Chromium, Python-Django, Kernel, and more updates for SUSE

SUSE 5500 Published by

Several security updates have been released for SUSE Linux, addressing vulnerabilities in various packages. Updates include fixes for Chromium and Python-Django, as well as patches for the Linux kernel to improve system stability. Additionally, updates were made to other packages such as regclient, qatengine, and ongres-scram, helping to prevent potential security breaches.

SUSE-SU-2025:4050-1: important: Security update for the Linux Kernel (Live Patch 25 for SUSE Linux Enterprise 15 SP5)
openSUSE-SU-2025-20032-1: moderate: Security update for chromium
openSUSE-SU-2025-20027-1: moderate: Security update for chromium
openSUSE-SU-2025-20022-1: important: Security update for python-Django
openSUSE-SU-2025-20020-1: critical: Security update for chromium
openSUSE-SU-2025-20023-1: important: Security update for chromium
openSUSE-SU-2025-20031-1: important: Security update for warewulf4
SUSE-SU-2025:4043-1: important: Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2025:4046-1: important: Security update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise 15 SP4)
openSUSE-SU-2025:15723-1: moderate: regclient-0.10.0-1.1 on GA media
SUSE-SU-2025:4053-1: moderate: Security update for qatengine, qatlib
SUSE-SU-2025:4054-1: moderate: Security update for ongres-scram
openSUSE-SU-2025:0429-1: important: Security update for python-pdfminer.six
openSUSE-SU-2025:0428-1: important: Security update for python-pdfminer.six
SUSE-SU-2025:4059-1: important: Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2025:4062-1: important: Security update for the Linux Kernel (Live Patch 29 for SUSE Linux Enterprise 15 SP5)




SUSE-SU-2025:4050-1: important: Security update for the Linux Kernel (Live Patch 25 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 25 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2025:4050-1
Release Date: 2025-11-11T09:33:48Z
Rating: important
References:

* bsc#1246019
* bsc#1248631
* bsc#1249207
* bsc#1249208
* bsc#1249847
* bsc#1252946

Cross-References:

* CVE-2022-50252
* CVE-2024-53164
* CVE-2025-38617
* CVE-2025-38618
* CVE-2025-38664

CVSS scores:

* CVE-2022-50252 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50252 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53164 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53164 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53164 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38617 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38617 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38618 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38618 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves five vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.100 fixes
various security issues

The following security issues were fixed:

* CVE-2022-50252: igb: Do not free q_vector unless new one was allocated
(bsc#1249847).
* CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1246019).
* CVE-2025-38617: net/packet: fix a race in packet_set_ring() and
packet_notifier() (bsc#1249208).
* CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY
(bsc#1249207).
* CVE-2025-38664: ice: Fix a null pointer dereference in
ice_copy_and_init_pkg() (bsc#1248631).

The following non security issue was fixed:

* bsc#1249208: fix livepatching target module name (bsc#1252946)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-4051=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-4050=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-4050=1 SUSE-2025-4051=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_25-debugsource-9-150500.4.1
* kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-14-150500.4.1
* kernel-livepatch-5_14_21-150500_55_100-default-9-150500.4.1
* kernel-livepatch-SLE15-SP5_Update_21-debugsource-14-150500.4.1
* kernel-livepatch-5_14_21-150500_55_88-default-14-150500.4.1
* kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-9-150500.4.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-14-150500.4.1
* kernel-livepatch-SLE15-SP5_Update_25-debugsource-9-150500.4.1
* kernel-livepatch-5_14_21-150500_55_100-default-9-150500.4.1
* kernel-livepatch-SLE15-SP5_Update_21-debugsource-14-150500.4.1
* kernel-livepatch-5_14_21-150500_55_88-default-14-150500.4.1
* kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-9-150500.4.1

## References:

* https://www.suse.com/security/cve/CVE-2022-50252.html
* https://www.suse.com/security/cve/CVE-2024-53164.html
* https://www.suse.com/security/cve/CVE-2025-38617.html
* https://www.suse.com/security/cve/CVE-2025-38618.html
* https://www.suse.com/security/cve/CVE-2025-38664.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246019
* https://bugzilla.suse.com/show_bug.cgi?id=1248631
* https://bugzilla.suse.com/show_bug.cgi?id=1249207
* https://bugzilla.suse.com/show_bug.cgi?id=1249208
* https://bugzilla.suse.com/show_bug.cgi?id=1249847
* https://bugzilla.suse.com/show_bug.cgi?id=1252946



openSUSE-SU-2025-20032-1: moderate: Security update for chromium


openSUSE security update: security update for chromium
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20032-1
Rating: moderate
References:

* bsc#1252402

Cross-References:

* CVE-2025-12036

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for chromium fixes the following issues:

Chromium 141.0.7390.122:

* CVE-2025-12036: Inappropriate implementation in V8 (boo#1252402)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-8=1

Package List:

- openSUSE Leap 16.0:

chromedriver-141.0.7390.122-bp160.1.1
chromium-141.0.7390.122-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-12036.html



openSUSE-SU-2025-20027-1: moderate: Security update for chromium


openSUSE security update: security update for chromium
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20027-1
Rating: moderate
References:

* bsc#1252013

Cross-References:

* CVE-2025-11756

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for chromium fixes the following issues:

Chromium 141.0.7390.107:

* CVE-2025-11756: Use after free in Safe Browsing (boo#1252013)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-3=1

Package List:

- openSUSE Leap 16.0:

chromedriver-141.0.7390.107-bp160.1.1
chromium-141.0.7390.107-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-11756.html



openSUSE-SU-2025-20022-1: important: Security update for python-Django


openSUSE security update: security update for python-django
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20022-1
Rating: important
References:

* bsc#1250485
* bsc#1250487

Cross-References:

* CVE-2025-59681
* CVE-2025-59682

CVSS scores:

* CVE-2025-59681 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-59681 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-59682 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-59682 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for python-Django fixes the following issues:

- CVE-2025-59681: Fixed a potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB (boo#1250485)
- CVE-2025-59682: Fixed a potential partial directory-traversal via archive.extract() (boo#1250487)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-11=1

Package List:

- openSUSE Leap 16.0:

python313-Django-5.2.4-bp160.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-59681.html
* https://www.suse.com/security/cve/CVE-2025-59682.html



openSUSE-SU-2025-20020-1: critical: Security update for chromium


openSUSE security update: security update for chromium
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20020-1
Rating: critical
References:

* bsc#1250472
* bsc#1250780
* bsc#1251334

Cross-References:

* CVE-2025-10890
* CVE-2025-10891
* CVE-2025-10892
* CVE-2025-11205
* CVE-2025-11206
* CVE-2025-11207
* CVE-2025-11208
* CVE-2025-11209
* CVE-2025-11210
* CVE-2025-11211
* CVE-2025-11212
* CVE-2025-11213
* CVE-2025-11215
* CVE-2025-11216
* CVE-2025-11219
* CVE-2025-11458
* CVE-2025-11460

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 17 vulnerabilities and has 3 bug fixes can now be installed.

Description:

This update for chromium fixes the following issues:

Chromium 141.0.7390.76:

* Do not send URLs as AIM input. This is to resolve a privacy
concern, around passing urls to AI Mode.

Chromium 141.0.7390.65 (boo#1251334):

* CVE-2025-11458: Heap buffer overflow in Sync
* CVE-2025-11460: Use after free in Storage
* CVE-2025-11211: Out of bounds read in WebCodecs

Chromium 141.0.7390.54 (stable released 2025-09-30) (boo#1250780)

* CVE-2025-11205: Heap buffer overflow in WebGPU
* CVE-2025-11206: Heap buffer overflow in Video
* CVE-2025-11207: Side-channel information leakage in Storage
* CVE-2025-11208: Inappropriate implementation in Media
* CVE-2025-11209: Inappropriate implementation in Omnibox
* CVE-2025-11210: Side-channel information leakage in Tab
* CVE-2025-11211: Out of bounds read in Media
* CVE-2025-11212: Inappropriate implementation in Media
* CVE-2025-11213: Inappropriate implementation in Omnibox
* CVE-2025-11215: Off by one error in V8
* CVE-2025-11216: Inappropriate implementation in Storage
* CVE-2025-11219: Use after free in V8
* Various fixes from internal audits, fuzzing and other initiatives

Chromium 141.0.7390.37 (beta released 2025-09-24)

Chromium 140.0.7339.207 (boo#1250472)

* CVE-2025-10890: Side-channel information leakage in V8
* CVE-2025-10891: Integer overflow in V8
* CVE-2025-10892: Integer overflow in V8

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-1=1

Package List:

- openSUSE Leap 16.0:

chromedriver-141.0.7390.76-bp160.1.1
chromium-141.0.7390.76-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-10890.html
* https://www.suse.com/security/cve/CVE-2025-10891.html
* https://www.suse.com/security/cve/CVE-2025-10892.html
* https://www.suse.com/security/cve/CVE-2025-11205.html
* https://www.suse.com/security/cve/CVE-2025-11206.html
* https://www.suse.com/security/cve/CVE-2025-11207.html
* https://www.suse.com/security/cve/CVE-2025-11208.html
* https://www.suse.com/security/cve/CVE-2025-11209.html
* https://www.suse.com/security/cve/CVE-2025-11210.html
* https://www.suse.com/security/cve/CVE-2025-11211.html
* https://www.suse.com/security/cve/CVE-2025-11212.html
* https://www.suse.com/security/cve/CVE-2025-11213.html
* https://www.suse.com/security/cve/CVE-2025-11215.html
* https://www.suse.com/security/cve/CVE-2025-11216.html
* https://www.suse.com/security/cve/CVE-2025-11219.html
* https://www.suse.com/security/cve/CVE-2025-11458.html
* https://www.suse.com/security/cve/CVE-2025-11460.html



openSUSE-SU-2025-20023-1: important: Security update for chromium


openSUSE security update: security update for chromium
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20023-1
Rating: important
References:

* bsc#1252881

Cross-References:

* CVE-2025-12428
* CVE-2025-12429
* CVE-2025-12430
* CVE-2025-12431
* CVE-2025-12432
* CVE-2025-12433
* CVE-2025-12434
* CVE-2025-12435
* CVE-2025-12436
* CVE-2025-12437
* CVE-2025-12438
* CVE-2025-12439
* CVE-2025-12440
* CVE-2025-12441
* CVE-2025-12443
* CVE-2025-12444
* CVE-2025-12445
* CVE-2025-12446
* CVE-2025-12447
* CVE-2025-54874

CVSS scores:

* CVE-2025-54874 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-54874 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 20 vulnerabilities and has one bug fix can now be installed.

Description:

This update for chromium fixes the following issues:

Chromium 142.0.7444.59, the stable channel promotion of 142.

Security fixes (boo#1252881):

* CVE-2025-12428: Type Confusion in V8
* CVE-2025-12429: Inappropriate implementation in V8
* CVE-2025-12430: Object lifecycle issue in Media
* CVE-2025-12431: Inappropriate implementation in Extensions
* CVE-2025-12432: Race in V8
* CVE-2025-12433: Inappropriate implementation in V8
* CVE-2025-12434: Race in Storage
* CVE-2025-12435: Incorrect security UI in Omnibox
* CVE-2025-12436: Policy bypass in Extensions
* CVE-2025-12437: Use after free in PageInfo
* CVE-2025-12438: Use after free in Ozone
* CVE-2025-12439: Inappropriate implementation in App-Bound Encryption
* CVE-2025-12440: Inappropriate implementation in Autofill
* CVE-2025-12441: Out of bounds read in V8
* CVE-2025-12443: Out of bounds read in WebXR
* CVE-2025-12444: Incorrect security UI in Fullscreen UI
* CVE-2025-12445: Policy bypass in Extensions
* CVE-2025-12446: Incorrect security UI in SplitView
* CVE-2025-12447: Incorrect security UI in Omnibox

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-12=1

Package List:

- openSUSE Leap 16.0:

chromedriver-142.0.7444.59-bp160.1.1
chromium-142.0.7444.59-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-12428.html
* https://www.suse.com/security/cve/CVE-2025-12429.html
* https://www.suse.com/security/cve/CVE-2025-12430.html
* https://www.suse.com/security/cve/CVE-2025-12431.html
* https://www.suse.com/security/cve/CVE-2025-12432.html
* https://www.suse.com/security/cve/CVE-2025-12433.html
* https://www.suse.com/security/cve/CVE-2025-12434.html
* https://www.suse.com/security/cve/CVE-2025-12435.html
* https://www.suse.com/security/cve/CVE-2025-12436.html
* https://www.suse.com/security/cve/CVE-2025-12437.html
* https://www.suse.com/security/cve/CVE-2025-12438.html
* https://www.suse.com/security/cve/CVE-2025-12439.html
* https://www.suse.com/security/cve/CVE-2025-12440.html
* https://www.suse.com/security/cve/CVE-2025-12441.html
* https://www.suse.com/security/cve/CVE-2025-12443.html
* https://www.suse.com/security/cve/CVE-2025-12444.html
* https://www.suse.com/security/cve/CVE-2025-12445.html
* https://www.suse.com/security/cve/CVE-2025-12446.html
* https://www.suse.com/security/cve/CVE-2025-12447.html
* https://www.suse.com/security/cve/CVE-2025-54874.html



openSUSE-SU-2025-20031-1: important: Security update for warewulf4


openSUSE security update: security update for warewulf4
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20031-1
Rating: important
References:

* bsc#1227465
* bsc#1227686
* bsc#1246082
* bsc#1248768
* bsc#1248906

Cross-References:

* CVE-2025-58058

CVSS scores:

* CVE-2025-58058 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58058 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has 5 bug fixes can now be installed.

Description:

This update for warewulf4 fixes the following issues:

Changes in warewulf4:

- Update to version 4.6.4:
* v4.6.4 release updates
* Convert disk booleans from wwbool to *bool which allows bools in
disk to be set to false via command line (bsc#1248768)
* Update NetworkManager Overlay
* Disable ipv4 in NetworkManager if no address or route is specified
* fix(wwctl): Create overlay edit tempfile in tmpdir
* Add default for systemd name for warewulf in warewulf.conf
* Atomic overlay file application in wwclient
* Simpler names for overlay methods
* Fix warewulfd api behavior when deleting distribution overlay

- Update to version 4.6.3:
* v4.6.3 release
* IPv6 iPXE support
* Fix a syntax error in the RPM specfile
* Fix a race condition in wwctl overlay edit
* Fixed handling of comma-separated mount options in `fstab` and `ignition` overlays
* Move reexec.Init() to beginning of wwctl
* Add documentation for using tmpfs to distribute across numa nodes
* added warewuld configure option
* Fix wwctl upgrade nodes to handle kernel argument lists (bsc#1227686 bsc#1227465)
* Address copilot review from #1945
* Refactor wwapi tests for proper isolation
* Bugfix: cloning a site overlay when parent dir does not exist
* Clone to a site overlay when adding files in wwapi
* Consolidated createOverlayFile and updateOverlayFile to addOverlayFile
* Support for creating and updating overlay file in wwapi
* Only return overlay files that refer to a path within the overlay
* add overlay file deletion support
* DELETE /api/overlays/{id}?force=true can delete overlays in use
* Restore idempotency of PUT /api/nodes/{id}
* Simplify overlay mtime api and add tests
* add node overlay buildtime
* Improved netplan support
* Rebuild overlays for discovered nodes
* Restrict userdocs from building during pr when not modified
* Update to v4.6.2 GitHub release notes

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-7=1

Package List:

- openSUSE Leap 16.0:

warewulf4-4.6.4-bp160.1.1
warewulf4-dracut-4.6.4-bp160.1.1
warewulf4-man-4.6.4-bp160.1.1
warewulf4-overlay-4.6.4-bp160.1.1
warewulf4-overlay-rke2-4.6.4-bp160.1.1
warewulf4-overlay-slurm-4.6.4-bp160.1.1
warewulf4-reference-doc-4.6.4-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-58058.html



SUSE-SU-2025:4043-1: important: Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2025:4043-1
Release Date: 2025-11-11T07:03:57Z
Rating: important
References:

* bsc#1246019
* bsc#1248631
* bsc#1249207
* bsc#1249208
* bsc#1249847
* bsc#1252946

Cross-References:

* CVE-2022-50252
* CVE-2024-53164
* CVE-2025-38617
* CVE-2025-38618
* CVE-2025-38664

CVSS scores:

* CVE-2022-50252 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50252 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53164 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53164 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53164 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38617 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38617 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38618 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38618 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves five vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.97 fixes
various security issues

The following security issues were fixed:

* CVE-2022-50252: igb: Do not free q_vector unless new one was allocated
(bsc#1249847).
* CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1246019).
* CVE-2025-38617: net/packet: fix a race in packet_set_ring() and
packet_notifier() (bsc#1249208).
* CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY
(bsc#1249207).
* CVE-2025-38664: ice: Fix a null pointer dereference in
ice_copy_and_init_pkg() (bsc#1248631).

The following non security issue was fixed:

* bsc#1249208: fix livepatching target module name (bsc#1252946)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4043=1 SUSE-2025-4044=1 SUSE-2025-4045=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-4043=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-4044=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2025-4045=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-4048=1 SUSE-2025-4049=1 SUSE-2025-4047=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-4048=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-4049=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2025-4047=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-8-150400.4.1
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-8-150400.4.1
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-9-150400.4.1
* kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-9-150400.4.1
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-9-150400.4.1
* kernel-livepatch-5_14_21-150400_24_167-default-8-150400.4.1
* kernel-livepatch-SLE15-SP4_Update_39-debugsource-9-150400.4.1
* kernel-livepatch-5_14_21-150400_24_164-default-9-150400.4.1
* kernel-livepatch-5_14_21-150400_24_161-default-9-150400.4.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-8-150400.4.1
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-8-150400.4.1
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-9-150400.4.1
* kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-9-150400.4.1
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-9-150400.4.1
* kernel-livepatch-5_14_21-150400_24_167-default-8-150400.4.1
* kernel-livepatch-SLE15-SP4_Update_39-debugsource-9-150400.4.1
* kernel-livepatch-5_14_21-150400_24_164-default-9-150400.4.1
* kernel-livepatch-5_14_21-150400_24_161-default-9-150400.4.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_83-default-18-150500.4.1
* kernel-livepatch-SLE15-SP5_Update_23-debugsource-10-150500.4.1
* kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-18-150500.4.1
* kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-10-150500.4.1
* kernel-livepatch-SLE15-SP5_Update_20-debugsource-18-150500.4.1
* kernel-livepatch-5_14_21-150500_55_97-default-10-150500.4.1
* kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-10-150500.4.1
* kernel-livepatch-5_14_21-150500_55_94-default-10-150500.4.1
* kernel-livepatch-SLE15-SP5_Update_24-debugsource-10-150500.4.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_83-default-18-150500.4.1
* kernel-livepatch-SLE15-SP5_Update_23-debugsource-10-150500.4.1
* kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-18-150500.4.1
* kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-10-150500.4.1
* kernel-livepatch-SLE15-SP5_Update_20-debugsource-18-150500.4.1
* kernel-livepatch-5_14_21-150500_55_97-default-10-150500.4.1
* kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-10-150500.4.1
* kernel-livepatch-5_14_21-150500_55_94-default-10-150500.4.1
* kernel-livepatch-SLE15-SP5_Update_24-debugsource-10-150500.4.1

## References:

* https://www.suse.com/security/cve/CVE-2022-50252.html
* https://www.suse.com/security/cve/CVE-2024-53164.html
* https://www.suse.com/security/cve/CVE-2025-38617.html
* https://www.suse.com/security/cve/CVE-2025-38618.html
* https://www.suse.com/security/cve/CVE-2025-38664.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246019
* https://bugzilla.suse.com/show_bug.cgi?id=1248631
* https://bugzilla.suse.com/show_bug.cgi?id=1249207
* https://bugzilla.suse.com/show_bug.cgi?id=1249208
* https://bugzilla.suse.com/show_bug.cgi?id=1249847
* https://bugzilla.suse.com/show_bug.cgi?id=1252946



SUSE-SU-2025:4046-1: important: Security update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2025:4046-1
Release Date: 2025-11-11T02:33:47Z
Rating: important
References:

* bsc#1248631
* bsc#1249207
* bsc#1249208
* bsc#1249847
* bsc#1252946

Cross-References:

* CVE-2022-50252
* CVE-2025-38617
* CVE-2025-38618
* CVE-2025-38664

CVSS scores:

* CVE-2022-50252 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50252 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38617 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38617 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38618 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38618 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves four vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.173 fixes
various security issues

The following security issues were fixed:

* CVE-2022-50252: igb: Do not free q_vector unless new one was allocated
(bsc#1249847).
* CVE-2025-38617: net/packet: fix a race in packet_set_ring() and
packet_notifier() (bsc#1249208).
* CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY
(bsc#1249207).
* CVE-2025-38664: ice: Fix a null pointer dereference in
ice_copy_and_init_pkg() (bsc#1248631).

The following non security issue was fixed:

* bsc#1249208: fix livepatching target module name (bsc#1252946)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4046=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-4046=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_43-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-4-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_43-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-4-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-50252.html
* https://www.suse.com/security/cve/CVE-2025-38617.html
* https://www.suse.com/security/cve/CVE-2025-38618.html
* https://www.suse.com/security/cve/CVE-2025-38664.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248631
* https://bugzilla.suse.com/show_bug.cgi?id=1249207
* https://bugzilla.suse.com/show_bug.cgi?id=1249208
* https://bugzilla.suse.com/show_bug.cgi?id=1249847
* https://bugzilla.suse.com/show_bug.cgi?id=1252946



openSUSE-SU-2025:15723-1: moderate: regclient-0.10.0-1.1 on GA media


# regclient-0.10.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15723-1
Rating: moderate

Cross-References:

* CVE-2025-47912
* CVE-2025-58183
* CVE-2025-58185
* CVE-2025-58186
* CVE-2025-58187
* CVE-2025-58188
* CVE-2025-58189
* CVE-2025-61723
* CVE-2025-9230
* CVE-2025-9231
* CVE-2025-9232

CVSS scores:

* CVE-2025-47912 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-47912 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-58183 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-58183 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58185 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58185 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58186 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58186 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58187 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58187 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58188 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-58188 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-58189 ( SUSE ): 4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
* CVE-2025-58189 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
* CVE-2025-61723 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-61723 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-9230 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-9230 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-9231 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-9231 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-9232 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-9232 ( SUSE ): 6 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 11 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the regclient-0.10.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* regclient 0.10.0-1.1
* regclient-bash-completion 0.10.0-1.1
* regclient-fish-completion 0.10.0-1.1
* regclient-zsh-completion 0.10.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-47912.html
* https://www.suse.com/security/cve/CVE-2025-58183.html
* https://www.suse.com/security/cve/CVE-2025-58185.html
* https://www.suse.com/security/cve/CVE-2025-58186.html
* https://www.suse.com/security/cve/CVE-2025-58187.html
* https://www.suse.com/security/cve/CVE-2025-58188.html
* https://www.suse.com/security/cve/CVE-2025-58189.html
* https://www.suse.com/security/cve/CVE-2025-61723.html
* https://www.suse.com/security/cve/CVE-2025-9230.html
* https://www.suse.com/security/cve/CVE-2025-9231.html
* https://www.suse.com/security/cve/CVE-2025-9232.html



SUSE-SU-2025:4053-1: moderate: Security update for qatengine, qatlib


# Security update for qatengine, qatlib

Announcement ID: SUSE-SU-2025:4053-1
Release Date: 2025-11-11T13:46:59Z
Rating: moderate
References:

* bsc#1233363
* bsc#1233365
* bsc#1233366

Cross-References:

* CVE-2024-28885
* CVE-2024-31074
* CVE-2024-33617

CVSS scores:

* CVE-2024-28885 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-28885 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-28885 ( NVD ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-28885 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-31074 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-31074 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-31074 ( NVD ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-31074 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-33617 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-33617 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-33617 ( NVD ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-33617 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for qatengine, qatlib fixes the following issues:

Note that the 1.6.1 release included in 1.7.0 fixes the following
vulnerabilities:

* CVE-2024-28885: Fixed observable discrepancy in some Intel(R) QAT Engine for
OpenSSL software before version v1.6.1 may allow information disclosure via
network access. (bsc#1233363)
* CVE-2024-31074: Fixed observable timing discrepancy may allow information
disclosure via network access (bsc#1233365)
* CVE-2024-33617: Fixed insufficient control flow management may allow
information disclosure via network access (bsc#1233366)

qatengine was updated to 1.7.0:

* ipp-crypto name change to cryptography-primitives
* QAT_SW GCM memory leak fix in cleanup function
* Update limitation section in README for v1.7.0 release
* Fix build with OPENSSL_NO_ENGINE
* Fix for build issues with qatprovider in qatlib
* Bug fixes and README updates to v1.7.0
* Remove qat_contig_mem driver support
* Add support for building QAT Engine ENGINE and PROVIDER modules with QuicTLS
3.x libraries
* Fix for DSA issue with openssl3.2
* Fix missing lower bounds check on index i
* Enabled SW Fallback support for FBSD
* Fix for segfault issue when SHIM config section is unavailable
* Fix for Coverity & Resource leak
* Fix for RSA failure with SVM enabled in openssl-3.2
* SM3 Memory Leak Issue Fix
* Fix qatprovider lib name issue with system openssl

Update to 1.6.0:

* Fix issue with make depend for QAT_SW
* QAT_HW GCM Memleak fix & bug fixes
* QAT2.0 FreeBSD14 intree driver support
* Fix OpenSSL 3.2 compatibility issues
* Optimize hex dump logging
* Clear job tlv on error
* QAT_HW RSA Encrypt and Decrypt provider support
* QAT_HW AES-CCM Provider support
* Add ECDH keymgmt support for provider
* Fix QAT_HW SM2 memory leak
* Enable qaeMemFreeNonZeroNUMA() for qatlib
* Fix polling issue for the process that doesn't have QAT_HW instance
* Fix SHA3 qctx initialization issue & potential memleak
* Fix compilation error in SM2 with qat_contig_mem
* Update year in copyright information to 2024

* update to 24.09.0:

* Improved performance scaling in multi-thread applications
* Set core affinity mapping based on NUMA (libnuma now required for building)
* bug fixes, see https://github.com/intel/qatlib#resolved-issues

* version update to 24.02.0

* Support DC NS (NoSession) APIs
* Support Symmetric Crypto SM3 & SM4
* Support Asymmetric Crypto SM2
* Support DC CompressBound APIs
* Bug Fixes. See Resolved section in README.md

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-4053=1 openSUSE-SLE-15.6-2025-4053=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4053=1

## Package List:

* openSUSE Leap 15.6 (x86_64)
* qatlib-24.09.0-150600.3.3.1
* qatengine-debuginfo-1.7.0-150600.3.3.1
* libusdm0-debuginfo-24.09.0-150600.3.3.1
* qatlib-debuginfo-24.09.0-150600.3.3.1
* libusdm0-24.09.0-150600.3.3.1
* libqat4-24.09.0-150600.3.3.1
* qatlib-devel-24.09.0-150600.3.3.1
* qatengine-1.7.0-150600.3.3.1
* qatengine-debugsource-1.7.0-150600.3.3.1
* libqat4-debuginfo-24.09.0-150600.3.3.1
* qatlib-debugsource-24.09.0-150600.3.3.1
* Basesystem Module 15-SP6 (x86_64)
* qatlib-24.09.0-150600.3.3.1
* qatengine-debuginfo-1.7.0-150600.3.3.1
* libusdm0-debuginfo-24.09.0-150600.3.3.1
* qatlib-debuginfo-24.09.0-150600.3.3.1
* libusdm0-24.09.0-150600.3.3.1
* libqat4-24.09.0-150600.3.3.1
* qatlib-devel-24.09.0-150600.3.3.1
* qatengine-1.7.0-150600.3.3.1
* qatengine-debugsource-1.7.0-150600.3.3.1
* libqat4-debuginfo-24.09.0-150600.3.3.1
* qatlib-debugsource-24.09.0-150600.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2024-28885.html
* https://www.suse.com/security/cve/CVE-2024-31074.html
* https://www.suse.com/security/cve/CVE-2024-33617.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233363
* https://bugzilla.suse.com/show_bug.cgi?id=1233365
* https://bugzilla.suse.com/show_bug.cgi?id=1233366



SUSE-SU-2025:4054-1: moderate: Security update for ongres-scram


# Security update for ongres-scram

Announcement ID: SUSE-SU-2025:4054-1
Release Date: 2025-11-11T14:04:45Z
Rating: moderate
References:

* bsc#1250399

Cross-References:

* CVE-2025-59432

CVSS scores:

* CVE-2025-59432 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-59432 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-59432 ( NVD ): 6.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for ongres-scram fixes the following issues:

* CVE-2025-59432: Fixed timing attack vulnerability in SCRAM Authentication
(bsc#1250399)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4054=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4054=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-4054=1

* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-4054=1

## Package List:

* openSUSE Leap 15.4 (noarch)
* ongres-scram-client-2.1-150400.8.5.1
* ongres-scram-parent-2.1-150400.8.5.1
* ongres-scram-2.1-150400.8.5.1
* ongres-scram-javadoc-2.1-150400.8.5.1
* openSUSE Leap 15.6 (noarch)
* ongres-scram-client-2.1-150400.8.5.1
* ongres-scram-parent-2.1-150400.8.5.1
* ongres-scram-2.1-150400.8.5.1
* ongres-scram-javadoc-2.1-150400.8.5.1
* Server Applications Module 15-SP6 (noarch)
* ongres-scram-client-2.1-150400.8.5.1
* ongres-scram-2.1-150400.8.5.1
* Server Applications Module 15-SP7 (noarch)
* ongres-scram-client-2.1-150400.8.5.1
* ongres-scram-2.1-150400.8.5.1

## References:

* https://www.suse.com/security/cve/CVE-2025-59432.html
* https://bugzilla.suse.com/show_bug.cgi?id=1250399



openSUSE-SU-2025:0429-1: important: Security update for python-pdfminer.six


openSUSE Security Update: Security update for python-pdfminer.six
_______________________________

Announcement ID: openSUSE-SU-2025:0429-1
Rating: important
References: #1253228
Cross-References: CVE-2025-64512
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for python-pdfminer.six fixes the following issues:

- CVE-2025-64512: Fixed executing of arbitrary code from a malicious
pickle file (bsc#1253228).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-429=1

Package List:

- openSUSE Backports SLE-15-SP6 (noarch):

python3-pdfminer.six-20200124-bp156.4.3.1

References:

https://www.suse.com/security/cve/CVE-2025-64512.html
https://bugzilla.suse.com/1253228



openSUSE-SU-2025:0428-1: important: Security update for python-pdfminer.six


openSUSE Security Update: Security update for python-pdfminer.six
_______________________________

Announcement ID: openSUSE-SU-2025:0428-1
Rating: important
References: #1253228
Cross-References: CVE-2025-64512
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for python-pdfminer.six fixes the following issues:

- CVE-2025-64512: Fixed executing of arbitrary code from a malicious
pickle file (bsc#1253228).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2025-428=1

Package List:

- openSUSE Backports SLE-15-SP7 (noarch):

python3-pdfminer.six-20200124-bp157.2.3.1

References:

https://www.suse.com/security/cve/CVE-2025-64512.html
https://bugzilla.suse.com/1253228



SUSE-SU-2025:4059-1: important: Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2025:4059-1
Release Date: 2025-11-11T18:36:36Z
Rating: important
References:

* bsc#1246019
* bsc#1248631
* bsc#1249207
* bsc#1249208
* bsc#1249847
* bsc#1252946

Cross-References:

* CVE-2022-50252
* CVE-2024-53164
* CVE-2025-38617
* CVE-2025-38618
* CVE-2025-38664

CVSS scores:

* CVE-2022-50252 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50252 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53164 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53164 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53164 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38617 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38617 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38618 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38618 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves five vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.113 fixes
various security issues

The following security issues were fixed:

* CVE-2022-50252: igb: Do not free q_vector unless new one was allocated
(bsc#1249847).
* CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1246019).
* CVE-2025-38617: net/packet: fix a race in packet_set_ring() and
packet_notifier() (bsc#1249208).
* CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY
(bsc#1249207).
* CVE-2025-38664: ice: Fix a null pointer dereference in
ice_copy_and_init_pkg() (bsc#1248631).

The following non security issue was fixed:

* bsc#1249208: fix livepatching target module name (bsc#1252946)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4059=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-4059=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-4060=1 SUSE-2025-4061=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-4060=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-4061=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1
* kernel-livepatch-5_14_21-150400_24_150-default-debuginfo-10-150400.4.1
* kernel-livepatch-SLE15-SP4_Update_36-debugsource-10-150400.4.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_150-default-10-150400.4.1
* kernel-livepatch-5_14_21-150400_24_150-default-debuginfo-10-150400.4.1
* kernel-livepatch-SLE15-SP4_Update_36-debugsource-10-150400.4.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-9-150500.4.1
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-8-150500.4.1
* kernel-livepatch-5_14_21-150500_55_113-default-8-150500.4.1
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-8-150500.4.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-9-150500.4.1
* kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-9-150500.4.1
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-8-150500.4.1
* kernel-livepatch-5_14_21-150500_55_113-default-8-150500.4.1
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-8-150500.4.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-9-150500.4.1
* kernel-livepatch-5_14_21-150500_55_103-default-9-150500.4.1

## References:

* https://www.suse.com/security/cve/CVE-2022-50252.html
* https://www.suse.com/security/cve/CVE-2024-53164.html
* https://www.suse.com/security/cve/CVE-2025-38617.html
* https://www.suse.com/security/cve/CVE-2025-38618.html
* https://www.suse.com/security/cve/CVE-2025-38664.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246019
* https://bugzilla.suse.com/show_bug.cgi?id=1248631
* https://bugzilla.suse.com/show_bug.cgi?id=1249207
* https://bugzilla.suse.com/show_bug.cgi?id=1249208
* https://bugzilla.suse.com/show_bug.cgi?id=1249847
* https://bugzilla.suse.com/show_bug.cgi?id=1252946



SUSE-SU-2025:4062-1: important: Security update for the Linux Kernel (Live Patch 29 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 29 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2025:4062-1
Release Date: 2025-11-11T18:36:41Z
Rating: important
References:

* bsc#1248631
* bsc#1249207
* bsc#1249208
* bsc#1249847
* bsc#1252946

Cross-References:

* CVE-2022-50252
* CVE-2025-38617
* CVE-2025-38618
* CVE-2025-38664

CVSS scores:

* CVE-2022-50252 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50252 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38617 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38617 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38618 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38618 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves four vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.116 fixes
various security issues

The following security issues were fixed:

* CVE-2022-50252: igb: Do not free q_vector unless new one was allocated
(bsc#1249847).
* CVE-2025-38617: net/packet: fix a race in packet_set_ring() and
packet_notifier() (bsc#1249208).
* CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY
(bsc#1249207).
* CVE-2025-38664: ice: Fix a null pointer dereference in
ice_copy_and_init_pkg() (bsc#1248631).

The following non security issue was fixed:

* bsc#1249208: fix livepatching target module name (bsc#1252946)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-4062=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-4062=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_29-debugsource-6-150500.4.1
* kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-6-150500.4.1
* kernel-livepatch-5_14_21-150500_55_116-default-6-150500.4.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-6-150500.4.1
* kernel-livepatch-5_14_21-150500_55_116-default-6-150500.4.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x)
* kernel-livepatch-SLE15-SP5_Update_29-debugsource-6-150500.4.1

## References:

* https://www.suse.com/security/cve/CVE-2022-50252.html
* https://www.suse.com/security/cve/CVE-2025-38617.html
* https://www.suse.com/security/cve/CVE-2025-38618.html
* https://www.suse.com/security/cve/CVE-2025-38664.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248631
* https://bugzilla.suse.com/show_bug.cgi?id=1249207
* https://bugzilla.suse.com/show_bug.cgi?id=1249208
* https://bugzilla.suse.com/show_bug.cgi?id=1249847
* https://bugzilla.suse.com/show_bug.cgi?id=1252946


Firefox update for Slackware

Raptor updates for Ubuntu 16.04 LTS and 18.04 LTS

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...