Chromium, Tomcat, Fractal, and more updates for SUSE

SUSE 5495 Published by

SUSE Linux has received several security updates, including Chromium, Tomcat, Python311-pypdf, Fractal, Podman, Ruby, libavif, and Apache Commons Lang:

openSUSE-SU-2025:0301-1: important: Security update for chromium
openSUSE-SU-2025:15441-1: moderate: tomcat-9.0.107-1.1 on GA media
openSUSE-SU-2025:15440-1: moderate: python311-pypdf-6.0.0-1.1 on GA media
openSUSE-SU-2025:15442-1: moderate: tomcat10-10.1.43-1.1 on GA media
openSUSE-SU-2025:15439-1: moderate: fractal-12.0-2.1 on GA media
openSUSE-SU-2025:15443-1: moderate: tomcat11-11.0.9-1.1 on GA media
SUSE-SU-2025:02807-1: important: Security update for podman
SUSE-SU-2025:02806-1: important: Security update for podman
SUSE-SU-2025:02808-1: important: Security update for podman
SUSE-SU-2025:02814-1: moderate: Security update for ruby2.5
SUSE-SU-2025:02817-1: moderate: Security update for libavif
SUSE-SU-2025:02818-1: moderate: Security update for apache-commons-lang3




openSUSE-SU-2025:0301-1: important: Security update for chromium


openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2025:0301-1
Rating: important
References: #1247981
Cross-References: CVE-2025-8879 CVE-2025-8880 CVE-2025-8881
CVE-2025-8882 CVE-2025-8901
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes 5 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Chromium 139.0.7258.127 (boo#1247981):

* CVE-2025-8879: Heap buffer overflow in libaom
* CVE-2025-8880: Race in V8
* CVE-2025-8901: Out of bounds write in ANGLE
* CVE-2025-8881: Inappropriate implementation in File Picker
* CVE-2025-8882: Use after free in Aura
* Various fixes from internal audits, fuzzing and other initiatives

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2025-301=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le x86_64):

chromedriver-139.0.7258.127-bp157.2.37.1
chromedriver-debuginfo-139.0.7258.127-bp157.2.37.1
chromium-139.0.7258.127-bp157.2.37.1
chromium-debuginfo-139.0.7258.127-bp157.2.37.1

References:

https://www.suse.com/security/cve/CVE-2025-8879.html
https://www.suse.com/security/cve/CVE-2025-8880.html
https://www.suse.com/security/cve/CVE-2025-8881.html
https://www.suse.com/security/cve/CVE-2025-8882.html
https://www.suse.com/security/cve/CVE-2025-8901.html
https://bugzilla.suse.com/1247981



openSUSE-SU-2025:15441-1: moderate: tomcat-9.0.107-1.1 on GA media


# tomcat-9.0.107-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15441-1
Rating: moderate

Cross-References:

* CVE-2025-52434
* CVE-2025-52520
* CVE-2025-53506

CVSS scores:

* CVE-2025-52434 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-52434 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-52520 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-52520 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-53506 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-53506 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the tomcat-9.0.107-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* tomcat 9.0.107-1.1
* tomcat-admin-webapps 9.0.107-1.1
* tomcat-docs-webapp 9.0.107-1.1
* tomcat-el-3_0-api 9.0.107-1.1
* tomcat-embed 9.0.107-1.1
* tomcat-javadoc 9.0.107-1.1
* tomcat-jsp-2_3-api 9.0.107-1.1
* tomcat-jsvc 9.0.107-1.1
* tomcat-lib 9.0.107-1.1
* tomcat-servlet-4_0-api 9.0.107-1.1
* tomcat-webapps 9.0.107-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-52434.html
* https://www.suse.com/security/cve/CVE-2025-52520.html
* https://www.suse.com/security/cve/CVE-2025-53506.html



openSUSE-SU-2025:15440-1: moderate: python311-pypdf-6.0.0-1.1 on GA media


# python311-pypdf-6.0.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15440-1
Rating: moderate

Cross-References:

* CVE-2025-55197

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-pypdf-6.0.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-pypdf 6.0.0-1.1
* python312-pypdf 6.0.0-1.1
* python313-pypdf 6.0.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-55197.html



openSUSE-SU-2025:15442-1: moderate: tomcat10-10.1.43-1.1 on GA media


# tomcat10-10.1.43-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15442-1
Rating: moderate

Cross-References:

* CVE-2025-52520
* CVE-2025-53506

CVSS scores:

* CVE-2025-52520 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-52520 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-53506 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-53506 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the tomcat10-10.1.43-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* tomcat10 10.1.43-1.1
* tomcat10-admin-webapps 10.1.43-1.1
* tomcat10-doc 10.1.43-1.1
* tomcat10-docs-webapp 10.1.43-1.1
* tomcat10-el-5_0-api 10.1.43-1.1
* tomcat10-embed 10.1.43-1.1
* tomcat10-jsp-3_1-api 10.1.43-1.1
* tomcat10-jsvc 10.1.43-1.1
* tomcat10-lib 10.1.43-1.1
* tomcat10-servlet-6_0-api 10.1.43-1.1
* tomcat10-webapps 10.1.43-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-52520.html
* https://www.suse.com/security/cve/CVE-2025-53506.html



openSUSE-SU-2025:15439-1: moderate: fractal-12.0-2.1 on GA media


# fractal-12.0-2.1 on GA media

Announcement ID: openSUSE-SU-2025:15439-1
Rating: moderate

Cross-References:

* CVE-2055-55159

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the fractal-12.0-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* fractal 12.0-2.1
* fractal-lang 12.0-2.1

## References:

* https://www.suse.com/security/cve/CVE-2055-55159.html



openSUSE-SU-2025:15443-1: moderate: tomcat11-11.0.9-1.1 on GA media


# tomcat11-11.0.9-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15443-1
Rating: moderate

Cross-References:

* CVE-2025-52520
* CVE-2025-53506

CVSS scores:

* CVE-2025-52520 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-52520 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-53506 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-53506 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the tomcat11-11.0.9-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* tomcat11 11.0.9-1.1
* tomcat11-admin-webapps 11.0.9-1.1
* tomcat11-doc 11.0.9-1.1
* tomcat11-docs-webapp 11.0.9-1.1
* tomcat11-el-6_0-api 11.0.9-1.1
* tomcat11-embed 11.0.9-1.1
* tomcat11-jsp-4_0-api 11.0.9-1.1
* tomcat11-jsvc 11.0.9-1.1
* tomcat11-lib 11.0.9-1.1
* tomcat11-servlet-6_1-api 11.0.9-1.1
* tomcat11-webapps 11.0.9-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-52520.html
* https://www.suse.com/security/cve/CVE-2025-53506.html



SUSE-SU-2025:02807-1: important: Security update for podman


# Security update for podman

Announcement ID: SUSE-SU-2025:02807-1
Release Date: 2025-08-15T12:50:56Z
Rating: important
References:

* bsc#1245320

Cross-References:

* CVE-2025-6032

CVSS scores:

* CVE-2025-6032 ( SUSE ): 9.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-6032 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-6032 ( NVD ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves one vulnerability can now be installed.

## Description:

This update for podman fixes the following issues:

* CVE-2025-6032: Fixed machine init command failing to verify TLS certificate
(bsc#1245320)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2807=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2807=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2807=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2807=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2807=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2807=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2807=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2807=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2807=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* podman-debuginfo-4.9.5-150400.4.50.1
* podman-4.9.5-150400.4.50.1
* podman-remote-debuginfo-4.9.5-150400.4.50.1
* podman-remote-4.9.5-150400.4.50.1
* podmansh-4.9.5-150400.4.50.1
* openSUSE Leap 15.4 (noarch)
* podman-docker-4.9.5-150400.4.50.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* podman-debuginfo-4.9.5-150400.4.50.1
* podman-remote-4.9.5-150400.4.50.1
* podman-4.9.5-150400.4.50.1
* podman-remote-debuginfo-4.9.5-150400.4.50.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* podman-debuginfo-4.9.5-150400.4.50.1
* podman-remote-4.9.5-150400.4.50.1
* podman-4.9.5-150400.4.50.1
* podman-remote-debuginfo-4.9.5-150400.4.50.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* podman-debuginfo-4.9.5-150400.4.50.1
* podman-remote-4.9.5-150400.4.50.1
* podman-4.9.5-150400.4.50.1
* podman-remote-debuginfo-4.9.5-150400.4.50.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* podman-debuginfo-4.9.5-150400.4.50.1
* podman-remote-4.9.5-150400.4.50.1
* podman-4.9.5-150400.4.50.1
* podman-remote-debuginfo-4.9.5-150400.4.50.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* podman-debuginfo-4.9.5-150400.4.50.1
* podman-remote-4.9.5-150400.4.50.1
* podman-4.9.5-150400.4.50.1
* podman-remote-debuginfo-4.9.5-150400.4.50.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.50.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* podman-debuginfo-4.9.5-150400.4.50.1
* podman-remote-4.9.5-150400.4.50.1
* podman-4.9.5-150400.4.50.1
* podman-remote-debuginfo-4.9.5-150400.4.50.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.50.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* podman-debuginfo-4.9.5-150400.4.50.1
* podman-remote-4.9.5-150400.4.50.1
* podman-4.9.5-150400.4.50.1
* podman-remote-debuginfo-4.9.5-150400.4.50.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* podman-docker-4.9.5-150400.4.50.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* podman-debuginfo-4.9.5-150400.4.50.1
* podman-remote-4.9.5-150400.4.50.1
* podman-4.9.5-150400.4.50.1
* podman-remote-debuginfo-4.9.5-150400.4.50.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.50.1

## References:

* https://www.suse.com/security/cve/CVE-2025-6032.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245320



SUSE-SU-2025:02806-1: important: Security update for podman


# Security update for podman

Announcement ID: SUSE-SU-2025:02806-1
Release Date: 2025-08-15T12:50:31Z
Rating: important
References:

* bsc#1245320

Cross-References:

* CVE-2025-6032

CVSS scores:

* CVE-2025-6032 ( SUSE ): 9.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-6032 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-6032 ( NVD ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves one vulnerability can now be installed.

## Description:

This update for podman fixes the following issues:

* CVE-2025-6032: Fixed machine init command failing to verify TLS certificate
(bsc#1245320)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2806=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2806=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2806=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2806=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-2806=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-2806=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2806=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2806=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* podman-4.9.5-150300.9.52.1
* podman-remote-debuginfo-4.9.5-150300.9.52.1
* podmansh-4.9.5-150300.9.52.1
* podman-debuginfo-4.9.5-150300.9.52.1
* podman-remote-4.9.5-150300.9.52.1
* openSUSE Leap 15.3 (noarch)
* podman-docker-4.9.5-150300.9.52.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* podman-remote-debuginfo-4.9.5-150300.9.52.1
* podman-remote-4.9.5-150300.9.52.1
* podman-4.9.5-150300.9.52.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* podman-remote-debuginfo-4.9.5-150300.9.52.1
* podman-remote-4.9.5-150300.9.52.1
* podman-4.9.5-150300.9.52.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* podman-remote-debuginfo-4.9.5-150300.9.52.1
* podman-remote-4.9.5-150300.9.52.1
* podman-4.9.5-150300.9.52.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* podman-remote-debuginfo-4.9.5-150300.9.52.1
* podman-remote-4.9.5-150300.9.52.1
* podman-4.9.5-150300.9.52.1
* podman-debuginfo-4.9.5-150300.9.52.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* podman-remote-debuginfo-4.9.5-150300.9.52.1
* podman-remote-4.9.5-150300.9.52.1
* podman-4.9.5-150300.9.52.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* podman-remote-debuginfo-4.9.5-150300.9.52.1
* podman-remote-4.9.5-150300.9.52.1
* podman-4.9.5-150300.9.52.1
* podman-debuginfo-4.9.5-150300.9.52.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* podman-remote-debuginfo-4.9.5-150300.9.52.1
* podman-remote-4.9.5-150300.9.52.1
* podman-4.9.5-150300.9.52.1
* podman-debuginfo-4.9.5-150300.9.52.1

## References:

* https://www.suse.com/security/cve/CVE-2025-6032.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245320



SUSE-SU-2025:02808-1: important: Security update for podman


# Security update for podman

Announcement ID: SUSE-SU-2025:02808-1
Release Date: 2025-08-15T12:51:31Z
Rating: important
References:

* bsc#1245320

Cross-References:

* CVE-2025-6032

CVSS scores:

* CVE-2025-6032 ( SUSE ): 9.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-6032 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-6032 ( NVD ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products:

* Containers Module 15-SP6
* Containers Module 15-SP7
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for podman fixes the following issues:

* CVE-2025-6032: Fixed machine init command failing to verify TLS certificate
(bsc#1245320)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2808=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2808=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2808=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2808=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-2808=1

* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-2808=1

* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2025-2808=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2808=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2808=1

## Package List:

* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* podman-remote-debuginfo-4.9.5-150500.3.46.1
* podmansh-4.9.5-150500.3.46.1
* podman-remote-4.9.5-150500.3.46.1
* podman-4.9.5-150500.3.46.1
* podman-debuginfo-4.9.5-150500.3.46.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* podman-docker-4.9.5-150500.3.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* podman-remote-debuginfo-4.9.5-150500.3.46.1
* podmansh-4.9.5-150500.3.46.1
* podman-remote-4.9.5-150500.3.46.1
* podman-4.9.5-150500.3.46.1
* podman-debuginfo-4.9.5-150500.3.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* podman-docker-4.9.5-150500.3.46.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* podman-remote-debuginfo-4.9.5-150500.3.46.1
* podmansh-4.9.5-150500.3.46.1
* podman-remote-4.9.5-150500.3.46.1
* podman-4.9.5-150500.3.46.1
* podman-debuginfo-4.9.5-150500.3.46.1
* openSUSE Leap 15.5 (noarch)
* podman-docker-4.9.5-150500.3.46.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* podman-remote-debuginfo-4.9.5-150500.3.46.1
* podmansh-4.9.5-150500.3.46.1
* podman-remote-4.9.5-150500.3.46.1
* podman-4.9.5-150500.3.46.1
* podman-debuginfo-4.9.5-150500.3.46.1
* openSUSE Leap 15.6 (noarch)
* podman-docker-4.9.5-150500.3.46.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* podman-remote-debuginfo-4.9.5-150500.3.46.1
* podmansh-4.9.5-150500.3.46.1
* podman-remote-4.9.5-150500.3.46.1
* podman-4.9.5-150500.3.46.1
* podman-debuginfo-4.9.5-150500.3.46.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* podman-docker-4.9.5-150500.3.46.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* podman-remote-debuginfo-4.9.5-150500.3.46.1
* podmansh-4.9.5-150500.3.46.1
* podman-remote-4.9.5-150500.3.46.1
* podman-4.9.5-150500.3.46.1
* podman-debuginfo-4.9.5-150500.3.46.1
* Containers Module 15-SP6 (noarch)
* podman-docker-4.9.5-150500.3.46.1
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* podman-remote-debuginfo-4.9.5-150500.3.46.1
* podmansh-4.9.5-150500.3.46.1
* podman-remote-4.9.5-150500.3.46.1
* podman-4.9.5-150500.3.46.1
* podman-debuginfo-4.9.5-150500.3.46.1
* Containers Module 15-SP7 (noarch)
* podman-docker-4.9.5-150500.3.46.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* podman-remote-debuginfo-4.9.5-150500.3.46.1
* podmansh-4.9.5-150500.3.46.1
* podman-remote-4.9.5-150500.3.46.1
* podman-4.9.5-150500.3.46.1
* podman-debuginfo-4.9.5-150500.3.46.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* podman-docker-4.9.5-150500.3.46.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* podman-remote-debuginfo-4.9.5-150500.3.46.1
* podmansh-4.9.5-150500.3.46.1
* podman-remote-4.9.5-150500.3.46.1
* podman-4.9.5-150500.3.46.1
* podman-debuginfo-4.9.5-150500.3.46.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* podman-docker-4.9.5-150500.3.46.1

## References:

* https://www.suse.com/security/cve/CVE-2025-6032.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245320



SUSE-SU-2025:02814-1: moderate: Security update for ruby2.5


# Security update for ruby2.5

Announcement ID: SUSE-SU-2025:02814-1
Release Date: 2025-08-15T12:53:30Z
Rating: moderate
References:

* bsc#1225905

Cross-References:

* CVE-2024-35221

CVSS scores:

* CVE-2024-35221 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for ruby2.5 fixes the following issues:

* CVE-2024-35221: Fixed remote denial of service via YAML manifest
(bsc#1225905)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2814=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2814=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1
* libruby2_5-2_5-2.5.9-150000.4.49.1
* ruby2.5-debuginfo-2.5.9-150000.4.49.1
* ruby2.5-debugsource-2.5.9-150000.4.49.1
* ruby2.5-stdlib-2.5.9-150000.4.49.1
* ruby2.5-doc-2.5.9-150000.4.49.1
* ruby2.5-devel-2.5.9-150000.4.49.1
* libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1
* ruby2.5-2.5.9-150000.4.49.1
* ruby2.5-devel-extra-2.5.9-150000.4.49.1
* openSUSE Leap 15.6 (noarch)
* ruby2.5-doc-ri-2.5.9-150000.4.49.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1
* libruby2_5-2_5-2.5.9-150000.4.49.1
* ruby2.5-debuginfo-2.5.9-150000.4.49.1
* ruby2.5-debugsource-2.5.9-150000.4.49.1
* ruby2.5-stdlib-2.5.9-150000.4.49.1
* ruby2.5-devel-2.5.9-150000.4.49.1
* libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1
* ruby2.5-2.5.9-150000.4.49.1
* ruby2.5-devel-extra-2.5.9-150000.4.49.1

## References:

* https://www.suse.com/security/cve/CVE-2024-35221.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225905



SUSE-SU-2025:02817-1: moderate: Security update for libavif


# Security update for libavif

Announcement ID: SUSE-SU-2025:02817-1
Release Date: 2025-08-15T12:56:05Z
Rating: moderate
References:

* bsc#1243269
* bsc#1243270
* jsc#PED-13277

Cross-References:

* CVE-2025-48174
* CVE-2025-48175

CVSS scores:

* CVE-2025-48174 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-48174 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
* CVE-2025-48174 ( NVD ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L
* CVE-2025-48174 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-48175 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-48175 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
* CVE-2025-48175 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2025-48175 ( NVD ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities and contains one feature can now be
installed.

## Description:

This update for libavif fixes the following issues:

* update to 1.3.0:
* CVE-2025-48175: Fixed an integer overflows in multiplications involving
rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes. (bsc#1243270)
* CVE-2025-48174: Fixed an integer overflow and resultant buffer overflow in
stream->offset+size. (bsc#1243269)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2817=1 openSUSE-SLE-15.6-2025-2817=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2817=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libavif-debugsource-1.3.0-150600.3.5.1
* avif-tools-1.3.0-150600.3.5.1
* libavif-devel-1.3.0-150600.3.5.1
* libavif16-1.3.0-150600.3.5.1
* avif-tools-debuginfo-1.3.0-150600.3.5.1
* gdk-pixbuf-loader-libavif-debuginfo-1.3.0-150600.3.5.1
* gdk-pixbuf-loader-libavif-1.3.0-150600.3.5.1
* libavif16-debuginfo-1.3.0-150600.3.5.1
* openSUSE Leap 15.6 (x86_64)
* libavif16-32bit-debuginfo-1.3.0-150600.3.5.1
* libavif16-32bit-1.3.0-150600.3.5.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libavif16-64bit-debuginfo-1.3.0-150600.3.5.1
* libavif16-64bit-1.3.0-150600.3.5.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libavif16-1.3.0-150600.3.5.1
* libavif16-debuginfo-1.3.0-150600.3.5.1
* libavif-debugsource-1.3.0-150600.3.5.1

## References:

* https://www.suse.com/security/cve/CVE-2025-48174.html
* https://www.suse.com/security/cve/CVE-2025-48175.html
* https://bugzilla.suse.com/show_bug.cgi?id=1243269
* https://bugzilla.suse.com/show_bug.cgi?id=1243270
* https://jira.suse.com/browse/PED-13277



SUSE-SU-2025:02818-1: moderate: Security update for apache-commons-lang3


# Security update for apache-commons-lang3

Announcement ID: SUSE-SU-2025:02818-1
Release Date: 2025-08-15T12:56:38Z
Rating: moderate
References:

* bsc#1246397

Cross-References:

* CVE-2025-48924

CVSS scores:

* CVE-2025-48924 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-48924 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-48924 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Server 4.3
* SUSE Manager Server 4.3 Module

An update that solves one vulnerability can now be installed.

## Description:

This update for apache-commons-lang3 fixes the following issues:

* Update to version 3.18.0
* CVE-2025-48924: Fixed an uncontrolled recursion vulnerability that may lead
to a DoS. (bsc#1246397)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2818=1

* SUSE Manager Server 4.3 Module
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2025-2818=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2818=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2818=1

## Package List:

* Basesystem Module 15-SP7 (noarch)
* apache-commons-lang3-3.18.0-150200.3.12.1
* SUSE Manager Server 4.3 Module (noarch)
* apache-commons-lang3-3.18.0-150200.3.12.1
* openSUSE Leap 15.6 (noarch)
* apache-commons-lang3-javadoc-3.18.0-150200.3.12.1
* apache-commons-lang3-3.18.0-150200.3.12.1
* Basesystem Module 15-SP6 (noarch)
* apache-commons-lang3-3.18.0-150200.3.12.1

## References:

* https://www.suse.com/security/cve/CVE-2025-48924.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246397


PCP and LibXML2 updates for Oracle Linux

Dns-Root-Data DNSSEC trust anchors update for Debian ELTS

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...