.c2e3bb8-150600.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2025-30204.html
* https://bugzilla.suse.com/show_bug.cgi?id=1047218
* https://bugzilla.suse.com/show_bug.cgi?id=1240511



SUSE-SU-2025:02760-1: moderate: Security update for go1.24


# Security update for go1.24

Announcement ID: SUSE-SU-2025:02760-1
Release Date: 2025-08-12T12:09:45Z
Rating: moderate
References:

* bsc#1236217
* bsc#1247719
* bsc#1247720

Cross-References:

* CVE-2025-47906
* CVE-2025-47907

CVSS scores:

* CVE-2025-47906 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-47906 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-47907 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-47907 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
* CVE-2025-47907 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Affected Products:

* Development Tools Module 15-SP6
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves two vulnerabilities and has one security fix can now be
installed.

## Description:

This update for go1.24 fixes the following issues:

* Update to go1.24.6:
* CVE-2025-47906: Fixed LookPath returning unexpected paths (bsc#1247719)
* CVE-2025-47907: Fixed incorrect results returned from Rows.Scan
(bsc#1247720)
* go#73800 runtime: RSS seems to have increased in Go 1.24 while the runtime
accounting has not
* go#74416 runtime: use-after-free of allpSnapshot in findRunnable
* go#74694 runtime: segfaults in runtime.(*unwinder).next
* go#74760 os/user:nolibgcc: TestGroupIdsTestUser failures

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2760=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-2760=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-2760=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2760=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2760=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2760=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2760=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2760=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2760=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2760=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2760=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2760=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2760=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2760=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-2760=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.24-1.24.6-150000.1.32.1
* go1.24-race-1.24.6-150000.1.32.1
* go1.24-doc-1.24.6-150000.1.32.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* go1.24-1.24.6-150000.1.32.1
* go1.24-race-1.24.6-150000.1.32.1
* go1.24-doc-1.24.6-150000.1.32.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* go1.24-1.24.6-150000.1.32.1
* go1.24-race-1.24.6-150000.1.32.1
* go1.24-doc-1.24.6-150000.1.32.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* go1.24-1.24.6-150000.1.32.1
* go1.24-race-1.24.6-150000.1.32.1
* go1.24-doc-1.24.6-150000.1.32.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* go1.24-1.24.6-150000.1.32.1
* go1.24-race-1.24.6-150000.1.32.1
* go1.24-doc-1.24.6-150000.1.32.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* go1.24-1.24.6-150000.1.32.1
* go1.24-race-1.24.6-150000.1.32.1
* go1.24-doc-1.24.6-150000.1.32.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* go1.24-1.24.6-150000.1.32.1
* go1.24-race-1.24.6-150000.1.32.1
* go1.24-doc-1.24.6-150000.1.32.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* go1.24-1.24.6-150000.1.32.1
* go1.24-race-1.24.6-150000.1.32.1
* go1.24-doc-1.24.6-150000.1.32.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* go1.24-1.24.6-150000.1.32.1
* go1.24-race-1.24.6-150000.1.32.1
* go1.24-doc-1.24.6-150000.1.32.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* go1.24-1.24.6-150000.1.32.1
* go1.24-race-1.24.6-150000.1.32.1
* go1.24-doc-1.24.6-150000.1.32.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* go1.24-1.24.6-150000.1.32.1
* go1.24-race-1.24.6-150000.1.32.1
* go1.24-doc-1.24.6-150000.1.32.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* go1.24-1.24.6-150000.1.32.1
* go1.24-race-1.24.6-150000.1.32.1
* go1.24-doc-1.24.6-150000.1.32.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* go1.24-1.24.6-150000.1.32.1
* go1.24-race-1.24.6-150000.1.32.1
* go1.24-doc-1.24.6-150000.1.32.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* go1.24-1.24.6-150000.1.32.1
* go1.24-race-1.24.6-150000.1.32.1
* go1.24-doc-1.24.6-150000.1.32.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* go1.24-1.24.6-150000.1.32.1
* go1.24-race-1.24.6-150000.1.32.1
* go1.24-doc-1.24.6-150000.1.32.1

## References:

* https://www.suse.com/security/cve/CVE-2025-47906.html
* https://www.suse.com/security/cve/CVE-2025-47907.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236217
* https://bugzilla.suse.com/show_bug.cgi?id=1247719
* https://bugzilla.suse.com/show_bug.cgi?id=1247720



SUSE-SU-2025:02762-1: moderate: Security update for eclipse-jgit


# Security update for eclipse-jgit

Announcement ID: SUSE-SU-2025:02762-1
Release Date: 2025-08-12T12:45:19Z
Rating: moderate
References:

* bsc#1243647

Cross-References:

* CVE-2025-4949

CVSS scores:

* CVE-2025-4949 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-4949 ( NVD ): 6.8
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Green
* CVE-2025-4949 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Development Tools Module 15-SP6
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for eclipse-jgit fixes the following issues:

* CVE-2025-4949: Fixed the XXE vulnerability in ManifestParser and AmazonS3
class (bsc#1243647).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-2762=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2762=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-2762=1

## Package List:

* Development Tools Module 15-SP7 (noarch)
* jgit-5.11.0-150200.3.23.1
* openSUSE Leap 15.6 (noarch)
* eclipse-jgit-5.11.0-150200.3.23.1
* Development Tools Module 15-SP6 (noarch)
* jgit-5.11.0-150200.3.23.1

## References:

* https://www.suse.com/security/cve/CVE-2025-4949.html
* https://bugzilla.suse.com/show_bug.cgi?id=1243647



SUSE-SU-2025:02764-1: moderate: Security update for govulncheck-vulndb


# Security update for govulncheck-vulndb

Announcement ID: SUSE-SU-2025:02764-1
Release Date: 2025-08-12T12:58:54Z
Rating: moderate
References:

* jsc#PED-11136

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that contains one feature can now be installed.

## Description:

This update for govulncheck-vulndb fixes the following issues:

* Update to version 0.0.20250806T202249 2025-08-06T20:22:49Z (jsc#PED-11136)
* GO-2022-0392 GHSA-m6gx-rhvj-fh52
* GO-2022-0396 GHSA-g54h-m393-cpwq
* GO-2022-0452 GHSA-f3fp-gc8g-vw66
* GO-2022-0456 GHSA-wjxw-gh3m-7pm5
* GO-2022-0617 GHSA-qh36-44jv-c8xj
* GO-2022-0703 GHSA-pmqp-h87c-mr78
* GO-2022-0771 GHSA-69v6-xc2j-r2jf
* GO-2022-0775 GHSA-v592-xf75-856p
* GO-2022-0782 GHSA-34jx-wx69-9x8v
* GO-2022-0802 GHSA-6qfg-8799-r575
* GO-2022-0814 GHSA-9h4h-8w5p-f28w
* GO-2022-0835 GHSA-gp4j-w3vj-7299
* GO-2022-0867 GHSA-qhm4-jxv7-j9pq
* GO-2022-0871 GHSA-qr2j-wrhx-4829
* GO-2022-0885 GHSA-wqv3-8cm6-h6wg
* GO-2022-0886 GHSA-wqwf-x5cj-rg56
* GO-2022-0890 GHSA-x6mj-w4jf-jmgw
* GO-2022-0907 GHSA-g42g-737j-qx6j
* GO-2022-0908 GHSA-mfv7-gq43-w965
* GO-2022-0910 GHSA-f5f7-6478-qm6p
* GO-2022-0914 GHSA-c3xm-pvg7-gh7r
* GO-2022-0983 GHSA-f9jg-8p32-2f55
* GO-2023-1492 GHSA-2jx2-76rc-2v7v
* GO-2023-1627 GHSA-vpvm-3wq2-2wvm
* GO-2023-1628 GHSA-2394-5535-8j88
* GO-2023-1629 GHSA-jh36-q97c-9928
* GO-2023-1682 GHSA-m8cg-xc2p-r3fc
* GO-2023-1683 GHSA-g2j6-57v7-gm8c
* GO-2023-1864 GHSA-xc8m-28vv-4pjc
* GO-2023-1891 GHSA-qc2g-gmh6-95p4
* GO-2023-1892 GHSA-cgcv-5272-97pr
* GO-2023-1946 GHSA-q4rr-64r9-fwgf
* GO-2023-1959 GHSA-2jq6-ffph-p4h8
* GO-2023-1977 GHSA-mm7g-f2gg-cw8g
* GO-2023-1985 GHSA-2h9c-34v6-3qmr
* GO-2023-2159 GHSA-35c7-w35f-xwgh
* GO-2023-2341 GHSA-hq6q-c2x6-hmch
* GO-2024-2528 GHSA-j86v-2vjr-fg8f
* GO-2024-2529 GHSA-pm3m-32r3-7mfh
* GO-2024-2530 GHSA-vjg6-93fv-qv64
* GO-2024-2753 GHSA-55qj-gj3x-jq9r
* GO-2024-2754 GHSA-5x96-j797-5qqw
* GO-2024-2755 GHSA-5xfg-wv98-264m
* GO-2024-2780 GHSA-r76g-g87f-vw8f
* GO-2024-2883 GHSA-mh55-gqvf-xfwm
* GO-2024-2994 GHSA-82m2-cv7p-4m75
* GO-2024-3110 GHSA-jfvp-7x6p-h2pv
* GO-2024-3277 GHSA-h7wq-jj8r-qm7p
* GO-2025-3436 GHSA-q26p-9cq4-7fc2
* GO-2025-3465 GHSA-jgfp-53c3-624w
* GO-2025-3507 GHSA-6wxf-7784-62fp
* GO-2025-3521 GHSA-3wgm-2gw2-vh5m
* GO-2025-3522 GHSA-vv39-3w5q-974q
* GO-2025-3547 GHSA-r56h-j38w-hrqq
* GO-2025-3605 GHSA-7vpp-9cxj-q8gv
* GO-2025-3645 GHSA-gc2p-g4fg-29vh
* GO-2025-3774 GHSA-hj2p-8wj8-pfq4

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2764=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2764=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* govulncheck-vulndb-0.0.20250806T202249-150000.1.95.1
* SUSE Package Hub 15 15-SP6 (noarch)
* govulncheck-vulndb-0.0.20250806T202249-150000.1.95.1

## References:

* https://jira.suse.com/browse/PED-11136



SUSE-SU-2025:02765-1: important: Security update for webkit2gtk3


# Security update for webkit2gtk3

Announcement ID: SUSE-SU-2025:02765-1
Release Date: 2025-08-12T13:00:05Z
Rating: important
References:

* bsc#1247562
* bsc#1247563
* bsc#1247564
* bsc#1247595
* bsc#1247596
* bsc#1247597
* bsc#1247598
* bsc#1247599
* bsc#1247600
* bsc#1247742

Cross-References:

* CVE-2024-44192
* CVE-2024-54467
* CVE-2025-24189
* CVE-2025-24201
* CVE-2025-31273
* CVE-2025-31278
* CVE-2025-43211
* CVE-2025-43212
* CVE-2025-43216
* CVE-2025-43227
* CVE-2025-43228
* CVE-2025-43240
* CVE-2025-43265
* CVE-2025-6558

CVSS scores:

* CVE-2024-44192 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-44192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-44192 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-44192 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-54467 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-54467 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2024-54467 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2024-54467 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-24189 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-24189 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-24189 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-24201 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-24201 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-24201 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-31273 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-31273 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-31273 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-31278 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-31278 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-31278 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-43211 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-43211 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-43211 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-43212 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-43212 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-43216 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-43216 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-43227 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-43227 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-43228 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2025-43228 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2025-43240 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-43240 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-43265 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-43265 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-6558 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-6558 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* Desktop Applications Module 15-SP6
* Desktop Applications Module 15-SP7
* Development Tools Module 15-SP6
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves 14 vulnerabilities can now be installed.

## Description:

This update for webkit2gtk3 fixes the following issues:

Updated to version 2.48.5: \- CVE-2025-31273: Fixed a vulnerability where
processing maliciously crafted web content could lead to memory corruption.
(bsc#1247564) \- CVE-2025-31278: Fixed a vulnerability where processing
maliciously crafted web content may lead to memory corruption. (bsc#1247563) \-
CVE-2025-43211: Fixed a vulnerability where processing web content may lead to a
denial-of-service. (bsc#1247562) \- CVE-2025-43212: Fixed a vulnerability where
processing maliciously crafted web content may lead to an unexpected Safari
crash. (bsc#1247595) \- CVE-2025-43216: Fixed a vulnerability where processing
maliciously crafted web content may lead to an unexpected Safari crash.
(bsc#1247596) \- CVE-2025-43227: Fixed a vulnerability where processing
maliciously crafted web content may disclose sensitive user information.
(bsc#1247597) \- CVE-2025-43228: Fixed a vulnerability where visiting a
malicious website may lead to address bar spoofing. (bsc#1247598) \-
CVE-2025-43240: Fixed a vulnerability where a download's origin may be
incorrectly associated. (bsc#1247599) \- CVE-2025-43265: Fixed a vulnerability
where processing maliciously crafted web content may disclose internal states of
the app. (bsc#1247600) \- CVE-2025-6558: Fixed a vulnerability where processing
maliciously crafted web content may lead to an unexpected Safari crash.
(bsc#1247742)

Other fixes: \- Improve emoji font selection with USE_SKIA=ON. \- Improve
playback of multimedia streams from blob URLs. \- Fix the build with
USE_SKIA_OPENTYPE_SVG=ON and USE_SYSPROF_CAPTURE=ON. \- Fix crash when using a
WebKitWebView widget in an offscreen window. \- Fix several crashes and
rendering issues. \- Fix a crash introduced by the new threaded rendering
implementation using Skia API. \- Improve rendering performance by recording
layers once and replaying every dirty region in different worker threads. \- Fix
a crash when setting WEBKIT_SKIA_GPU_PAINTING_THREADS=0. \- Fix a reference
cycle in webkitmediastreamsrc preventing its disposal. \- Increase
mem_per_process again to avoid running out of memory.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2765=1 openSUSE-SLE-15.6-2025-2765=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2765=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2765=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-2765=1

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-2765=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-2765=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-2765=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* WebKitGTK-4.0-lang-2.48.5-150600.12.43.1
* WebKitGTK-6.0-lang-2.48.5-150600.12.43.1
* WebKitGTK-4.1-lang-2.48.5-150600.12.43.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* typelib-1_0-WebKit-6_0-2.48.5-150600.12.43.1
* typelib-1_0-WebKit2-4_1-2.48.5-150600.12.43.1
* webkit2gtk3-soup2-minibrowser-2.48.5-150600.12.43.1
* typelib-1_0-WebKitWebProcessExtension-6_0-2.48.5-150600.12.43.1
* webkit-jsc-4.1-debuginfo-2.48.5-150600.12.43.1
* libjavascriptcoregtk-6_0-1-2.48.5-150600.12.43.1
* libwebkit2gtk-4_1-0-debuginfo-2.48.5-150600.12.43.1
* webkit2gtk3-soup2-devel-2.48.5-150600.12.43.1
* libjavascriptcoregtk-4_1-0-2.48.5-150600.12.43.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.48.5-150600.12.43.1
* typelib-1_0-WebKit2WebExtension-4_0-2.48.5-150600.12.43.1
* webkitgtk-6_0-injected-bundles-2.48.5-150600.12.43.1
* webkit2gtk3-minibrowser-debuginfo-2.48.5-150600.12.43.1
* libwebkit2gtk-4_0-37-2.48.5-150600.12.43.1
* webkit2gtk-4_0-injected-bundles-2.48.5-150600.12.43.1
* webkit-jsc-4-debuginfo-2.48.5-150600.12.43.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.48.5-150600.12.43.1
* typelib-1_0-JavaScriptCore-4_1-2.48.5-150600.12.43.1
* webkit-jsc-6.0-debuginfo-2.48.5-150600.12.43.1
* webkit2gtk3-soup2-minibrowser-debuginfo-2.48.5-150600.12.43.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.48.5-150600.12.43.1
* webkit2gtk4-minibrowser-debuginfo-2.48.5-150600.12.43.1
* webkit2gtk4-minibrowser-2.48.5-150600.12.43.1
* webkit2gtk3-devel-2.48.5-150600.12.43.1
* webkit-jsc-6.0-2.48.5-150600.12.43.1
* libwebkit2gtk-4_1-0-2.48.5-150600.12.43.1
* webkit2gtk3-minibrowser-2.48.5-150600.12.43.1
* webkit-jsc-4-2.48.5-150600.12.43.1
* typelib-1_0-JavaScriptCore-4_0-2.48.5-150600.12.43.1
* webkit2gtk-4_1-injected-bundles-2.48.5-150600.12.43.1
* libwebkit2gtk-4_0-37-debuginfo-2.48.5-150600.12.43.1
* webkit2gtk3-debugsource-2.48.5-150600.12.43.1
* libwebkitgtk-6_0-4-2.48.5-150600.12.43.1
* webkitgtk-6_0-injected-bundles-debuginfo-2.48.5-150600.12.43.1
* typelib-1_0-WebKit2-4_0-2.48.5-150600.12.43.1
* webkit2gtk4-devel-2.48.5-150600.12.43.1
* libwebkitgtk-6_0-4-debuginfo-2.48.5-150600.12.43.1
* typelib-1_0-WebKit2WebExtension-4_1-2.48.5-150600.12.43.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.48.5-150600.12.43.1
* webkit-jsc-4.1-2.48.5-150600.12.43.1
* typelib-1_0-JavaScriptCore-6_0-2.48.5-150600.12.43.1
* webkit2gtk3-soup2-debugsource-2.48.5-150600.12.43.1
* libjavascriptcoregtk-4_0-18-2.48.5-150600.12.43.1
* webkit2gtk4-debugsource-2.48.5-150600.12.43.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.48.5-150600.12.43.1
* openSUSE Leap 15.6 (x86_64)
* libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.48.5-150600.12.43.1
* libjavascriptcoregtk-4_0-18-32bit-2.48.5-150600.12.43.1
* libwebkit2gtk-4_1-0-32bit-2.48.5-150600.12.43.1
* libwebkit2gtk-4_1-0-32bit-debuginfo-2.48.5-150600.12.43.1
* libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.48.5-150600.12.43.1
* libwebkit2gtk-4_0-37-32bit-2.48.5-150600.12.43.1
* libwebkit2gtk-4_0-37-32bit-debuginfo-2.48.5-150600.12.43.1
* libjavascriptcoregtk-4_1-0-32bit-2.48.5-150600.12.43.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.48.5-150600.12.43.1
* libwebkit2gtk-4_0-37-64bit-2.48.5-150600.12.43.1
* libjavascriptcoregtk-4_1-0-64bit-2.48.5-150600.12.43.1
* libjavascriptcoregtk-4_0-18-64bit-2.48.5-150600.12.43.1
* libwebkit2gtk-4_1-0-64bit-debuginfo-2.48.5-150600.12.43.1
* libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.48.5-150600.12.43.1
* libwebkit2gtk-4_0-37-64bit-debuginfo-2.48.5-150600.12.43.1
* libwebkit2gtk-4_1-0-64bit-2.48.5-150600.12.43.1
* Basesystem Module 15-SP6 (noarch)
* WebKitGTK-4.0-lang-2.48.5-150600.12.43.1
* WebKitGTK-6.0-lang-2.48.5-150600.12.43.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libjavascriptcoregtk-6_0-1-debuginfo-2.48.5-150600.12.43.1
* libwebkit2gtk-4_0-37-debuginfo-2.48.5-150600.12.43.1
* typelib-1_0-JavaScriptCore-4_0-2.48.5-150600.12.43.1
* libjavascriptcoregtk-6_0-1-2.48.5-150600.12.43.1
* webkit2gtk3-soup2-devel-2.48.5-150600.12.43.1
* libwebkitgtk-6_0-4-2.48.5-150600.12.43.1
* libjavascriptcoregtk-4_0-18-2.48.5-150600.12.43.1
* typelib-1_0-WebKit2WebExtension-4_0-2.48.5-150600.12.43.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.48.5-150600.12.43.1
* webkit2gtk3-soup2-debugsource-2.48.5-150600.12.43.1
* libwebkit2gtk-4_0-37-2.48.5-150600.12.43.1
* typelib-1_0-WebKit2-4_0-2.48.5-150600.12.43.1
* webkit2gtk-4_0-injected-bundles-2.48.5-150600.12.43.1
* webkit2gtk4-debugsource-2.48.5-150600.12.43.1
* libwebkitgtk-6_0-4-debuginfo-2.48.5-150600.12.43.1
* webkitgtk-6_0-injected-bundles-2.48.5-150600.12.43.1
* webkitgtk-6_0-injected-bundles-debuginfo-2.48.5-150600.12.43.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.48.5-150600.12.43.1
* Basesystem Module 15-SP7 (noarch)
* WebKitGTK-4.0-lang-2.48.5-150600.12.43.1
* WebKitGTK-6.0-lang-2.48.5-150600.12.43.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libjavascriptcoregtk-6_0-1-debuginfo-2.48.5-150600.12.43.1
* libwebkit2gtk-4_0-37-debuginfo-2.48.5-150600.12.43.1
* typelib-1_0-JavaScriptCore-4_0-2.48.5-150600.12.43.1
* libjavascriptcoregtk-6_0-1-2.48.5-150600.12.43.1
* webkit2gtk3-soup2-devel-2.48.5-150600.12.43.1
* libwebkitgtk-6_0-4-2.48.5-150600.12.43.1
* libjavascriptcoregtk-4_0-18-2.48.5-150600.12.43.1
* typelib-1_0-WebKit2WebExtension-4_0-2.48.5-150600.12.43.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.48.5-150600.12.43.1
* webkit2gtk3-soup2-debugsource-2.48.5-150600.12.43.1
* libwebkit2gtk-4_0-37-2.48.5-150600.12.43.1
* typelib-1_0-WebKit2-4_0-2.48.5-150600.12.43.1
* webkit2gtk-4_0-injected-bundles-2.48.5-150600.12.43.1
* webkit2gtk4-debugsource-2.48.5-150600.12.43.1
* libwebkitgtk-6_0-4-debuginfo-2.48.5-150600.12.43.1
* webkitgtk-6_0-injected-bundles-2.48.5-150600.12.43.1
* webkitgtk-6_0-injected-bundles-debuginfo-2.48.5-150600.12.43.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.48.5-150600.12.43.1
* Desktop Applications Module 15-SP6 (noarch)
* WebKitGTK-4.1-lang-2.48.5-150600.12.43.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* typelib-1_0-WebKit2-4_1-2.48.5-150600.12.43.1
* typelib-1_0-WebKit2WebExtension-4_1-2.48.5-150600.12.43.1
* typelib-1_0-JavaScriptCore-4_1-2.48.5-150600.12.43.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.48.5-150600.12.43.1
* webkit2gtk-4_1-injected-bundles-2.48.5-150600.12.43.1
* libwebkit2gtk-4_1-0-debuginfo-2.48.5-150600.12.43.1
* webkit2gtk3-debugsource-2.48.5-150600.12.43.1
* libjavascriptcoregtk-4_1-0-2.48.5-150600.12.43.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.48.5-150600.12.43.1
* webkit2gtk3-devel-2.48.5-150600.12.43.1
* libwebkit2gtk-4_1-0-2.48.5-150600.12.43.1
* Desktop Applications Module 15-SP7 (noarch)
* WebKitGTK-4.1-lang-2.48.5-150600.12.43.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* typelib-1_0-WebKit2-4_1-2.48.5-150600.12.43.1
* typelib-1_0-WebKit2WebExtension-4_1-2.48.5-150600.12.43.1
* typelib-1_0-JavaScriptCore-4_1-2.48.5-150600.12.43.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.48.5-150600.12.43.1
* webkit2gtk-4_1-injected-bundles-2.48.5-150600.12.43.1
* libwebkit2gtk-4_1-0-debuginfo-2.48.5-150600.12.43.1
* webkit2gtk3-debugsource-2.48.5-150600.12.43.1
* libjavascriptcoregtk-4_1-0-2.48.5-150600.12.43.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.48.5-150600.12.43.1
* webkit2gtk3-devel-2.48.5-150600.12.43.1
* libwebkit2gtk-4_1-0-2.48.5-150600.12.43.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* typelib-1_0-WebKit-6_0-2.48.5-150600.12.43.1
* typelib-1_0-WebKitWebProcessExtension-6_0-2.48.5-150600.12.43.1
* typelib-1_0-JavaScriptCore-6_0-2.48.5-150600.12.43.1
* webkit2gtk4-devel-2.48.5-150600.12.43.1
* webkit2gtk4-debugsource-2.48.5-150600.12.43.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* typelib-1_0-WebKit-6_0-2.48.5-150600.12.43.1
* typelib-1_0-WebKitWebProcessExtension-6_0-2.48.5-150600.12.43.1
* typelib-1_0-JavaScriptCore-6_0-2.48.5-150600.12.43.1
* webkit2gtk4-devel-2.48.5-150600.12.43.1
* webkit2gtk4-debugsource-2.48.5-150600.12.43.1

## References:

* https://www.suse.com/security/cve/CVE-2024-44192.html
* https://www.suse.com/security/cve/CVE-2024-54467.html
* https://www.suse.com/security/cve/CVE-2025-24189.html
* https://www.suse.com/security/cve/CVE-2025-24201.html
* https://www.suse.com/security/cve/CVE-2025-31273.html
* https://www.suse.com/security/cve/CVE-2025-31278.html
* https://www.suse.com/security/cve/CVE-2025-43211.html
* https://www.suse.com/security/cve/CVE-2025-43212.html
* https://www.suse.com/security/cve/CVE-2025-43216.html
* https://www.suse.com/security/cve/CVE-2025-43227.html
* https://www.suse.com/security/cve/CVE-2025-43228.html
* https://www.suse.com/security/cve/CVE-2025-43240.html
* https://www.suse.com/security/cve/CVE-2025-43265.html
* https://www.suse.com/security/cve/CVE-2025-6558.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247562
* https://bugzilla.suse.com/show_bug.cgi?id=1247563
* https://bugzilla.suse.com/show_bug.cgi?id=1247564
* https://bugzilla.suse.com/show_bug.cgi?id=1247595
* https://bugzilla.suse.com/show_bug.cgi?id=1247596
* https://bugzilla.suse.com/show_bug.cgi?id=1247597
* https://bugzilla.suse.com/show_bug.cgi?id=1247598
* https://bugzilla.suse.com/show_bug.cgi?id=1247599
* https://bugzilla.suse.com/show_bug.cgi?id=1247600
* https://bugzilla.suse.com/show_bug.cgi?id=1247742



SUSE-SU-2025:02759-1: moderate: Security update for go1.23


# Security update for go1.23

Announcement ID: SUSE-SU-2025:02759-1
Release Date: 2025-08-12T12:07:40Z
Rating: moderate
References:

* bsc#1229122
* bsc#1247719
* bsc#1247720

Cross-References:

* CVE-2025-47906
* CVE-2025-47907

CVSS scores:

* CVE-2025-47906 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-47906 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-47907 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-47907 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
* CVE-2025-47907 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Affected Products:

* Development Tools Module 15-SP6
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves two vulnerabilities and has one security fix can now be
installed.

## Description:

This update for go1.23 fixes the following issues:

* Update to go1.23.12:
* CVE-2025-47906: Fixed LookPath returning unexpected paths (bsc#1247719)
* CVE-2025-47907: Fixed incorrect results returned from Rows.Scan
(bsc#1247720)
* go#74415 runtime: use-after-free of allpSnapshot in findRunnable
* go#74693 runtime: segfaults in runtime.(*unwinder).next
* go#74721 cmd/go: TestScript/build_trimpath_cgo fails to decode dwarf on
release-branch.go1.23
* go#74726 cmd/cgo/internal/testsanitizers: failures with signal: segmentation
fault or exit status 66

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2759=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2759=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2759=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2759=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2759=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2759=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2759=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2759=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-2759=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2759=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-2759=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-2759=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2759=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2759=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2759=1

## Package List:

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* go1.23-doc-1.23.12-150000.1.40.1
* go1.23-race-1.23.12-150000.1.40.1
* go1.23-1.23.12-150000.1.40.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* go1.23-doc-1.23.12-150000.1.40.1
* go1.23-race-1.23.12-150000.1.40.1
* go1.23-1.23.12-150000.1.40.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* go1.23-doc-1.23.12-150000.1.40.1
* go1.23-race-1.23.12-150000.1.40.1
* go1.23-1.23.12-150000.1.40.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* go1.23-doc-1.23.12-150000.1.40.1
* go1.23-race-1.23.12-150000.1.40.1
* go1.23-1.23.12-150000.1.40.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* go1.23-doc-1.23.12-150000.1.40.1
* go1.23-race-1.23.12-150000.1.40.1
* go1.23-1.23.12-150000.1.40.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* go1.23-doc-1.23.12-150000.1.40.1
* go1.23-race-1.23.12-150000.1.40.1
* go1.23-1.23.12-150000.1.40.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* go1.23-doc-1.23.12-150000.1.40.1
* go1.23-race-1.23.12-150000.1.40.1
* go1.23-1.23.12-150000.1.40.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* go1.23-doc-1.23.12-150000.1.40.1
* go1.23-race-1.23.12-150000.1.40.1
* go1.23-1.23.12-150000.1.40.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* go1.23-doc-1.23.12-150000.1.40.1
* go1.23-race-1.23.12-150000.1.40.1
* go1.23-1.23.12-150000.1.40.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.23-doc-1.23.12-150000.1.40.1
* go1.23-race-1.23.12-150000.1.40.1
* go1.23-1.23.12-150000.1.40.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* go1.23-doc-1.23.12-150000.1.40.1
* go1.23-race-1.23.12-150000.1.40.1
* go1.23-1.23.12-150000.1.40.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* go1.23-doc-1.23.12-150000.1.40.1
* go1.23-race-1.23.12-150000.1.40.1
* go1.23-1.23.12-150000.1.40.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* go1.23-doc-1.23.12-150000.1.40.1
* go1.23-race-1.23.12-150000.1.40.1
* go1.23-1.23.12-150000.1.40.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* go1.23-doc-1.23.12-150000.1.40.1
* go1.23-race-1.23.12-150000.1.40.1
* go1.23-1.23.12-150000.1.40.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* go1.23-doc-1.23.12-150000.1.40.1
* go1.23-race-1.23.12-150000.1.40.1
* go1.23-1.23.12-150000.1.40.1

## References:

* https://www.suse.com/security/cve/CVE-2025-47906.html
* https://www.suse.com/security/cve/CVE-2025-47907.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229122
* https://bugzilla.suse.com/show_bug.cgi?id=1247719
* https://bugzilla.suse.com/show_bug.cgi?id=1247720



SUSE-SU-2025:02768-1: moderate: Security update for sccache


# Security update for sccache

Announcement ID: SUSE-SU-2025:02768-1
Release Date: 2025-08-12T13:01:21Z
Rating: moderate
References:

* bsc#1243868

Cross-References:

* CVE-2024-12224

CVSS scores:

* CVE-2024-12224 ( SUSE ): 2.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-12224 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2024-12224 ( NVD ): 5.1
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* Development Tools Module 15-SP6
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for sccache fixes the following issues:

* Update to version 0.4.2~4:
* CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode.
(bsc#1243868)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2768=1 openSUSE-SLE-15.6-2025-2768=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-2768=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-2768=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* sccache-debuginfo-0.4.2~4-150600.10.3.1
* sccache-0.4.2~4-150600.10.3.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* sccache-debuginfo-0.4.2~4-150600.10.3.1
* sccache-0.4.2~4-150600.10.3.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* sccache-debuginfo-0.4.2~4-150600.10.3.1
* sccache-0.4.2~4-150600.10.3.1

## References:

* https://www.suse.com/security/cve/CVE-2024-12224.html
* https://bugzilla.suse.com/show_bug.cgi?id=1243868



SUSE-SU-2025:02770-1: important: Security update for tiff


# Security update for tiff

Announcement ID: SUSE-SU-2025:02770-1
Release Date: 2025-08-12T13:50:41Z
Rating: important
References:

* bsc#1243503
* bsc#1247106
* bsc#1247108

Cross-References:

* CVE-2025-8176
* CVE-2025-8177

CVSS scores:

* CVE-2025-8176 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-8176 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
* CVE-2025-8176 ( NVD ): 1.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-8176 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-8177 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-8177 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-8177 ( NVD ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-8177 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves two vulnerabilities and has one security fix can now be
installed.

## Description:

This update for tiff fixes the following issues:

* Updated TIFFMergeFieldInfo() with read_count=write_count=0 for FIELD_IGNORE
(bsc#1243503)
* CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108)
* CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow()
when processing malformed TIFF files (bsc#1247106)
* Add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to fix FTBFS with cmake4
* Add %check section
* Remove Group: declarations, no longer used

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2770=1 openSUSE-SLE-15.6-2025-2770=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2770=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2770=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2770=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2770=1

## Package List:

* openSUSE Leap 15.6 (x86_64)
* libtiff6-32bit-debuginfo-4.7.0-150600.3.13.1
* libtiff-devel-32bit-4.7.0-150600.3.13.1
* libtiff6-32bit-4.7.0-150600.3.13.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libtiff6-4.7.0-150600.3.13.1
* tiff-debuginfo-4.7.0-150600.3.13.1
* libtiff-devel-4.7.0-150600.3.13.1
* libtiff6-debuginfo-4.7.0-150600.3.13.1
* tiff-debugsource-4.7.0-150600.3.13.1
* tiff-4.7.0-150600.3.13.1
* openSUSE Leap 15.6 (noarch)
* tiff-docs-4.7.0-150600.3.13.1
* libtiff-devel-docs-4.7.0-150600.3.13.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libtiff-devel-64bit-4.7.0-150600.3.13.1
* libtiff6-64bit-debuginfo-4.7.0-150600.3.13.1
* libtiff6-64bit-4.7.0-150600.3.13.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libtiff6-4.7.0-150600.3.13.1
* tiff-debuginfo-4.7.0-150600.3.13.1
* libtiff-devel-4.7.0-150600.3.13.1
* libtiff6-debuginfo-4.7.0-150600.3.13.1
* tiff-debugsource-4.7.0-150600.3.13.1
* Basesystem Module 15-SP6 (x86_64)
* libtiff6-32bit-debuginfo-4.7.0-150600.3.13.1
* libtiff6-32bit-4.7.0-150600.3.13.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libtiff6-4.7.0-150600.3.13.1
* tiff-debuginfo-4.7.0-150600.3.13.1
* libtiff-devel-4.7.0-150600.3.13.1
* libtiff6-debuginfo-4.7.0-150600.3.13.1
* tiff-debugsource-4.7.0-150600.3.13.1
* Basesystem Module 15-SP7 (x86_64)
* libtiff6-32bit-debuginfo-4.7.0-150600.3.13.1
* libtiff6-32bit-4.7.0-150600.3.13.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* tiff-debuginfo-4.7.0-150600.3.13.1
* tiff-debugsource-4.7.0-150600.3.13.1
* tiff-4.7.0-150600.3.13.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* tiff-debuginfo-4.7.0-150600.3.13.1
* tiff-debugsource-4.7.0-150600.3.13.1
* tiff-4.7.0-150600.3.13.1

## References:

* https://www.suse.com/security/cve/CVE-2025-8176.html
* https://www.suse.com/security/cve/CVE-2025-8177.html
* https://bugzilla.suse.com/show_bug.cgi?id=1243503
* https://bugzilla.suse.com/show_bug.cgi?id=1247106
* https://bugzilla.suse.com/show_bug.cgi?id=1247108



openSUSE-SU-2025:0292-1: important: Security update for chromium


openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2025:0292-1
Rating: important
References: #1247661 #1247664
Cross-References: CVE-2025-54874 CVE-2025-8576 CVE-2025-8577
CVE-2025-8578 CVE-2025-8579 CVE-2025-8580
CVE-2025-8581 CVE-2025-8582 CVE-2025-8583

CVSS scores:
CVE-2025-54874 (SUSE): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes 9 vulnerabilities is now available.

Description:

Chromium was updated to fix:

- CVE-2025-54874 fix missing error check in openjpeg (bsc#1247661)

Chromium 139.0.7258.66 (boo#1247664):

* CVE-2025-8576: Use after free in Extensions
* CVE-2025-8577: Inappropriate implementation in Picture In Picture
* CVE-2025-8578: Use after free in Cast
* CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome
* CVE-2025-8580: Inappropriate implementation in Filesystems
* CVE-2025-8581: Inappropriate implementation in Extensions
* CVE-2025-8582: Insufficient validation of untrusted input in DOM
* CVE-2025-8583: Inappropriate implementation in Permissions

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-292=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le x86_64):

chromedriver-139.0.7258.66-bp156.2.152.1
chromedriver-debuginfo-139.0.7258.66-bp156.2.152.1
chromium-139.0.7258.66-bp156.2.152.1
chromium-debuginfo-139.0.7258.66-bp156.2.152.1

References:

https://www.suse.com/security/cve/CVE-2025-54874.html
https://www.suse.com/security/cve/CVE-2025-8576.html
https://www.suse.com/security/cve/CVE-2025-8577.html
https://www.suse.com/security/cve/CVE-2025-8578.html
https://www.suse.com/security/cve/CVE-2025-8579.html
https://www.suse.com/security/cve/CVE-2025-8580.html
https://www.suse.com/security/cve/CVE-2025-8581.html
https://www.suse.com/security/cve/CVE-2025-8582.html
https://www.suse.com/security/cve/CVE-2025-8583.html
https://bugzilla.suse.com/1247661
https://bugzilla.suse.com/1247664



SUSE-SU-2025:02758-1: important: Security update for libxml2


# Security update for libxml2

Announcement ID: SUSE-SU-2025:02758-1
Release Date: 2025-08-12T10:05:47Z
Rating: important
References:

* bsc#1246296

Cross-References:

* CVE-2025-7425

CVSS scores:

* CVE-2025-7425 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-7425 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
* CVE-2025-7425 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* Python 3 Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for libxml2 fixes the following issues:

* CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype
corruption in xmlAttrPtr (bsc#1246296)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2758=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2758=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-2758=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2758=1

* Python 3 Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-2758=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2758=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2758=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2758=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2758=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* python3-libxml2-debuginfo-2.10.3-150500.5.32.1
* libxml2-devel-2.10.3-150500.5.32.1
* libxml2-tools-2.10.3-150500.5.32.1
* python311-libxml2-debuginfo-2.10.3-150500.5.32.1
* libxml2-debugsource-2.10.3-150500.5.32.1
* libxml2-2-2.10.3-150500.5.32.1
* python311-libxml2-2.10.3-150500.5.32.1
* libxml2-tools-debuginfo-2.10.3-150500.5.32.1
* libxml2-python-debugsource-2.10.3-150500.5.32.1
* libxml2-2-debuginfo-2.10.3-150500.5.32.1
* python3-libxml2-2.10.3-150500.5.32.1
* openSUSE Leap 15.5 (x86_64)
* libxml2-2-32bit-2.10.3-150500.5.32.1
* libxml2-2-32bit-debuginfo-2.10.3-150500.5.32.1
* libxml2-devel-32bit-2.10.3-150500.5.32.1
* openSUSE Leap 15.5 (noarch)
* libxml2-doc-2.10.3-150500.5.32.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* libxml2-2-64bit-debuginfo-2.10.3-150500.5.32.1
* libxml2-devel-64bit-2.10.3-150500.5.32.1
* libxml2-2-64bit-2.10.3-150500.5.32.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python3-libxml2-debuginfo-2.10.3-150500.5.32.1
* libxml2-devel-2.10.3-150500.5.32.1
* libxml2-tools-2.10.3-150500.5.32.1
* python311-libxml2-debuginfo-2.10.3-150500.5.32.1
* libxml2-debugsource-2.10.3-150500.5.32.1
* libxml2-2-2.10.3-150500.5.32.1
* python311-libxml2-2.10.3-150500.5.32.1
* libxml2-tools-debuginfo-2.10.3-150500.5.32.1
* libxml2-python-debugsource-2.10.3-150500.5.32.1
* libxml2-2-debuginfo-2.10.3-150500.5.32.1
* python3-libxml2-2.10.3-150500.5.32.1
* openSUSE Leap 15.6 (x86_64)
* libxml2-2-32bit-2.10.3-150500.5.32.1
* libxml2-2-32bit-debuginfo-2.10.3-150500.5.32.1
* libxml2-devel-32bit-2.10.3-150500.5.32.1
* openSUSE Leap 15.6 (noarch)
* libxml2-doc-2.10.3-150500.5.32.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* python3-libxml2-debuginfo-2.10.3-150500.5.32.1
* libxml2-tools-2.10.3-150500.5.32.1
* libxml2-debugsource-2.10.3-150500.5.32.1
* libxml2-2-2.10.3-150500.5.32.1
* libxml2-tools-debuginfo-2.10.3-150500.5.32.1
* libxml2-python-debugsource-2.10.3-150500.5.32.1
* libxml2-2-debuginfo-2.10.3-150500.5.32.1
* python3-libxml2-2.10.3-150500.5.32.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* python3-libxml2-debuginfo-2.10.3-150500.5.32.1
* libxml2-devel-2.10.3-150500.5.32.1
* libxml2-tools-2.10.3-150500.5.32.1
* libxml2-debugsource-2.10.3-150500.5.32.1
* libxml2-2-2.10.3-150500.5.32.1
* libxml2-tools-debuginfo-2.10.3-150500.5.32.1
* libxml2-python-debugsource-2.10.3-150500.5.32.1
* libxml2-2-debuginfo-2.10.3-150500.5.32.1
* python3-libxml2-2.10.3-150500.5.32.1
* Basesystem Module 15-SP6 (x86_64)
* libxml2-2-32bit-2.10.3-150500.5.32.1
* libxml2-2-32bit-debuginfo-2.10.3-150500.5.32.1
* Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* python311-libxml2-debuginfo-2.10.3-150500.5.32.1
* python311-libxml2-2.10.3-150500.5.32.1
* libxml2-python-debugsource-2.10.3-150500.5.32.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* python3-libxml2-debuginfo-2.10.3-150500.5.32.1
* libxml2-devel-2.10.3-150500.5.32.1
* libxml2-tools-2.10.3-150500.5.32.1
* python311-libxml2-debuginfo-2.10.3-150500.5.32.1
* libxml2-debugsource-2.10.3-150500.5.32.1
* libxml2-2-2.10.3-150500.5.32.1
* python311-libxml2-2.10.3-150500.5.32.1
* libxml2-tools-debuginfo-2.10.3-150500.5.32.1
* libxml2-python-debugsource-2.10.3-150500.5.32.1
* libxml2-2-debuginfo-2.10.3-150500.5.32.1
* python3-libxml2-2.10.3-150500.5.32.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
* libxml2-2-32bit-2.10.3-150500.5.32.1
* libxml2-2-32bit-debuginfo-2.10.3-150500.5.32.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* python3-libxml2-debuginfo-2.10.3-150500.5.32.1
* libxml2-devel-2.10.3-150500.5.32.1
* libxml2-tools-2.10.3-150500.5.32.1
* python311-libxml2-debuginfo-2.10.3-150500.5.32.1
* libxml2-debugsource-2.10.3-150500.5.32.1
* libxml2-2-2.10.3-150500.5.32.1
* python311-libxml2-2.10.3-150500.5.32.1
* libxml2-tools-debuginfo-2.10.3-150500.5.32.1
* libxml2-python-debugsource-2.10.3-150500.5.32.1
* libxml2-2-debuginfo-2.10.3-150500.5.32.1
* python3-libxml2-2.10.3-150500.5.32.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
* libxml2-2-32bit-2.10.3-150500.5.32.1
* libxml2-2-32bit-debuginfo-2.10.3-150500.5.32.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* python3-libxml2-debuginfo-2.10.3-150500.5.32.1
* libxml2-devel-2.10.3-150500.5.32.1
* libxml2-tools-2.10.3-150500.5.32.1
* python311-libxml2-debuginfo-2.10.3-150500.5.32.1
* libxml2-debugsource-2.10.3-150500.5.32.1
* libxml2-2-2.10.3-150500.5.32.1
* python311-libxml2-2.10.3-150500.5.32.1
* libxml2-tools-debuginfo-2.10.3-150500.5.32.1
* libxml2-python-debugsource-2.10.3-150500.5.32.1
* libxml2-2-debuginfo-2.10.3-150500.5.32.1
* python3-libxml2-2.10.3-150500.5.32.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
* libxml2-2-32bit-2.10.3-150500.5.32.1
* libxml2-2-32bit-debuginfo-2.10.3-150500.5.32.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* python3-libxml2-debuginfo-2.10.3-150500.5.32.1
* libxml2-devel-2.10.3-150500.5.32.1
* libxml2-tools-2.10.3-150500.5.32.1
* python311-libxml2-debuginfo-2.10.3-150500.5.32.1
* libxml2-debugsource-2.10.3-150500.5.32.1
* libxml2-2-2.10.3-150500.5.32.1
* python311-libxml2-2.10.3-150500.5.32.1
* libxml2-tools-debuginfo-2.10.3-150500.5.32.1
* libxml2-python-debugsource-2.10.3-150500.5.32.1
* libxml2-2-debuginfo-2.10.3-150500.5.32.1
* python3-libxml2-2.10.3-150500.5.32.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* libxml2-2-32bit-2.10.3-150500.5.32.1
* libxml2-2-32bit-debuginfo-2.10.3-150500.5.32.1

## References:

* https://www.suse.com/security/cve/CVE-2025-7425.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246296



SUSE-SU-2025:02754-1: moderate: Security update for opensc


# Security update for opensc

Announcement ID: SUSE-SU-2025:02754-1
Release Date: 2025-08-12T07:35:15Z
Rating: moderate
References:

* bsc#1219386

Cross-References:

* CVE-2023-5992

CVSS scores:

* CVE-2023-5992 ( SUSE ): 4.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2023-5992 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
* CVE-2023-5992 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-5992 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for opensc fixes the following issues:

* CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS#1
padding (bsc#1219386).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2754=1 openSUSE-SLE-15.6-2025-2754=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2754=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2754=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* opensc-debugsource-0.22.0-150600.11.6.1
* opensc-debuginfo-0.22.0-150600.11.6.1
* opensc-0.22.0-150600.11.6.1
* openSUSE Leap 15.6 (x86_64)
* opensc-32bit-debuginfo-0.22.0-150600.11.6.1
* opensc-32bit-0.22.0-150600.11.6.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* opensc-64bit-0.22.0-150600.11.6.1
* opensc-64bit-debuginfo-0.22.0-150600.11.6.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* opensc-debugsource-0.22.0-150600.11.6.1
* opensc-debuginfo-0.22.0-150600.11.6.1
* opensc-0.22.0-150600.11.6.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* opensc-debugsource-0.22.0-150600.11.6.1
* opensc-debuginfo-0.22.0-150600.11.6.1
* opensc-0.22.0-150600.11.6.1

## References:

* https://www.suse.com/security/cve/CVE-2023-5992.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219386



SUSE-SU-2025:02772-1: moderate: Recommended update for grub2


# Recommended update for grub2

Announcement ID: SUSE-SU-2025:02772-1
Release Date: 2025-08-12T17:39:25Z
Rating: moderate
References:

* bsc#1234959
* bsc#1246157
* bsc#1246231
* bsc#1246237

Cross-References:

* CVE-2024-56738

CVSS scores:

* CVE-2024-56738 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-56738 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-56738 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability and has three security fixes can now be
installed.

## Description:

This update for grub2 fixes the following issues:

* CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm
in grub_crypto_memcmp (bsc#1234959)

Other fixes: \- Fix test -f and -s do not work properly over the network files
served via tftp and http (bsc#1246157, bsc#1246237) \- Skip mount point in
grub_find_device function (bsc#1246231)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2772=1 openSUSE-SLE-15.6-2025-2772=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2772=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-2772=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* grub2-debuginfo-2.12-150600.8.34.1
* grub2-2.12-150600.8.34.1
* grub2-branding-upstream-2.12-150600.8.34.1
* openSUSE Leap 15.6 (aarch64 s390x x86_64 i586)
* grub2-debugsource-2.12-150600.8.34.1
* openSUSE Leap 15.6 (noarch)
* grub2-i386-pc-2.12-150600.8.34.1
* grub2-x86_64-xen-debug-2.12-150600.8.34.1
* grub2-snapper-plugin-2.12-150600.8.34.1
* grub2-i386-xen-debug-2.12-150600.8.34.1
* grub2-s390x-emu-extras-2.12-150600.8.34.1
* grub2-x86_64-xen-extras-2.12-150600.8.34.1
* grub2-arm64-efi-debug-2.12-150600.8.34.1
* grub2-x86_64-efi-extras-2.12-150600.8.34.1
* grub2-x86_64-xen-2.12-150600.8.34.1
* grub2-x86_64-efi-debug-2.12-150600.8.34.1
* grub2-i386-pc-debug-2.12-150600.8.34.1
* grub2-i386-xen-2.12-150600.8.34.1
* grub2-i386-xen-extras-2.12-150600.8.34.1
* grub2-i386-efi-extras-2.12-150600.8.34.1
* grub2-powerpc-ieee1275-extras-2.12-150600.8.34.1
* grub2-systemd-sleep-plugin-2.12-150600.8.34.1
* grub2-i386-efi-debug-2.12-150600.8.34.1
* grub2-arm64-efi-extras-2.12-150600.8.34.1
* grub2-powerpc-ieee1275-2.12-150600.8.34.1
* grub2-powerpc-ieee1275-debug-2.12-150600.8.34.1
* grub2-arm64-efi-2.12-150600.8.34.1
* grub2-i386-efi-2.12-150600.8.34.1
* grub2-i386-pc-extras-2.12-150600.8.34.1
* grub2-x86_64-efi-2.12-150600.8.34.1
* openSUSE Leap 15.6 (s390x)
* grub2-s390x-emu-debug-2.12-150600.8.34.1
* grub2-s390x-emu-2.12-150600.8.34.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* grub2-debuginfo-2.12-150600.8.34.1
* grub2-2.12-150600.8.34.1
* Basesystem Module 15-SP6 (noarch)
* grub2-i386-pc-2.12-150600.8.34.1
* grub2-systemd-sleep-plugin-2.12-150600.8.34.1
* grub2-powerpc-ieee1275-2.12-150600.8.34.1
* grub2-arm64-efi-2.12-150600.8.34.1
* grub2-snapper-plugin-2.12-150600.8.34.1
* grub2-x86_64-efi-2.12-150600.8.34.1
* Basesystem Module 15-SP6 (aarch64 s390x x86_64)
* grub2-debugsource-2.12-150600.8.34.1
* Basesystem Module 15-SP6 (s390x)
* grub2-s390x-emu-2.12-150600.8.34.1
* Server Applications Module 15-SP6 (noarch)
* grub2-x86_64-xen-2.12-150600.8.34.1

## References:

* https://www.suse.com/security/cve/CVE-2024-56738.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234959
* https://bugzilla.suse.com/show_bug.cgi?id=1246157
* https://bugzilla.suse.com/show_bug.cgi?id=1246231
* https://bugzilla.suse.com/show_bug.cgi?id=1246237


Kernel, GDK-Pixbuf2, OpenJDK, and more updates for Oracle Linux

Linux Kernel updates for Ubuntu

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...