Chromium, MariaDB, LibPNG, and more updates for SUSE

SUSE 5507 Published by

Several SUSE updates have been released, including security updates and other patches. The openSUSE project has received important updates for Chromium and MariaDB, as well as critical fixes for libpng16, Xen, and MariaDB. Additionally, moderate-level updates were applied to various packages on General Availability (GA) media, including Ruby, coredns-for-k8s, rsync, and Netty. These security patches aim to address vulnerabilities and enhance system stability across the SUSE ecosystem.

openSUSE-SU-2025:0476-1: important: Security update for chromium
openSUSE-SU-2025:0475-1: important: Security update for chromium
SUSE-SU-2025:4493-1: important: Security update for mariadb
SUSE-SU-2025:4494-1: important: Security update for libpng16
openSUSE-SU-2025:15828-1: moderate: libruby3_4-3_4-3.4.8-1.1 on GA media
openSUSE-SU-2025:15826-1: moderate: coredns-for-k8s1.34-1.12.1-2.1 on GA media
openSUSE-SU-2025:15827-1: moderate: rsync-3.4.1-4.1 on GA media
openSUSE-SU-2025:15825-1: moderate: coredns-for-k8s1.33-1.12.0-2.1 on GA media
SUSE-SU-2025:4490-1: moderate: Security update for xen
SUSE-SU-2025:4491-1: important: Security update for mariadb
SUSE-SU-2025:4489-1: moderate: Security update for netty




openSUSE-SU-2025:0476-1: important: Security update for chromium


openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2025:0476-1
Rating: important
References: #1255115
Cross-References: CVE-2025-14174 CVE-2025-14765 CVE-2025-14766

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

- Chromium 143.0.7499.146 (boo#1255115):
* CVE-2025-14765: Use after free in WebGPU
* CVE-2025-14766: Out of bounds read and write in V8

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2025-476=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le x86_64):

chromedriver-143.0.7499.146-bp157.2.94.1
chromium-143.0.7499.146-bp157.2.94.1

References:

https://www.suse.com/security/cve/CVE-2025-14174.html
https://www.suse.com/security/cve/CVE-2025-14765.html
https://www.suse.com/security/cve/CVE-2025-14766.html
https://bugzilla.suse.com/1255115



openSUSE-SU-2025:0475-1: important: Security update for chromium


openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2025:0475-1
Rating: important
References: #1254776 #1255115
Cross-References: CVE-2025-14174 CVE-2025-14372 CVE-2025-14373
CVE-2025-14765 CVE-2025-14766
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes 5 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

- Chromium 143.0.7499.146 (boo#1255115):
* CVE-2025-14765: Use after free in WebGPU
* CVE-2025-14766: Out of bounds read and write in V8

- Chromium 143.0.7499.109 (boo#1254776):
* CVE-2025-14372: Use after free in Password Manager
* CVE-2025-14373: Inappropriate implementation in Toolbar
* CVE-2025-14174: Out of bounds memory access in ANGLE

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-475=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le x86_64):

chromedriver-143.0.7499.146-bp156.2.209.1
chromium-143.0.7499.146-bp156.2.209.1

References:

https://www.suse.com/security/cve/CVE-2025-14174.html
https://www.suse.com/security/cve/CVE-2025-14372.html
https://www.suse.com/security/cve/CVE-2025-14373.html
https://www.suse.com/security/cve/CVE-2025-14765.html
https://www.suse.com/security/cve/CVE-2025-14766.html
https://bugzilla.suse.com/1254776
https://bugzilla.suse.com/1255115



SUSE-SU-2025:4493-1: important: Security update for mariadb


# Security update for mariadb

Announcement ID: SUSE-SU-2025:4493-1
Release Date: 2025-12-19T13:01:18Z
Rating: important
References:

* bsc#1254313

Cross-References:

* CVE-2025-13699

CVSS scores:

* CVE-2025-13699 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-13699 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Galera for Ericsson 15 SP4
* Galera for Ericsson 15 SP5
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Proxy 4.3 LTS
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Retail Branch Server 4.3 LTS
* SUSE Manager Server 4.3
* SUSE Manager Server 4.3 LTS

An update that solves one vulnerability can now be installed.

## Description:

This update for mariadb fixes the following issues:

* CVE-2025-13699: Fixed MariaDB mariadb-dump utility vulnerable to Path
Traversal and Remote Code Execution (bsc#1254313)

Other fixes:

* Update to 10.6.24

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4493=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4493=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4493=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4493=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4493=1

* Galera for Ericsson 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-ERICSSON-2025-4493=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4493=1

* Galera for Ericsson 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-ERICSSON-2025-4493=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4493=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4493=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4493=1

* SUSE Manager Proxy 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-4493=1

* SUSE Manager Retail Branch Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-LTS-2025-4493=1

* SUSE Manager Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-4493=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* mariadb-debugsource-10.6.24-150400.3.43.1
* mariadb-galera-10.6.24-150400.3.43.1
* mariadb-bench-10.6.24-150400.3.43.1
* mariadb-debuginfo-10.6.24-150400.3.43.1
* mariadb-client-debuginfo-10.6.24-150400.3.43.1
* libmariadbd-devel-10.6.24-150400.3.43.1
* mariadb-10.6.24-150400.3.43.1
* mariadb-test-10.6.24-150400.3.43.1
* mariadb-tools-10.6.24-150400.3.43.1
* mariadb-client-10.6.24-150400.3.43.1
* libmariadbd19-10.6.24-150400.3.43.1
* mariadb-tools-debuginfo-10.6.24-150400.3.43.1
* mariadb-test-debuginfo-10.6.24-150400.3.43.1
* mariadb-bench-debuginfo-10.6.24-150400.3.43.1
* mariadb-rpm-macros-10.6.24-150400.3.43.1
* libmariadbd19-debuginfo-10.6.24-150400.3.43.1
* openSUSE Leap 15.4 (noarch)
* mariadb-errormessages-10.6.24-150400.3.43.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* mariadb-debugsource-10.6.24-150400.3.43.1
* mariadb-debuginfo-10.6.24-150400.3.43.1
* mariadb-client-debuginfo-10.6.24-150400.3.43.1
* libmariadbd-devel-10.6.24-150400.3.43.1
* mariadb-10.6.24-150400.3.43.1
* mariadb-tools-10.6.24-150400.3.43.1
* mariadb-client-10.6.24-150400.3.43.1
* libmariadbd19-10.6.24-150400.3.43.1
* mariadb-tools-debuginfo-10.6.24-150400.3.43.1
* libmariadbd19-debuginfo-10.6.24-150400.3.43.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* mariadb-errormessages-10.6.24-150400.3.43.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* mariadb-debugsource-10.6.24-150400.3.43.1
* mariadb-debuginfo-10.6.24-150400.3.43.1
* mariadb-client-debuginfo-10.6.24-150400.3.43.1
* libmariadbd-devel-10.6.24-150400.3.43.1
* mariadb-10.6.24-150400.3.43.1
* mariadb-tools-10.6.24-150400.3.43.1
* mariadb-client-10.6.24-150400.3.43.1
* libmariadbd19-10.6.24-150400.3.43.1
* mariadb-tools-debuginfo-10.6.24-150400.3.43.1
* libmariadbd19-debuginfo-10.6.24-150400.3.43.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* mariadb-errormessages-10.6.24-150400.3.43.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* mariadb-debugsource-10.6.24-150400.3.43.1
* mariadb-debuginfo-10.6.24-150400.3.43.1
* mariadb-client-debuginfo-10.6.24-150400.3.43.1
* libmariadbd-devel-10.6.24-150400.3.43.1
* mariadb-10.6.24-150400.3.43.1
* mariadb-tools-10.6.24-150400.3.43.1
* mariadb-client-10.6.24-150400.3.43.1
* libmariadbd19-10.6.24-150400.3.43.1
* mariadb-tools-debuginfo-10.6.24-150400.3.43.1
* libmariadbd19-debuginfo-10.6.24-150400.3.43.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* mariadb-errormessages-10.6.24-150400.3.43.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* mariadb-debugsource-10.6.24-150400.3.43.1
* mariadb-debuginfo-10.6.24-150400.3.43.1
* mariadb-client-debuginfo-10.6.24-150400.3.43.1
* libmariadbd-devel-10.6.24-150400.3.43.1
* mariadb-10.6.24-150400.3.43.1
* mariadb-tools-10.6.24-150400.3.43.1
* mariadb-client-10.6.24-150400.3.43.1
* libmariadbd19-10.6.24-150400.3.43.1
* mariadb-tools-debuginfo-10.6.24-150400.3.43.1
* libmariadbd19-debuginfo-10.6.24-150400.3.43.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* mariadb-errormessages-10.6.24-150400.3.43.1
* Galera for Ericsson 15 SP4 (x86_64)
* mariadb-galera-10.6.24-150400.3.43.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* mariadb-debugsource-10.6.24-150400.3.43.1
* mariadb-debuginfo-10.6.24-150400.3.43.1
* mariadb-client-debuginfo-10.6.24-150400.3.43.1
* libmariadbd-devel-10.6.24-150400.3.43.1
* mariadb-10.6.24-150400.3.43.1
* mariadb-tools-10.6.24-150400.3.43.1
* mariadb-client-10.6.24-150400.3.43.1
* libmariadbd19-10.6.24-150400.3.43.1
* mariadb-tools-debuginfo-10.6.24-150400.3.43.1
* libmariadbd19-debuginfo-10.6.24-150400.3.43.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* mariadb-errormessages-10.6.24-150400.3.43.1
* Galera for Ericsson 15 SP5 (x86_64)
* mariadb-debugsource-10.6.24-150400.3.43.1
* mariadb-debuginfo-10.6.24-150400.3.43.1
* mariadb-galera-10.6.24-150400.3.43.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* mariadb-debugsource-10.6.24-150400.3.43.1
* mariadb-debuginfo-10.6.24-150400.3.43.1
* mariadb-client-debuginfo-10.6.24-150400.3.43.1
* libmariadbd-devel-10.6.24-150400.3.43.1
* mariadb-10.6.24-150400.3.43.1
* mariadb-tools-10.6.24-150400.3.43.1
* mariadb-client-10.6.24-150400.3.43.1
* libmariadbd19-10.6.24-150400.3.43.1
* mariadb-tools-debuginfo-10.6.24-150400.3.43.1
* libmariadbd19-debuginfo-10.6.24-150400.3.43.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* mariadb-errormessages-10.6.24-150400.3.43.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* mariadb-debugsource-10.6.24-150400.3.43.1
* mariadb-debuginfo-10.6.24-150400.3.43.1
* mariadb-client-debuginfo-10.6.24-150400.3.43.1
* libmariadbd-devel-10.6.24-150400.3.43.1
* mariadb-10.6.24-150400.3.43.1
* mariadb-tools-10.6.24-150400.3.43.1
* mariadb-client-10.6.24-150400.3.43.1
* libmariadbd19-10.6.24-150400.3.43.1
* mariadb-tools-debuginfo-10.6.24-150400.3.43.1
* libmariadbd19-debuginfo-10.6.24-150400.3.43.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* mariadb-errormessages-10.6.24-150400.3.43.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* mariadb-debugsource-10.6.24-150400.3.43.1
* mariadb-debuginfo-10.6.24-150400.3.43.1
* mariadb-client-debuginfo-10.6.24-150400.3.43.1
* libmariadbd-devel-10.6.24-150400.3.43.1
* mariadb-10.6.24-150400.3.43.1
* mariadb-tools-10.6.24-150400.3.43.1
* mariadb-client-10.6.24-150400.3.43.1
* libmariadbd19-10.6.24-150400.3.43.1
* mariadb-tools-debuginfo-10.6.24-150400.3.43.1
* libmariadbd19-debuginfo-10.6.24-150400.3.43.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* mariadb-errormessages-10.6.24-150400.3.43.1
* SUSE Manager Proxy 4.3 LTS (x86_64)
* mariadb-debugsource-10.6.24-150400.3.43.1
* mariadb-debuginfo-10.6.24-150400.3.43.1
* mariadb-client-debuginfo-10.6.24-150400.3.43.1
* libmariadbd-devel-10.6.24-150400.3.43.1
* mariadb-10.6.24-150400.3.43.1
* mariadb-tools-10.6.24-150400.3.43.1
* mariadb-client-10.6.24-150400.3.43.1
* libmariadbd19-10.6.24-150400.3.43.1
* mariadb-tools-debuginfo-10.6.24-150400.3.43.1
* libmariadbd19-debuginfo-10.6.24-150400.3.43.1
* SUSE Manager Proxy 4.3 LTS (noarch)
* mariadb-errormessages-10.6.24-150400.3.43.1
* SUSE Manager Retail Branch Server 4.3 LTS (x86_64)
* mariadb-debugsource-10.6.24-150400.3.43.1
* mariadb-debuginfo-10.6.24-150400.3.43.1
* mariadb-client-debuginfo-10.6.24-150400.3.43.1
* libmariadbd-devel-10.6.24-150400.3.43.1
* mariadb-10.6.24-150400.3.43.1
* mariadb-tools-10.6.24-150400.3.43.1
* mariadb-client-10.6.24-150400.3.43.1
* libmariadbd19-10.6.24-150400.3.43.1
* mariadb-tools-debuginfo-10.6.24-150400.3.43.1
* libmariadbd19-debuginfo-10.6.24-150400.3.43.1
* SUSE Manager Retail Branch Server 4.3 LTS (noarch)
* mariadb-errormessages-10.6.24-150400.3.43.1
* SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64)
* mariadb-debugsource-10.6.24-150400.3.43.1
* mariadb-debuginfo-10.6.24-150400.3.43.1
* mariadb-client-debuginfo-10.6.24-150400.3.43.1
* libmariadbd-devel-10.6.24-150400.3.43.1
* mariadb-10.6.24-150400.3.43.1
* mariadb-tools-10.6.24-150400.3.43.1
* mariadb-client-10.6.24-150400.3.43.1
* libmariadbd19-10.6.24-150400.3.43.1
* mariadb-tools-debuginfo-10.6.24-150400.3.43.1
* libmariadbd19-debuginfo-10.6.24-150400.3.43.1
* SUSE Manager Server 4.3 LTS (noarch)
* mariadb-errormessages-10.6.24-150400.3.43.1

## References:

* https://www.suse.com/security/cve/CVE-2025-13699.html
* https://bugzilla.suse.com/show_bug.cgi?id=1254313



SUSE-SU-2025:4494-1: important: Security update for libpng16


# Security update for libpng16

Announcement ID: SUSE-SU-2025:4494-1
Release Date: 2025-12-19T13:14:28Z
Rating: important
References:

* bsc#1254157
* bsc#1254158
* bsc#1254159
* bsc#1254160
* bsc#1254480

Cross-References:

* CVE-2025-64505
* CVE-2025-64506
* CVE-2025-64720
* CVE-2025-65018
* CVE-2025-66293

CVSS scores:

* CVE-2025-64505 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-64505 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-64505 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2025-64506 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-64506 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-64506 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2025-64720 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-64720 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-64720 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2025-65018 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-65018 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-65018 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
* CVE-2025-66293 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-66293 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2025-66293 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves five vulnerabilities can now be installed.

## Description:

This update for libpng16 fixes the following issues:

* CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered
via `png_image_finish_read` (bsc#1254160)
* CVE-2025-66293: Fixed LIBPNG out-of-bounds read in
`png_image_read_composite` (bsc#1254480)
* CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with
8-bit input and `convert_to_8bit` enabled (bsc#1254158)
* CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via
incorrect palette premultiplication (bsc#1254159)
* CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via
malformed palette index (bsc#1254157)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-4494=1 openSUSE-SLE-15.6-2025-4494=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4494=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4494=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libpng16-tools-debuginfo-1.6.40-150600.3.3.1
* libpng16-16-1.6.40-150600.3.3.1
* libpng16-16-debuginfo-1.6.40-150600.3.3.1
* libpng16-compat-devel-1.6.40-150600.3.3.1
* libpng16-devel-1.6.40-150600.3.3.1
* libpng16-tools-1.6.40-150600.3.3.1
* libpng16-debugsource-1.6.40-150600.3.3.1
* openSUSE Leap 15.6 (x86_64)
* libpng16-compat-devel-32bit-1.6.40-150600.3.3.1
* libpng16-devel-32bit-1.6.40-150600.3.3.1
* libpng16-16-32bit-1.6.40-150600.3.3.1
* libpng16-16-32bit-debuginfo-1.6.40-150600.3.3.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libpng16-16-64bit-debuginfo-1.6.40-150600.3.3.1
* libpng16-compat-devel-64bit-1.6.40-150600.3.3.1
* libpng16-16-64bit-1.6.40-150600.3.3.1
* libpng16-devel-64bit-1.6.40-150600.3.3.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libpng16-16-1.6.40-150600.3.3.1
* libpng16-16-debuginfo-1.6.40-150600.3.3.1
* libpng16-compat-devel-1.6.40-150600.3.3.1
* libpng16-devel-1.6.40-150600.3.3.1
* libpng16-debugsource-1.6.40-150600.3.3.1
* Basesystem Module 15-SP6 (x86_64)
* libpng16-16-32bit-1.6.40-150600.3.3.1
* libpng16-16-32bit-debuginfo-1.6.40-150600.3.3.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libpng16-16-1.6.40-150600.3.3.1
* libpng16-16-debuginfo-1.6.40-150600.3.3.1
* libpng16-compat-devel-1.6.40-150600.3.3.1
* libpng16-devel-1.6.40-150600.3.3.1
* libpng16-debugsource-1.6.40-150600.3.3.1
* Basesystem Module 15-SP7 (x86_64)
* libpng16-16-32bit-1.6.40-150600.3.3.1
* libpng16-16-32bit-debuginfo-1.6.40-150600.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2025-64505.html
* https://www.suse.com/security/cve/CVE-2025-64506.html
* https://www.suse.com/security/cve/CVE-2025-64720.html
* https://www.suse.com/security/cve/CVE-2025-65018.html
* https://www.suse.com/security/cve/CVE-2025-66293.html
* https://bugzilla.suse.com/show_bug.cgi?id=1254157
* https://bugzilla.suse.com/show_bug.cgi?id=1254158
* https://bugzilla.suse.com/show_bug.cgi?id=1254159
* https://bugzilla.suse.com/show_bug.cgi?id=1254160
* https://bugzilla.suse.com/show_bug.cgi?id=1254480



openSUSE-SU-2025:15828-1: moderate: libruby3_4-3_4-3.4.8-1.1 on GA media


# libruby3_4-3_4-3.4.8-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15828-1
Rating: moderate

Cross-References:

* CVE-2025-58767

CVSS scores:

* CVE-2025-58767 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58767 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libruby3_4-3_4-3.4.8-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libruby3_4-3_4 3.4.8-1.1
* ruby3.4 3.4.8-1.1
* ruby3.4-devel 3.4.8-1.1
* ruby3.4-devel-extra 3.4.8-1.1
* ruby3.4-doc 3.4.8-1.1
* ruby3.4-doc-ri 3.4.8-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-58767.html



openSUSE-SU-2025:15826-1: moderate: coredns-for-k8s1.34-1.12.1-2.1 on GA media


# coredns-for-k8s1.34-1.12.1-2.1 on GA media

Announcement ID: openSUSE-SU-2025:15826-1
Rating: moderate

Cross-References:

* CVE-2025-68156

CVSS scores:

* CVE-2025-68156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68156 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the coredns-for-k8s1.34-1.12.1-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* coredns-for-k8s1.34 1.12.1-2.1
* coredns-for-k8s1.34-extras 1.12.1-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-68156.html



openSUSE-SU-2025:15827-1: moderate: rsync-3.4.1-4.1 on GA media


# rsync-3.4.1-4.1 on GA media

Announcement ID: openSUSE-SU-2025:15827-1
Rating: moderate

Cross-References:

* CVE-2025-10158

CVSS scores:

* CVE-2025-10158 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the rsync-3.4.1-4.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* rsync 3.4.1-4.1

## References:

* https://www.suse.com/security/cve/CVE-2025-10158.html



openSUSE-SU-2025:15825-1: moderate: coredns-for-k8s1.33-1.12.0-2.1 on GA media


# coredns-for-k8s1.33-1.12.0-2.1 on GA media

Announcement ID: openSUSE-SU-2025:15825-1
Rating: moderate

Cross-References:

* CVE-2025-68156

CVSS scores:

* CVE-2025-68156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68156 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the coredns-for-k8s1.33-1.12.0-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* coredns-for-k8s1.33 1.12.0-2.1
* coredns-for-k8s1.33-extras 1.12.0-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-68156.html



SUSE-SU-2025:4490-1: moderate: Security update for xen


# Security update for xen

Announcement ID: SUSE-SU-2025:4490-1
Release Date: 2025-12-19T11:17:13Z
Rating: moderate
References:

* bsc#1027519
* bsc#1252692
* bsc#1254180

Cross-References:

* CVE-2025-58149

CVSS scores:

* CVE-2025-58149 ( SUSE ): 4.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
* CVE-2025-58149 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-58149 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise Micro 5.5

An update that solves one vulnerability and has two security fixes can now be
installed.

## Description:

This update for xen fixes the following issues:

Update to Xen 4.17.6.

Security issues fixed:

* CVE-2025-58149: incorrect removal of permissions on PCI device unplug allows
PV guests to access memory of devices no longer assigned to them
(bsc#1252692).

Other issues fixed:

* Several upstream bug fixes (bsc#1027519).
* Failure to restart xenstored (bsc#1254180).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-4490=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-4490=1

## Package List:

* openSUSE Leap 15.5 (aarch64 x86_64 i586)
* xen-tools-domU-debuginfo-4.17.6_02-150500.3.56.1
* xen-debugsource-4.17.6_02-150500.3.56.1
* xen-devel-4.17.6_02-150500.3.56.1
* xen-libs-debuginfo-4.17.6_02-150500.3.56.1
* xen-libs-4.17.6_02-150500.3.56.1
* xen-tools-domU-4.17.6_02-150500.3.56.1
* openSUSE Leap 15.5 (x86_64)
* xen-libs-32bit-debuginfo-4.17.6_02-150500.3.56.1
* xen-libs-32bit-4.17.6_02-150500.3.56.1
* openSUSE Leap 15.5 (aarch64 x86_64)
* xen-tools-4.17.6_02-150500.3.56.1
* xen-doc-html-4.17.6_02-150500.3.56.1
* xen-4.17.6_02-150500.3.56.1
* xen-tools-debuginfo-4.17.6_02-150500.3.56.1
* openSUSE Leap 15.5 (noarch)
* xen-tools-xendomains-wait-disk-4.17.6_02-150500.3.56.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* xen-libs-64bit-debuginfo-4.17.6_02-150500.3.56.1
* xen-libs-64bit-4.17.6_02-150500.3.56.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* xen-libs-debuginfo-4.17.6_02-150500.3.56.1
* xen-debugsource-4.17.6_02-150500.3.56.1
* xen-libs-4.17.6_02-150500.3.56.1

## References:

* https://www.suse.com/security/cve/CVE-2025-58149.html
* https://bugzilla.suse.com/show_bug.cgi?id=1027519
* https://bugzilla.suse.com/show_bug.cgi?id=1252692
* https://bugzilla.suse.com/show_bug.cgi?id=1254180



SUSE-SU-2025:4491-1: important: Security update for mariadb


# Security update for mariadb

Announcement ID: SUSE-SU-2025:4491-1
Release Date: 2025-12-19T11:40:50Z
Rating: important
References:

* bsc#1239150
* bsc#1239151
* bsc#1243356
* bsc#1249212
* bsc#1249213
* bsc#1254313

Cross-References:

* CVE-2023-52969
* CVE-2023-52970
* CVE-2025-13699
* CVE-2025-21490
* CVE-2025-30693
* CVE-2025-30722

CVSS scores:

* CVE-2023-52969 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52969 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52970 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52970 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-13699 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-13699 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21490 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21490 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21490 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-30693 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-30693 ( NVD ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-30722 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-30722 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* Galera for Ericsson 15 SP3
* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves six vulnerabilities can now be installed.

## Description:

This update for mariadb fixes the following issues:

Update to version 10.5.29.

Release notes and changelog:

* https://mariadb.com/kb/en/mariadb-10-5-29-release-notes/
* https://mariadb.com/kb/en/mariadb-10-5-29-changelog/
* https://mariadb.com/kb/en/mariadb-10-5-28-release-notes/
* https://mariadb.com/kb/en/mariadb-10-5-28-changelog/

Security issues fixed:

* Version 10.5.28:
* CVE-2025-21490: InnoDB issue allows high privileged attacker with network
access to cause a hang or frequently repeatable crash of MySQL Server
(bsc#1243356).

* Version 10.5.29:

* CVE-2025-30693: InnoDB issue allows high privileged attacker with network
access to gain unauthorized update, insert or delete access to data and
cause repeatable crash in MySQL server (bsc#1249213).
* CVE-2025-30722: mysqldump issue allows low privileged attacker with network
access to gain unauthorized update, insert or delete access to data in MySQL
Client (bsc#1249212).
* CVE-2023-52969: crash with empty backtrace log in MariaDB Server
(bsc#1239150).
* CVE-2023-52970: crash in MariaDB Server when inserting from derived table
containing insert target table (bsc#1239151).

* CVE-2025-13699: lack of proper validation of a user-supplied path prior to
using it in file operations allows an attacker to execute code in the
context of the current user (bsc#1254313).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-4491=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4491=1

* Galera for Ericsson 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-ERICSSON-2025-4491=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4491=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4491=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-4491=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* mariadb-debugsource-10.5.29-150300.3.55.1
* mariadb-client-debuginfo-10.5.29-150300.3.55.1
* libmariadbd19-10.5.29-150300.3.55.1
* mariadb-test-10.5.29-150300.3.55.1
* mariadb-bench-10.5.29-150300.3.55.1
* libmariadbd19-debuginfo-10.5.29-150300.3.55.1
* mariadb-tools-10.5.29-150300.3.55.1
* mariadb-10.5.29-150300.3.55.1
* mariadb-debuginfo-10.5.29-150300.3.55.1
* mariadb-client-10.5.29-150300.3.55.1
* mariadb-tools-debuginfo-10.5.29-150300.3.55.1
* mariadb-test-debuginfo-10.5.29-150300.3.55.1
* libmariadbd-devel-10.5.29-150300.3.55.1
* mariadb-galera-10.5.29-150300.3.55.1
* mariadb-bench-debuginfo-10.5.29-150300.3.55.1
* mariadb-rpm-macros-10.5.29-150300.3.55.1
* openSUSE Leap 15.3 (noarch)
* mariadb-errormessages-10.5.29-150300.3.55.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* mariadb-debugsource-10.5.29-150300.3.55.1
* mariadb-client-debuginfo-10.5.29-150300.3.55.1
* libmariadbd19-10.5.29-150300.3.55.1
* libmariadbd19-debuginfo-10.5.29-150300.3.55.1
* mariadb-tools-10.5.29-150300.3.55.1
* mariadb-10.5.29-150300.3.55.1
* mariadb-debuginfo-10.5.29-150300.3.55.1
* mariadb-client-10.5.29-150300.3.55.1
* mariadb-tools-debuginfo-10.5.29-150300.3.55.1
* libmariadbd-devel-10.5.29-150300.3.55.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* mariadb-errormessages-10.5.29-150300.3.55.1
* Galera for Ericsson 15 SP3 (x86_64)
* mariadb-galera-10.5.29-150300.3.55.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* mariadb-debugsource-10.5.29-150300.3.55.1
* mariadb-client-debuginfo-10.5.29-150300.3.55.1
* libmariadbd19-10.5.29-150300.3.55.1
* libmariadbd19-debuginfo-10.5.29-150300.3.55.1
* mariadb-tools-10.5.29-150300.3.55.1
* mariadb-10.5.29-150300.3.55.1
* mariadb-debuginfo-10.5.29-150300.3.55.1
* mariadb-client-10.5.29-150300.3.55.1
* mariadb-tools-debuginfo-10.5.29-150300.3.55.1
* libmariadbd-devel-10.5.29-150300.3.55.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* mariadb-errormessages-10.5.29-150300.3.55.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* mariadb-debugsource-10.5.29-150300.3.55.1
* mariadb-client-debuginfo-10.5.29-150300.3.55.1
* libmariadbd19-10.5.29-150300.3.55.1
* libmariadbd19-debuginfo-10.5.29-150300.3.55.1
* mariadb-tools-10.5.29-150300.3.55.1
* mariadb-10.5.29-150300.3.55.1
* mariadb-debuginfo-10.5.29-150300.3.55.1
* mariadb-client-10.5.29-150300.3.55.1
* mariadb-tools-debuginfo-10.5.29-150300.3.55.1
* libmariadbd-devel-10.5.29-150300.3.55.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* mariadb-errormessages-10.5.29-150300.3.55.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* mariadb-debugsource-10.5.29-150300.3.55.1
* mariadb-client-debuginfo-10.5.29-150300.3.55.1
* libmariadbd19-10.5.29-150300.3.55.1
* libmariadbd19-debuginfo-10.5.29-150300.3.55.1
* mariadb-tools-10.5.29-150300.3.55.1
* mariadb-10.5.29-150300.3.55.1
* mariadb-debuginfo-10.5.29-150300.3.55.1
* mariadb-client-10.5.29-150300.3.55.1
* mariadb-tools-debuginfo-10.5.29-150300.3.55.1
* libmariadbd-devel-10.5.29-150300.3.55.1
* SUSE Enterprise Storage 7.1 (noarch)
* mariadb-errormessages-10.5.29-150300.3.55.1

## References:

* https://www.suse.com/security/cve/CVE-2023-52969.html
* https://www.suse.com/security/cve/CVE-2023-52970.html
* https://www.suse.com/security/cve/CVE-2025-13699.html
* https://www.suse.com/security/cve/CVE-2025-21490.html
* https://www.suse.com/security/cve/CVE-2025-30693.html
* https://www.suse.com/security/cve/CVE-2025-30722.html
* https://bugzilla.suse.com/show_bug.cgi?id=1239150
* https://bugzilla.suse.com/show_bug.cgi?id=1239151
* https://bugzilla.suse.com/show_bug.cgi?id=1243356
* https://bugzilla.suse.com/show_bug.cgi?id=1249212
* https://bugzilla.suse.com/show_bug.cgi?id=1249213
* https://bugzilla.suse.com/show_bug.cgi?id=1254313



SUSE-SU-2025:4489-1: moderate: Security update for netty


# Security update for netty

Announcement ID: SUSE-SU-2025:4489-1
Release Date: 2025-12-19T11:02:03Z
Rating: moderate
References:

* bsc#1255048

Cross-References:

* CVE-2025-67735

CVSS scores:

* CVE-2025-67735 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-67735 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-67735 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for netty fixes the following issues:

Update to upstream version 4.1.130.

Security issues fixed:

* CVE-2025-67735: lack of URI sanitization in `HttpRequestEncoder` allows for
CRLF injection through a request URI and can lead to request smuggling
(bsc#1255048).

Other updates and bugfixes:

* Version 4.1.130:
* Update `lz4-java` version to 1.10.1
* Close `Channel` and fail bootstrap when setting a `ChannelOption` causes an
error
* Discard the following `HttpContent` for preflight request
* Fix race condition in `NonStickyEventExecutorGroup` causing incorrect
`inEventLoop()` results
* Fix Zstd compression for large data
* Fix `ZstdEncoder` not producing data when source is smaller than block
* Make big endian ASCII hashcode consistent with little endian
* Fix reentrancy bug in `ByteToMessageDecoder`
* Add 32k and 64k size classes to adaptive allocator
* Re-enable reflective field accesses in native images
* Correct HTTP/2 padding length check
* Fix HTTP startline validation
* Fix `MpscIntQueue` bug

* Build against the `org.jboss:jdk-misc` artifact that is implementing the
`sun.misc` classes removed in Java 25

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4489=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4489=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* netty-4.1.130-150200.4.40.1
* openSUSE Leap 15.6 (noarch)
* netty-javadoc-4.1.130-150200.4.40.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* netty-4.1.130-150200.4.40.1
* SUSE Package Hub 15 15-SP7 (noarch)
* netty-javadoc-4.1.130-150200.4.40.1

## References:

* https://www.suse.com/security/cve/CVE-2025-67735.html
* https://bugzilla.suse.com/show_bug.cgi?id=1255048


PHP update for Slackware

Linux Kernel updates for Ubuntu

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...