SUSE-SU-2025:1559-1: moderate: Security update for audiofile
SUSE-SU-2025:1560-1: low: Security update for rustup
openSUSE-SU-2025:15088-1: moderate: nbdkit-1.42.3-1.1 on GA media
SUSE-SU-2025:1559-1: moderate: Security update for audiofile
# Security update for audiofile
Announcement ID: SUSE-SU-2025:1559-1
Release Date: 2025-05-15T11:19:29Z
Rating: moderate
References:
* bsc#1140031
* bsc#1196487
Cross-References:
* CVE-2019-13147
* CVE-2022-24599
CVSS scores:
* CVE-2019-13147 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2019-13147 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2019-13147 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2022-24599 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
* CVE-2022-24599 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Products:
* Desktop Applications Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves two vulnerabilities can now be installed.
## Description:
This update for audiofile fixes the following issues:
* CVE-2019-13147: Fixed NULL pointer dereference in ulaw2linear_buf that could
lead to DOS (bsc#1140031).
* CVE-2022-24599: unverified user input when processing audio files can lead
to information leak (bsc#1196487).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1559=1
* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-1559=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* audiofile-0.3.6-150000.3.12.1
* audiofile-debuginfo-0.3.6-150000.3.12.1
* libaudiofile1-debuginfo-0.3.6-150000.3.12.1
* libaudiofile1-0.3.6-150000.3.12.1
* audiofile-debugsource-0.3.6-150000.3.12.1
* audiofile-devel-0.3.6-150000.3.12.1
* audiofile-doc-0.3.6-150000.3.12.1
* openSUSE Leap 15.6 (x86_64)
* libaudiofile1-32bit-debuginfo-0.3.6-150000.3.12.1
* audiofile-devel-32bit-0.3.6-150000.3.12.1
* libaudiofile1-32bit-0.3.6-150000.3.12.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* audiofile-debuginfo-0.3.6-150000.3.12.1
* libaudiofile1-debuginfo-0.3.6-150000.3.12.1
* libaudiofile1-0.3.6-150000.3.12.1
* audiofile-debugsource-0.3.6-150000.3.12.1
* audiofile-devel-0.3.6-150000.3.12.1
## References:
* https://www.suse.com/security/cve/CVE-2019-13147.html
* https://www.suse.com/security/cve/CVE-2022-24599.html
* https://bugzilla.suse.com/show_bug.cgi?id=1140031
* https://bugzilla.suse.com/show_bug.cgi?id=1196487
SUSE-SU-2025:1560-1: low: Security update for rustup
# Security update for rustup
Announcement ID: SUSE-SU-2025:1560-1
Release Date: 2025-05-15T12:51:24Z
Rating: low
References:
* bsc#1242617
Cross-References:
* CVE-2025-3416
CVSS scores:
* CVE-2025-3416 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-3416 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-3416 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* openSUSE Leap 15.4
An update that solves one vulnerability can now be installed.
## Description:
This update for rustup fixes the following issues:
* CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-
openssl crate (bsc#1242617)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1560=1
## Package List:
* openSUSE Leap 15.4 (aarch64 x86_64)
* rustup-debuginfo-1.26.0~0-150400.3.10.1
* rustup-debugsource-1.26.0~0-150400.3.10.1
* rustup-1.26.0~0-150400.3.10.1
## References:
* https://www.suse.com/security/cve/CVE-2025-3416.html
* https://bugzilla.suse.com/show_bug.cgi?id=1242617
openSUSE-SU-2025:15088-1: moderate: nbdkit-1.42.3-1.1 on GA media
# nbdkit-1.42.3-1.1 on GA media
Announcement ID: openSUSE-SU-2025:15088-1
Rating: moderate
Cross-References:
* CVE-2025-47711
* CVE-2025-47712
CVSS scores:
* CVE-2025-47711 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-47711 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-47712 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-47712 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 2 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the nbdkit-1.42.3-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* nbdkit 1.42.3-1.1
* nbdkit-bash-completion 1.42.3-1.1
* nbdkit-basic-filters 1.42.3-1.1
* nbdkit-basic-plugins 1.42.3-1.1
* nbdkit-bzip2-filter 1.42.3-1.1
* nbdkit-curl-plugin 1.42.3-1.1
* nbdkit-devel 1.42.3-1.1
* nbdkit-example-plugins 1.42.3-1.1
* nbdkit-gcs-plugin 1.42.3-1.1
* nbdkit-linuxdisk-plugin 1.42.3-1.1
* nbdkit-nbd-plugin 1.42.3-1.1
* nbdkit-python-plugin 1.42.3-1.1
* nbdkit-server 1.42.3-1.1
* nbdkit-ssh-plugin 1.42.3-1.1
* nbdkit-stats-filter 1.42.3-1.1
* nbdkit-tar-filter 1.42.3-1.1
* nbdkit-tmpdisk-plugin 1.42.3-1.1
* nbdkit-vddk-plugin 1.42.3-1.1
* nbdkit-xz-filter 1.42.3-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-47711.html
* https://www.suse.com/security/cve/CVE-2025-47712.html