Anubis, Python, Kernel, OpenIDC updates for SUSE

SUSE 5515 Published by

Recent updates have been released for SUSE Linux, which include various security and feature enhancements. Two moderate updates are available, one affecting Anubis version 1.24.0-1.1 and another impacting python311-openapi-core version 0.22.0-1.1. Additionally, two important updates were released: a security update for the Linux Kernel and a security update for apache2-mod_auth_openidc.

openSUSE-SU-2025:15847-1: moderate: anubis-1.24.0-1.1 on GA media
openSUSE-SU-2025:15848-1: moderate: python311-openapi-core-0.22.0-1.1 on GA media
SUSE-SU-2025:4530-1: important: Security update for the Linux Kernel
SUSE-SU-2025:4532-1: important: Security update for apache2-mod_auth_openidc




openSUSE-SU-2025:15847-1: moderate: anubis-1.24.0-1.1 on GA media


# anubis-1.24.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15847-1
Rating: moderate

Cross-References:

* CVE-2025-24369

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the anubis-1.24.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* anubis 1.24.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-24369.html



openSUSE-SU-2025:15848-1: moderate: python311-openapi-core-0.22.0-1.1 on GA media


# python311-openapi-core-0.22.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15848-1
Rating: moderate

Cross-References:

* CVE-2025-66221

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-openapi-core-0.22.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-openapi-core 0.22.0-1.1
* python312-openapi-core 0.22.0-1.1
* python313-openapi-core 0.22.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-66221.html



SUSE-SU-2025:4530-1: important: Security update for the Linux Kernel


# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2025:4530-1
Release Date: 2025-12-29T10:48:30Z
Rating: important
References:

* bsc#1228688
* bsc#1249806
* bsc#1251247
* bsc#1251786
* bsc#1252560
* bsc#1252780
* bsc#1253367
* bsc#1253431
* bsc#1253436

Cross-References:

* CVE-2022-50280
* CVE-2023-53659
* CVE-2023-53676
* CVE-2023-53717
* CVE-2025-40040
* CVE-2025-40121
* CVE-2025-40154
* CVE-2025-40204

CVSS scores:

* CVE-2022-50280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50280 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53659 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53659 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53676 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53676 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53717 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53717 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40040 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40040 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40121 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40121 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40154 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40154 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40204 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Availability Extension 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 Business Critical Linux
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Manager Proxy 4.2
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Server 4.2

An update that solves eight vulnerabilities and has one security fix can now be
installed.

## Description:

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

* CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806).
* CVE-2023-53659: iavf: Fix out-of-bounds when setting channels on remove
(bsc#1251247).
* CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in
lio_target_nacl_info_show() (bsc#1251786).
* CVE-2023-53717: wifi: ath9k: Fix potential stack-out-of-bounds write in
ath9k_wmi_rsp_callback() (bsc#1252560).
* CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise
(bsc#1252780).
* CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping
(bsc#1253367).
* CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping
(bsc#1253431).
* CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).

The following non-security bugs were fixed:

* cifs: Check the lease context if we actually got a lease (bsc#1228688).
* cifs: return a single-use cfid if we did not get a lease (bsc#1228688).
* smb3: fix Open files on server counter going negative (git-fixes).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Availability Extension 15 SP3
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2025-4530=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4530=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4530=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4530=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-4530=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-4530=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-4530=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-4530=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-4530=1

## Package List:

* SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le
s390x x86_64)
* kernel-default-debugsource-5.3.18-150300.59.229.3
* gfs2-kmp-default-5.3.18-150300.59.229.3
* dlm-kmp-default-debuginfo-5.3.18-150300.59.229.3
* gfs2-kmp-default-debuginfo-5.3.18-150300.59.229.3
* cluster-md-kmp-default-debuginfo-5.3.18-150300.59.229.3
* ocfs2-kmp-default-5.3.18-150300.59.229.3
* dlm-kmp-default-5.3.18-150300.59.229.3
* ocfs2-kmp-default-debuginfo-5.3.18-150300.59.229.3
* cluster-md-kmp-default-5.3.18-150300.59.229.3
* kernel-default-debuginfo-5.3.18-150300.59.229.3
* SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc)
* kernel-default-5.3.18-150300.59.229.3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.229.3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64)
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.229.3
* kernel-64kb-debuginfo-5.3.18-150300.59.229.3
* kernel-64kb-devel-5.3.18-150300.59.229.3
* kernel-64kb-debugsource-5.3.18-150300.59.229.3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc
x86_64)
* kernel-preempt-5.3.18-150300.59.229.3
* kernel-default-5.3.18-150300.59.229.3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* kernel-preempt-debugsource-5.3.18-150300.59.229.3
* kernel-preempt-devel-5.3.18-150300.59.229.3
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.229.3
* kernel-default-debugsource-5.3.18-150300.59.229.3
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.229.3
* kernel-default-devel-5.3.18-150300.59.229.3
* kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3
* reiserfs-kmp-default-5.3.18-150300.59.229.3
* kernel-obs-build-5.3.18-150300.59.229.3
* kernel-preempt-debuginfo-5.3.18-150300.59.229.3
* kernel-default-devel-debuginfo-5.3.18-150300.59.229.3
* kernel-obs-build-debugsource-5.3.18-150300.59.229.3
* kernel-default-debuginfo-5.3.18-150300.59.229.3
* kernel-syms-5.3.18-150300.59.229.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* kernel-source-5.3.18-150300.59.229.3
* kernel-macros-5.3.18-150300.59.229.3
* kernel-devel-5.3.18-150300.59.229.3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.229.2
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.229.3
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64)
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.229.3
* kernel-64kb-debuginfo-5.3.18-150300.59.229.3
* kernel-64kb-devel-5.3.18-150300.59.229.3
* kernel-64kb-debugsource-5.3.18-150300.59.229.3
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64
nosrc)
* kernel-default-5.3.18-150300.59.229.3
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* kernel-default-debugsource-5.3.18-150300.59.229.3
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.229.3
* kernel-default-devel-5.3.18-150300.59.229.3
* kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3
* reiserfs-kmp-default-5.3.18-150300.59.229.3
* kernel-obs-build-5.3.18-150300.59.229.3
* kernel-default-devel-debuginfo-5.3.18-150300.59.229.3
* kernel-obs-build-debugsource-5.3.18-150300.59.229.3
* kernel-default-debuginfo-5.3.18-150300.59.229.3
* kernel-syms-5.3.18-150300.59.229.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* kernel-source-5.3.18-150300.59.229.3
* kernel-macros-5.3.18-150300.59.229.3
* kernel-devel-5.3.18-150300.59.229.3
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch nosrc)
* kernel-docs-5.3.18-150300.59.229.2
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.229.3
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 x86_64)
* kernel-preempt-debuginfo-5.3.18-150300.59.229.3
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.229.3
* kernel-preempt-devel-5.3.18-150300.59.229.3
* kernel-preempt-debugsource-5.3.18-150300.59.229.3
* SUSE Linux Enterprise Server 15 SP3 LTSS (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.229.3
* SUSE Linux Enterprise Server 15 SP3 LTSS (s390x)
* kernel-zfcpdump-debugsource-5.3.18-150300.59.229.3
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.229.3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le
x86_64)
* kernel-default-5.3.18-150300.59.229.3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* kernel-default-debugsource-5.3.18-150300.59.229.3
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.229.3
* kernel-default-devel-5.3.18-150300.59.229.3
* kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3
* reiserfs-kmp-default-5.3.18-150300.59.229.3
* kernel-obs-build-5.3.18-150300.59.229.3
* kernel-default-devel-debuginfo-5.3.18-150300.59.229.3
* kernel-obs-build-debugsource-5.3.18-150300.59.229.3
* kernel-default-debuginfo-5.3.18-150300.59.229.3
* kernel-syms-5.3.18-150300.59.229.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* kernel-source-5.3.18-150300.59.229.3
* kernel-macros-5.3.18-150300.59.229.3
* kernel-devel-5.3.18-150300.59.229.3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.229.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.229.3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* kernel-preempt-debuginfo-5.3.18-150300.59.229.3
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.229.3
* kernel-preempt-devel-5.3.18-150300.59.229.3
* kernel-preempt-debugsource-5.3.18-150300.59.229.3
* SUSE Enterprise Storage 7.1 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.229.3
* SUSE Enterprise Storage 7.1 (aarch64)
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.229.3
* kernel-64kb-debuginfo-5.3.18-150300.59.229.3
* kernel-64kb-devel-5.3.18-150300.59.229.3
* kernel-64kb-debugsource-5.3.18-150300.59.229.3
* SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.229.3
* kernel-default-5.3.18-150300.59.229.3
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* kernel-preempt-debugsource-5.3.18-150300.59.229.3
* kernel-preempt-devel-5.3.18-150300.59.229.3
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.229.3
* kernel-default-debugsource-5.3.18-150300.59.229.3
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.229.3
* kernel-default-devel-5.3.18-150300.59.229.3
* kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3
* reiserfs-kmp-default-5.3.18-150300.59.229.3
* kernel-obs-build-5.3.18-150300.59.229.3
* kernel-preempt-debuginfo-5.3.18-150300.59.229.3
* kernel-default-devel-debuginfo-5.3.18-150300.59.229.3
* kernel-obs-build-debugsource-5.3.18-150300.59.229.3
* kernel-default-debuginfo-5.3.18-150300.59.229.3
* kernel-syms-5.3.18-150300.59.229.1
* SUSE Enterprise Storage 7.1 (noarch)
* kernel-source-5.3.18-150300.59.229.3
* kernel-macros-5.3.18-150300.59.229.3
* kernel-devel-5.3.18-150300.59.229.3
* SUSE Enterprise Storage 7.1 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.229.2
* SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.229.3
* SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.3.18-150300.59.229.3
* kernel-default-debuginfo-5.3.18-150300.59.229.3
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.229.3
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.3.18-150300.59.229.3
* kernel-default-debuginfo-5.3.18-150300.59.229.3
* SUSE Linux Enterprise Live Patching 15-SP3 (nosrc)
* kernel-default-5.3.18-150300.59.229.3
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_229-default-1-150300.7.3.3
* kernel-livepatch-SLE15-SP3_Update_64-debugsource-1-150300.7.3.3
* kernel-default-debugsource-5.3.18-150300.59.229.3
* kernel-default-livepatch-devel-5.3.18-150300.59.229.3
* kernel-livepatch-5_3_18-150300_59_229-default-debuginfo-1-150300.7.3.3
* kernel-default-livepatch-5.3.18-150300.59.229.3
* kernel-default-debuginfo-5.3.18-150300.59.229.3
* openSUSE Leap 15.3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.229.2
* openSUSE Leap 15.3 (noarch)
* kernel-macros-5.3.18-150300.59.229.3
* kernel-devel-5.3.18-150300.59.229.3
* kernel-source-vanilla-5.3.18-150300.59.229.3
* kernel-docs-html-5.3.18-150300.59.229.2
* kernel-source-5.3.18-150300.59.229.3
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64)
* kselftests-kmp-default-debuginfo-5.3.18-150300.59.229.3
* kernel-default-devel-5.3.18-150300.59.229.3
* ocfs2-kmp-default-debuginfo-5.3.18-150300.59.229.3
* kernel-default-devel-debuginfo-5.3.18-150300.59.229.3
* kernel-syms-5.3.18-150300.59.229.1
* kernel-obs-build-5.3.18-150300.59.229.3
* kernel-default-debugsource-5.3.18-150300.59.229.3
* dlm-kmp-default-debuginfo-5.3.18-150300.59.229.3
* kernel-default-extra-5.3.18-150300.59.229.3
* kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3
* reiserfs-kmp-default-5.3.18-150300.59.229.3
* kernel-default-optional-5.3.18-150300.59.229.3
* kernel-default-livepatch-5.3.18-150300.59.229.3
* kselftests-kmp-default-5.3.18-150300.59.229.3
* cluster-md-kmp-default-5.3.18-150300.59.229.3
* kernel-default-debuginfo-5.3.18-150300.59.229.3
* kernel-default-extra-debuginfo-5.3.18-150300.59.229.3
* kernel-obs-qa-5.3.18-150300.59.229.1
* kernel-default-optional-debuginfo-5.3.18-150300.59.229.3
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.229.3
* gfs2-kmp-default-5.3.18-150300.59.229.3
* gfs2-kmp-default-debuginfo-5.3.18-150300.59.229.3
* cluster-md-kmp-default-debuginfo-5.3.18-150300.59.229.3
* ocfs2-kmp-default-5.3.18-150300.59.229.3
* dlm-kmp-default-5.3.18-150300.59.229.3
* kernel-obs-build-debugsource-5.3.18-150300.59.229.3
* kernel-default-base-rebuild-5.3.18-150300.59.229.3.150300.18.136.3
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.3.18-150300.59.229.3
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_229-default-1-150300.7.3.3
* kernel-default-livepatch-devel-5.3.18-150300.59.229.3
* kernel-livepatch-5_3_18-150300_59_229-default-debuginfo-1-150300.7.3.3
* kernel-livepatch-SLE15-SP3_Update_64-debugsource-1-150300.7.3.3
* openSUSE Leap 15.3 (nosrc ppc64le x86_64)
* kernel-kvmsmall-5.3.18-150300.59.229.3
* openSUSE Leap 15.3 (ppc64le x86_64)
* kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.229.3
* kernel-kvmsmall-devel-5.3.18-150300.59.229.3
* kernel-kvmsmall-debuginfo-5.3.18-150300.59.229.3
* kernel-kvmsmall-debugsource-5.3.18-150300.59.229.3
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_229-preempt-1-150300.7.3.3
* kernel-livepatch-5_3_18-150300_59_229-preempt-debuginfo-1-150300.7.3.3
* openSUSE Leap 15.3 (aarch64 x86_64)
* gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.229.3
* kernel-preempt-devel-5.3.18-150300.59.229.3
* cluster-md-kmp-preempt-5.3.18-150300.59.229.3
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.229.3
* kernel-preempt-optional-5.3.18-150300.59.229.3
* kselftests-kmp-preempt-5.3.18-150300.59.229.3
* ocfs2-kmp-preempt-5.3.18-150300.59.229.3
* dlm-kmp-preempt-5.3.18-150300.59.229.3
* gfs2-kmp-preempt-5.3.18-150300.59.229.3
* reiserfs-kmp-preempt-5.3.18-150300.59.229.3
* reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.229.3
* cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.229.3
* kernel-preempt-optional-debuginfo-5.3.18-150300.59.229.3
* kernel-preempt-extra-debuginfo-5.3.18-150300.59.229.3
* kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.229.3
* kernel-preempt-debugsource-5.3.18-150300.59.229.3
* kernel-preempt-debuginfo-5.3.18-150300.59.229.3
* ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.229.3
* kernel-preempt-extra-5.3.18-150300.59.229.3
* dlm-kmp-preempt-debuginfo-5.3.18-150300.59.229.3
* openSUSE Leap 15.3 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.229.3
* openSUSE Leap 15.3 (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.229.3
* openSUSE Leap 15.3 (s390x)
* kernel-zfcpdump-debugsource-5.3.18-150300.59.229.3
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.229.3
* openSUSE Leap 15.3 (nosrc)
* dtb-aarch64-5.3.18-150300.59.229.1
* openSUSE Leap 15.3 (aarch64)
* gfs2-kmp-64kb-5.3.18-150300.59.229.3
* reiserfs-kmp-64kb-5.3.18-150300.59.229.3
* cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.229.3
* dtb-apm-5.3.18-150300.59.229.1
* dtb-altera-5.3.18-150300.59.229.1
* dtb-cavium-5.3.18-150300.59.229.1
* dtb-sprd-5.3.18-150300.59.229.1
* dtb-mediatek-5.3.18-150300.59.229.1
* kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.229.3
* dtb-amd-5.3.18-150300.59.229.1
* dtb-amlogic-5.3.18-150300.59.229.1
* kernel-64kb-debugsource-5.3.18-150300.59.229.3
* dtb-qcom-5.3.18-150300.59.229.1
* dtb-renesas-5.3.18-150300.59.229.1
* kernel-64kb-optional-debuginfo-5.3.18-150300.59.229.3
* reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.229.3
* dtb-zte-5.3.18-150300.59.229.1
* dtb-broadcom-5.3.18-150300.59.229.1
* dtb-freescale-5.3.18-150300.59.229.1
* dtb-al-5.3.18-150300.59.229.1
* kernel-64kb-optional-5.3.18-150300.59.229.3
* dtb-marvell-5.3.18-150300.59.229.1
* dtb-nvidia-5.3.18-150300.59.229.1
* dtb-xilinx-5.3.18-150300.59.229.1
* dlm-kmp-64kb-5.3.18-150300.59.229.3
* kernel-64kb-extra-5.3.18-150300.59.229.3
* ocfs2-kmp-64kb-5.3.18-150300.59.229.3
* dlm-kmp-64kb-debuginfo-5.3.18-150300.59.229.3
* kernel-64kb-devel-5.3.18-150300.59.229.3
* dtb-lg-5.3.18-150300.59.229.1
* ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.229.3
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.229.3
* dtb-exynos-5.3.18-150300.59.229.1
* dtb-socionext-5.3.18-150300.59.229.1
* kselftests-kmp-64kb-5.3.18-150300.59.229.3
* dtb-arm-5.3.18-150300.59.229.1
* kernel-64kb-debuginfo-5.3.18-150300.59.229.3
* kernel-64kb-extra-debuginfo-5.3.18-150300.59.229.3
* gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.229.3
* dtb-hisilicon-5.3.18-150300.59.229.1
* cluster-md-kmp-64kb-5.3.18-150300.59.229.3
* dtb-rockchip-5.3.18-150300.59.229.1
* dtb-allwinner-5.3.18-150300.59.229.1
* openSUSE Leap 15.3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.229.3

## References:

* https://www.suse.com/security/cve/CVE-2022-50280.html
* https://www.suse.com/security/cve/CVE-2023-53659.html
* https://www.suse.com/security/cve/CVE-2023-53676.html
* https://www.suse.com/security/cve/CVE-2023-53717.html
* https://www.suse.com/security/cve/CVE-2025-40040.html
* https://www.suse.com/security/cve/CVE-2025-40121.html
* https://www.suse.com/security/cve/CVE-2025-40154.html
* https://www.suse.com/security/cve/CVE-2025-40204.html
* https://bugzilla.suse.com/show_bug.cgi?id=1228688
* https://bugzilla.suse.com/show_bug.cgi?id=1249806
* https://bugzilla.suse.com/show_bug.cgi?id=1251247
* https://bugzilla.suse.com/show_bug.cgi?id=1251786
* https://bugzilla.suse.com/show_bug.cgi?id=1252560
* https://bugzilla.suse.com/show_bug.cgi?id=1252780
* https://bugzilla.suse.com/show_bug.cgi?id=1253367
* https://bugzilla.suse.com/show_bug.cgi?id=1253431
* https://bugzilla.suse.com/show_bug.cgi?id=1253436



SUSE-SU-2025:4532-1: important: Security update for apache2-mod_auth_openidc


# Security update for apache2-mod_auth_openidc

Announcement ID: SUSE-SU-2025:4532-1
Release Date: 2025-12-29T13:54:09Z
Rating: important
References:

* bsc#1248806
* jsc#PED-14130

Cross-References:

* CVE-2019-14857
* CVE-2019-20479
* CVE-2021-32785
* CVE-2021-32786
* CVE-2021-32791
* CVE-2021-32792
* CVE-2021-39191
* CVE-2022-23527
* CVE-2023-28625
* CVE-2024-24814
* CVE-2025-31492
* CVE-2025-3891

CVSS scores:

* CVE-2019-14857 ( SUSE ): 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2019-14857 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2019-14857 ( NVD ): 5.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
* CVE-2019-20479 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2019-20479 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2021-32785 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2021-32785 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-32786 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
* CVE-2021-32786 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
* CVE-2021-32791 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2021-32791 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2021-32792 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2021-32792 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2021-39191 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
* CVE-2021-39191 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
* CVE-2022-23527 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2022-23527 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
* CVE-2023-28625 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-28625 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-28625 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-24814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-24814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-24814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-31492 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-31492 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-31492 ( NVD ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-3891 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-3891 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-3891 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-3891 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves 12 vulnerabilities and contains one feature can now be
installed.

## Description:

This update for apache2-mod_auth_openidc fixes the following issues:

* Update to 2.4.17.1 (bsc#1248806 / PED-14130).
* Remove many patches, as they've been merged upstream.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4532=1 SUSE-2025-4532=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-4532=1

* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-4532=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1
* apache2-mod_auth_openidc-debugsource-2.4.17.1-150600.16.14.1
* apache2-mod_auth_openidc-debuginfo-2.4.17.1-150600.16.14.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1
* apache2-mod_auth_openidc-debugsource-2.4.17.1-150600.16.14.1
* apache2-mod_auth_openidc-debuginfo-2.4.17.1-150600.16.14.1
* Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1
* apache2-mod_auth_openidc-debugsource-2.4.17.1-150600.16.14.1
* apache2-mod_auth_openidc-debuginfo-2.4.17.1-150600.16.14.1

## References:

* https://www.suse.com/security/cve/CVE-2019-14857.html
* https://www.suse.com/security/cve/CVE-2019-20479.html
* https://www.suse.com/security/cve/CVE-2021-32785.html
* https://www.suse.com/security/cve/CVE-2021-32786.html
* https://www.suse.com/security/cve/CVE-2021-32791.html
* https://www.suse.com/security/cve/CVE-2021-32792.html
* https://www.suse.com/security/cve/CVE-2021-39191.html
* https://www.suse.com/security/cve/CVE-2022-23527.html
* https://www.suse.com/security/cve/CVE-2023-28625.html
* https://www.suse.com/security/cve/CVE-2024-24814.html
* https://www.suse.com/security/cve/CVE-2025-31492.html
* https://www.suse.com/security/cve/CVE-2025-3891.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248806
* https://jira.suse.com/browse/PED-14130


Golang, OpenTofu, FluidSynth updates for Fedora

Python-Django, OpenJPEG2, Osslsigncode updates for Debian

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...