Security updates have been released for SUSE Linux, addressing potential vulnerabilities in several components. The affected packages include duc, python311-tornado6, php8, kernel-devel, busybox, and Mozilla Firefox, all of which are classified as moderate risk.

openSUSE-SU-2025:15835-1: moderate: duc-1.4.6-1.1 on GA media
openSUSE-SU-2025:15838-1: moderate: python311-tornado6-6.5.4-1.1 on GA media
openSUSE-SU-2025:15837-1: moderate: php8-8.4.16-1.1 on GA media
openSUSE-SU-2025:15836-1: moderate: kernel-devel-6.18.2-1.1 on GA media
openSUSE-SU-2025:15834-1: moderate: busybox-1.37.0-8.1 on GA media
openSUSE-SU-2025:15833-1: moderate: MozillaFirefox-146.0.1-1.1 on GA media

openSUSE-SU-2025:15835-1: moderate: duc-1.4.6-1.1 on GA media

# duc-1.4.6-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15835-1
Rating: moderate

Cross-References:

* CVE-2025-13654

CVSS scores:

* CVE-2025-13654 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the duc-1.4.6-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* duc 1.4.6-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-13654.html

openSUSE-SU-2025:15838-1: moderate: python311-tornado6-6.5.4-1.1 on GA media

# python311-tornado6-6.5.4-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15838-1
Rating: moderate

Cross-References:

* CVE-2025-67724
* CVE-2025-67725
* CVE-2025-67726

CVSS scores:

* CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the python311-tornado6-6.5.4-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-tornado6 6.5.4-1.1
* python312-tornado6 6.5.4-1.1
* python313-tornado6 6.5.4-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-67724.html
* https://www.suse.com/security/cve/CVE-2025-67725.html
* https://www.suse.com/security/cve/CVE-2025-67726.html

openSUSE-SU-2025:15837-1: moderate: php8-8.4.16-1.1 on GA media

# php8-8.4.16-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15837-1
Rating: moderate

Cross-References:

* CVE-2025-14177
* CVE-2025-14178
* CVE-2025-14180

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the php8-8.4.16-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* php8 8.4.16-1.1
* php8-bcmath 8.4.16-1.1
* php8-bz2 8.4.16-1.1
* php8-calendar 8.4.16-1.1
* php8-cli 8.4.16-1.1
* php8-ctype 8.4.16-1.1
* php8-curl 8.4.16-1.1
* php8-dba 8.4.16-1.1
* php8-devel 8.4.16-1.1
* php8-dom 8.4.16-1.1
* php8-enchant 8.4.16-1.1
* php8-exif 8.4.16-1.1
* php8-ffi 8.4.16-1.1
* php8-fileinfo 8.4.16-1.1
* php8-ftp 8.4.16-1.1
* php8-gd 8.4.16-1.1
* php8-gettext 8.4.16-1.1
* php8-gmp 8.4.16-1.1
* php8-iconv 8.4.16-1.1
* php8-intl 8.4.16-1.1
* php8-ldap 8.4.16-1.1
* php8-mbstring 8.4.16-1.1
* php8-mysql 8.4.16-1.1
* php8-odbc 8.4.16-1.1
* php8-opcache 8.4.16-1.1
* php8-openssl 8.4.16-1.1
* php8-pcntl 8.4.16-1.1
* php8-pdo 8.4.16-1.1
* php8-pgsql 8.4.16-1.1
* php8-phar 8.4.16-1.1
* php8-posix 8.4.16-1.1
* php8-readline 8.4.16-1.1
* php8-shmop 8.4.16-1.1
* php8-snmp 8.4.16-1.1
* php8-soap 8.4.16-1.1
* php8-sockets 8.4.16-1.1
* php8-sodium 8.4.16-1.1
* php8-sqlite 8.4.16-1.1
* php8-sysvmsg 8.4.16-1.1
* php8-sysvsem 8.4.16-1.1
* php8-sysvshm 8.4.16-1.1
* php8-tidy 8.4.16-1.1
* php8-tokenizer 8.4.16-1.1
* php8-xmlreader 8.4.16-1.1
* php8-xmlwriter 8.4.16-1.1
* php8-xsl 8.4.16-1.1
* php8-zip 8.4.16-1.1
* php8-zlib 8.4.16-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-14177.html
* https://www.suse.com/security/cve/CVE-2025-14178.html
* https://www.suse.com/security/cve/CVE-2025-14180.html

openSUSE-SU-2025:15836-1: moderate: kernel-devel-6.18.2-1.1 on GA media

# kernel-devel-6.18.2-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15836-1
Rating: moderate

Cross-References:

* CVE-2025-68254
* CVE-2025-68255
* CVE-2025-68256
* CVE-2025-68257
* CVE-2025-68258
* CVE-2025-68259
* CVE-2025-68260
* CVE-2025-68261
* CVE-2025-68262
* CVE-2025-68263
* CVE-2025-68264
* CVE-2025-68323
* CVE-2025-68324
* CVE-2025-68325

CVSS scores:

* CVE-2025-68254 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68254 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68255 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-68255 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68256 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68256 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68257 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68258 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68259 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68260 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68261 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68262 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68263 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-68264 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-68264 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68323 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68323 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68324 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-68324 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68325 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68325 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 14 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the kernel-devel-6.18.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* kernel-devel 6.18.2-1.1
* kernel-macros 6.18.2-1.1
* kernel-source 6.18.2-1.1
* kernel-source-vanilla 6.18.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-68254.html
* https://www.suse.com/security/cve/CVE-2025-68255.html
* https://www.suse.com/security/cve/CVE-2025-68256.html
* https://www.suse.com/security/cve/CVE-2025-68257.html
* https://www.suse.com/security/cve/CVE-2025-68258.html
* https://www.suse.com/security/cve/CVE-2025-68259.html
* https://www.suse.com/security/cve/CVE-2025-68260.html
* https://www.suse.com/security/cve/CVE-2025-68261.html
* https://www.suse.com/security/cve/CVE-2025-68262.html
* https://www.suse.com/security/cve/CVE-2025-68263.html
* https://www.suse.com/security/cve/CVE-2025-68264.html
* https://www.suse.com/security/cve/CVE-2025-68323.html
* https://www.suse.com/security/cve/CVE-2025-68324.html
* https://www.suse.com/security/cve/CVE-2025-68325.html

openSUSE-SU-2025:15834-1: moderate: busybox-1.37.0-8.1 on GA media

# busybox-1.37.0-8.1 on GA media

Announcement ID: openSUSE-SU-2025:15834-1
Rating: moderate

Cross-References:

* CVE-2025-46394
* CVE-2025-60876

CVSS scores:

* CVE-2025-46394 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
* CVE-2025-46394 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
* CVE-2025-60876 ( SUSE ): 8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
* CVE-2025-60876 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the busybox-1.37.0-8.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* busybox 1.37.0-8.1
* busybox-static 1.37.0-8.1
* busybox-testsuite 1.37.0-8.1
* busybox-warewulf3 1.37.0-8.1

## References:

* https://www.suse.com/security/cve/CVE-2025-46394.html
* https://www.suse.com/security/cve/CVE-2025-60876.html

openSUSE-SU-2025:15833-1: moderate: MozillaFirefox-146.0.1-1.1 on GA media

# MozillaFirefox-146.0.1-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15833-1
Rating: moderate

Cross-References:

* CVE-2025-14860
* CVE-2025-14861

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the MozillaFirefox-146.0.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* MozillaFirefox 146.0.1-1.1
* MozillaFirefox-branding-upstream 146.0.1-1.1
* MozillaFirefox-devel 146.0.1-1.1
* MozillaFirefox-translations-common 146.0.1-1.1
* MozillaFirefox-translations-other 146.0.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-14860.html
* https://www.suse.com/security/cve/CVE-2025-14861.html