Docker-Stable, Afterburn, SnpGuest, Nginx updates for SUSE

SUSE 5495 Published by

The openSUSE project has released several security updates to address vulnerabilities in various packages. The first update (openSUSE-SU-2025:15589-1) fixes 43 vulnerabilities in the docker-stable package on openSUSE Tumbleweed, while the second update (openSUSE-SU-2025:15588-1) addresses one vulnerability in the afterburn package on openSUSE Tumbleweed. This update for SnpGuest and Nginx fixes two issues.

openSUSE-SU-2025:15589-1: moderate: docker-stable-24.0.9_ce-15.1 on GA media
openSUSE-SU-2025:15588-1: moderate: afterburn-5.9.0.git21.a73f509-2.1 on GA media
SUSE-SU-2025:03445-1: moderate: Security update for snpguest
SUSE-SU-2025:03444-1: moderate: Security update for nginx




openSUSE-SU-2025:15589-1: moderate: docker-stable-24.0.9_ce-15.1 on GA media


# docker-stable-24.0.9_ce-15.1 on GA media

Announcement ID: openSUSE-SU-2025:15589-1
Rating: moderate

Cross-References:

* CVE-2014-3499
* CVE-2014-5277
* CVE-2014-6407
* CVE-2014-6408
* CVE-2014-8178
* CVE-2014-8179
* CVE-2014-9356
* CVE-2014-9357
* CVE-2014-9358
* CVE-2015-3627
* CVE-2015-3629
* CVE-2015-3630
* CVE-2015-3631
* CVE-2016-3697
* CVE-2016-8867
* CVE-2016-9962
* CVE-2017-14992
* CVE-2017-16539
* CVE-2018-10892
* CVE-2018-15664
* CVE-2018-16873
* CVE-2018-16874
* CVE-2018-16875
* CVE-2018-20699
* CVE-2019-13509
* CVE-2019-14271
* CVE-2020-12912
* CVE-2020-13401
* CVE-2020-15257
* CVE-2020-8694
* CVE-2020-8695
* CVE-2021-21284
* CVE-2021-41089
* CVE-2021-41092
* CVE-2021-41190
* CVE-2021-43565
* CVE-2022-24769
* CVE-2022-36109
* CVE-2023-28840
* CVE-2023-28841
* CVE-2023-28842
* CVE-2024-23651
* CVE-2024-23652

CVSS scores:

* CVE-2017-14992 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2017-16539 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2018-10892 ( SUSE ): 6.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
* CVE-2018-15664 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2018-16873 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2018-16874 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2018-16875 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2018-20699 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2019-13509 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2019-14271 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2020-12912 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2020-13401 ( SUSE ): 6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
* CVE-2020-15257 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2020-8694 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2020-8695 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
* CVE-2021-21284 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N
* CVE-2021-41089 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2021-41092 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
* CVE-2021-41190 ( SUSE ): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
* CVE-2021-43565 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-24769 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2022-36109 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-28840 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
* CVE-2023-28841 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-28842 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
* CVE-2024-23651 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23652 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 43 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the docker-stable-24.0.9_ce-15.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* docker-stable 24.0.9_ce-15.1
* docker-stable-bash-completion 24.0.9_ce-15.1
* docker-stable-buildx 0.25.0-15.1
* docker-stable-fish-completion 24.0.9_ce-15.1
* docker-stable-rootless-extras 24.0.9_ce-15.1
* docker-stable-zsh-completion 24.0.9_ce-15.1

## References:

* https://www.suse.com/security/cve/CVE-2014-3499.html
* https://www.suse.com/security/cve/CVE-2014-5277.html
* https://www.suse.com/security/cve/CVE-2014-6407.html
* https://www.suse.com/security/cve/CVE-2014-6408.html
* https://www.suse.com/security/cve/CVE-2014-8178.html
* https://www.suse.com/security/cve/CVE-2014-8179.html
* https://www.suse.com/security/cve/CVE-2014-9356.html
* https://www.suse.com/security/cve/CVE-2014-9357.html
* https://www.suse.com/security/cve/CVE-2014-9358.html
* https://www.suse.com/security/cve/CVE-2015-3627.html
* https://www.suse.com/security/cve/CVE-2015-3629.html
* https://www.suse.com/security/cve/CVE-2015-3630.html
* https://www.suse.com/security/cve/CVE-2015-3631.html
* https://www.suse.com/security/cve/CVE-2016-3697.html
* https://www.suse.com/security/cve/CVE-2016-8867.html
* https://www.suse.com/security/cve/CVE-2016-9962.html
* https://www.suse.com/security/cve/CVE-2017-14992.html
* https://www.suse.com/security/cve/CVE-2017-16539.html
* https://www.suse.com/security/cve/CVE-2018-10892.html
* https://www.suse.com/security/cve/CVE-2018-15664.html
* https://www.suse.com/security/cve/CVE-2018-16873.html
* https://www.suse.com/security/cve/CVE-2018-16874.html
* https://www.suse.com/security/cve/CVE-2018-16875.html
* https://www.suse.com/security/cve/CVE-2018-20699.html
* https://www.suse.com/security/cve/CVE-2019-13509.html
* https://www.suse.com/security/cve/CVE-2019-14271.html
* https://www.suse.com/security/cve/CVE-2020-12912.html
* https://www.suse.com/security/cve/CVE-2020-13401.html
* https://www.suse.com/security/cve/CVE-2020-15257.html
* https://www.suse.com/security/cve/CVE-2020-8694.html
* https://www.suse.com/security/cve/CVE-2020-8695.html
* https://www.suse.com/security/cve/CVE-2021-21284.html
* https://www.suse.com/security/cve/CVE-2021-41089.html
* https://www.suse.com/security/cve/CVE-2021-41092.html
* https://www.suse.com/security/cve/CVE-2021-41190.html
* https://www.suse.com/security/cve/CVE-2021-43565.html
* https://www.suse.com/security/cve/CVE-2022-24769.html
* https://www.suse.com/security/cve/CVE-2022-36109.html
* https://www.suse.com/security/cve/CVE-2023-28840.html
* https://www.suse.com/security/cve/CVE-2023-28841.html
* https://www.suse.com/security/cve/CVE-2023-28842.html
* https://www.suse.com/security/cve/CVE-2024-23651.html
* https://www.suse.com/security/cve/CVE-2024-23652.html



openSUSE-SU-2025:15588-1: moderate: afterburn-5.9.0.git21.a73f509-2.1 on GA media


# afterburn-5.9.0.git21.a73f509-2.1 on GA media

Announcement ID: openSUSE-SU-2025:15588-1
Rating: moderate

Cross-References:

* CVE-2024-12224

CVSS scores:

* CVE-2024-12224 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2024-12224 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the afterburn-5.9.0.git21.a73f509-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* afterburn 5.9.0.git21.a73f509-2.1
* afterburn-dracut 5.9.0.git21.a73f509-2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-12224.html



SUSE-SU-2025:03445-1: moderate: Security update for snpguest


# Security update for snpguest

Announcement ID: SUSE-SU-2025:03445-1
Release Date: 2025-10-01T13:10:00Z
Rating: moderate
References:

* bsc#1242601
* bsc#1243869

Cross-References:

* CVE-2024-12224
* CVE-2025-3416

CVSS scores:

* CVE-2024-12224 ( SUSE ): 2.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-12224 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2024-12224 ( NVD ): 5.1
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-3416 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-3416 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-3416 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for snpguest fixes the following issues:

* CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any
non-ASCII output may lead to incorrect hostname comparisons and incorrect
URL parsing (bsc#1243869).
* CVE-2025-3416: openssl: use-after-free in `Md::fetch` and `Cipher::fetch`
when `Some(...)` value is passed to the `properties` argument (bsc#1242601).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-3445=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3445=1 openSUSE-SLE-15.6-2025-3445=1

## Package List:

* Server Applications Module 15-SP6 (x86_64)
* snpguest-debuginfo-0.3.2-150600.3.6.1
* snpguest-0.3.2-150600.3.6.1
* openSUSE Leap 15.6 (x86_64)
* snpguest-debuginfo-0.3.2-150600.3.6.1
* snpguest-0.3.2-150600.3.6.1

## References:

* https://www.suse.com/security/cve/CVE-2024-12224.html
* https://www.suse.com/security/cve/CVE-2025-3416.html
* https://bugzilla.suse.com/show_bug.cgi?id=1242601
* https://bugzilla.suse.com/show_bug.cgi?id=1243869



SUSE-SU-2025:03444-1: moderate: Security update for nginx


# Security update for nginx

Announcement ID: SUSE-SU-2025:03444-1
Release Date: 2025-10-01T12:43:06Z
Rating: moderate
References:

* bsc#1236851
* bsc#1248070

Cross-References:

* CVE-2025-23419
* CVE-2025-53859

CVSS scores:

* CVE-2025-23419 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-23419 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-23419 ( NVD ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-23419 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-53859 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-53859 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-53859 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-53859 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:

* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for nginx fixes the following issues:

* CVE-2025-53859:Â the server side may leak arbitrary bytes during the NGINX
SMTP authentication process (bsc#1248070).
* CVE-2025-23419: session resumption can bypass client certificate
authentication requirements using TLSv1.3 (bsc#1236851).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3444=1 openSUSE-SLE-15.6-2025-3444=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-3444=1

* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-3444=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* nginx-1.21.5-150600.10.12.1
* nginx-debuginfo-1.21.5-150600.10.12.1
* nginx-debugsource-1.21.5-150600.10.12.1
* openSUSE Leap 15.6 (noarch)
* nginx-source-1.21.5-150600.10.12.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* nginx-1.21.5-150600.10.12.1
* nginx-debuginfo-1.21.5-150600.10.12.1
* nginx-debugsource-1.21.5-150600.10.12.1
* Server Applications Module 15-SP6 (noarch)
* nginx-source-1.21.5-150600.10.12.1
* Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* nginx-1.21.5-150600.10.12.1
* nginx-debuginfo-1.21.5-150600.10.12.1
* nginx-debugsource-1.21.5-150600.10.12.1
* Server Applications Module 15-SP7 (noarch)
* nginx-source-1.21.5-150600.10.12.1

## References:

* https://www.suse.com/security/cve/CVE-2025-23419.html
* https://www.suse.com/security/cve/CVE-2025-53859.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236851
* https://bugzilla.suse.com/show_bug.cgi?id=1248070


Kernel, MySQL, OpenSSH, Perl-JSON-XS updates for AlmaLinux

Kernel, LibXSLT, Libmspack, Django updates for Ubuntu

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...