SUSE has released security updates for various packages, including the Linux Kernel and Chromium. The Linux Kernel update is considered important, while the Chromium updates are also important. Additionally, there are moderate security updates for bluez, frr, mariadb, and other packages such as cups, cairo, cmake, and more.

openSUSE-SU-2025:15562-1: moderate: cups-2.4.14-1.1 on GA media
SUSE-SU-2025:03280-1: low: Security update for cairo
SUSE-SU-2025:03281-1: low: Security update for cmake
SUSE-SU-2025:03283-1: important: Security update for the Linux Kernel
openSUSE-SU-2025:0367-1: important: Security update for chromium
openSUSE-SU-2025:0368-1: important: Security update for chromium
SUSE-SU-2025:03277-1: moderate: Security update for bluez
SUSE-SU-2025:03274-1: moderate: Security update for frr
SUSE-SU-2025:03275-1: moderate: Security update for mariadb
SUSE-SU-2025:03276-1: moderate: Security update for mariadb
SUSE-SU-2025:03278-1: important: Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-contai ...

openSUSE-SU-2025:15562-1: moderate: cups-2.4.14-1.1 on GA media

# cups-2.4.14-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15562-1
Rating: moderate

Cross-References:

* CVE-2025-58060
* CVE-2025-58364

CVSS scores:

* CVE-2025-58060 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-58060 ( SUSE ): 7.7 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-58364 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the cups-2.4.14-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* cups 2.4.14-1.1
* cups-client 2.4.14-1.1
* cups-config 2.4.14-1.1
* cups-ddk 2.4.14-1.1
* cups-devel 2.4.14-1.1
* cups-devel-32bit 2.4.14-1.1
* libcups2 2.4.14-1.1
* libcups2-32bit 2.4.14-1.1
* libcupsimage2 2.4.14-1.1
* libcupsimage2-32bit 2.4.14-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-58060.html
* https://www.suse.com/security/cve/CVE-2025-58364.html

SUSE-SU-2025:03280-1: low: Security update for cairo

# Security update for cairo

Announcement ID: SUSE-SU-2025:03280-1
Release Date: 2025-09-19T17:43:22Z
Rating: low
References:

* bsc#1247589

Cross-References:

* CVE-2025-50422

CVSS scores:

* CVE-2025-50422 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-50422 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-50422 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves one vulnerability can now be installed.

## Description:

This update for cairo fixes the following issues:

* CVE-2025-50422: NULL pointer access in `active_edges_to_traps()` can lead to
crash in Poppler (bsc#1247589).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3280=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-3280=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-3280=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-3280=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-3280=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-3280=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libcairo-script-interpreter2-debuginfo-1.16.0-150400.11.9.1
* libcairo2-debuginfo-1.16.0-150400.11.9.1
* cairo-devel-1.16.0-150400.11.9.1
* cairo-tools-debuginfo-1.16.0-150400.11.9.1
* libcairo-gobject2-debuginfo-1.16.0-150400.11.9.1
* cairo-tools-1.16.0-150400.11.9.1
* libcairo-gobject2-1.16.0-150400.11.9.1
* libcairo2-1.16.0-150400.11.9.1
* cairo-debugsource-1.16.0-150400.11.9.1
* libcairo-script-interpreter2-1.16.0-150400.11.9.1
* openSUSE Leap 15.4 (x86_64)
* libcairo-gobject2-32bit-1.16.0-150400.11.9.1
* cairo-devel-32bit-1.16.0-150400.11.9.1
* libcairo-gobject2-32bit-debuginfo-1.16.0-150400.11.9.1
* libcairo-script-interpreter2-32bit-debuginfo-1.16.0-150400.11.9.1
* libcairo2-32bit-debuginfo-1.16.0-150400.11.9.1
* libcairo-script-interpreter2-32bit-1.16.0-150400.11.9.1
* libcairo2-32bit-1.16.0-150400.11.9.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libcairo2-64bit-1.16.0-150400.11.9.1
* libcairo-script-interpreter2-64bit-debuginfo-1.16.0-150400.11.9.1
* libcairo-script-interpreter2-64bit-1.16.0-150400.11.9.1
* libcairo-gobject2-64bit-1.16.0-150400.11.9.1
* libcairo-gobject2-64bit-debuginfo-1.16.0-150400.11.9.1
* libcairo2-64bit-debuginfo-1.16.0-150400.11.9.1
* cairo-devel-64bit-1.16.0-150400.11.9.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libcairo2-debuginfo-1.16.0-150400.11.9.1
* libcairo-gobject2-debuginfo-1.16.0-150400.11.9.1
* libcairo-gobject2-1.16.0-150400.11.9.1
* libcairo2-1.16.0-150400.11.9.1
* cairo-debugsource-1.16.0-150400.11.9.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libcairo2-debuginfo-1.16.0-150400.11.9.1
* libcairo-gobject2-debuginfo-1.16.0-150400.11.9.1
* libcairo-gobject2-1.16.0-150400.11.9.1
* libcairo2-1.16.0-150400.11.9.1
* cairo-debugsource-1.16.0-150400.11.9.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libcairo2-debuginfo-1.16.0-150400.11.9.1
* libcairo-gobject2-debuginfo-1.16.0-150400.11.9.1
* libcairo-gobject2-1.16.0-150400.11.9.1
* libcairo2-1.16.0-150400.11.9.1
* cairo-debugsource-1.16.0-150400.11.9.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libcairo2-debuginfo-1.16.0-150400.11.9.1
* libcairo-gobject2-debuginfo-1.16.0-150400.11.9.1
* libcairo-gobject2-1.16.0-150400.11.9.1
* libcairo2-1.16.0-150400.11.9.1
* cairo-debugsource-1.16.0-150400.11.9.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libcairo2-debuginfo-1.16.0-150400.11.9.1
* libcairo-gobject2-debuginfo-1.16.0-150400.11.9.1
* libcairo-gobject2-1.16.0-150400.11.9.1
* libcairo2-1.16.0-150400.11.9.1
* cairo-debugsource-1.16.0-150400.11.9.1

## References:

* https://www.suse.com/security/cve/CVE-2025-50422.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247589

SUSE-SU-2025:03281-1: low: Security update for cmake

# Security update for cmake

Announcement ID: SUSE-SU-2025:03281-1
Release Date: 2025-09-19T17:44:35Z
Rating: low
References:

* bsc#1248461

Cross-References:

* CVE-2025-9301

CVSS scores:

* CVE-2025-9301 ( SUSE ): 4.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-9301 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-9301 ( NVD ): 1.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-9301 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Leap 15.4

An update that solves one vulnerability can now be installed.

## Description:

This update for cmake fixes the following issues:

* CVE-2025-9301: Fixed assertion failure due to improper validation
(bsc#1248461)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3281=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* cmake-man-3.20.4-150400.4.9.1
* cmake-mini-debugsource-3.20.4-150400.4.9.1
* cmake-3.20.4-150400.4.9.1
* cmake-full-debugsource-3.20.4-150400.4.9.1
* cmake-mini-3.20.4-150400.4.9.1
* cmake-mini-debuginfo-3.20.4-150400.4.9.1
* cmake-full-debuginfo-3.20.4-150400.4.9.1
* cmake-gui-3.20.4-150400.4.9.1
* cmake-full-3.20.4-150400.4.9.1
* cmake-gui-debuginfo-3.20.4-150400.4.9.1
* cmake-ui-debugsource-3.20.4-150400.4.9.1

## References:

* https://www.suse.com/security/cve/CVE-2025-9301.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248461

SUSE-SU-2025:03283-1: important: Security update for the Linux Kernel

# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2025:03283-1
Release Date: 2025-09-19T17:49:43Z
Rating: important
References:

* bsc#1229334
* bsc#1233640
* bsc#1234896
* bsc#1240375
* bsc#1242780
* bsc#1244824
* bsc#1245110
* bsc#1245956
* bsc#1245970
* bsc#1246211
* bsc#1246473
* bsc#1246911
* bsc#1247143
* bsc#1247374
* bsc#1247518
* bsc#1247976
* bsc#1248223
* bsc#1248297
* bsc#1248306
* bsc#1248312
* bsc#1248338
* bsc#1248511
* bsc#1248614
* bsc#1248621
* bsc#1248748
* jsc#PED-8240

Cross-References:

* CVE-2022-49980
* CVE-2022-50116
* CVE-2023-53117
* CVE-2024-42265
* CVE-2024-53093
* CVE-2024-53177
* CVE-2024-58239
* CVE-2025-38180
* CVE-2025-38184
* CVE-2025-38323
* CVE-2025-38352
* CVE-2025-38460
* CVE-2025-38498
* CVE-2025-38499
* CVE-2025-38546
* CVE-2025-38555
* CVE-2025-38560
* CVE-2025-38563
* CVE-2025-38608
* CVE-2025-38617
* CVE-2025-38618
* CVE-2025-38644

CVSS scores:

* CVE-2022-49980 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49980 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-50116 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53117 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53117 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-42265 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2024-53093 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53093 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53177 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53177 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-58239 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-58239 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38180 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38180 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38184 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38184 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38323 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38352 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38352 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38460 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38460 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38499 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H
* CVE-2025-38499 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
* CVE-2025-38546 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38546 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38560 ( SUSE ): 5.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
* CVE-2025-38560 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-38563 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-38608 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38608 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-38617 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38617 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38618 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38618 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38644 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38644 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise Micro 5.5

An update that solves 22 vulnerabilities, contains one feature and has three
security fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various
security bugfixes.

The following security bugs were fixed:

* CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent()
(bsc#1245110).
* CVE-2022-50116: tty: n_gsm: fix deadlock and link starvation in outgoing
data path (bsc#1244824).
* CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a
file descriptor (bsc#1242780).
* CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from
mispredictions (bsc#1229334).
* CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640).
* CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error
paths (bsc#1234896).
* CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA
(bsc#1248614).
* CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
* CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of
ethernet bearer (bsc#1245956).
* CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
* CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers()
and posix_cpu_timer_del() (bsc#1246911).
* CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd()
(bsc#1247143).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247374).
* CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN
in the right userns (bsc#1247976).
* CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248297).
* CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation
(bsc#1248312).
* CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings
(bsc#1248306).
* CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data()
in ktls (bsc#1248338).
* CVE-2025-38617: net/packet: fix a race in packet_set_ring() and
packet_notifier() (bsc#1248621).
* CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY
(bsc#1248511).
* CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not
associated (bsc#1248748).

The following non-security bugs were fixed:

* Disable N_GSM (jsc#PED-8240, bsc#1244824).
* NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
* NFSv4: fairly test all delegations on a SEQ4_ revocation (bsc#1246211).
* kabi fix for NFSv4: fairly test all delegations on a SEQ4_ revocation
(bsc#1246211).
* security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).
* selinux: Implement mptcp_add_subflow hook (bsc#1240375).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3283=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-3283=1

## Package List:

* openSUSE Leap 15.5 (noarch)
* kernel-source-rt-5.14.21-150500.13.106.1
* kernel-devel-rt-5.14.21-150500.13.106.1
* openSUSE Leap 15.5 (x86_64)
* kernel-rt-devel-debuginfo-5.14.21-150500.13.106.1
* kernel-rt-optional-debuginfo-5.14.21-150500.13.106.1
* kernel-rt-livepatch-5.14.21-150500.13.106.1
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.106.1
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.106.1
* ocfs2-kmp-rt-5.14.21-150500.13.106.1
* kselftests-kmp-rt-5.14.21-150500.13.106.1
* kernel-rt_debug-vdso-5.14.21-150500.13.106.1
* kernel-rt_debug-debugsource-5.14.21-150500.13.106.1
* kernel-rt-devel-5.14.21-150500.13.106.1
* kernel-rt_debug-devel-5.14.21-150500.13.106.1
* dlm-kmp-rt-5.14.21-150500.13.106.1
* kernel-rt-extra-debuginfo-5.14.21-150500.13.106.1
* kernel-rt-vdso-5.14.21-150500.13.106.1
* cluster-md-kmp-rt-5.14.21-150500.13.106.1
* kernel-rt-debuginfo-5.14.21-150500.13.106.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.106.1
* reiserfs-kmp-rt-5.14.21-150500.13.106.1
* kernel-rt-optional-5.14.21-150500.13.106.1
* kselftests-kmp-rt-debuginfo-5.14.21-150500.13.106.1
* kernel-rt_debug-debuginfo-5.14.21-150500.13.106.1
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.106.1
* kernel-rt-debugsource-5.14.21-150500.13.106.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.106.1
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.106.1
* reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.106.1
* kernel-rt-extra-5.14.21-150500.13.106.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.106.1
* kernel-rt-livepatch-devel-5.14.21-150500.13.106.1
* gfs2-kmp-rt-5.14.21-150500.13.106.1
* openSUSE Leap 15.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.106.1
* kernel-rt_debug-5.14.21-150500.13.106.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* kernel-source-rt-5.14.21-150500.13.106.1
* kernel-devel-rt-5.14.21-150500.13.106.1
* SUSE Linux Enterprise Micro 5.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.106.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* kernel-rt-debugsource-5.14.21-150500.13.106.1
* kernel-rt-debuginfo-5.14.21-150500.13.106.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49980.html
* https://www.suse.com/security/cve/CVE-2022-50116.html
* https://www.suse.com/security/cve/CVE-2023-53117.html
* https://www.suse.com/security/cve/CVE-2024-42265.html
* https://www.suse.com/security/cve/CVE-2024-53093.html
* https://www.suse.com/security/cve/CVE-2024-53177.html
* https://www.suse.com/security/cve/CVE-2024-58239.html
* https://www.suse.com/security/cve/CVE-2025-38180.html
* https://www.suse.com/security/cve/CVE-2025-38184.html
* https://www.suse.com/security/cve/CVE-2025-38323.html
* https://www.suse.com/security/cve/CVE-2025-38352.html
* https://www.suse.com/security/cve/CVE-2025-38460.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38499.html
* https://www.suse.com/security/cve/CVE-2025-38546.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://www.suse.com/security/cve/CVE-2025-38560.html
* https://www.suse.com/security/cve/CVE-2025-38563.html
* https://www.suse.com/security/cve/CVE-2025-38608.html
* https://www.suse.com/security/cve/CVE-2025-38617.html
* https://www.suse.com/security/cve/CVE-2025-38618.html
* https://www.suse.com/security/cve/CVE-2025-38644.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229334
* https://bugzilla.suse.com/show_bug.cgi?id=1233640
* https://bugzilla.suse.com/show_bug.cgi?id=1234896
* https://bugzilla.suse.com/show_bug.cgi?id=1240375
* https://bugzilla.suse.com/show_bug.cgi?id=1242780
* https://bugzilla.suse.com/show_bug.cgi?id=1244824
* https://bugzilla.suse.com/show_bug.cgi?id=1245110
* https://bugzilla.suse.com/show_bug.cgi?id=1245956
* https://bugzilla.suse.com/show_bug.cgi?id=1245970
* https://bugzilla.suse.com/show_bug.cgi?id=1246211
* https://bugzilla.suse.com/show_bug.cgi?id=1246473
* https://bugzilla.suse.com/show_bug.cgi?id=1246911
* https://bugzilla.suse.com/show_bug.cgi?id=1247143
* https://bugzilla.suse.com/show_bug.cgi?id=1247374
* https://bugzilla.suse.com/show_bug.cgi?id=1247518
* https://bugzilla.suse.com/show_bug.cgi?id=1247976
* https://bugzilla.suse.com/show_bug.cgi?id=1248223
* https://bugzilla.suse.com/show_bug.cgi?id=1248297
* https://bugzilla.suse.com/show_bug.cgi?id=1248306
* https://bugzilla.suse.com/show_bug.cgi?id=1248312
* https://bugzilla.suse.com/show_bug.cgi?id=1248338
* https://bugzilla.suse.com/show_bug.cgi?id=1248511
* https://bugzilla.suse.com/show_bug.cgi?id=1248614
* https://bugzilla.suse.com/show_bug.cgi?id=1248621
* https://bugzilla.suse.com/show_bug.cgi?id=1248748
* https://jira.suse.com/browse/PED-8240

openSUSE-SU-2025:0367-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2025:0367-1
Rating: important
References: #1249999
Cross-References: CVE-2025-10500 CVE-2025-10501 CVE-2025-10502
CVE-2025-10585
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes four vulnerabilities is now available.

Description:

Chromium was updated to 140.0.7339.185 (stable released 2025-09-17)
boo#1249999

Security issues fixed:

* CVE-2025-10585: Type Confusion in V8
* CVE-2025-10500: Use after free in Dawn
* CVE-2025-10501: Use after free in WebRTC
* CVE-2025-10502: Heap buffer overflow in ANGLE

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2025-367=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 x86_64):

chromedriver-140.0.7339.185-bp157.2.52.1
chromium-140.0.7339.185-bp157.2.52.1

References:

https://www.suse.com/security/cve/CVE-2025-10500.html
https://www.suse.com/security/cve/CVE-2025-10501.html
https://www.suse.com/security/cve/CVE-2025-10502.html
https://www.suse.com/security/cve/CVE-2025-10585.html
https://bugzilla.suse.com/1249999

openSUSE-SU-2025:0368-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2025:0368-1
Rating: important
References: #1249999
Cross-References: CVE-2025-10500 CVE-2025-10501 CVE-2025-10502
CVE-2025-10585
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes four vulnerabilities is now available.

Description:

Chromium was updated to 140.0.7339.185 (stable released 2025-09-17)
boo#1249999

Security issues fixed:

* CVE-2025-10585: Type Confusion in V8
* CVE-2025-10500: Use after free in Dawn
* CVE-2025-10501: Use after free in WebRTC
* CVE-2025-10502: Heap buffer overflow in ANGLE

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-368=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 x86_64):

chromedriver-140.0.7339.185-bp156.2.170.1
chromium-140.0.7339.185-bp156.2.170.1

References:

https://www.suse.com/security/cve/CVE-2025-10500.html
https://www.suse.com/security/cve/CVE-2025-10501.html
https://www.suse.com/security/cve/CVE-2025-10502.html
https://www.suse.com/security/cve/CVE-2025-10585.html
https://bugzilla.suse.com/1249999

SUSE-SU-2025:03277-1: moderate: Security update for bluez

# Security update for bluez

Announcement ID: SUSE-SU-2025:03277-1
Release Date: 2025-09-19T12:18:50Z
Rating: moderate
References:

* bsc#1217877

Cross-References:

* CVE-2023-45866

CVSS scores:

* CVE-2023-45866 ( SUSE ): 6.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-45866 ( NVD ): 6.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves one vulnerability can now be installed.

## Description:

This update for bluez fixes the following issues:

* CVE-2023-45866: keystroke injection and arbitrary command execution via HID
device connections (bsc#1217877).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-3277=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-3277=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-3277=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-3277=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3277=1

## Package List:

* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libbluetooth3-5.62-150400.4.22.1
* libbluetooth3-debuginfo-5.62-150400.4.22.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libbluetooth3-5.62-150400.4.22.1
* libbluetooth3-debuginfo-5.62-150400.4.22.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* bluez-debugsource-5.62-150400.4.22.1
* libbluetooth3-debuginfo-5.62-150400.4.22.1
* bluez-debuginfo-5.62-150400.4.22.1
* libbluetooth3-5.62-150400.4.22.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* bluez-debugsource-5.62-150400.4.22.1
* libbluetooth3-debuginfo-5.62-150400.4.22.1
* bluez-debuginfo-5.62-150400.4.22.1
* libbluetooth3-5.62-150400.4.22.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libbluetooth3-debuginfo-5.62-150400.4.22.1
* bluez-test-debuginfo-5.62-150400.4.22.1
* libbluetooth3-5.62-150400.4.22.1
* bluez-cups-debuginfo-5.62-150400.4.22.1
* bluez-deprecated-debuginfo-5.62-150400.4.22.1
* bluez-debugsource-5.62-150400.4.22.1
* bluez-debuginfo-5.62-150400.4.22.1
* bluez-5.62-150400.4.22.1
* bluez-cups-5.62-150400.4.22.1
* bluez-test-5.62-150400.4.22.1
* bluez-deprecated-5.62-150400.4.22.1
* bluez-devel-5.62-150400.4.22.1
* openSUSE Leap 15.4 (noarch)
* bluez-auto-enable-devices-5.62-150400.4.22.1
* openSUSE Leap 15.4 (x86_64)
* libbluetooth3-32bit-5.62-150400.4.22.1
* bluez-devel-32bit-5.62-150400.4.22.1
* libbluetooth3-32bit-debuginfo-5.62-150400.4.22.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* bluez-devel-64bit-5.62-150400.4.22.1
* libbluetooth3-64bit-5.62-150400.4.22.1
* libbluetooth3-64bit-debuginfo-5.62-150400.4.22.1

## References:

* https://www.suse.com/security/cve/CVE-2023-45866.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217877

SUSE-SU-2025:03274-1: moderate: Security update for frr

# Security update for frr

Announcement ID: SUSE-SU-2025:03274-1
Release Date: 2025-09-19T12:13:54Z
Rating: moderate
References:

* bsc#1235237

Cross-References:

* CVE-2024-55553

CVSS scores:

* CVE-2024-55553 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-55553 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-55553 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.3

An update that solves one vulnerability can now be installed.

## Description:

This update for frr fixes the following issues:

* CVE-2024-55553: excessive resource consumption may lead to denial of service
due to repeated RIB revalidation when processing several RPKI updates
(bsc#1235237).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3274=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* libfrrcares0-7.4-150300.4.35.1
* frr-debugsource-7.4-150300.4.35.1
* libfrrsnmp0-7.4-150300.4.35.1
* frr-devel-7.4-150300.4.35.1
* frr-debuginfo-7.4-150300.4.35.1
* libfrr0-debuginfo-7.4-150300.4.35.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.35.1
* libfrrsnmp0-debuginfo-7.4-150300.4.35.1
* libfrrzmq0-7.4-150300.4.35.1
* libfrr_pb0-debuginfo-7.4-150300.4.35.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.35.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.35.1
* libfrrfpm_pb0-7.4-150300.4.35.1
* libfrr_pb0-7.4-150300.4.35.1
* libmlag_pb0-7.4-150300.4.35.1
* libfrrospfapiclient0-7.4-150300.4.35.1
* libmlag_pb0-debuginfo-7.4-150300.4.35.1
* libfrrzmq0-debuginfo-7.4-150300.4.35.1
* libfrrgrpc_pb0-7.4-150300.4.35.1
* libfrrcares0-debuginfo-7.4-150300.4.35.1
* frr-7.4-150300.4.35.1
* libfrr0-7.4-150300.4.35.1

## References:

* https://www.suse.com/security/cve/CVE-2024-55553.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235237

SUSE-SU-2025:03275-1: moderate: Security update for mariadb

# Security update for mariadb

Announcement ID: SUSE-SU-2025:03275-1
Release Date: 2025-09-19T12:16:20Z
Rating: moderate
References:

* bsc#1239150
* bsc#1239151
* bsc#1249212
* bsc#1249213
* bsc#1249219

Cross-References:

* CVE-2023-52969
* CVE-2023-52970
* CVE-2023-52971
* CVE-2025-30693
* CVE-2025-30722

CVSS scores:

* CVE-2023-52969 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52969 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52970 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52970 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52971 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52971 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-30693 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-30693 ( NVD ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-30722 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-30722 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* Galera for Ericsson 15 SP6
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves five vulnerabilities can now be installed.

## Description:

This update for mariadb fixes the following issues:

Update to version 10.11.14.

Security issues fixed:

* CVE-2025-30693: InnoDB issue allows high privileged attacker with network
access to gain unauthorized update, insert or delete access to data and
cause repeatable crash in MySQL server (bsc#1249213).
* CVE-2025-30722: mysqldump issue allows low privileged attacker with network
access to gain unauthorized update, insert or delete access to data in MySQL
Client (bsc#1249212).
* CVE-2023-52969: crash with empty backtrace log in MariaDB Server
(bsc#1239150).
* CVE-2023-52970: crash in MariaDB Server when inserting from derived table
containing insert target table (bsc#1239151).
* CVE-2023-52971: crash in the optimizer of MariaDB Server when processing
certain queries with subqueries (bsc#1249219).

Release notes and changelog:

* https://mariadb.com/docs/release-notes/community-
server/mariadb-10-11-series/mariadb-10.11.14-release-notes
* https://mariadb.com/docs/release-notes/community-
server/changelogs/changelogs-mariadb-10-11-series/mariadb-10.11.14-changelog
* https://mariadb.com/kb/en/mariadb-10-11-13-release-notes/
* https://mariadb.com/kb/en/mariadb-10-11-13-changelog/
* https://mariadb.com/kb/en/mariadb-10-11-12-release-notes/
* https://mariadb.com/kb/en/mariadb-10-11-12-changelog/

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3275=1 SUSE-2025-3275=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3275=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-3275=1

* Galera for Ericsson 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-ERICSSON-2025-3275=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* mariadb-test-debuginfo-10.11.14-150600.4.14.1
* libmariadbd19-debuginfo-10.11.14-150600.4.14.1
* mariadb-debuginfo-10.11.14-150600.4.14.1
* mariadb-rpm-macros-10.11.14-150600.4.14.1
* mariadb-bench-debuginfo-10.11.14-150600.4.14.1
* mariadb-bench-10.11.14-150600.4.14.1
* mariadb-test-10.11.14-150600.4.14.1
* libmariadbd19-10.11.14-150600.4.14.1
* libmariadbd-devel-10.11.14-150600.4.14.1
* mariadb-client-debuginfo-10.11.14-150600.4.14.1
* mariadb-debugsource-10.11.14-150600.4.14.1
* mariadb-galera-10.11.14-150600.4.14.1
* mariadb-client-10.11.14-150600.4.14.1
* mariadb-10.11.14-150600.4.14.1
* mariadb-tools-10.11.14-150600.4.14.1
* mariadb-tools-debuginfo-10.11.14-150600.4.14.1
* openSUSE Leap 15.6 (noarch)
* mariadb-errormessages-10.11.14-150600.4.14.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* mariadb-debuginfo-10.11.14-150600.4.14.1
* mariadb-debugsource-10.11.14-150600.4.14.1
* mariadb-galera-10.11.14-150600.4.14.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libmariadbd19-debuginfo-10.11.14-150600.4.14.1
* mariadb-debuginfo-10.11.14-150600.4.14.1
* libmariadbd19-10.11.14-150600.4.14.1
* libmariadbd-devel-10.11.14-150600.4.14.1
* mariadb-client-debuginfo-10.11.14-150600.4.14.1
* mariadb-debugsource-10.11.14-150600.4.14.1
* mariadb-client-10.11.14-150600.4.14.1
* mariadb-10.11.14-150600.4.14.1
* mariadb-tools-10.11.14-150600.4.14.1
* mariadb-tools-debuginfo-10.11.14-150600.4.14.1
* Server Applications Module 15-SP6 (noarch)
* mariadb-errormessages-10.11.14-150600.4.14.1
* Galera for Ericsson 15 SP6 (x86_64)
* mariadb-debuginfo-10.11.14-150600.4.14.1
* mariadb-debugsource-10.11.14-150600.4.14.1
* mariadb-galera-10.11.14-150600.4.14.1

## References:

* https://www.suse.com/security/cve/CVE-2023-52969.html
* https://www.suse.com/security/cve/CVE-2023-52970.html
* https://www.suse.com/security/cve/CVE-2023-52971.html
* https://www.suse.com/security/cve/CVE-2025-30693.html
* https://www.suse.com/security/cve/CVE-2025-30722.html
* https://bugzilla.suse.com/show_bug.cgi?id=1239150
* https://bugzilla.suse.com/show_bug.cgi?id=1239151
* https://bugzilla.suse.com/show_bug.cgi?id=1249212
* https://bugzilla.suse.com/show_bug.cgi?id=1249213
* https://bugzilla.suse.com/show_bug.cgi?id=1249219

SUSE-SU-2025:03276-1: moderate: Security update for mariadb

# Security update for mariadb

Announcement ID: SUSE-SU-2025:03276-1
Release Date: 2025-09-19T12:17:27Z
Rating: moderate
References:

* bsc#1239150
* bsc#1239151
* bsc#1243356
* bsc#1249212
* bsc#1249213

Cross-References:

* CVE-2023-52969
* CVE-2023-52970
* CVE-2025-21490
* CVE-2025-30693
* CVE-2025-30722

CVSS scores:

* CVE-2023-52969 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52969 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52970 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52970 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21490 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21490 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21490 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-30693 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-30693 ( NVD ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-30722 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-30722 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* Galera for Ericsson 15 SP4
* Galera for Ericsson 15 SP5
* openSUSE Leap 15.4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for mariadb fixes the following issues:

Update to version 10.6.23.

Security issues fixed:

* CVE-2025-21490: InnoDB issue allows high privileged attacker with network
access to cause a hang or frequently repeatable crash of MySQL Server
(bsc#1243356).
* CVE-2025-30693: InnoDB issue allows high privileged attacker with network
access to gain unauthorized update, insert or delete access to data and
cause repeatable crash in MySQL server (bsc#1249213).
* CVE-2025-30722: mysqldump issue allows low privileged attacker with network
access to gain unauthorized update, insert or delete access to data in MySQL
Client (bsc#1249212).
* CVE-2023-52969: crash with empty backtrace log in MariaDB Server
(bsc#1239150).
* CVE-2023-52970: crash in MariaDB Server when inserting from derived table
containing insert target table (bsc#1239151).

Release notes and changelog:

* https://mariadb.com/docs/release-notes/community-
server/mariadb-10-6-series/mariadb-10.6.23-release-notes
* https://mariadb.com/docs/release-notes/community-
server/changelogs/changelogs-mariadb-106-series/mariadb-10.6.23-changelog
* https://mariadb.com/kb/en/mariadb-10-6-22-release-notes/
* https://mariadb.com/kb/en/mariadb-10-6-22-changelog/
* https://mariadb.com/kb/en/mariadb-10-6-21-release-notes/
* https://mariadb.com/kb/en/mariadb-10-6-21-changelog/

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3276=1

* Galera for Ericsson 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-ERICSSON-2025-3276=1

* Galera for Ericsson 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-ERICSSON-2025-3276=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* mariadb-10.6.23-150400.3.40.1
* mariadb-rpm-macros-10.6.23-150400.3.40.1
* mariadb-tools-debuginfo-10.6.23-150400.3.40.1
* mariadb-galera-10.6.23-150400.3.40.1
* mariadb-test-10.6.23-150400.3.40.1
* mariadb-debugsource-10.6.23-150400.3.40.1
* libmariadbd-devel-10.6.23-150400.3.40.1
* mariadb-bench-debuginfo-10.6.23-150400.3.40.1
* mariadb-client-10.6.23-150400.3.40.1
* mariadb-bench-10.6.23-150400.3.40.1
* mariadb-client-debuginfo-10.6.23-150400.3.40.1
* libmariadbd19-10.6.23-150400.3.40.1
* libmariadbd19-debuginfo-10.6.23-150400.3.40.1
* mariadb-test-debuginfo-10.6.23-150400.3.40.1
* mariadb-tools-10.6.23-150400.3.40.1
* mariadb-debuginfo-10.6.23-150400.3.40.1
* openSUSE Leap 15.4 (noarch)
* mariadb-errormessages-10.6.23-150400.3.40.1
* Galera for Ericsson 15 SP4 (x86_64)
* mariadb-galera-10.6.23-150400.3.40.1
* Galera for Ericsson 15 SP5 (x86_64)
* mariadb-debugsource-10.6.23-150400.3.40.1
* mariadb-galera-10.6.23-150400.3.40.1
* mariadb-debuginfo-10.6.23-150400.3.40.1

## References:

* https://www.suse.com/security/cve/CVE-2023-52969.html
* https://www.suse.com/security/cve/CVE-2023-52970.html
* https://www.suse.com/security/cve/CVE-2025-21490.html
* https://www.suse.com/security/cve/CVE-2025-30693.html
* https://www.suse.com/security/cve/CVE-2025-30722.html
* https://bugzilla.suse.com/show_bug.cgi?id=1239150
* https://bugzilla.suse.com/show_bug.cgi?id=1239151
* https://bugzilla.suse.com/show_bug.cgi?id=1243356
* https://bugzilla.suse.com/show_bug.cgi?id=1249212
* https://bugzilla.suse.com/show_bug.cgi?id=1249213

SUSE-SU-2025:03278-1: important: Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-contai ...

# Security update for kubevirt, virt-api-container, virt-controller-container,
virt-exportproxy-container, virt-exportserver-container, virt-handler-container,
virt-launcher-container, virt-libguestfs-t

Announcement ID: SUSE-SU-2025:03278-1
Release Date: 2025-09-19T13:42:11Z
Rating: important
References:

* bsc#1234537
* bsc#1235303
* bsc#1241772

Cross-References:

* CVE-2024-45337
* CVE-2024-45338
* CVE-2025-22872

CVSS scores:

* CVE-2024-45337 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45337 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-45338 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-45338 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-45338 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-22872 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
* CVE-2025-22872 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
* CVE-2025-22872 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Affected Products:

* Containers Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for kubevirt, virt-api-container, virt-controller-container, virt-
exportproxy-container, virt-exportserver-container, virt-handler-container,
virt-launcher-container, virt-libguestfs-tools-container, virt-operator-
container, virt-pr-helper-container fixes the following issues:

This update for kubevirt updates golang.org/x/net to 0.38.0, fixing security
issues (CVE-2025-22872, CVE-2024-45337, CVE-2024-45338, bsc#1234537,
bsc#1235303, bsc#1241772) and also rebuilds it against current GO.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3278=1 openSUSE-SLE-15.6-2025-3278=1

* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-3278=1

## Package List:

* openSUSE Leap 15.6 (aarch64 x86_64)
* kubevirt-virt-api-debuginfo-1.4.1-150600.5.24.1
* kubevirt-virt-exportserver-debuginfo-1.4.1-150600.5.24.1
* kubevirt-virt-exportproxy-debuginfo-1.4.1-150600.5.24.1
* kubevirt-virtctl-1.4.1-150600.5.24.1
* kubevirt-virt-launcher-debuginfo-1.4.1-150600.5.24.1
* kubevirt-container-disk-1.4.1-150600.5.24.1
* kubevirt-virtctl-debuginfo-1.4.1-150600.5.24.1
* kubevirt-virt-api-1.4.1-150600.5.24.1
* kubevirt-virt-controller-1.4.1-150600.5.24.1
* kubevirt-virt-exportserver-1.4.1-150600.5.24.1
* kubevirt-container-disk-debuginfo-1.4.1-150600.5.24.1
* kubevirt-virt-launcher-1.4.1-150600.5.24.1
* kubevirt-virt-operator-1.4.1-150600.5.24.1
* kubevirt-tests-debuginfo-1.4.1-150600.5.24.1
* kubevirt-virt-exportproxy-1.4.1-150600.5.24.1
* kubevirt-virt-controller-debuginfo-1.4.1-150600.5.24.1
* kubevirt-pr-helper-conf-1.4.1-150600.5.24.1
* kubevirt-tests-1.4.1-150600.5.24.1
* kubevirt-virt-handler-1.4.1-150600.5.24.1
* kubevirt-manifests-1.4.1-150600.5.24.1
* kubevirt-virt-handler-debuginfo-1.4.1-150600.5.24.1
* kubevirt-virt-operator-debuginfo-1.4.1-150600.5.24.1
* obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1
* Containers Module 15-SP6 (aarch64 x86_64)
* kubevirt-virtctl-debuginfo-1.4.1-150600.5.24.1
* kubevirt-virtctl-1.4.1-150600.5.24.1
* kubevirt-manifests-1.4.1-150600.5.24.1

## References:

* https://www.suse.com/security/cve/CVE-2024-45337.html
* https://www.suse.com/security/cve/CVE-2024-45338.html
* https://www.suse.com/security/cve/CVE-2025-22872.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234537
* https://bugzilla.suse.com/show_bug.cgi?id=1235303
* https://bugzilla.suse.com/show_bug.cgi?id=1241772