SUSE Linux has received several security updates, including chromium, libtiff-devel, traefik, libpoppler-cpp2, libIex, traefik, agama, iperf, ghostscript, and kubo:.

openSUSE-SU-2025:0286-1: important: Security update for chromium
openSUSE-SU-2025:15417-1: moderate: libtiff-devel-32bit-4.7.0-7.1 on GA media
openSUSE-SU-2025:15419-1: moderate: traefik2-2.11.28-1.1 on GA media
openSUSE-SU-2025:15416-1: moderate: libpoppler-cpp2-25.08.0-1.1 on GA media
openSUSE-SU-2025:15415-1: moderate: libIex-3_3-32-3.3.5-1.1 on GA media
openSUSE-SU-2025:15418-1: moderate: traefik-3.5.0-1.1 on GA media
openSUSE-SU-2025:15412-1: moderate: agama-17+60.68fdb92ec-26.1 on GA media
openSUSE-SU-2025:15414-1: moderate: iperf-3.19.1-1.1 on GA media
openSUSE-SU-2025:15413-1: moderate: ghostscript-10.05.1-1.1 on GA media
SUSE-SU-2025:02727-1: moderate: Security update for grub2
openSUSE-SU-2025:0288-1: moderate: Security update for kubo

openSUSE-SU-2025:0286-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2025:0286-1
Rating: important
References: #1247661 #1247664
Cross-References: CVE-2025-54874 CVE-2025-8576 CVE-2025-8577
CVE-2025-8578 CVE-2025-8579 CVE-2025-8580
CVE-2025-8581 CVE-2025-8582 CVE-2025-8583

CVSS scores:
CVE-2025-54874 (SUSE): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes 9 vulnerabilities is now available.

Description:

Chromium was updated to fix:

- CVE-2025-54874 fix missing error check in openjpeg (bsc#1247661)

Chromium 139.0.7258.66 (boo#1247664):

* CVE-2025-8576: Use after free in Extensions
* CVE-2025-8577: Inappropriate implementation in Picture In Picture
* CVE-2025-8578: Use after free in Cast
* CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome
* CVE-2025-8580: Inappropriate implementation in Filesystems
* CVE-2025-8581: Inappropriate implementation in Extensions
* CVE-2025-8582: Insufficient validation of untrusted input in DOM
* CVE-2025-8583: Inappropriate implementation in Permissions

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2025-286=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 x86_64):

chromedriver-139.0.7258.66-bp157.2.31.1
chromium-139.0.7258.66-bp157.2.31.1

References:

https://www.suse.com/security/cve/CVE-2025-54874.html
https://www.suse.com/security/cve/CVE-2025-8576.html
https://www.suse.com/security/cve/CVE-2025-8577.html
https://www.suse.com/security/cve/CVE-2025-8578.html
https://www.suse.com/security/cve/CVE-2025-8579.html
https://www.suse.com/security/cve/CVE-2025-8580.html
https://www.suse.com/security/cve/CVE-2025-8581.html
https://www.suse.com/security/cve/CVE-2025-8582.html
https://www.suse.com/security/cve/CVE-2025-8583.html
https://bugzilla.suse.com/1247661
https://bugzilla.suse.com/1247664

openSUSE-SU-2025:15417-1: moderate: libtiff-devel-32bit-4.7.0-7.1 on GA media

# libtiff-devel-32bit-4.7.0-7.1 on GA media

Announcement ID: openSUSE-SU-2025:15417-1
Rating: moderate

Cross-References:

* CVE-2025-8176
* CVE-2025-8177

CVSS scores:

* CVE-2025-8176 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
* CVE-2025-8176 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-8177 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-8177 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the libtiff-devel-32bit-4.7.0-7.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libtiff-devel 4.7.0-7.1
* libtiff-devel-32bit 4.7.0-7.1
* libtiff6 4.7.0-7.1
* libtiff6-32bit 4.7.0-7.1
* tiff 4.7.0-7.1

## References:

* https://www.suse.com/security/cve/CVE-2025-8176.html
* https://www.suse.com/security/cve/CVE-2025-8177.html

openSUSE-SU-2025:15419-1: moderate: traefik2-2.11.28-1.1 on GA media

# traefik2-2.11.28-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15419-1
Rating: moderate

Cross-References:

* CVE-2025-30204

CVSS scores:

* CVE-2025-30204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-30204 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the traefik2-2.11.28-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* traefik2 2.11.28-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-30204.html

openSUSE-SU-2025:15416-1: moderate: libpoppler-cpp2-25.08.0-1.1 on GA media

# libpoppler-cpp2-25.08.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15416-1
Rating: moderate

Cross-References:

* CVE-2025-50420

CVSS scores:

* CVE-2025-50420 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libpoppler-cpp2-25.08.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libpoppler-cpp2 25.08.0-1.1
* libpoppler-cpp2-32bit 25.08.0-1.1
* libpoppler-devel 25.08.0-1.1
* libpoppler-glib-devel 25.08.0-1.1
* libpoppler-glib8 25.08.0-1.1
* libpoppler-glib8-32bit 25.08.0-1.1
* libpoppler152 25.08.0-1.1
* libpoppler152-32bit 25.08.0-1.1
* poppler-tools 25.08.0-1.1
* typelib-1_0-Poppler-0_18 25.08.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-50420.html

openSUSE-SU-2025:15415-1: moderate: libIex-3_3-32-3.3.5-1.1 on GA media

# libIex-3_3-32-3.3.5-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15415-1
Rating: moderate

Cross-References:

* CVE-2025-48071
* CVE-2025-48072
* CVE-2025-48073
* CVE-2025-48074

CVSS scores:

* CVE-2025-48071 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
* CVE-2025-48071 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-48072 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2025-48072 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-48073 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-48073 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-48074 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-48074 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the libIex-3_3-32-3.3.5-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libIex-3_3-32 3.3.5-1.1
* libIex-3_3-32-32bit 3.3.5-1.1
* libIex-3_3-32-x86-64-v3 3.3.5-1.1
* libIlmThread-3_3-32 3.3.5-1.1
* libIlmThread-3_3-32-32bit 3.3.5-1.1
* libIlmThread-3_3-32-x86-64-v3 3.3.5-1.1
* libOpenEXR-3_3-32 3.3.5-1.1
* libOpenEXR-3_3-32-32bit 3.3.5-1.1
* libOpenEXR-3_3-32-x86-64-v3 3.3.5-1.1
* libOpenEXRCore-3_3-32 3.3.5-1.1
* libOpenEXRCore-3_3-32-32bit 3.3.5-1.1
* libOpenEXRCore-3_3-32-x86-64-v3 3.3.5-1.1
* libOpenEXRUtil-3_3-32 3.3.5-1.1
* libOpenEXRUtil-3_3-32-32bit 3.3.5-1.1
* libOpenEXRUtil-3_3-32-x86-64-v3 3.3.5-1.1
* openexr 3.3.5-1.1
* openexr-devel 3.3.5-1.1
* openexr-doc 3.3.5-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-48071.html
* https://www.suse.com/security/cve/CVE-2025-48072.html
* https://www.suse.com/security/cve/CVE-2025-48073.html
* https://www.suse.com/security/cve/CVE-2025-48074.html

openSUSE-SU-2025:15418-1: moderate: traefik-3.5.0-1.1 on GA media

# traefik-3.5.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15418-1
Rating: moderate

Cross-References:

* CVE-2025-30204

CVSS scores:

* CVE-2025-30204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-30204 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the traefik-3.5.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* traefik 3.5.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-30204.html

openSUSE-SU-2025:15412-1: moderate: agama-17+60.68fdb92ec-26.1 on GA media

# agama-17+60.68fdb92ec-26.1 on GA media

Announcement ID: openSUSE-SU-2025:15412-1
Rating: moderate

Cross-References:

* CVE-2025-5791

CVSS scores:

* CVE-2025-5791 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-5791 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the agama-17+60.68fdb92ec-26.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* agama 17+60.68fdb92ec-26.1
* agama-autoinstall 17+60.68fdb92ec-26.1
* agama-cli 17+60.68fdb92ec-26.1
* agama-cli-bash-completion 17+60.68fdb92ec-26.1
* agama-cli-fish-completion 17+60.68fdb92ec-26.1
* agama-cli-zsh-completion 17+60.68fdb92ec-26.1
* agama-openapi 17+60.68fdb92ec-26.1
* agama-scripts 17+60.68fdb92ec-26.1

## References:

* https://www.suse.com/security/cve/CVE-2025-5791.html

openSUSE-SU-2025:15414-1: moderate: iperf-3.19.1-1.1 on GA media

# iperf-3.19.1-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15414-1
Rating: moderate

Cross-References:

* CVE-2025-54349
* CVE-2025-54350
* CVE-2025-54351

CVSS scores:

* CVE-2025-54349 ( SUSE ): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-54350 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-54351 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the iperf-3.19.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* iperf 3.19.1-1.1
* iperf-devel 3.19.1-1.1
* libiperf0 3.19.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-54349.html
* https://www.suse.com/security/cve/CVE-2025-54350.html
* https://www.suse.com/security/cve/CVE-2025-54351.html

openSUSE-SU-2025:15413-1: moderate: ghostscript-10.05.1-1.1 on GA media

# ghostscript-10.05.1-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15413-1
Rating: moderate

Cross-References:

* CVE-2025-46646
* CVE-2025-48708

CVSS scores:

* CVE-2025-46646 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-48708 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the ghostscript-10.05.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ghostscript 10.05.1-1.1
* ghostscript-devel 10.05.1-1.1
* ghostscript-x11 10.05.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-46646.html
* https://www.suse.com/security/cve/CVE-2025-48708.html

SUSE-SU-2025:02727-1: moderate: Security update for grub2

# Security update for grub2

Announcement ID: SUSE-SU-2025:02727-1
Release Date: 2025-08-07T09:02:12Z
Rating: moderate
References:

* bsc#1234959

Cross-References:

* CVE-2024-56738

CVSS scores:

* CVE-2024-56738 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-56738 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-56738 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves one vulnerability can now be installed.

## Description:

This update for grub2 fixes the following issues:

* CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm
in grub_crypto_memcmp (bsc#1234959)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2727=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2727=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2727=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2727=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2727=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* grub2-debuginfo-2.06-150400.11.63.1
* grub2-2.06-150400.11.63.1
* grub2-branding-upstream-2.06-150400.11.63.1
* openSUSE Leap 15.4 (aarch64 s390x x86_64 i586)
* grub2-debugsource-2.06-150400.11.63.1
* openSUSE Leap 15.4 (noarch)
* grub2-x86_64-xen-2.06-150400.11.63.1
* grub2-systemd-sleep-plugin-2.06-150400.11.63.1
* grub2-i386-pc-debug-2.06-150400.11.63.1
* grub2-i386-efi-extras-2.06-150400.11.63.1
* grub2-i386-pc-2.06-150400.11.63.1
* grub2-powerpc-ieee1275-2.06-150400.11.63.1
* grub2-arm64-efi-debug-2.06-150400.11.63.1
* grub2-powerpc-ieee1275-extras-2.06-150400.11.63.1
* grub2-x86_64-efi-debug-2.06-150400.11.63.1
* grub2-x86_64-xen-extras-2.06-150400.11.63.1
* grub2-i386-efi-debug-2.06-150400.11.63.1
* grub2-powerpc-ieee1275-debug-2.06-150400.11.63.1
* grub2-s390x-emu-extras-2.06-150400.11.63.1
* grub2-arm64-efi-2.06-150400.11.63.1
* grub2-i386-xen-extras-2.06-150400.11.63.1
* grub2-i386-pc-extras-2.06-150400.11.63.1
* grub2-arm64-efi-extras-2.06-150400.11.63.1
* grub2-x86_64-efi-extras-2.06-150400.11.63.1
* grub2-snapper-plugin-2.06-150400.11.63.1
* grub2-i386-xen-2.06-150400.11.63.1
* grub2-x86_64-efi-2.06-150400.11.63.1
* grub2-i386-efi-2.06-150400.11.63.1
* openSUSE Leap 15.4 (s390x)
* grub2-s390x-emu-2.06-150400.11.63.1
* grub2-s390x-emu-debug-2.06-150400.11.63.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* grub2-debugsource-2.06-150400.11.63.1
* grub2-debuginfo-2.06-150400.11.63.1
* grub2-2.06-150400.11.63.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
* grub2-x86_64-xen-2.06-150400.11.63.1
* grub2-snapper-plugin-2.06-150400.11.63.1
* grub2-i386-pc-2.06-150400.11.63.1
* grub2-x86_64-efi-2.06-150400.11.63.1
* grub2-arm64-efi-2.06-150400.11.63.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (s390x)
* grub2-s390x-emu-2.06-150400.11.63.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* grub2-debugsource-2.06-150400.11.63.1
* grub2-debuginfo-2.06-150400.11.63.1
* grub2-2.06-150400.11.63.1
* SUSE Linux Enterprise Micro 5.3 (noarch)
* grub2-x86_64-xen-2.06-150400.11.63.1
* grub2-snapper-plugin-2.06-150400.11.63.1
* grub2-i386-pc-2.06-150400.11.63.1
* grub2-x86_64-efi-2.06-150400.11.63.1
* grub2-arm64-efi-2.06-150400.11.63.1
* SUSE Linux Enterprise Micro 5.3 (s390x)
* grub2-s390x-emu-2.06-150400.11.63.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* grub2-debugsource-2.06-150400.11.63.1
* grub2-debuginfo-2.06-150400.11.63.1
* grub2-2.06-150400.11.63.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
* grub2-x86_64-xen-2.06-150400.11.63.1
* grub2-snapper-plugin-2.06-150400.11.63.1
* grub2-i386-pc-2.06-150400.11.63.1
* grub2-x86_64-efi-2.06-150400.11.63.1
* grub2-arm64-efi-2.06-150400.11.63.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (s390x)
* grub2-s390x-emu-2.06-150400.11.63.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* grub2-debugsource-2.06-150400.11.63.1
* grub2-debuginfo-2.06-150400.11.63.1
* grub2-2.06-150400.11.63.1
* SUSE Linux Enterprise Micro 5.4 (noarch)
* grub2-x86_64-xen-2.06-150400.11.63.1
* grub2-snapper-plugin-2.06-150400.11.63.1
* grub2-i386-pc-2.06-150400.11.63.1
* grub2-x86_64-efi-2.06-150400.11.63.1
* grub2-arm64-efi-2.06-150400.11.63.1
* SUSE Linux Enterprise Micro 5.4 (s390x)
* grub2-s390x-emu-2.06-150400.11.63.1

## References:

* https://www.suse.com/security/cve/CVE-2024-56738.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234959

openSUSE-SU-2025:0288-1: moderate: Security update for kubo

openSUSE Security Update: Security update for kubo
_______________________________

Announcement ID: openSUSE-SU-2025:0288-1
Rating: moderate
References: #1241776
Cross-References: CVE-2025-22872
CVSS scores:
CVE-2025-22872 (SUSE): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for kubo fixes the following issues:

- 0.35.0
* Opt-in HTTP Retrieval client
* Dedicated Reprovider.Strategy for MFS
* Experimental support for MFS as a FUSE mount point
* Grid view in WebUI
* Enhanced DAG-Shaping Controls
* Datastore Metrics Now Opt-In
* Improved performance of data onboarding
* Optimized, dedicated queue for providing fresh CIDs
* New Provider configuration options
* Deprecated ipfs stats provider
* New Bitswap configuration options
* Bitswap.Libp2pEnabled
* Bitswap.ServerEnabled
* Internal.Bitswap.ProviderSearchMaxResults
* New Routing configuration options
* Routing.IgnoreProviders
* Routing.DelegatedRouters
* New Pebble database format config
* New environment variables
* Improved Log Output Setting
* New Repo Lock Optional Wait
* Updated golang.org/x/net to 0.40.0 (boo#1241776, CVE-2025-22872)

- Update to 0.34.1 - for details see
* https://github.com/ipfs/kubo/releases/tag/v0.34.1
* Dependency updates
- Update to 0.34.0 - for details see
* https://github.com/ipfs/kubo/releases/tag/v0.34.0
* AutoTLS now enabled by default for nodes with 1 hour uptime
* New WebUI features: CAR file import and QR code sharing
* RPC and CLI command changes ~ ipfs config is now validating json
fields ~ Deprecated the bitswap reprovide command ~ The stats
reprovide command now shows additional stats ~ ipfs files cp now
performs basic codec check
* Bitswap improvements from Boxo
* IPNS publishing TTL change ~ we've lowered the default IPNS Record TTL
during publishing to 5 minutes
* IPFS_LOG_LEVEL deprecated
* Pebble datastore format update
* Badger datastore update
* Datastore Implementation Updates
* Datastore Implementation Updates
* Fix hanging pinset operations during reprovides
* Important dependency updates

- Update to 0.33.1 - for details see
* https://github.com/ipfs/kubo/releases/tag/v0.33.1
* Bitswap improvements from Boxo
* Improved IPNS interop
- Update to 0.33.0 - for details see
* https://github.com/ipfs/kubo/releases/tag/v0.33.0
* Shared TCP listeners: Kubo now supports sharing the same TCP port
(4001 by default) by both raw TCP and WebSockets libp2p transports.
* AutoTLS takes care of Secure WebSockets setup: It is no longer
necessary to manually add /tcp/../ws listeners to Addresses.Swarm when
AutoTLS.Enabled is set to true. Kubo will detect if /ws listener is
missing and add one on the same port as pre-existing TCP (e.g.
/tcp/4001), removing the need for any extra configuration.
* Bitswap improvements from Boxo
* Using default libp2p_rcmgr metrics: Bespoke rcmgr metrics were
removed, Kubo now exposes only the default libp2p_rcmgr metrics from
go-libp2p.
* Flatfs does not sync on each write: New repositories initialized with
flatfs in Datastore.Spec will have sync set to false.
* ipfs add --to-files no longer works with --wrap
* ipfs --api supports HTTPS RPC endpoints
* New options for faster writes: WriteThrough, BlockKeyCacheSize,
BatchMaxNodes, BatchMaxSize
* MFS stability with large number of writes
* New DoH resolvers for non-ICANN DNSLinks: .eth and .crypto
* Reliability improvements to the WebRTC Direct listener
* Fix: Escape Redirect URL for Directory

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2025-288=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

kubo-0.35.0-bp157.2.3.1

References:

https://www.suse.com/security/cve/CVE-2025-22872.html
https://bugzilla.suse.com/1241776