Several security updates have been released for SUSE Linux, including updates for Chromium, OpenSSL, and the Linux kernel. Other updated packages include go1.25-openssl and various applications (forgejo, distrobuilder, weblate, gitea-tea, headscale, and ruby3.4-rubygem-rack), as well as open-vm-tools and podman. These updates are considered important or moderate in severity, indicating that they address significant security vulnerabilities or other critical issues.

openSUSE-SU-2025:0389-1: important: Security update for chromium
SUSE-SU-2025:03522-1: important: Security update for openssl-1_1-livepatches
SUSE-SU-2025:03525-1: moderate: Security update for go1.25-openssl
openSUSE-SU-2025:15618-1: moderate: forgejo-longterm-11.0.6-2.1 on GA media
openSUSE-SU-2025:15616-1: moderate: distrobuilder-3.2-4.1 on GA media
openSUSE-SU-2025:15615-1: moderate: weblate-5.13.3-1.1 on GA media
openSUSE-SU-2025:15619-1: moderate: gitea-tea-0.11.0-2.1 on GA media
openSUSE-SU-2025:15621-1: moderate: ruby3.4-rubygem-rack-2.2-2.2.19-1.1 on GA media
openSUSE-SU-2025:15620-1: moderate: headscale-0.26.1-2.1 on GA media
openSUSE-SU-2025:15617-1: moderate: forgejo-12.0.4-2.1 on GA media
SUSE-SU-2025:03538-1: important: Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)
SUSE-SU-2025:03539-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)
SUSE-SU-2025:03535-1: important: Security update for open-vm-tools
SUSE-SU-2025:03528-1: important: Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)
SUSE-SU-2025:03529-1: important: Security update for the Linux Kernel (Live Patch 56 for SLE 15 SP3)
SUSE-SU-2025:03534-1: important: Security update for podman

openSUSE-SU-2025:0389-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2025:0389-1
Rating: important
References: #1251334
Cross-References: CVE-2025-11211 CVE-2025-11458 CVE-2025-11460

Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Chromium 141.0.7390.65 (boo#1251334):

* CVE-2025-11458: Heap buffer overflow in Sync
* CVE-2025-11460: Use after free in Storage
* CVE-2025-11211: Out of bounds read in WebCodecs

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-389=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le x86_64):

chromedriver-141.0.7390.65-bp156.2.179.1
chromium-141.0.7390.65-bp156.2.179.1

References:

https://www.suse.com/security/cve/CVE-2025-11211.html
https://www.suse.com/security/cve/CVE-2025-11458.html
https://www.suse.com/security/cve/CVE-2025-11460.html
https://bugzilla.suse.com/1251334

SUSE-SU-2025:03522-1: important: Security update for openssl-1_1-livepatches

# Security update for openssl-1_1-livepatches

Announcement ID: SUSE-SU-2025:03522-1
Release Date: 2025-10-10T07:23:10Z
Rating: important
References:

* bsc#1250410

Cross-References:

* CVE-2025-9230

CVSS scores:

* CVE-2025-9230 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-9230 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-9230 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for openssl-1_1-livepatches fixes the following issues:

* Add livepatch for CVE-2025-9230 (bsc#1250410).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3522=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3522=1

## Package List:

* openSUSE Leap 15.5 (x86_64)
* openssl-1_1-livepatches-debugsource-0.5-150500.6.11.1
* openssl-1_1-livepatches-debuginfo-0.5-150500.6.11.1
* openssl-1_1-livepatches-0.5-150500.6.11.1
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* openssl-1_1-livepatches-debugsource-0.5-150500.6.11.1
* openssl-1_1-livepatches-debuginfo-0.5-150500.6.11.1
* openssl-1_1-livepatches-0.5-150500.6.11.1

## References:

* https://www.suse.com/security/cve/CVE-2025-9230.html
* https://bugzilla.suse.com/show_bug.cgi?id=1250410

SUSE-SU-2025:03525-1: moderate: Security update for go1.25-openssl

# Security update for go1.25-openssl

Announcement ID: SUSE-SU-2025:03525-1
Release Date: 2025-10-10T10:33:25Z
Rating: moderate
References:

* bsc#1244485
* bsc#1249141
* jsc#SLE-18320

Cross-References:

* CVE-2025-47910

CVSS scores:

* CVE-2025-47910 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2025-47910 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products:

* Development Tools Module 15-SP6
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability, contains one feature and has one
security fix can now be installed.

## Description:

This update for go1.25-openssl fixes the following issues:

Update to version 1.25.1, released 2025-09-03 (bsc#1244485).

Security issues fixed:

* CVE-2025-47910: net/http: `CrossOriginProtection` insecure bypass patterns
not limited to exact matches (bsc#1249141).

Other issues fixed:

* go#74822 cmd/go: "get toolchain@latest" should ignore release candidates
* go#74999 net: WriteMsgUDPAddrPort should accept IPv4-mapped IPv6 destination
addresses on IPv4 UDP sockets
* go#75008 os/exec: TestLookPath fails on plan9 after CL 685755
* go#75021 testing/synctest: bubble not terminating
* go#75083 os: File.Seek doesn't set the correct offset with Windows
overlapped handles

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3525=1 SUSE-2025-3525=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-3525=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-3525=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* go1.25-openssl-1.25.1-150600.13.6.1
* go1.25-openssl-debuginfo-1.25.1-150600.13.6.1
* go1.25-openssl-doc-1.25.1-150600.13.6.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.25-openssl-race-1.25.1-150600.13.6.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* go1.25-openssl-1.25.1-150600.13.6.1
* go1.25-openssl-race-1.25.1-150600.13.6.1
* go1.25-openssl-debuginfo-1.25.1-150600.13.6.1
* go1.25-openssl-doc-1.25.1-150600.13.6.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* go1.25-openssl-1.25.1-150600.13.6.1
* go1.25-openssl-race-1.25.1-150600.13.6.1
* go1.25-openssl-debuginfo-1.25.1-150600.13.6.1
* go1.25-openssl-doc-1.25.1-150600.13.6.1

## References:

* https://www.suse.com/security/cve/CVE-2025-47910.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244485
* https://bugzilla.suse.com/show_bug.cgi?id=1249141
* https://jira.suse.com/browse/SLE-18320

openSUSE-SU-2025:15618-1: moderate: forgejo-longterm-11.0.6-2.1 on GA media

# forgejo-longterm-11.0.6-2.1 on GA media

Announcement ID: openSUSE-SU-2025:15618-1
Rating: moderate

Cross-References:

* CVE-2025-47911
* CVE-2025-58190

CVSS scores:

* CVE-2025-47911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-47911 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58190 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the forgejo-longterm-11.0.6-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* forgejo-longterm 11.0.6-2.1
* forgejo-longterm-apparmor 11.0.6-2.1
* forgejo-longterm-environment-to-ini 11.0.6-2.1
* forgejo-longterm-firewalld 11.0.6-2.1
* forgejo-longterm-selinux 11.0.6-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-47911.html
* https://www.suse.com/security/cve/CVE-2025-58190.html

openSUSE-SU-2025:15616-1: moderate: distrobuilder-3.2-4.1 on GA media

# distrobuilder-3.2-4.1 on GA media

Announcement ID: openSUSE-SU-2025:15616-1
Rating: moderate

Cross-References:

* CVE-2025-47911
* CVE-2025-58190

CVSS scores:

* CVE-2025-47911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-47911 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58190 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the distrobuilder-3.2-4.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* distrobuilder 3.2-4.1

## References:

* https://www.suse.com/security/cve/CVE-2025-47911.html
* https://www.suse.com/security/cve/CVE-2025-58190.html

openSUSE-SU-2025:15615-1: moderate: weblate-5.13.3-1.1 on GA media

# weblate-5.13.3-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15615-1
Rating: moderate

Cross-References:

* CVE-2025-61587

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the weblate-5.13.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* weblate 5.13.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-61587.html

openSUSE-SU-2025:15619-1: moderate: gitea-tea-0.11.0-2.1 on GA media

# gitea-tea-0.11.0-2.1 on GA media

Announcement ID: openSUSE-SU-2025:15619-1
Rating: moderate

Cross-References:

* CVE-2025-47911
* CVE-2025-58190

CVSS scores:

* CVE-2025-47911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-47911 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58190 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the gitea-tea-0.11.0-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* gitea-tea 0.11.0-2.1
* gitea-tea-bash-completion 0.11.0-2.1
* gitea-tea-zsh-completion 0.11.0-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-47911.html
* https://www.suse.com/security/cve/CVE-2025-58190.html

openSUSE-SU-2025:15621-1: moderate: ruby3.4-rubygem-rack-2.2-2.2.19-1.1 on GA media

# ruby3.4-rubygem-rack-2.2-2.2.19-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15621-1
Rating: moderate

Cross-References:

* CVE-2025-61770
* CVE-2025-61771
* CVE-2025-61772

CVSS scores:

* CVE-2025-61770 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61770 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61771 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61771 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61772 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61772 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the ruby3.4-rubygem-rack-2.2-2.2.19-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby3.4-rubygem-rack-2.2 2.2.19-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-61770.html
* https://www.suse.com/security/cve/CVE-2025-61771.html
* https://www.suse.com/security/cve/CVE-2025-61772.html

openSUSE-SU-2025:15620-1: moderate: headscale-0.26.1-2.1 on GA media

# headscale-0.26.1-2.1 on GA media

Announcement ID: openSUSE-SU-2025:15620-1
Rating: moderate

Cross-References:

* CVE-2025-47911
* CVE-2025-58190

CVSS scores:

* CVE-2025-47911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-47911 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58190 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the headscale-0.26.1-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* headscale 0.26.1-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-47911.html
* https://www.suse.com/security/cve/CVE-2025-58190.html

openSUSE-SU-2025:15617-1: moderate: forgejo-12.0.4-2.1 on GA media

# forgejo-12.0.4-2.1 on GA media

Announcement ID: openSUSE-SU-2025:15617-1
Rating: moderate

Cross-References:

* CVE-2025-47911
* CVE-2025-58190

CVSS scores:

* CVE-2025-47911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-47911 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58190 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the forgejo-12.0.4-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* forgejo 12.0.4-2.1
* forgejo-apparmor 12.0.4-2.1
* forgejo-environment-to-ini 12.0.4-2.1
* forgejo-firewalld 12.0.4-2.1
* forgejo-selinux 12.0.4-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-47911.html
* https://www.suse.com/security/cve/CVE-2025-58190.html

SUSE-SU-2025:03538-1: important: Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)

# Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:03538-1
Release Date: 2025-10-10T18:03:53Z
Rating: important
References:

* bsc#1237048
* bsc#1240744
* bsc#1243650
* bsc#1247315

Cross-References:

* CVE-2024-53168
* CVE-2025-21692
* CVE-2025-21791
* CVE-2025-38477

CVSS scores:

* CVE-2024-53168 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53168 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_188 fixes several issues.

The following security issues were fixed:

* CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(bsc#1243650).
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
* CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3538=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3538=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_188-default-debuginfo-12-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_52-debugsource-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_188-preempt-debuginfo-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-preempt-12-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_188-default-12-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-53168.html
* https://www.suse.com/security/cve/CVE-2025-21692.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237048
* https://bugzilla.suse.com/show_bug.cgi?id=1240744
* https://bugzilla.suse.com/show_bug.cgi?id=1243650
* https://bugzilla.suse.com/show_bug.cgi?id=1247315

SUSE-SU-2025:03539-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)

# Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:03539-1
Release Date: 2025-10-10T18:33:53Z
Rating: important
References:

* bsc#1233072
* bsc#1237048
* bsc#1240744
* bsc#1243650
* bsc#1247315

Cross-References:

* CVE-2024-50154
* CVE-2024-53168
* CVE-2025-21692
* CVE-2025-21791
* CVE-2025-38477

CVSS scores:

* CVE-2024-50154 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50154 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50154 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50154 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53168 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_141 fixes several issues.

The following security issues were fixed:

* CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(bsc#1243650).
* CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink()
(bsc#1233072).
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
* CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3539=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3539=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_33-debugsource-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_33-debugsource-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-15-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-50154.html
* https://www.suse.com/security/cve/CVE-2024-53168.html
* https://www.suse.com/security/cve/CVE-2025-21692.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233072
* https://bugzilla.suse.com/show_bug.cgi?id=1237048
* https://bugzilla.suse.com/show_bug.cgi?id=1240744
* https://bugzilla.suse.com/show_bug.cgi?id=1243650
* https://bugzilla.suse.com/show_bug.cgi?id=1247315

SUSE-SU-2025:03535-1: important: Security update for open-vm-tools

# Security update for open-vm-tools

Announcement ID: SUSE-SU-2025:03535-1
Release Date: 2025-10-10T15:15:26Z
Rating: important
References:

* bsc#1250373
* bsc#1250692

Cross-References:

* CVE-2025-41244

CVSS scores:

* CVE-2025-41244 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-41244 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-41244 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* Containers Module 15-SP6
* Containers Module 15-SP7
* Desktop Applications Module 15-SP6
* Desktop Applications Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for open-vm-tools fixes the following issues: \- CVE-2025-41244:
fixed a local privilege escalation vulnerability (bnc#1250373).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3535=1 openSUSE-SLE-15.6-2025-3535=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3535=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3535=1

* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-3535=1

* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2025-3535=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-3535=1

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-3535=1

## Package List:

* openSUSE Leap 15.6 (aarch64 x86_64 i586)
* open-vm-tools-sdmp-debuginfo-13.0.5-150600.3.21.1
* open-vm-tools-desktop-debuginfo-13.0.5-150600.3.21.1
* libvmtools0-debuginfo-13.0.5-150600.3.21.1
* open-vm-tools-debugsource-13.0.5-150600.3.21.1
* open-vm-tools-desktop-13.0.5-150600.3.21.1
* libvmtools-devel-13.0.5-150600.3.21.1
* libvmtools0-13.0.5-150600.3.21.1
* open-vm-tools-debuginfo-13.0.5-150600.3.21.1
* open-vm-tools-containerinfo-debuginfo-13.0.5-150600.3.21.1
* open-vm-tools-containerinfo-13.0.5-150600.3.21.1
* open-vm-tools-13.0.5-150600.3.21.1
* open-vm-tools-sdmp-13.0.5-150600.3.21.1
* openSUSE Leap 15.6 (x86_64)
* open-vm-tools-salt-minion-13.0.5-150600.3.21.1
* Basesystem Module 15-SP6 (aarch64 x86_64)
* open-vm-tools-sdmp-debuginfo-13.0.5-150600.3.21.1
* libvmtools0-debuginfo-13.0.5-150600.3.21.1
* open-vm-tools-debugsource-13.0.5-150600.3.21.1
* libvmtools0-13.0.5-150600.3.21.1
* open-vm-tools-debuginfo-13.0.5-150600.3.21.1
* open-vm-tools-13.0.5-150600.3.21.1
* open-vm-tools-sdmp-13.0.5-150600.3.21.1
* Basesystem Module 15-SP6 (x86_64)
* open-vm-tools-salt-minion-13.0.5-150600.3.21.1
* libvmtools-devel-13.0.5-150600.3.21.1
* Basesystem Module 15-SP7 (aarch64 x86_64)
* open-vm-tools-sdmp-debuginfo-13.0.5-150600.3.21.1
* libvmtools0-debuginfo-13.0.5-150600.3.21.1
* open-vm-tools-debugsource-13.0.5-150600.3.21.1
* libvmtools0-13.0.5-150600.3.21.1
* open-vm-tools-debuginfo-13.0.5-150600.3.21.1
* open-vm-tools-13.0.5-150600.3.21.1
* open-vm-tools-sdmp-13.0.5-150600.3.21.1
* Basesystem Module 15-SP7 (x86_64)
* open-vm-tools-salt-minion-13.0.5-150600.3.21.1
* libvmtools-devel-13.0.5-150600.3.21.1
* Containers Module 15-SP6 (aarch64 x86_64)
* open-vm-tools-containerinfo-debuginfo-13.0.5-150600.3.21.1
* open-vm-tools-containerinfo-13.0.5-150600.3.21.1
* open-vm-tools-debugsource-13.0.5-150600.3.21.1
* open-vm-tools-debuginfo-13.0.5-150600.3.21.1
* Containers Module 15-SP7 (aarch64 x86_64)
* open-vm-tools-containerinfo-debuginfo-13.0.5-150600.3.21.1
* open-vm-tools-containerinfo-13.0.5-150600.3.21.1
* open-vm-tools-debugsource-13.0.5-150600.3.21.1
* open-vm-tools-debuginfo-13.0.5-150600.3.21.1
* Desktop Applications Module 15-SP6 (aarch64 x86_64)
* open-vm-tools-debugsource-13.0.5-150600.3.21.1
* open-vm-tools-desktop-13.0.5-150600.3.21.1
* open-vm-tools-desktop-debuginfo-13.0.5-150600.3.21.1
* open-vm-tools-debuginfo-13.0.5-150600.3.21.1
* Desktop Applications Module 15-SP7 (aarch64 x86_64)
* open-vm-tools-debugsource-13.0.5-150600.3.21.1
* open-vm-tools-desktop-13.0.5-150600.3.21.1
* open-vm-tools-desktop-debuginfo-13.0.5-150600.3.21.1
* open-vm-tools-debuginfo-13.0.5-150600.3.21.1

## References:

* https://www.suse.com/security/cve/CVE-2025-41244.html
* https://bugzilla.suse.com/show_bug.cgi?id=1250373
* https://bugzilla.suse.com/show_bug.cgi?id=1250692

SUSE-SU-2025:03528-1: important: Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)

# Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:03528-1
Release Date: 2025-10-10T12:03:57Z
Rating: important
References:

* bsc#1237048
* bsc#1240744
* bsc#1243650
* bsc#1247315

Cross-References:

* CVE-2024-53168
* CVE-2025-21692
* CVE-2025-21791
* CVE-2025-38477

CVSS scores:

* CVE-2024-53168 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53168 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_195 fixes several issues.

The following security issues were fixed:

* CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(bsc#1243650).
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
* CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3528=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3528=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_195-default-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-default-debuginfo-9-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_54-debugsource-9-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_195-preempt-debuginfo-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-preempt-9-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_195-default-9-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-53168.html
* https://www.suse.com/security/cve/CVE-2025-21692.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237048
* https://bugzilla.suse.com/show_bug.cgi?id=1240744
* https://bugzilla.suse.com/show_bug.cgi?id=1243650
* https://bugzilla.suse.com/show_bug.cgi?id=1247315

SUSE-SU-2025:03529-1: important: Security update for the Linux Kernel (Live Patch 56 for SLE 15 SP3)

# Security update for the Linux Kernel (Live Patch 56 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:03529-1
Release Date: 2025-10-10T15:03:55Z
Rating: important
References:

* bsc#1240744
* bsc#1243650
* bsc#1247315

Cross-References:

* CVE-2024-53168
* CVE-2025-21791
* CVE-2025-38477

CVSS scores:

* CVE-2024-53168 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53168 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_201 fixes several issues.

The following security issues were fixed:

* CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(bsc#1243650).
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3529=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-3532=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3532=1 SUSE-2025-3529=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_56-debugsource-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-debuginfo-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-default-9-150300.2.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_201-default-7-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_56-debugsource-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-default-debuginfo-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-debuginfo-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-default-9-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_55-debugsource-9-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_198-preempt-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-preempt-debuginfo-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-preempt-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-preempt-debuginfo-7-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-53168.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1240744
* https://bugzilla.suse.com/show_bug.cgi?id=1243650
* https://bugzilla.suse.com/show_bug.cgi?id=1247315

SUSE-SU-2025:03534-1: important: Security update for podman

# Security update for podman

Announcement ID: SUSE-SU-2025:03534-1
Release Date: 2025-10-10T15:14:56Z
Rating: important
References:

* bsc#1249154

Cross-References:

* CVE-2025-9566

CVSS scores:

* CVE-2025-9566 ( SUSE ): 7.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-9566 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-9566 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves one vulnerability can now be installed.

## Description:

This update for podman fixes the following issues:

* CVE-2025-9566: fixed an issue where kube play command could cause host files
to get overwritten (bsc#1249154)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3534=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3534=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-3534=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-3534=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-3534=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-3534=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3534=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3534=1

## Package List:

* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* podman-4.9.5-150300.9.55.1
* podman-remote-4.9.5-150300.9.55.1
* podman-remote-debuginfo-4.9.5-150300.9.55.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* podman-4.9.5-150300.9.55.1
* podman-remote-4.9.5-150300.9.55.1
* podman-remote-debuginfo-4.9.5-150300.9.55.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* podman-4.9.5-150300.9.55.1
* podman-debuginfo-4.9.5-150300.9.55.1
* podman-remote-4.9.5-150300.9.55.1
* podman-remote-debuginfo-4.9.5-150300.9.55.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* podman-4.9.5-150300.9.55.1
* podman-remote-4.9.5-150300.9.55.1
* podman-remote-debuginfo-4.9.5-150300.9.55.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* podman-4.9.5-150300.9.55.1
* podman-debuginfo-4.9.5-150300.9.55.1
* podman-remote-4.9.5-150300.9.55.1
* podman-remote-debuginfo-4.9.5-150300.9.55.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* podman-4.9.5-150300.9.55.1
* podman-debuginfo-4.9.5-150300.9.55.1
* podman-remote-4.9.5-150300.9.55.1
* podman-remote-debuginfo-4.9.5-150300.9.55.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* podman-4.9.5-150300.9.55.1
* podman-remote-debuginfo-4.9.5-150300.9.55.1
* podman-remote-4.9.5-150300.9.55.1
* podman-debuginfo-4.9.5-150300.9.55.1
* podmansh-4.9.5-150300.9.55.1
* openSUSE Leap 15.3 (noarch)
* podman-docker-4.9.5-150300.9.55.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* podman-4.9.5-150300.9.55.1
* podman-remote-4.9.5-150300.9.55.1
* podman-remote-debuginfo-4.9.5-150300.9.55.1

## References:

* https://www.suse.com/security/cve/CVE-2025-9566.html
* https://bugzilla.suse.com/show_bug.cgi?id=1249154