SUSE-SU-2025:0320-1: important: Security update for buildah
SUSE-SU-2025:0319-1: important: Security update for buildah
SUSE-SU-2025:0327-1: important: Security update for clamav
SUSE-SU-2025:0339-1: moderate: Security update for java-17-openjdk
SUSE-SU-2025:0336-1: important: Security update for xrdp
SUSE-SU-2025:0338-1: moderate: Security update for java-11-openjdk
SUSE-SU-2025:0343-1: moderate: Security update for krb5
SUSE-SU-2025:0344-1: important: Security update for orc
SUSE-SU-2025:0340-1: moderate: Security update for rsync
SUSE-SU-2025:0341-1: important: Security update for libxml2
openSUSE-SU-2025:0052-1: moderate: Security update for python-asteval
SUSE-SU-2025:0320-1: important: Security update for buildah
# Security update for buildah
Announcement ID: SUSE-SU-2025:0320-1
Release Date: 2025-02-01T09:53:57Z
Rating: important
References:
* bsc#1236272
Cross-References:
* CVE-2024-11218
* CVE-2024-9407
CVSS scores:
* CVE-2024-11218 ( SUSE ): 8.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2024-11218 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2024-11218 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2024-9407 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-9407 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
* CVE-2024-9407 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N
Affected Products:
* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves two vulnerabilities can now be installed.
## Description:
This update for buildah fixes the following issues:
* Update to version 1.35.5
* CVE-2024-11218: Fix TOCTOU error when bind and cache mounts use "src"
values. (bsc#1236272)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-320=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-320=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-320=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-320=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-320=1
## Package List:
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* buildah-1.35.5-150300.8.31.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* buildah-1.35.5-150300.8.31.2
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150300.8.31.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* buildah-1.35.5-150300.8.31.2
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* buildah-1.35.5-150300.8.31.2
## References:
* https://www.suse.com/security/cve/CVE-2024-11218.html
* https://www.suse.com/security/cve/CVE-2024-9407.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236272
SUSE-SU-2025:0319-1: important: Security update for buildah
# Security update for buildah
Announcement ID: SUSE-SU-2025:0319-1
Release Date: 2025-02-01T09:53:09Z
Rating: important
References:
* bsc#1236272
Cross-References:
* CVE-2024-11218
* CVE-2024-9407
CVSS scores:
* CVE-2024-11218 ( SUSE ): 8.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2024-11218 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2024-11218 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2024-9407 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-9407 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
* CVE-2024-9407 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves two vulnerabilities can now be installed.
## Description:
This update for buildah fixes the following issues:
* Update to version 1.35.5
* CVE-2024-11218: Fix TOCTOU error when bind and cache mounts use "src"
values. (bsc#1236272)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-319=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-319=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-319=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-319=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-319=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* buildah-1.35.5-150400.3.36.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* buildah-1.35.5-150400.3.36.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* buildah-1.35.5-150400.3.36.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150400.3.36.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* buildah-1.35.5-150400.3.36.1
## References:
* https://www.suse.com/security/cve/CVE-2024-11218.html
* https://www.suse.com/security/cve/CVE-2024-9407.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236272
SUSE-SU-2025:0327-1: important: Security update for clamav
# Security update for clamav
Announcement ID: SUSE-SU-2025:0327-1
Release Date: 2025-02-03T09:39:44Z
Rating: important
References:
* bsc#1102840
* bsc#1103032
* bsc#1180296
* bsc#1202986
* bsc#1211594
* bsc#1214342
* bsc#1232242
* bsc#1236307
* jsc#PED-4596
Cross-References:
* CVE-2018-14679
* CVE-2023-20197
* CVE-2024-20380
* CVE-2024-20505
* CVE-2024-20506
* CVE-2025-20128
CVSS scores:
* CVE-2018-14679 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
* CVE-2018-14679 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-20197 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-20197 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-20380 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-20505 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-20505 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-20505 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-20505 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-20506 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2024-20506 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
* CVE-2024-20506 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2024-20506 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-20128 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-20128 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-20128 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-20128 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves six vulnerabilities, contains one feature and has two
security fixes can now be installed.
## Description:
This update for clamav fixes the following issues:
New version 1.4.2:
* CVE-2025-20128, bsc#1236307: Fixed a possible buffer overflow read bug in
the OLE2 file parser that could cause a denial-of-service (DoS) condition.
* Start clamonacc with --fdpass to avoid errors due to clamd not being able to
access user files. (bsc#1232242)
* New version 1.4.1:
* https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
* New version 1.4.0:
* Added support for extracting ALZ archives.
* Added support for extracting LHA/LZH archives.
* Added the ability to disable image fuzzy hashing, if needed. For context,
image fuzzy hashing is a detection mechanism useful for identifying malware
by matching images included with the malware or phishing email/document.
* https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
* New version 1.3.2:
* CVE-2024-20506: Changed the logging module to disable following symlinks on
Linux and Unix systems so as to prevent an attacker with existing access to
the 'clamd' or 'freshclam' services from using a symlink to corrupt system
files.
* CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file
parser that could cause a denial-of-service condition.
* Removed unused Python modules from freshclam tests including deprecated
'cgi' module that is expected to cause test failures in Python 3.13.
* Fix unit test caused by expiring signing certificate.
* Fixed a build issue on Windows with newer versions of Rust. Also upgraded
GitHub Actions imports to fix CI failures.
* Fixed an unaligned pointer dereference issue on select architectures.
* Fixes to Jenkins CI pipeline.
* New Version: 1.3.1:
* CVE-2024-20380: Fixed a possible crash in the HTML file parser that could
cause a denial-of-service (DoS) condition.
* Updated select Rust dependencies to the latest versions.
* Fixed a bug causing some text to be truncated when converting from UTF-16.
* Fixed assorted complaints identified by Coverity static analysis.
* Fixed a bug causing CVDs downloaded by the DatabaseCustomURL
* Added the new 'valhalla' database name to the list of optional databases in
preparation for future work.
* New version: 1.3.0:
* Added support for extracting and scanning attachments found in Microsoft
OneNote section files. OneNote parsing will be enabled by default, but may
be optionally disabled.
* Added file type recognition for compiled Python ('.pyc') files.
* Improved support for decrypting PDFs with empty passwords.
* Fixed a warning when scanning some HTML files.
* ClamOnAcc: Fixed an infinite loop when a watched directory does not exist.
* ClamOnAcc: Fixed an infinite loop when a file has been deleted before a
scan.
* New version: 1.2.0:
* Added support for extracting Universal Disk Format (UDF) partitions.
* Added an option to customize the size of ClamAV's clean file cache.
* Raised the MaxScanSize limit so the total amount of data scanned when
scanning a file or archive may exceed 4 gigabytes.
* Added ability for Freshclam to use a client certificate PEM file and a
private key PEM file for authentication to a private mirror.
* Fix an issue extracting files from ISO9660 partitions where the files are
listed in the plain ISO tree and there also exists an empty Joliet tree.
* PID and socket are now located under /run/clamav/clamd.pid and
/run/clamav/clamd.sock .
* bsc#1211594: Fixed an issue where ClamAV does not abort the signature load
process after partially loading an invalid signature.
* New version 1.1.0:
* https://blog.clamav.net/2023/05/clamav-110-released.html
* Added the ability to extract images embedded in HTML CSS blocks.
* Updated to Sigtool so that the '\--vba' option will extract VBA code from
Microsoft Office documents the same way that libclamav extracts VBA.
* Added a new option --fail-if-cvd-older-than=days to clamscan and clamd, and
FailIfCvdOlderThan to clamd.conf
* Added a new function 'cl_cvdgetage()' to the libclamav API.
* Added a new function 'cl_engine_set_clcb_vba()' to the libclamav API.
* bsc#1180296: Integrate clamonacc as a service.
* New version 1.0.1 LTS (including changes in 0.104 and 0.105):
* As of ClamAV 0.104, CMake is required to build ClamAV.
* As of ClamAV 0.105, Rust is now required to compile ClamAV.
* Increased the default limits for file and scan size:
* MaxScanSize: 100M to 400M
* MaxFileSize: 25M to 100M
* StreamMaxLength: 25M to 100M
* PCREMaxFileSize: 25M to 100M
* MaxEmbeddedPE: 10M to 40M
* MaxHTMLNormalize: 10M to 40M
* MaxScriptNormalize: 5M to 20M
* MaxHTMLNoTags: 2M to 8M
* Added image fuzzy hash subsignatures for logical signatures.
* Support for decrypting read-only OLE2-based XLS files that are encrypted
with the default password.
* Overhauled the implementation of the all-match feature.
* Added a new callback to the public API for inspecting file content during a
scan at each layer of archive extraction.
* Added a new function to the public API for unpacking CVD signature archives.
* The option to build with an external TomsFastMath library has been removed.
ClamAV requires non-default build options for TomsFastMath to support bigger
floating point numbers.
* For a full list of changes see the release announcements:
* https://blog.clamav.net/2022/11/clamav-100-lts-released.html
* https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
* https://blog.clamav.net/2021/09/clamav-01040-released.html
* Build clamd with systemd support.
* CVE-2023-20197: Fixed a possible denial of service vulnerability in the HFS+
file parser. (bsc#1214342)
* CVE-2018-14679: Fixed that an issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There isan off-by-one error in the CHM PMGI/PMGL
chunk number validity checks, which could lead to denial of service
(uninitialized da (bsc#1103032)
* Package huge .html documentation in a separate subpackage.
* Update to 0.103.7 (bsc#1202986)
* Zip parser: tolerate 2-byte overlap in file entries
* Fix bug with logical signature Intermediates feature
* Update to UnRAR v6.1.7
* Patch UnRAR: allow skipping files in solid archives
* Patch UnRAR: limit dict winsize to 1GB
* Use a split-provides for clamav-milter instead of recommending it.
* Package clamav-milter in a subpackage
* Remove virus signatures upon uninstall
* Check for database existence before starting clamd
* Restart clamd when it exits
* Don't daemonize freshclam, but use a systemd timer instead to trigger
updates
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-327=1 openSUSE-SLE-15.6-2025-327=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-327=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* clamav-1.4.2-150600.18.6.1
* libfreshclam3-debuginfo-1.4.2-150600.18.6.1
* libclamav12-1.4.2-150600.18.6.1
* clamav-devel-1.4.2-150600.18.6.1
* libclammspack0-debuginfo-1.4.2-150600.18.6.1
* clamav-debuginfo-1.4.2-150600.18.6.1
* libfreshclam3-1.4.2-150600.18.6.1
* libclamav12-debuginfo-1.4.2-150600.18.6.1
* clamav-debugsource-1.4.2-150600.18.6.1
* libclammspack0-1.4.2-150600.18.6.1
* clamav-milter-debuginfo-1.4.2-150600.18.6.1
* clamav-milter-1.4.2-150600.18.6.1
* openSUSE Leap 15.6 (noarch)
* clamav-docs-html-1.4.2-150600.18.6.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* clamav-1.4.2-150600.18.6.1
* libfreshclam3-debuginfo-1.4.2-150600.18.6.1
* libclamav12-1.4.2-150600.18.6.1
* clamav-devel-1.4.2-150600.18.6.1
* libclammspack0-debuginfo-1.4.2-150600.18.6.1
* clamav-debuginfo-1.4.2-150600.18.6.1
* libfreshclam3-1.4.2-150600.18.6.1
* libclamav12-debuginfo-1.4.2-150600.18.6.1
* clamav-debugsource-1.4.2-150600.18.6.1
* libclammspack0-1.4.2-150600.18.6.1
* clamav-milter-debuginfo-1.4.2-150600.18.6.1
* clamav-milter-1.4.2-150600.18.6.1
* Basesystem Module 15-SP6 (noarch)
* clamav-docs-html-1.4.2-150600.18.6.1
## References:
* https://www.suse.com/security/cve/CVE-2018-14679.html
* https://www.suse.com/security/cve/CVE-2023-20197.html
* https://www.suse.com/security/cve/CVE-2024-20380.html
* https://www.suse.com/security/cve/CVE-2024-20505.html
* https://www.suse.com/security/cve/CVE-2024-20506.html
* https://www.suse.com/security/cve/CVE-2025-20128.html
* https://bugzilla.suse.com/show_bug.cgi?id=1102840
* https://bugzilla.suse.com/show_bug.cgi?id=1103032
* https://bugzilla.suse.com/show_bug.cgi?id=1180296
* https://bugzilla.suse.com/show_bug.cgi?id=1202986
* https://bugzilla.suse.com/show_bug.cgi?id=1211594
* https://bugzilla.suse.com/show_bug.cgi?id=1214342
* https://bugzilla.suse.com/show_bug.cgi?id=1232242
* https://bugzilla.suse.com/show_bug.cgi?id=1236307
* https://jira.suse.com/browse/PED-4596
SUSE-SU-2025:0339-1: moderate: Security update for java-17-openjdk
# Security update for java-17-openjdk
Announcement ID: SUSE-SU-2025:0339-1
Release Date: 2025-02-03T15:14:56Z
Rating: moderate
References:
* bsc#1236278
Cross-References:
* CVE-2025-21502
CVSS scores:
* CVE-2025-21502 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-21502 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-21502 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products:
* Basesystem Module 15-SP6
* Legacy Module 15-SP6
* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for java-17-openjdk fixes the following issues:
Update to upstream tag jdk-17.0.14+7 (January 2025 CPU):
Security fixes:
* CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278)
Other changes:
* JDK-7093691: Nimbus LAF: disabled JComboBox using renderer has bad font
color
* JDK-8028127: Regtest java/security/Security/SynchronizedAccess.java is
incorrect
* JDK-8071693: Introspector ignores default interface methods
* JDK-8195675: Call to insertText with single character from custom Input
Method ignored
* JDK-8202926: Test
java/awt/Focus/WindowUpdateFocusabilityTest/WindowUpdateFocusabilityTest.html
fails
* JDK-8207908: JMXStatusTest.java fails assertion intermittently
* JDK-8225220: When the Tab Policy is checked,the scroll button direction
displayed incorrectly.
* JDK-8240343: JDI stopListening/stoplis001 "FAILED: listening is successfully
stopped without starting listening"
* JDK-8254759: [TEST_BUG] [macosx]
javax/swing/JInternalFrame/4202966/IntFrameCoord.html fails
* JDK-8258734: jdk/jfr/event/oldobject/TestClassLoaderLeak.java failed with
"RuntimeException: Could not find class leak"
* JDK-8268364: jmethod clearing should be done during unloading
* JDK-8269770: nsk tests should start IOPipe channel before launch debuggee -
Debugee.prepareDebugee
* JDK-8271003: hs_err improvement: handle CLASSPATH env setting longer than
O_BUFLEN
* JDK-8271456: Avoid looking up standard charsets in "java.desktop" module
* JDK-8271821: mark hotspot runtime/MinimalVM tests which ignore external VM
flags
* JDK-8271825: mark hotspot runtime/LoadClass tests which ignore external VM
flags
* JDK-8271836: runtime/ErrorHandling/ClassPathEnvVar.java fails with release
VMs
* JDK-8272746: ZipFile can't open big file (NegativeArraySizeException)
* JDK-8273914: Indy string concat changes order of operations
* JDK-8274170: Add hooks for custom makefiles to augment jtreg test execution
* JDK-8274505: Too weak variable type leads to unnecessary cast in
java.desktop
* JDK-8276763: java/nio/channels/SocketChannel/AdaptorStreams.java fails with
"SocketTimeoutException: Read timed out"
* JDK-8278527: java/util/concurrent/tck/JSR166TestCase.java fails nanoTime
test
* JDK-8280131: jcmd reports "Module jdk.jfr not found." when
"jdk.management.jfr" is missing
* JDK-8281379: Assign package declarations to all jtreg test cases under gc
* JDK-8282578: AIOOBE in javax.sound.sampled.Clip
* JDK-8283214: [macos] Screen magnifier does not show the magnified text for
JComboBox
* JDK-8283222: improve diagnosability of runtime/8176717/TestInheritFD.java
timeouts
* JDK-8284291: sun/security/krb5/auto/Renew.java fails intermittently on
Windows 11
* JDK-8284874: Add comment to ProcessHandle/OnExitTest to describe zombie
problem
* JDK-8286160: (fs) Files.exists returns unexpected results with
C:\pagefile.sys because it's not readable
* JDK-8287003: InputStreamReader::read() can return zero despite writing a
char in the buffer
* JDK-8288976: classfile parser 'wrong name' error message has the names the
wrong way around
* JDK-8289184: runtime/ClassUnload/DictionaryDependsTest.java failed with
"Test failed: should be unloaded"
* JDK-8290023: Remove use of IgnoreUnrecognizedVMOptions in gc tests
* JDK-8290269: gc/shenandoah/TestVerifyJCStress.java fails due to invalid tag:
required after JDK-8290023
* JDK-8292309: Fix
"java/awt/PrintJob/ConstrainedPrintingTest/ConstrainedPrintingTest.java"
test
* JDK-8293061: Combine CDSOptions and AppCDSOptions test utility classes
* JDK-8293877: Rewrite MineField test
* JDK-8294193: Files.createDirectories throws FileAlreadyExistsException for a
symbolic link whose target is an existing directory
* JDK-8294726: Update URLs in minefield tests
* JDK-8295239: Refactor java/util/Formatter/Basic script into a Java native
test launcher
* JDK-8295344: Harden runtime/StackGuardPages/TestStackGuardPages.java
* JDK-8295859: Update Manual Test Groups
* JDK-8296709: WARNING: JNI call made without checking exceptions
* JDK-8296718: Refactor bootstrap Test Common Functionalities to
test/lib/Utils
* JDK-8296787: Unify debug printing format of X.509 cert serial numbers
* JDK-8296972: [macos13]
java/awt/Frame/MaximizedToIconified/MaximizedToIconified.java:
getExtendedState() != 6 as expected.
* JDK-8298513:
vmTestbase/nsk/jdi/EventSet/suspendPolicy/suspendpolicy009/TestDescription.java
fails with usage tracker
* JDK-8300416: java.security.MessageDigestSpi clone can result in thread-
unsafe clones
* JDK-8301379: Verify TLS_ECDH_* cipher suites cannot be negotiated
* JDK-8302225: SunJCE Provider doesn't validate key sizes when using
'constrained' transforms for AES/KW and AES/KWP
* JDK-8303697: ProcessTools doesn't print last line of process output
* JDK-8303705: Field sleeper.started should be volatile JdbLockTestTarg.java
* JDK-8303742: CompletableFuture.orTimeout leaks if the future completes
exceptionally
* JDK-8304020: Speed up test/jdk/java/util/zip/ZipFile/TestTooManyEntries.java
and clarify its purpose
* JDK-8304557:
java/util/concurrent/CompletableFuture/CompletableFutureOrTimeoutExceptionallyTest.java
times out
* JDK-8306015: Update sun.security.ssl TLS tests to use SSLContextTemplate or
SSLEngineTemplate
* JDK-8307297: Move some DnD tests to open
* JDK-8307408: Some jdk/sun/tools/jhsdb tests don't pass test JVM args to the
debuggee JVM
* JDK-8309109: AArch64: [TESTBUG]
compiler/intrinsics/sha/cli/TestUseSHA3IntrinsicsOptionOnSupportedCPU.java
fails on Neoverse N2 and V1
* JDK-8309303: jdk/internal/misc/VM/RuntimeArguments test ignores
jdk/internal/vm/options
* JDK-8309532: java/lang/Class/getDeclaredField/FieldSetAccessibleTest should
filter modules that depend on JVMCI
* JDK-8310072: JComboBox/DisabledComboBoxFontTestAuto: Enabled and disabled
ComboBox does not match in these LAFs: GTK-
* JDK-8310731: Configure a javax.net.ssl.SNIMatcher for the HTTP/1.1 test
servers in java/net/httpclient tests
* JDK-8312111:
open/test/jdk/java/awt/Robot/ModifierRobotKey/ModifierRobotKeyTest.java
fails on ubuntu 23.04
* JDK-8313374: --enable-ccache's CCACHE_BASEDIR breaks builds
* JDK-8313638: Add test for dump of resolved references
* JDK-8313854: Some tests in serviceability area fail on localized Windows
platform
* JDK-8313878: Exclude two compiler/rtm/locking tests on ppc64le
* JDK-8314333: Update com/sun/jdi/ProcessAttachTest.java to use
ProcessTools.createTestJvm(..)
* JDK-8314824: Fix serviceability/jvmti/8036666/GetObjectLockCount.java to use
vm flags
* JDK-8314829: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java
ignores vm flags
* JDK-8314831: NMT tests ignore vm flags
* JDK-8315097: Rename createJavaProcessBuilder
* JDK-8315406: [REDO] serviceability/jdwp/AllModulesCommandTest.java ignores
VM flags
* JDK-8315988: Parallel: Make TestAggressiveHeap use createTestJvm
* JDK-8316410: GC: Make TestCompressedClassFlags use createTestJvm
* JDK-8316446: 4 sun/management/jdp tests ignore VM flags
* JDK-8316447: 8 sun/management/jmxremote tests ignore VM flags
* JDK-8316464: 3 sun/tools tests ignore VM flags
* JDK-8316562: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java times
out after JDK-8314829
* JDK-8316581: Improve performance of Symbol::print_value_on()
* JDK-8317042: G1: Make TestG1ConcMarkStepDurationMillis use createTestJvm
* JDK-8317116: Provide layouts for multiple test UI in PassFailJFrame
* JDK-8317188: G1: Make TestG1ConcRefinementThreads use createTestJvm
* JDK-8317218: G1: Make TestG1HeapRegionSize use createTestJvm
* JDK-8317347: Parallel: Make TestInitialTenuringThreshold use createTestJvm
* JDK-8317738: CodeCacheFullCountTest failed with "VirtualMachineError: Out of
space in CodeCache for method handle intrinsic"
* JDK-8318964: Fix build failures caused by 8315097
* JDK-8319574: Exec/process tests should be marked as flagless
* JDK-8319640: ClassicFormat::parseObject (from DateTimeFormatter) does not
conform to the javadoc and may leak DateTimeException
* JDK-8319651: Several network tests ignore vm flags when start java process
* JDK-8319817: Charset constructor should make defensive copy of aliases
* JDK-8320586: update manual test/jdk/TEST.groups
* JDK-8320665: update jdk_core at open/test/jdk/TEST.groups
* JDK-8320673: PageFormat/CustomPaper.java has no Pass/Fail buttons; multiple
instructions
* JDK-8320675: PrinterJob/SecurityDialogTest.java hangs
* JDK-8321163: [test] OutputAnalyzer.getExitValue() unnecessarily logs even
when process has already completed
* JDK-8321299: runtime/logging/ClassLoadUnloadTest.java doesn't reliably
trigger class unloading
* JDK-8321470: ThreadLocal.nextHashCode can be static final
* JDK-8321543: Update NSS to version 3.96
* JDK-8321616: Retire binary test vectors in test/jdk/java/util/zip/ZipFile
* JDK-8322754: click JComboBox when dialog about to close causes
IllegalComponentStateException
* JDK-8322766: Micro bench SSLHandshake should use default algorithms
* JDK-8322809: SystemModulesMap::classNames and moduleNames arrays do not
match the order
* JDK-8322830: Add test case for ZipFile opening a ZIP with no entries
* JDK-8323562: SaslInputStream.read() may return wrong value
* JDK-8323688: C2: Fix UB of jlong overflow in
PhaseIdealLoop::is_counted_loop()
* JDK-8324808: Manual printer tests have no Pass/Fail buttons, instructions
close set 3
* JDK-8324841: PKCS11 tests still skip execution
* JDK-8325038: runtime/cds/appcds/ProhibitedPackage.java can fail with
UseLargePages
* JDK-8325525: Create jtreg test case for JDK-8325203
* JDK-8325587: Shenandoah: ShenandoahLock should allow blocking in VM
* JDK-8325610: CTW: Add StressIncrementalInlining to stress options
* JDK-8325616: JFR ZGC Allocation Stall events should record stack traces
* JDK-8325762: Use PassFailJFrame.Builder.splitUI() in PrintLatinCJKTest.java
* JDK-8325851: Hide PassFailJFrame.Builder constructor
* JDK-8326100: DeflaterDictionaryTests should use Deflater.getBytesWritten
instead of Deflater.getTotalOut
* JDK-8326121:
vmTestbase/gc/g1/unloading/tests/unloading_keepRef_rootClass_inMemoryCompilation_keep_cl
failed with Full gc happened. Test was useless.
* JDK-8326611: Clean up vmTestbase/nsk/stress/stack tests
* JDK-8326898: NSK tests should listen on loopback addresses only
* JDK-8326948: Force English locale for timeout formatting
* JDK-8327401: Some jtreg tests fail on Wayland without any tracking bug
* JDK-8327474: Review use of java.io.tmpdir in jdk tests
* JDK-8327924: Simplify TrayIconScalingTest.java
* JDK-8328021: Convert applet test java/awt/List/SetFontTest/SetFontTest.html
to main program
* JDK-8328242: Add a log area to the PassFailJFrame
* JDK-8328303: 3 JDI tests timed out with UT enabled
* JDK-8328379: Convert URLDragTest.html applet test to main
* JDK-8328402: Implement pausing functionality for the PassFailJFrame
* JDK-8328619:
sun/management/jmxremote/bootstrap/SSLConfigFilePermissionTest.java failed
with BindException: Address already in use
* JDK-8328697: SubMenuShowTest and SwallowKeyEvents tests stabilization
* JDK-8328723: IP Address error when client enables HTTPS endpoint check on
server socket
* JDK-8328957: Update PKCS11Test.java to not use hardcoded path
* JDK-8330278: Have SSLSocketTemplate.doClientSide use loopback address
* JDK-8330464: hserr generic events - add entry for the before_exit calls
* JDK-8330621: Make 5 compiler tests use ProcessTools.executeProcess
* JDK-8330814: Cleanups for KeepAliveCache tests
* JDK-8331142: Add test for number of loader threads in BasicDirectoryModel
* JDK-8331391: Enhance the keytool code by invoking the buildTrustedCerts
method for essential options
* JDK-8331405: Shenandoah: Optimize ShenandoahLock with TTAS
* JDK-8331411: Shenandoah: Reconsider spinning duration in ShenandoahLock
* JDK-8331495: Limit BasicDirectoryModel/LoaderThreadCount.java to Windows
only
* JDK-8331626: unsafe.cpp:162:38: runtime error in
index_oop_from_field_offset_long - applying non-zero offset 4563897424 to
null pointer
* JDK-8331789: ubsan: deoptimization.cpp:403:29: runtime error: load of value
208, which is not a valid value for type 'bool'
* JDK-8331863: DUIterator_Fast used before it is constructed
* JDK-8331864: Update Public Suffix List to 1cbd6e7
* JDK-8331999: BasicDirectoryModel/LoaderThreadCount.java frequently fails on
Windows in CI
* JDK-8332340: Add JavacBench as a test case for CDS
* JDK-8332473: ubsan: growableArray.hpp:290:10: runtime error: null pointer
passed as argument 1, which is declared to never be null
* JDK-8332589: ubsan: unix/native/libjava/ProcessImpl_md.c:562:5: runtime
error: null pointer passed as argument 2, which is declared to never be null
* JDK-8332720: ubsan: instanceKlass.cpp:3550:76: runtime error: member call on
null pointer of type 'struct Array'
* JDK-8332724: x86 MacroAssembler may over-align code
* JDK-8332777: Update JCStress test suite
* JDK-8332825: ubsan: guardedMemory.cpp:35:11: runtime error: null pointer
passed as argument 2, which is declared to never be null
* JDK-8332866: Crash in ImageIO JPEG decoding when MEM_STATS in enabled
* JDK-8332901: Select{Current,New}ItemTest.java for Choice don't open popup on
macOS
* JDK-8332903: ubsan: opto/output.cpp:1002:18: runtime error: load of value
171, which is not a valid value for type 'bool'
* JDK-8332904: ubsan ppc64le: c1_LIRGenerator_ppc.cpp:581:21: runtime error:
signed integer overflow: 9223372036854775807 - 1 cannot be represented in
type 'long int'
* JDK-8332935: Crash: assert(*lastPtr != 0) failed: Mismatched
JNINativeInterface tables, check for new entries
* JDK-8333317: Test sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
failed with: Invalid ECDH ServerKeyExchange signature
* JDK-8333824: Unused ClassValue in VarHandles
* JDK-8334057: JLinkReproducibleTest.java support receive test.tool.vm.opts
* JDK-8334405: java/nio/channels/Selector/SelectWithConsumer.java#id0 failed
in testWakeupDuringSelect
* JDK-8334562: Automate
com/sun/security/auth/callback/TextCallbackHandler/Default.java test
* JDK-8334567: [test] runtime/os/TestTracePageSizes move ppc handling
* JDK-8335142: compiler/c1/TestTraceLinearScanLevel.java occasionally times
out with -Xcomp
* JDK-8335267: [XWayland] move screencast tokens from .awt to .java folder
* JDK-8335344: test/jdk/sun/security/tools/keytool/NssTest.java fails to
compile
* JDK-8335428: Enhanced Building of Processes
* JDK-8335449: runtime/cds/DeterministicDump.java fails with File content
different at byte ...
* JDK-8335493: check_gc_overhead_limit should reset
SoftRefPolicy::_should_clear_all_soft_refs
* JDK-8335530: Java file extension missing in AuthenticatorTest
* JDK-8335709: C2: assert(!loop->is_member(get_loop(useblock))) failed: must
be outside loop
* JDK-8335904: Fix invalid comment in ShenandoahLock
* JDK-8335912, JDK-8337499: Add an operation mode to the jar command when
extracting to not overwriting existing files
* JDK-8336240: Test com/sun/crypto/provider/Cipher/DES/PerformanceTest.java
fails with java.lang.ArithmeticException
* JDK-8336257: Additional tests in jmxremote/startstop to match on PID not app
name
* JDK-8336315: tools/jpackage/windows/WinChildProcessTest.java Failed: Check
is calculator process is alive
* JDK-8336342: Fix known X11 library locations in sysroot
* JDK-8336343: Add more known sysroot library locations for ALSA
* JDK-8336413: gtk headers : Fix typedef redeclaration of GMainContext and
GdkPixbuf
* JDK-8336564: Enhance mask blit functionality redux
* JDK-8336854: CAInterop.java#actalisauthenticationrootca conflicted with
/manual and /timeout
* JDK-8337066: Repeated call of StringBuffer.reverse with double byte string
returns wrong result
* JDK-8337320: Update ProblemList.txt with tests known to fail on XWayland
* JDK-8337410: The makefiles should set problemlist and adjust timeout basing
on the given VM flags
* JDK-8337780: RISC-V: C2: Change C calling convention for sp to NS
* JDK-8337810: ProblemList BasicDirectoryModel/LoaderThreadCount.java on
Windows
* JDK-8337851: Some tests have name which confuse jtreg
* JDK-8337966: (fs) Files.readAttributes fails with Operation not permitted on
older docker releases
* JDK-8338058: map_or_reserve_memory_aligned Windows enhance remap assertion
* JDK-8338101: remove old remap assertion in map_or_reserve_memory_aligned
after JDK-8338058
* JDK-8338109: java/awt/Mouse/EnterExitEvents/ResizingFrameTest.java duplicate
in ProblemList
* JDK-8338286: GHA: Demote x86_32 to hotspot build only
* JDK-8338380: Update TLSCommon/interop/AbstractServer to specify an interface
to listen for connections
* JDK-8338402: GHA: some of bundles may not get removed
* JDK-8338748: [17u,21u] Test Disconnect.java compile error: cannot find
symbol after JDK-8299813
* JDK-8338751: ConfigureNotify behavior has changed in KWin 6.2
* JDK-8338759: Add extra diagnostic to java/net/InetAddress/ptr/Lookup.java
* JDK-8339081: Bump update version for OpenJDK: jdk-17.0.14
* JDK-8339180: Enhanced Building of Processes: Follow-on Issue
* JDK-8339248: RISC-V: Remove li64 macro assembler routine and related code
* JDK-8339384: Unintentional IOException in jdk.jdi module when JDWP end of
stream occurs
* JDK-8339470: [17u] More defensive fix for 8163921
* JDK-8339487: ProcessHandleImpl os_getChildren sysctl call - retry in case of
ENOMEM and enhance exception message
* JDK-8339548: GHA: RISC-V: Use Debian snapshot archive for bootstrap
* JDK-8339560: Unaddressed comments during code review of JDK-8337664
* JDK-8339591: Mark jdk/jshell/ExceptionMessageTest.java intermittent
* JDK-8339637: (tz) Update Timezone Data to 2024b
* JDK-8339644: Improve parsing of Day/Month in tzdata rules
* JDK-8339731: java.desktop/share/classes/javax/swing/text/html/default.css
typo in margin settings
* JDK-8339741: RISC-V: C ABI breakage for integer on stack
* JDK-8339787: Add some additional diagnostic output to
java/net/ipv6tests/UdpTest.java
* JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata
files
* JDK-8339892: Several security shell tests don't set TESTJAVAOPTS
* JDK-8339931: Update problem list for WindowUpdateFocusabilityTest.java
* JDK-8340007: Refactor KeyEvent/FunctionKeyTest.java
* JDK-8340008: KeyEvent/KeyTyped/Numpad1KeyTyped.java has 15 seconds timeout
* JDK-8340210: Add positionTestUI() to PassFailJFrame.Builder
* JDK-8340230: Tests crash: assert(is_in_encoding_range || k->is_interface()
|| k->is_abstract()) failed: sanity
* JDK-8340306: Add border around instructions in PassFailJFrame
* JDK-8340308: PassFailJFrame: Make rows default to number of lines in
instructions
* JDK-8340365: Position the first window of a window list
* JDK-8340387: Update OS detection code to recognize Windows Server 2025
* JDK-8340418: GHA: MacOS AArch64 bundles can be removed prematurely
* JDK-8340461: Amend description for logArea
* JDK-8340466: Add description for PassFailJFrame constructors
* JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names
* JDK-8340632: ProblemList java/nio/channels/DatagramChannel/ for Macos
* JDK-8340657: [PPC64] SA determines wrong unextendedSP
* JDK-8340684: Reading from an input stream backed by a closed ZipFile has no
test coverage
* JDK-8340785: Update description of PassFailJFrame and samples
* JDK-8340799: Add border inside instruction frame in PassFailJFrame
* JDK-8340812: LambdaForm customization via MethodHandle::updateForm is not
thread safe
* JDK-8340815: Add SECURITY.md file
* JDK-8340899: Remove wildcard bound in PositionWindows.positionTestWindows
* JDK-8341146: RISC-V: Unnecessary fences used for load-acquire in template
interpreter
* JDK-8341235: Improve default instruction frame title in PassFailJFrame
* JDK-8341562: RISC-V: Generate comments in -XX:-PrintInterpreter to link to
source code
* JDK-8341635: [17u] runtime/ErrorHandling/ClassPathEnvVar test ignores
external VM flags
* JDK-8341688: Aarch64: Generate comments in -XX:-PrintInterpreter to link to
source code
* JDK-8341806: Gcc version detection failure on Alinux3
* JDK-8341927: Replace hardcoded security providers with new
test.provider.name system property
* JDK-8341997: Tests create files in src tree instead of scratch dir
* JDK-8342181: Update tests to use stronger Key and Salt size
* JDK-8342183: Update tests to use stronger algorithms and keys
* JDK-8342188: Update tests to use stronger key parameters and certificates
* JDK-8342496: C2/Shenandoah: SEGV in compiled code when running jcstress
* JDK-8342578: GHA: RISC-V: Bootstrap using Debian snapshot is still failing
* JDK-8342669: [21u] Fix TestArrayAllocatorMallocLimit after backport of
JDK-8315097
* JDK-8342681: TestLoadBypassesNullCheck.java fails improperly specified VM
option
* JDK-8342701: [PPC64] TestOSRLotsOfLocals.java crashes
* JDK-8342962: [s390x] TestOSRLotsOfLocals.java crashes
* JDK-8343285: java.lang.Process is unresponsive and CPU usage spikes to 100%
* JDK-8343474: [updates] Customize README.md to specifics of update project
* JDK-8343687: [17u] TestAntiDependencyForPinnedLoads requires UTF-8
* JDK-8343848: Fix typo of property name in TestOAEPPadding after 8341927
* JDK-8343877: Test AsyncClose.java intermittent fails -
Socket.getInputStream().read() wasn't preempted
* JDK-8343923: GHA: Switch to Xcode 15 on MacOS AArch64 runners
* JDK-8347011: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for
release 17.0.14
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-339=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-339=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-339=1
* Legacy Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-339=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-339=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-339=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-339=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-339=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-339=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-339=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-339=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-339=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-339=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-339=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-339=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* java-17-openjdk-devel-17.0.14.0-150400.3.51.1
* java-17-openjdk-jmods-17.0.14.0-150400.3.51.1
* java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-17.0.14.0-150400.3.51.1
* java-17-openjdk-src-17.0.14.0-150400.3.51.1
* java-17-openjdk-17.0.14.0-150400.3.51.1
* java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
* java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-demo-17.0.14.0-150400.3.51.1
* openSUSE Leap 15.4 (noarch)
* java-17-openjdk-javadoc-17.0.14.0-150400.3.51.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-devel-17.0.14.0-150400.3.51.1
* java-17-openjdk-jmods-17.0.14.0-150400.3.51.1
* java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-17.0.14.0-150400.3.51.1
* java-17-openjdk-src-17.0.14.0-150400.3.51.1
* java-17-openjdk-17.0.14.0-150400.3.51.1
* java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
* java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-demo-17.0.14.0-150400.3.51.1
* openSUSE Leap 15.6 (noarch)
* java-17-openjdk-javadoc-17.0.14.0-150400.3.51.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-devel-17.0.14.0-150400.3.51.1
* java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-17.0.14.0-150400.3.51.1
* java-17-openjdk-17.0.14.0-150400.3.51.1
* java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
* Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-demo-17.0.14.0-150400.3.51.1
* java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* java-17-openjdk-devel-17.0.14.0-150400.3.51.1
* java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-17.0.14.0-150400.3.51.1
* java-17-openjdk-17.0.14.0-150400.3.51.1
* java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
* java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-demo-17.0.14.0-150400.3.51.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* java-17-openjdk-devel-17.0.14.0-150400.3.51.1
* java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-17.0.14.0-150400.3.51.1
* java-17-openjdk-17.0.14.0-150400.3.51.1
* java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
* java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-demo-17.0.14.0-150400.3.51.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* java-17-openjdk-devel-17.0.14.0-150400.3.51.1
* java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-17.0.14.0-150400.3.51.1
* java-17-openjdk-17.0.14.0-150400.3.51.1
* java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
* java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-demo-17.0.14.0-150400.3.51.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* java-17-openjdk-devel-17.0.14.0-150400.3.51.1
* java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-17.0.14.0-150400.3.51.1
* java-17-openjdk-17.0.14.0-150400.3.51.1
* java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
* java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-demo-17.0.14.0-150400.3.51.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-devel-17.0.14.0-150400.3.51.1
* java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-17.0.14.0-150400.3.51.1
* java-17-openjdk-17.0.14.0-150400.3.51.1
* java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
* java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-demo-17.0.14.0-150400.3.51.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-devel-17.0.14.0-150400.3.51.1
* java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-17.0.14.0-150400.3.51.1
* java-17-openjdk-17.0.14.0-150400.3.51.1
* java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
* java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-demo-17.0.14.0-150400.3.51.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* java-17-openjdk-devel-17.0.14.0-150400.3.51.1
* java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-17.0.14.0-150400.3.51.1
* java-17-openjdk-17.0.14.0-150400.3.51.1
* java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
* java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-demo-17.0.14.0-150400.3.51.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* java-17-openjdk-devel-17.0.14.0-150400.3.51.1
* java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-17.0.14.0-150400.3.51.1
* java-17-openjdk-17.0.14.0-150400.3.51.1
* java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
* java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-demo-17.0.14.0-150400.3.51.1
* SUSE Manager Proxy 4.3 (x86_64)
* java-17-openjdk-devel-17.0.14.0-150400.3.51.1
* java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-17.0.14.0-150400.3.51.1
* java-17-openjdk-17.0.14.0-150400.3.51.1
* java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
* java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-demo-17.0.14.0-150400.3.51.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* java-17-openjdk-devel-17.0.14.0-150400.3.51.1
* java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-17.0.14.0-150400.3.51.1
* java-17-openjdk-17.0.14.0-150400.3.51.1
* java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
* java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-demo-17.0.14.0-150400.3.51.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* java-17-openjdk-devel-17.0.14.0-150400.3.51.1
* java-17-openjdk-devel-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-17.0.14.0-150400.3.51.1
* java-17-openjdk-17.0.14.0-150400.3.51.1
* java-17-openjdk-debugsource-17.0.14.0-150400.3.51.1
* java-17-openjdk-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-headless-debuginfo-17.0.14.0-150400.3.51.1
* java-17-openjdk-demo-17.0.14.0-150400.3.51.1
## References:
* https://www.suse.com/security/cve/CVE-2025-21502.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236278
SUSE-SU-2025:0336-1: important: Security update for xrdp
# Security update for xrdp
Announcement ID: SUSE-SU-2025:0336-1
Release Date: 2025-02-03T14:47:32Z
Rating: important
References:
* bsc#1227769
Cross-References:
* CVE-2024-39917
CVSS scores:
* CVE-2024-39917 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2024-39917 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability can now be installed.
## Description:
This update for xrdp fixes the following issues:
* CVE-2024-39917: Enforce no login screen if require_credentials is set
(bsc#1227769)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-336=1 openSUSE-SLE-15.6-2025-336=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-336=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* xrdp-devel-0.9.13.1-150600.15.3.1
* xrdp-debugsource-0.9.13.1-150600.15.3.1
* xrdp-debuginfo-0.9.13.1-150600.15.3.1
* librfxencode0-0.9.13.1-150600.15.3.1
* libpainter0-0.9.13.1-150600.15.3.1
* xrdp-0.9.13.1-150600.15.3.1
* libpainter0-debuginfo-0.9.13.1-150600.15.3.1
* librfxencode0-debuginfo-0.9.13.1-150600.15.3.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* xrdp-devel-0.9.13.1-150600.15.3.1
* xrdp-debugsource-0.9.13.1-150600.15.3.1
* xrdp-debuginfo-0.9.13.1-150600.15.3.1
* librfxencode0-0.9.13.1-150600.15.3.1
* libpainter0-0.9.13.1-150600.15.3.1
* xrdp-0.9.13.1-150600.15.3.1
* libpainter0-debuginfo-0.9.13.1-150600.15.3.1
* librfxencode0-debuginfo-0.9.13.1-150600.15.3.1
## References:
* https://www.suse.com/security/cve/CVE-2024-39917.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227769
SUSE-SU-2025:0338-1: moderate: Security update for java-11-openjdk
# Security update for java-11-openjdk
Announcement ID: SUSE-SU-2025:0338-1
Release Date: 2025-02-03T15:13:42Z
Rating: moderate
References:
* bsc#1236278
Cross-References:
* CVE-2025-21502
CVSS scores:
* CVE-2025-21502 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-21502 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-21502 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products:
* Legacy Module 15-SP6
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP6
An update that solves one vulnerability can now be installed.
## Description:
This update for java-11-openjdk fixes the following issues:
Upgrade to upstream tag jdk-11.0.26+4 (January 2025 CPU)
Security fixes:
* CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278)
Other changes:
* JDK-8224624: Inefficiencies in CodeStrings::add_comment cause - timeouts
* JDK-8225045: javax/swing/JInternalFrame/8146321//JInternalFrameIconTest.java
fails on linux-x64
* JDK-8232367: Update Reactive Streams to 1.0.3 -- tests only
* JDK-8247706: Unintentional use of new Date(year...) with absolute year
* JDK-8299254: Support dealing with standard assert macro
* JDK-8303920: Avoid calling out to python in DataDescriptorSignatureMissing
test
* JDK-8315936: Parallelize gc/stress/TestStressG1Humongous.java test
* JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java
java.lang.Exception: Could not find leak
* JDK-8328300: Convert PrintDialogsTest.java from Applet to main program
* JDK-8328642: Convert applet test MouseDraggedOutCauseScrollingTest.html to
main
* JDK-8334332: TestIOException.java fails if run by root
* JDK-8335428: Enhanced Building of Processes
* JDK-8335801: [11u] Backport of 8210988 to 11u removes gcc warnings
* JDK-8335912, JDK-8337499: Add an operation mode to the jar command when
extracting to not overwriting existing files
* JDK-8336564: Enhance mask blit functionality redux
* JDK-8338402: GHA: some of bundles may not get removed
* JDK-8339082: Bump update version for OpenJDK: jdk-11.0.26
* JDK-8339180: Enhanced Building of Processes: Follow-on Issue
* JDK-8339470: [17u] More defensive fix for 8163921
* JDK-8339637: (tz) Update Timezone Data to 2024b
* JDK-8339644: Improve parsing of Day/Month in tzdata rules
* JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata
files
* JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names
* JDK-8340671: GHA: Bump macOS and Xcode versions to macos-12 and XCode 13.4.1
* JDK-8340815: Add SECURITY.md file
* JDK-8342426: [11u] javax/naming/module/RunBasic.java javac compile fails
* JDK-8342629: [11u] Properly message out that shenandoah is disabled
* JDK-8347483: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for
release 11.0.26
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-338=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-338=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-338=1
* Legacy Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-338=1
* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-338=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-338=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-338=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-338=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-338=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-338=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-338=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-338=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-338=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-338=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-338=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-338=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-338=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-338=1
## Package List:
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
* java-11-openjdk-devel-11.0.26.0-150000.3.122.1
* java-11-openjdk-headless-11.0.26.0-150000.3.122.1
* java-11-openjdk-demo-11.0.26.0-150000.3.122.1
* java-11-openjdk-11.0.26.0-150000.3.122.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
* java-11-openjdk-devel-11.0.26.0-150000.3.122.1
* java-11-openjdk-debuginfo-11.0.26.0-150000.3.122.1
* java-11-openjdk-headless-11.0.26.0-150000.3.122.1
* java-11-openjdk-demo-11.0.26.0-150000.3.122.1
* java-11-openjdk-11.0.26.0-150000.3.122.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-src-11.0.26.0-150000.3.122.1
* java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
* java-11-openjdk-jmods-11.0.26.0-150000.3.122.1
* java-11-openjdk-devel-11.0.26.0-150000.3.122.1
* java-11-openjdk-debuginfo-11.0.26.0-150000.3.122.1
* java-11-openjdk-headless-11.0.26.0-150000.3.122.1
* java-11-openjdk-devel-debuginfo-11.0.26.0-150000.3.122.1
* java-11-openjdk-demo-11.0.26.0-150000.3.122.1
* java-11-openjdk-11.0.26.0-150000.3.122.1
* java-11-openjdk-headless-debuginfo-11.0.26.0-150000.3.122.1
* openSUSE Leap 15.6 (noarch)
* java-11-openjdk-javadoc-11.0.26.0-150000.3.122.1
* Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
* java-11-openjdk-devel-11.0.26.0-150000.3.122.1
* java-11-openjdk-debuginfo-11.0.26.0-150000.3.122.1
* java-11-openjdk-headless-11.0.26.0-150000.3.122.1
* java-11-openjdk-devel-debuginfo-11.0.26.0-150000.3.122.1
* java-11-openjdk-demo-11.0.26.0-150000.3.122.1
* java-11-openjdk-11.0.26.0-150000.3.122.1
* java-11-openjdk-headless-debuginfo-11.0.26.0-150000.3.122.1
* SUSE Package Hub 15 15-SP6 (noarch)
* java-11-openjdk-javadoc-11.0.26.0-150000.3.122.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
* java-11-openjdk-devel-11.0.26.0-150000.3.122.1
* java-11-openjdk-debuginfo-11.0.26.0-150000.3.122.1
* java-11-openjdk-headless-11.0.26.0-150000.3.122.1
* java-11-openjdk-demo-11.0.26.0-150000.3.122.1
* java-11-openjdk-11.0.26.0-150000.3.122.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
* java-11-openjdk-devel-11.0.26.0-150000.3.122.1
* java-11-openjdk-headless-11.0.26.0-150000.3.122.1
* java-11-openjdk-demo-11.0.26.0-150000.3.122.1
* java-11-openjdk-11.0.26.0-150000.3.122.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
* java-11-openjdk-devel-11.0.26.0-150000.3.122.1
* java-11-openjdk-headless-11.0.26.0-150000.3.122.1
* java-11-openjdk-demo-11.0.26.0-150000.3.122.1
* java-11-openjdk-11.0.26.0-150000.3.122.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* java-11-openjdk-devel-11.0.26.0-150000.3.122.1
* java-11-openjdk-demo-11.0.26.0-150000.3.122.1
* java-11-openjdk-11.0.26.0-150000.3.122.1
* java-11-openjdk-headless-11.0.26.0-150000.3.122.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* java-11-openjdk-devel-11.0.26.0-150000.3.122.1
* java-11-openjdk-demo-11.0.26.0-150000.3.122.1
* java-11-openjdk-11.0.26.0-150000.3.122.1
* java-11-openjdk-headless-11.0.26.0-150000.3.122.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
* java-11-openjdk-devel-11.0.26.0-150000.3.122.1
* java-11-openjdk-debuginfo-11.0.26.0-150000.3.122.1
* java-11-openjdk-headless-11.0.26.0-150000.3.122.1
* java-11-openjdk-demo-11.0.26.0-150000.3.122.1
* java-11-openjdk-11.0.26.0-150000.3.122.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
* java-11-openjdk-devel-11.0.26.0-150000.3.122.1
* java-11-openjdk-headless-11.0.26.0-150000.3.122.1
* java-11-openjdk-demo-11.0.26.0-150000.3.122.1
* java-11-openjdk-11.0.26.0-150000.3.122.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-devel-11.0.26.0-150000.3.122.1
* java-11-openjdk-demo-11.0.26.0-150000.3.122.1
* java-11-openjdk-11.0.26.0-150000.3.122.1
* java-11-openjdk-headless-11.0.26.0-150000.3.122.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
* java-11-openjdk-devel-11.0.26.0-150000.3.122.1
* java-11-openjdk-debuginfo-11.0.26.0-150000.3.122.1
* java-11-openjdk-headless-11.0.26.0-150000.3.122.1
* java-11-openjdk-demo-11.0.26.0-150000.3.122.1
* java-11-openjdk-11.0.26.0-150000.3.122.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
* java-11-openjdk-devel-11.0.26.0-150000.3.122.1
* java-11-openjdk-headless-11.0.26.0-150000.3.122.1
* java-11-openjdk-demo-11.0.26.0-150000.3.122.1
* java-11-openjdk-11.0.26.0-150000.3.122.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* java-11-openjdk-devel-11.0.26.0-150000.3.122.1
* java-11-openjdk-demo-11.0.26.0-150000.3.122.1
* java-11-openjdk-11.0.26.0-150000.3.122.1
* java-11-openjdk-headless-11.0.26.0-150000.3.122.1
* SUSE Manager Proxy 4.3 (x86_64)
* java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
* java-11-openjdk-devel-11.0.26.0-150000.3.122.1
* java-11-openjdk-headless-11.0.26.0-150000.3.122.1
* java-11-openjdk-demo-11.0.26.0-150000.3.122.1
* java-11-openjdk-11.0.26.0-150000.3.122.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* java-11-openjdk-debugsource-11.0.26.0-150000.3.122.1
* java-11-openjdk-devel-11.0.26.0-150000.3.122.1
* java-11-openjdk-headless-11.0.26.0-150000.3.122.1
* java-11-openjdk-demo-11.0.26.0-150000.3.122.1
* java-11-openjdk-11.0.26.0-150000.3.122.1
## References:
* https://www.suse.com/security/cve/CVE-2025-21502.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236278
SUSE-SU-2025:0343-1: moderate: Security update for krb5
# Security update for krb5
Announcement ID: SUSE-SU-2025:0343-1
Release Date: 2025-02-03T17:03:59Z
Rating: moderate
References:
* bsc#1236619
Cross-References:
* CVE-2025-24528
CVSS scores:
* CVE-2025-24528 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-24528 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
An update that solves one vulnerability can now be installed.
## Description:
This update for krb5 fixes the following issues:
* CVE-2025-24528: Fixed out-of-bounds write caused by overflow when
calculating ulog block size can lead to process crash (bsc#1236619).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-343=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-343=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-343=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-343=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-343=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* krb5-client-1.19.2-150400.3.15.1
* krb5-debugsource-1.19.2-150400.3.15.1
* krb5-debuginfo-1.19.2-150400.3.15.1
* krb5-server-debuginfo-1.19.2-150400.3.15.1
* krb5-plugin-preauth-otp-debuginfo-1.19.2-150400.3.15.1
* krb5-1.19.2-150400.3.15.1
* krb5-server-1.19.2-150400.3.15.1
* krb5-mini-debugsource-1.19.2-150400.3.15.1
* krb5-plugin-kdb-ldap-1.19.2-150400.3.15.1
* krb5-plugin-preauth-pkinit-1.19.2-150400.3.15.1
* krb5-plugin-kdb-ldap-debuginfo-1.19.2-150400.3.15.1
* krb5-plugin-preauth-otp-1.19.2-150400.3.15.1
* krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150400.3.15.1
* krb5-plugin-preauth-spake-debuginfo-1.19.2-150400.3.15.1
* krb5-mini-devel-1.19.2-150400.3.15.1
* krb5-client-debuginfo-1.19.2-150400.3.15.1
* krb5-mini-1.19.2-150400.3.15.1
* krb5-mini-debuginfo-1.19.2-150400.3.15.1
* krb5-devel-1.19.2-150400.3.15.1
* krb5-plugin-preauth-spake-1.19.2-150400.3.15.1
* openSUSE Leap 15.4 (x86_64)
* krb5-32bit-1.19.2-150400.3.15.1
* krb5-32bit-debuginfo-1.19.2-150400.3.15.1
* krb5-devel-32bit-1.19.2-150400.3.15.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* krb5-64bit-debuginfo-1.19.2-150400.3.15.1
* krb5-devel-64bit-1.19.2-150400.3.15.1
* krb5-64bit-1.19.2-150400.3.15.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* krb5-1.19.2-150400.3.15.1
* krb5-debugsource-1.19.2-150400.3.15.1
* krb5-debuginfo-1.19.2-150400.3.15.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* krb5-1.19.2-150400.3.15.1
* krb5-debugsource-1.19.2-150400.3.15.1
* krb5-debuginfo-1.19.2-150400.3.15.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* krb5-1.19.2-150400.3.15.1
* krb5-debugsource-1.19.2-150400.3.15.1
* krb5-debuginfo-1.19.2-150400.3.15.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* krb5-1.19.2-150400.3.15.1
* krb5-debugsource-1.19.2-150400.3.15.1
* krb5-debuginfo-1.19.2-150400.3.15.1
## References:
* https://www.suse.com/security/cve/CVE-2025-24528.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236619
SUSE-SU-2025:0344-1: important: Security update for orc
# Security update for orc
Announcement ID: SUSE-SU-2025:0344-1
Release Date: 2025-02-03T17:06:05Z
Rating: important
References:
* bsc#1228184
Cross-References:
* CVE-2024-40897
CVSS scores:
* CVE-2024-40897 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-40897 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP6
An update that solves one vulnerability can now be installed.
## Description:
This update for orc fixes the following issues:
* CVE-2024-40897: Fixed stack-based buffer overflow in the Orc compiler when
formatting error messages for certain input files (bsc#1228184)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-344=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-344=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-344=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-344=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-344=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-344=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-344=1
* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-344=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-344=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-344=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-344=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-344=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-344=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-344=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-344=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-344=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-344=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-344=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-344=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-344=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-344=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-344=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-344=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-344=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-344=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* orc-doc-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* openSUSE Leap 15.6 (x86_64)
* liborc-0_4-0-32bit-0.4.28-150000.3.9.1
* liborc-0_4-0-32bit-debuginfo-0.4.28-150000.3.9.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* SUSE Package Hub 15 15-SP6 (x86_64)
* liborc-0_4-0-32bit-0.4.28-150000.3.9.1
* liborc-0_4-0-32bit-debuginfo-0.4.28-150000.3.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* SUSE Manager Proxy 4.3 (x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* liborc-0_4-0-debuginfo-0.4.28-150000.3.9.1
* orc-debugsource-0.4.28-150000.3.9.1
* orc-debuginfo-0.4.28-150000.3.9.1
* liborc-0_4-0-0.4.28-150000.3.9.1
## References:
* https://www.suse.com/security/cve/CVE-2024-40897.html
* https://bugzilla.suse.com/show_bug.cgi?id=1228184
SUSE-SU-2025:0340-1: moderate: Security update for rsync
# Security update for rsync
Announcement ID: SUSE-SU-2025:0340-1
Release Date: 2025-02-03T16:32:43Z
Rating: moderate
References:
* bsc#1233760
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that has one security fix can now be installed.
## Description:
This update for rsync fixes the following issues:
* Bump rsync protocol version to 32 to show server is patched against recent
vulnerabilities.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-340=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-340=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-340=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-340=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-340=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-340=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-340=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-340=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-340=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-340=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-340=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-340=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-340=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-340=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-340=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-340=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-340=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* rsync-debuginfo-3.2.3-150400.3.20.1
* rsync-debugsource-3.2.3-150400.3.20.1
* rsync-3.2.3-150400.3.20.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* rsync-debuginfo-3.2.3-150400.3.20.1
* rsync-debugsource-3.2.3-150400.3.20.1
* rsync-3.2.3-150400.3.20.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* rsync-debuginfo-3.2.3-150400.3.20.1
* rsync-debugsource-3.2.3-150400.3.20.1
* rsync-3.2.3-150400.3.20.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* rsync-debuginfo-3.2.3-150400.3.20.1
* rsync-debugsource-3.2.3-150400.3.20.1
* rsync-3.2.3-150400.3.20.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* rsync-debuginfo-3.2.3-150400.3.20.1
* rsync-debugsource-3.2.3-150400.3.20.1
* rsync-3.2.3-150400.3.20.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* rsync-debuginfo-3.2.3-150400.3.20.1
* rsync-debugsource-3.2.3-150400.3.20.1
* rsync-3.2.3-150400.3.20.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* rsync-debuginfo-3.2.3-150400.3.20.1
* rsync-debugsource-3.2.3-150400.3.20.1
* rsync-3.2.3-150400.3.20.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* rsync-debuginfo-3.2.3-150400.3.20.1
* rsync-debugsource-3.2.3-150400.3.20.1
* rsync-3.2.3-150400.3.20.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* rsync-debuginfo-3.2.3-150400.3.20.1
* rsync-debugsource-3.2.3-150400.3.20.1
* rsync-3.2.3-150400.3.20.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* rsync-debuginfo-3.2.3-150400.3.20.1
* rsync-debugsource-3.2.3-150400.3.20.1
* rsync-3.2.3-150400.3.20.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* rsync-debuginfo-3.2.3-150400.3.20.1
* rsync-debugsource-3.2.3-150400.3.20.1
* rsync-3.2.3-150400.3.20.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* rsync-debuginfo-3.2.3-150400.3.20.1
* rsync-debugsource-3.2.3-150400.3.20.1
* rsync-3.2.3-150400.3.20.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* rsync-debuginfo-3.2.3-150400.3.20.1
* rsync-debugsource-3.2.3-150400.3.20.1
* rsync-3.2.3-150400.3.20.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* rsync-debuginfo-3.2.3-150400.3.20.1
* rsync-debugsource-3.2.3-150400.3.20.1
* rsync-3.2.3-150400.3.20.1
* SUSE Manager Proxy 4.3 (x86_64)
* rsync-debuginfo-3.2.3-150400.3.20.1
* rsync-debugsource-3.2.3-150400.3.20.1
* rsync-3.2.3-150400.3.20.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* rsync-debuginfo-3.2.3-150400.3.20.1
* rsync-debugsource-3.2.3-150400.3.20.1
* rsync-3.2.3-150400.3.20.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* rsync-debuginfo-3.2.3-150400.3.20.1
* rsync-debugsource-3.2.3-150400.3.20.1
* rsync-3.2.3-150400.3.20.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1233760
SUSE-SU-2025:0341-1: important: Security update for libxml2
# Security update for libxml2
Announcement ID: SUSE-SU-2025:0341-1
Release Date: 2025-02-03T16:33:21Z
Rating: important
References:
* bsc#1236460
Cross-References:
* CVE-2022-49043
CVSS scores:
* CVE-2022-49043 ( SUSE ): 7.5
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49043 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49043 ( NVD ): 8.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for libxml2 fixes the following issues:
* CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-341=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-341=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-341=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-341=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-341=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-341=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-341=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-341=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-341=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-341=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-341=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-341=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libxml2-debugsource-2.9.14-150400.5.35.1
* libxml2-tools-2.9.14-150400.5.35.1
* python311-libxml2-2.9.14-150400.5.35.1
* libxml2-tools-debuginfo-2.9.14-150400.5.35.1
* libxml2-2-2.9.14-150400.5.35.1
* libxml2-python-debugsource-2.9.14-150400.5.35.1
* libxml2-2-debuginfo-2.9.14-150400.5.35.1
* libxml2-devel-2.9.14-150400.5.35.1
* python3-libxml2-debuginfo-2.9.14-150400.5.35.1
* python3-libxml2-2.9.14-150400.5.35.1
* python311-libxml2-debuginfo-2.9.14-150400.5.35.1
* openSUSE Leap 15.4 (x86_64)
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.35.1
* libxml2-2-32bit-2.9.14-150400.5.35.1
* libxml2-devel-32bit-2.9.14-150400.5.35.1
* openSUSE Leap 15.4 (noarch)
* libxml2-doc-2.9.14-150400.5.35.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libxml2-2-64bit-debuginfo-2.9.14-150400.5.35.1
* libxml2-2-64bit-2.9.14-150400.5.35.1
* libxml2-devel-64bit-2.9.14-150400.5.35.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libxml2-debugsource-2.9.14-150400.5.35.1
* libxml2-tools-2.9.14-150400.5.35.1
* libxml2-tools-debuginfo-2.9.14-150400.5.35.1
* libxml2-2-2.9.14-150400.5.35.1
* libxml2-python-debugsource-2.9.14-150400.5.35.1
* libxml2-2-debuginfo-2.9.14-150400.5.35.1
* python3-libxml2-debuginfo-2.9.14-150400.5.35.1
* python3-libxml2-2.9.14-150400.5.35.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libxml2-debugsource-2.9.14-150400.5.35.1
* libxml2-tools-2.9.14-150400.5.35.1
* libxml2-tools-debuginfo-2.9.14-150400.5.35.1
* libxml2-2-2.9.14-150400.5.35.1
* libxml2-python-debugsource-2.9.14-150400.5.35.1
* libxml2-2-debuginfo-2.9.14-150400.5.35.1
* python3-libxml2-debuginfo-2.9.14-150400.5.35.1
* python3-libxml2-2.9.14-150400.5.35.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libxml2-debugsource-2.9.14-150400.5.35.1
* libxml2-tools-2.9.14-150400.5.35.1
* libxml2-tools-debuginfo-2.9.14-150400.5.35.1
* libxml2-2-2.9.14-150400.5.35.1
* libxml2-python-debugsource-2.9.14-150400.5.35.1
* libxml2-2-debuginfo-2.9.14-150400.5.35.1
* python3-libxml2-debuginfo-2.9.14-150400.5.35.1
* python3-libxml2-2.9.14-150400.5.35.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libxml2-debugsource-2.9.14-150400.5.35.1
* libxml2-tools-2.9.14-150400.5.35.1
* libxml2-tools-debuginfo-2.9.14-150400.5.35.1
* libxml2-2-2.9.14-150400.5.35.1
* libxml2-python-debugsource-2.9.14-150400.5.35.1
* libxml2-2-debuginfo-2.9.14-150400.5.35.1
* python3-libxml2-debuginfo-2.9.14-150400.5.35.1
* python3-libxml2-2.9.14-150400.5.35.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libxml2-debugsource-2.9.14-150400.5.35.1
* libxml2-tools-2.9.14-150400.5.35.1
* python311-libxml2-2.9.14-150400.5.35.1
* libxml2-tools-debuginfo-2.9.14-150400.5.35.1
* libxml2-2-2.9.14-150400.5.35.1
* libxml2-2-debuginfo-2.9.14-150400.5.35.1
* libxml2-devel-2.9.14-150400.5.35.1
* python3-libxml2-debuginfo-2.9.14-150400.5.35.1
* python3-libxml2-2.9.14-150400.5.35.1
* python311-libxml2-debuginfo-2.9.14-150400.5.35.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.35.1
* libxml2-2-32bit-2.9.14-150400.5.35.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libxml2-debugsource-2.9.14-150400.5.35.1
* libxml2-tools-2.9.14-150400.5.35.1
* python311-libxml2-2.9.14-150400.5.35.1
* libxml2-tools-debuginfo-2.9.14-150400.5.35.1
* libxml2-2-2.9.14-150400.5.35.1
* libxml2-2-debuginfo-2.9.14-150400.5.35.1
* libxml2-devel-2.9.14-150400.5.35.1
* python3-libxml2-debuginfo-2.9.14-150400.5.35.1
* python3-libxml2-2.9.14-150400.5.35.1
* python311-libxml2-debuginfo-2.9.14-150400.5.35.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.35.1
* libxml2-2-32bit-2.9.14-150400.5.35.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libxml2-debugsource-2.9.14-150400.5.35.1
* libxml2-tools-2.9.14-150400.5.35.1
* python311-libxml2-2.9.14-150400.5.35.1
* libxml2-tools-debuginfo-2.9.14-150400.5.35.1
* libxml2-2-2.9.14-150400.5.35.1
* libxml2-2-debuginfo-2.9.14-150400.5.35.1
* libxml2-devel-2.9.14-150400.5.35.1
* python3-libxml2-debuginfo-2.9.14-150400.5.35.1
* python3-libxml2-2.9.14-150400.5.35.1
* python311-libxml2-debuginfo-2.9.14-150400.5.35.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.35.1
* libxml2-2-32bit-2.9.14-150400.5.35.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libxml2-debugsource-2.9.14-150400.5.35.1
* libxml2-tools-2.9.14-150400.5.35.1
* python311-libxml2-2.9.14-150400.5.35.1
* libxml2-tools-debuginfo-2.9.14-150400.5.35.1
* libxml2-2-2.9.14-150400.5.35.1
* libxml2-2-debuginfo-2.9.14-150400.5.35.1
* libxml2-devel-2.9.14-150400.5.35.1
* python3-libxml2-debuginfo-2.9.14-150400.5.35.1
* python3-libxml2-2.9.14-150400.5.35.1
* python311-libxml2-debuginfo-2.9.14-150400.5.35.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.35.1
* libxml2-2-32bit-2.9.14-150400.5.35.1
* SUSE Manager Proxy 4.3 (x86_64)
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.35.1
* libxml2-debugsource-2.9.14-150400.5.35.1
* libxml2-tools-2.9.14-150400.5.35.1
* libxml2-tools-debuginfo-2.9.14-150400.5.35.1
* libxml2-2-32bit-2.9.14-150400.5.35.1
* libxml2-2-2.9.14-150400.5.35.1
* libxml2-2-debuginfo-2.9.14-150400.5.35.1
* libxml2-devel-2.9.14-150400.5.35.1
* python3-libxml2-debuginfo-2.9.14-150400.5.35.1
* python3-libxml2-2.9.14-150400.5.35.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.35.1
* libxml2-debugsource-2.9.14-150400.5.35.1
* libxml2-tools-2.9.14-150400.5.35.1
* libxml2-tools-debuginfo-2.9.14-150400.5.35.1
* libxml2-2-32bit-2.9.14-150400.5.35.1
* libxml2-2-2.9.14-150400.5.35.1
* libxml2-2-debuginfo-2.9.14-150400.5.35.1
* libxml2-devel-2.9.14-150400.5.35.1
* python3-libxml2-debuginfo-2.9.14-150400.5.35.1
* python3-libxml2-2.9.14-150400.5.35.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* libxml2-debugsource-2.9.14-150400.5.35.1
* libxml2-tools-2.9.14-150400.5.35.1
* libxml2-tools-debuginfo-2.9.14-150400.5.35.1
* libxml2-2-2.9.14-150400.5.35.1
* libxml2-2-debuginfo-2.9.14-150400.5.35.1
* libxml2-devel-2.9.14-150400.5.35.1
* python3-libxml2-debuginfo-2.9.14-150400.5.35.1
* python3-libxml2-2.9.14-150400.5.35.1
* SUSE Manager Server 4.3 (x86_64)
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.35.1
* libxml2-2-32bit-2.9.14-150400.5.35.1
## References:
* https://www.suse.com/security/cve/CVE-2022-49043.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236460
openSUSE-SU-2025:0052-1: moderate: Security update for python-asteval
openSUSE Security Update: Security update for python-asteval
_______________________________
Announcement ID: openSUSE-SU-2025:0052-1
Rating: moderate
References: #1236405
Cross-References: CVE-2025-24359
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-asteval fixes the following issues:
Update to 1.0.6:
* drop testing and support for Python3.8, add Python 3.13, change
document to reflect this.
* implement safe_getattr and safe_format functions; fix bugs in
UNSAFE_ATTRS and UNSAFE_ATTRS_DTYPES usage (boo#1236405,
CVE-2025-24359)
* make all procedure attributes private to curb access to AST nodes,
which can be exploited
* improvements to error messages, including use ast functions to
construct better error messages
* remove import of numpy.linalg, as documented
* update doc description for security advisory
Update to 1.0.5:
* more work on handling errors, including fixing #133 and adding more
comprehensive tests for #129 and #132
Update to 1.0.4:
* fix error handling that might result in null exception
Update to 1.0.3:
* functions ("Procedures") defined within asteval have a ` _signature()`
method, now use in repr
* add support for deleting subscript
* nested symbol tables now have a Group() function
* update coverage config
* cleanups of exception handling : errors must now have an exception
* several related fixes to suppress repeated exceptions: see GH #132 and
#129
* make non-boolean return values from comparison operators behave like
Python - not immediately testing as bool
- update to 1.0.2:
* fix NameError handling in expression code
* make exception messages more Python-like
- update to 1.0.1:
* security fixes, based on audit by Andrew Effenhauser, Ayman Hammad,
and Daniel Crowley, IBM X-Force Security Research division
* remove numpy modules polynomial, fft, linalg by default for security
concerns
* disallow string.format(), improve security of f-string evaluation
- update to 1.0.0:
* fix (again) nested list comprehension (Issues #127 and #126).
* add more testing of multiple list comprehensions.
* more complete support for Numpy 2, and removal of many Numpy symbols
that have been long deprecated.
* remove AST nodes deprecated in Python 3.8.
* clean up build files and outdated tests.
* fixes to codecov configuration.
* update docs.
- update to 0.9.33:
* fixes for multiple list comprehensions (addressing #126)
* add testing with optionally installed numpy_financial to CI
* test existence of all numpy imports to better safeguard against
missing functions (for safer numpy 2 transition)
* update rendered doc to include PDF and zipped HTML
- update to 0.9.32:
* add deprecations message for numpy functions to be removed in numpy 2.0
* comparison operations use try/except for short-circuiting instead of
checking for numpy arrays (addressing #123)
* add Python 3.12 to testing
* move repository from "newville" to "lmfit" organization
* update doc theme, GitHub locations pointed to by docs, other doc
tweaks.
- Update to 0.9.31:
* cleanup numpy imports to avoid deprecated functions, add financial
functions from numpy_financial module, if installed.
* prefer 'user_symbols' when initializing Interpreter, but still support
'usersyms' argument. Will deprecate and remove eventually.
* add support of optional (off-by default) "nested symbol table".
* update tests to run most tests with symbol tables of dict and nested
group type.
* general code and testing cleanup.
* add config argument to Interpreter to more fully control which nodes
are supported
* add support for import and importfrom -- off by default
* add support for with blocks
* add support for f-strings
* add support of set and dict comprehension
* fix bug with 'int**int' not returning a float.
- update to 0.9.29:
* bug fixes
- Update to 0.9.28
* add support for Python 3.11
* add support for multiple list comprehensions
* improve performance of making the initial symbol table, and
Interpreter creation, including better checking for index_tricks
attributes
- update to 0.9.27:
* more cleanups
- update to 0.9.26:
* fix setup.py again
- update to 0.9.25:
* fixes import errors for Py3.6 and 3.7, setting version with
importlib_metadata.version if available.
* use setuptools_scm and importlib for version
* treat all __dunder__ attributes of all objects as inherently unsafe.
- Update to 0.9.22
* another important but small fix for Python 3.9
* Merge branch 'nested_interrupts_returns'
- Drop hard numpy requirement, don't test on python36
- update to 0.9.18
* drop python2
* few fixes
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2025-52=1
Package List:
- openSUSE Backports SLE-15-SP6 (noarch):
python311-asteval-1.0.6-bp156.4.3.1
References:
https://www.suse.com/security/cve/CVE-2025-24359.html
https://bugzilla.suse.com/1236405