FFmpeg, Libva, Linux Kerner, ChromeDriver updates for SUSE

SUSE 5310 Published by

SUSE Linux has announced the release of multiple security updates, which encompass FFmpeg, Libva, Linux Kernel, and ChromeDriver:

SUSE-SU-2025:1450-1: important: Security update for ffmpeg
SUSE-SU-2025:1452-1: moderate: Security update for libva
SUSE-SU-2025:1453-1: moderate: Security update for libva
SUSE-SU-2025:1445-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)
SUSE-SU-2025:1448-1: important: Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)
SUSE-SU-2025:1449-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)
SUSE-SU-2025:1444-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP4)
openSUSE-SU-2025:15051-1: moderate: chromedriver-136.0.7103.59-1.1 on GA media




SUSE-SU-2025:1450-1: important: Security update for ffmpeg


# Security update for ffmpeg

Announcement ID: SUSE-SU-2025:1450-1
Release Date: 2025-05-05T07:43:27Z
Rating: important
References:

* bsc#1223272
* bsc#1234028
* bsc#1235091
* bsc#1235092
* bsc#1236007
* bsc#1237358
* bsc#1237371
* bsc#1237382

Cross-References:

* CVE-2023-51793
* CVE-2024-12361
* CVE-2024-35365
* CVE-2024-35368
* CVE-2024-36613
* CVE-2025-0518
* CVE-2025-22919
* CVE-2025-22921

CVSS scores:

* CVE-2023-51793 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-12361 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-12361 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-35365 ( SUSE ): 2.0
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2024-35365 ( SUSE ): 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
* CVE-2024-35365 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-35368 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-35368 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-35368 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36613 ( SUSE ): 4.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-36613 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
* CVE-2024-36613 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-0518 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-0518 ( NVD ): 4.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-22919 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-22919 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-22919 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-22921 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-22921 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-22921 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* Desktop Applications Module 15-SP6
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Workstation Extension 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for ffmpeg fixes the following issues:

* CVE-2025-22921: Clear array length when freeing it. (bsc#1237382)
* CVE-2025-0518: Fix memory data leak when use sscanf(). (bsc#1236007)
* CVE-2025-22919: Check for valid sample rate, to fix the invalid sample rate
>= 0. (bsc#1237371)
* CVE-2024-12361: Add check for av_packet_new_side_data() to avoid null
pointer dereference if allocation fails. (bsc#1237358)
* CVE-2024-36613: Adjust order of operations around block align. (bsc#1235092)
* CVE-2024-35365: Fix double-free on error. (bsc#1235091)
* CVE-2024-35368: Fix double-free on the AVFrame is unreferenced.
(bsc#1234028)
* CVE-2023-51793: Fix out of array access. (bsc#1223272).
* CVE-2023-51793: Fixed a heap buffer overflow in the image_copy_plane
function in libavutil/imgutils.c (bsc#1223272).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1450=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-1450=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1450=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1450=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1450=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1450=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1450=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1450=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1450=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1450=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1450=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1450=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1450=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1450=1

* SUSE Linux Enterprise Workstation Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-1450=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-1450=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libpostproc54-debuginfo-3.4.2-150200.11.60.1
* libswscale4-debuginfo-3.4.2-150200.11.60.1
* libswresample-devel-3.4.2-150200.11.60.1
* libavutil-devel-3.4.2-150200.11.60.1
* ffmpeg-3.4.2-150200.11.60.1
* libpostproc-devel-3.4.2-150200.11.60.1
* ffmpeg-debugsource-3.4.2-150200.11.60.1
* ffmpeg-debuginfo-3.4.2-150200.11.60.1
* libswresample2-debuginfo-3.4.2-150200.11.60.1
* libavcodec-devel-3.4.2-150200.11.60.1
* libavresample3-debuginfo-3.4.2-150200.11.60.1
* libswscale-devel-3.4.2-150200.11.60.1
* libavcodec57-debuginfo-3.4.2-150200.11.60.1
* libavresample-devel-3.4.2-150200.11.60.1
* libavutil55-debuginfo-3.4.2-150200.11.60.1
* libavresample3-3.4.2-150200.11.60.1
* libavdevice57-debuginfo-3.4.2-150200.11.60.1
* libavfilter-devel-3.4.2-150200.11.60.1
* libavutil55-3.4.2-150200.11.60.1
* libpostproc54-3.4.2-150200.11.60.1
* libavdevice-devel-3.4.2-150200.11.60.1
* libswscale4-3.4.2-150200.11.60.1
* libswresample2-3.4.2-150200.11.60.1
* libavcodec57-3.4.2-150200.11.60.1
* libavdevice57-3.4.2-150200.11.60.1
* libavformat57-3.4.2-150200.11.60.1
* libavfilter6-debuginfo-3.4.2-150200.11.60.1
* ffmpeg-private-devel-3.4.2-150200.11.60.1
* libavfilter6-3.4.2-150200.11.60.1
* libavformat-devel-3.4.2-150200.11.60.1
* libavformat57-debuginfo-3.4.2-150200.11.60.1
* openSUSE Leap 15.6 (x86_64)
* libpostproc54-32bit-3.4.2-150200.11.60.1
* libavdevice57-32bit-debuginfo-3.4.2-150200.11.60.1
* libavresample3-32bit-3.4.2-150200.11.60.1
* libavcodec57-32bit-debuginfo-3.4.2-150200.11.60.1
* libavfilter6-32bit-3.4.2-150200.11.60.1
* libavutil55-32bit-debuginfo-3.4.2-150200.11.60.1
* libavformat57-32bit-debuginfo-3.4.2-150200.11.60.1
* libswresample2-32bit-3.4.2-150200.11.60.1
* libavformat57-32bit-3.4.2-150200.11.60.1
* libswresample2-32bit-debuginfo-3.4.2-150200.11.60.1
* libpostproc54-32bit-debuginfo-3.4.2-150200.11.60.1
* libavdevice57-32bit-3.4.2-150200.11.60.1
* libavresample3-32bit-debuginfo-3.4.2-150200.11.60.1
* libavutil55-32bit-3.4.2-150200.11.60.1
* libswscale4-32bit-3.4.2-150200.11.60.1
* libavfilter6-32bit-debuginfo-3.4.2-150200.11.60.1
* libswscale4-32bit-debuginfo-3.4.2-150200.11.60.1
* libavcodec57-32bit-3.4.2-150200.11.60.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libpostproc54-debuginfo-3.4.2-150200.11.60.1
* libavutil55-3.4.2-150200.11.60.1
* libpostproc54-3.4.2-150200.11.60.1
* libpostproc-devel-3.4.2-150200.11.60.1
* ffmpeg-debugsource-3.4.2-150200.11.60.1
* ffmpeg-debuginfo-3.4.2-150200.11.60.1
* libavutil-devel-3.4.2-150200.11.60.1
* libswresample-devel-3.4.2-150200.11.60.1
* libswresample2-debuginfo-3.4.2-150200.11.60.1
* libswscale4-debuginfo-3.4.2-150200.11.60.1
* libavutil55-debuginfo-3.4.2-150200.11.60.1
* libswscale4-3.4.2-150200.11.60.1
* libswresample2-3.4.2-150200.11.60.1
* libavcodec57-3.4.2-150200.11.60.1
* libswscale-devel-3.4.2-150200.11.60.1
* libavcodec57-debuginfo-3.4.2-150200.11.60.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* libavresample3-3.4.2-150200.11.60.1
* libavdevice57-debuginfo-3.4.2-150200.11.60.1
* ffmpeg-debugsource-3.4.2-150200.11.60.1
* ffmpeg-debuginfo-3.4.2-150200.11.60.1
* libavformat57-debuginfo-3.4.2-150200.11.60.1
* libavfilter6-3.4.2-150200.11.60.1
* ffmpeg-3.4.2-150200.11.60.1
* libavdevice57-3.4.2-150200.11.60.1
* libavformat57-3.4.2-150200.11.60.1
* libavresample3-debuginfo-3.4.2-150200.11.60.1
* libavfilter6-debuginfo-3.4.2-150200.11.60.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* libpostproc54-debuginfo-3.4.2-150200.11.60.1
* libswscale4-debuginfo-3.4.2-150200.11.60.1
* libswresample-devel-3.4.2-150200.11.60.1
* libavutil-devel-3.4.2-150200.11.60.1
* libpostproc-devel-3.4.2-150200.11.60.1
* ffmpeg-debugsource-3.4.2-150200.11.60.1
* ffmpeg-debuginfo-3.4.2-150200.11.60.1
* libswresample2-debuginfo-3.4.2-150200.11.60.1
* libavresample3-debuginfo-3.4.2-150200.11.60.1
* libswscale-devel-3.4.2-150200.11.60.1
* libavutil55-debuginfo-3.4.2-150200.11.60.1
* libavcodec57-debuginfo-3.4.2-150200.11.60.1
* libavresample-devel-3.4.2-150200.11.60.1
* libavresample3-3.4.2-150200.11.60.1
* libavutil55-3.4.2-150200.11.60.1
* libpostproc54-3.4.2-150200.11.60.1
* libswscale4-3.4.2-150200.11.60.1
* libswresample2-3.4.2-150200.11.60.1
* libavcodec57-3.4.2-150200.11.60.1
* libavformat57-3.4.2-150200.11.60.1
* libavformat57-debuginfo-3.4.2-150200.11.60.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libavresample3-3.4.2-150200.11.60.1
* libpostproc54-debuginfo-3.4.2-150200.11.60.1
* libavutil55-3.4.2-150200.11.60.1
* libpostproc54-3.4.2-150200.11.60.1
* libpostproc-devel-3.4.2-150200.11.60.1
* ffmpeg-debugsource-3.4.2-150200.11.60.1
* ffmpeg-debuginfo-3.4.2-150200.11.60.1
* libavformat57-debuginfo-3.4.2-150200.11.60.1
* libavutil-devel-3.4.2-150200.11.60.1
* libswresample-devel-3.4.2-150200.11.60.1
* libswresample2-debuginfo-3.4.2-150200.11.60.1
* libswscale4-debuginfo-3.4.2-150200.11.60.1
* libavutil55-debuginfo-3.4.2-150200.11.60.1
* libswscale4-3.4.2-150200.11.60.1
* libswresample2-3.4.2-150200.11.60.1
* libavcodec57-3.4.2-150200.11.60.1
* libavformat57-3.4.2-150200.11.60.1
* libavresample3-debuginfo-3.4.2-150200.11.60.1
* libswscale-devel-3.4.2-150200.11.60.1
* libavcodec57-debuginfo-3.4.2-150200.11.60.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libavresample3-3.4.2-150200.11.60.1
* libpostproc54-debuginfo-3.4.2-150200.11.60.1
* libavutil55-3.4.2-150200.11.60.1
* libpostproc54-3.4.2-150200.11.60.1
* libpostproc-devel-3.4.2-150200.11.60.1
* ffmpeg-debugsource-3.4.2-150200.11.60.1
* ffmpeg-debuginfo-3.4.2-150200.11.60.1
* libavformat57-debuginfo-3.4.2-150200.11.60.1
* libavutil-devel-3.4.2-150200.11.60.1
* libswresample-devel-3.4.2-150200.11.60.1
* libswresample2-debuginfo-3.4.2-150200.11.60.1
* libswscale4-debuginfo-3.4.2-150200.11.60.1
* libavutil55-debuginfo-3.4.2-150200.11.60.1
* libswscale4-3.4.2-150200.11.60.1
* libswresample2-3.4.2-150200.11.60.1
* libavcodec57-3.4.2-150200.11.60.1
* libavformat57-3.4.2-150200.11.60.1
* libavresample3-debuginfo-3.4.2-150200.11.60.1
* libswscale-devel-3.4.2-150200.11.60.1
* libavcodec57-debuginfo-3.4.2-150200.11.60.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libpostproc54-debuginfo-3.4.2-150200.11.60.1
* libavutil55-3.4.2-150200.11.60.1
* libpostproc54-3.4.2-150200.11.60.1
* libpostproc-devel-3.4.2-150200.11.60.1
* ffmpeg-debugsource-3.4.2-150200.11.60.1
* ffmpeg-debuginfo-3.4.2-150200.11.60.1
* libavutil-devel-3.4.2-150200.11.60.1
* libswresample-devel-3.4.2-150200.11.60.1
* libswresample2-debuginfo-3.4.2-150200.11.60.1
* libswscale4-debuginfo-3.4.2-150200.11.60.1
* libavutil55-debuginfo-3.4.2-150200.11.60.1
* libswscale4-3.4.2-150200.11.60.1
* libswresample2-3.4.2-150200.11.60.1
* libavcodec57-3.4.2-150200.11.60.1
* libswscale-devel-3.4.2-150200.11.60.1
* libavcodec57-debuginfo-3.4.2-150200.11.60.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libpostproc54-debuginfo-3.4.2-150200.11.60.1
* libavutil55-3.4.2-150200.11.60.1
* libpostproc54-3.4.2-150200.11.60.1
* libpostproc-devel-3.4.2-150200.11.60.1
* ffmpeg-debugsource-3.4.2-150200.11.60.1
* ffmpeg-debuginfo-3.4.2-150200.11.60.1
* libavutil-devel-3.4.2-150200.11.60.1
* libswresample-devel-3.4.2-150200.11.60.1
* libswresample2-debuginfo-3.4.2-150200.11.60.1
* libswscale4-debuginfo-3.4.2-150200.11.60.1
* libavutil55-debuginfo-3.4.2-150200.11.60.1
* libswscale4-3.4.2-150200.11.60.1
* libswresample2-3.4.2-150200.11.60.1
* libavcodec57-3.4.2-150200.11.60.1
* libswscale-devel-3.4.2-150200.11.60.1
* libavcodec57-debuginfo-3.4.2-150200.11.60.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* libpostproc54-debuginfo-3.4.2-150200.11.60.1
* libswscale4-debuginfo-3.4.2-150200.11.60.1
* libswresample-devel-3.4.2-150200.11.60.1
* libavutil-devel-3.4.2-150200.11.60.1
* libpostproc-devel-3.4.2-150200.11.60.1
* ffmpeg-debugsource-3.4.2-150200.11.60.1
* ffmpeg-debuginfo-3.4.2-150200.11.60.1
* libswresample2-debuginfo-3.4.2-150200.11.60.1
* libavresample3-debuginfo-3.4.2-150200.11.60.1
* libswscale-devel-3.4.2-150200.11.60.1
* libavutil55-debuginfo-3.4.2-150200.11.60.1
* libavcodec57-debuginfo-3.4.2-150200.11.60.1
* libavresample-devel-3.4.2-150200.11.60.1
* libavresample3-3.4.2-150200.11.60.1
* libavutil55-3.4.2-150200.11.60.1
* libpostproc54-3.4.2-150200.11.60.1
* libswscale4-3.4.2-150200.11.60.1
* libswresample2-3.4.2-150200.11.60.1
* libavcodec57-3.4.2-150200.11.60.1
* libavformat57-3.4.2-150200.11.60.1
* libavformat57-debuginfo-3.4.2-150200.11.60.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libavresample3-3.4.2-150200.11.60.1
* libpostproc54-debuginfo-3.4.2-150200.11.60.1
* libavutil55-3.4.2-150200.11.60.1
* libpostproc54-3.4.2-150200.11.60.1
* libpostproc-devel-3.4.2-150200.11.60.1
* ffmpeg-debugsource-3.4.2-150200.11.60.1
* ffmpeg-debuginfo-3.4.2-150200.11.60.1
* libavformat57-debuginfo-3.4.2-150200.11.60.1
* libavutil-devel-3.4.2-150200.11.60.1
* libswresample-devel-3.4.2-150200.11.60.1
* libswresample2-debuginfo-3.4.2-150200.11.60.1
* libswscale4-debuginfo-3.4.2-150200.11.60.1
* libavutil55-debuginfo-3.4.2-150200.11.60.1
* libswscale4-3.4.2-150200.11.60.1
* libswresample2-3.4.2-150200.11.60.1
* libavcodec57-3.4.2-150200.11.60.1
* libavformat57-3.4.2-150200.11.60.1
* libavresample3-debuginfo-3.4.2-150200.11.60.1
* libswscale-devel-3.4.2-150200.11.60.1
* libavcodec57-debuginfo-3.4.2-150200.11.60.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libpostproc54-debuginfo-3.4.2-150200.11.60.1
* libavutil55-3.4.2-150200.11.60.1
* libpostproc54-3.4.2-150200.11.60.1
* libpostproc-devel-3.4.2-150200.11.60.1
* ffmpeg-debugsource-3.4.2-150200.11.60.1
* ffmpeg-debuginfo-3.4.2-150200.11.60.1
* libavutil-devel-3.4.2-150200.11.60.1
* libswresample-devel-3.4.2-150200.11.60.1
* libswresample2-debuginfo-3.4.2-150200.11.60.1
* libswscale4-debuginfo-3.4.2-150200.11.60.1
* libavutil55-debuginfo-3.4.2-150200.11.60.1
* libswscale4-3.4.2-150200.11.60.1
* libswresample2-3.4.2-150200.11.60.1
* libavcodec57-3.4.2-150200.11.60.1
* libswscale-devel-3.4.2-150200.11.60.1
* libavcodec57-debuginfo-3.4.2-150200.11.60.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* libpostproc54-debuginfo-3.4.2-150200.11.60.1
* libswscale4-debuginfo-3.4.2-150200.11.60.1
* libswresample-devel-3.4.2-150200.11.60.1
* libavutil-devel-3.4.2-150200.11.60.1
* libpostproc-devel-3.4.2-150200.11.60.1
* ffmpeg-debugsource-3.4.2-150200.11.60.1
* ffmpeg-debuginfo-3.4.2-150200.11.60.1
* libswresample2-debuginfo-3.4.2-150200.11.60.1
* libavresample3-debuginfo-3.4.2-150200.11.60.1
* libswscale-devel-3.4.2-150200.11.60.1
* libavutil55-debuginfo-3.4.2-150200.11.60.1
* libavcodec57-debuginfo-3.4.2-150200.11.60.1
* libavresample-devel-3.4.2-150200.11.60.1
* libavresample3-3.4.2-150200.11.60.1
* libavutil55-3.4.2-150200.11.60.1
* libpostproc54-3.4.2-150200.11.60.1
* libswscale4-3.4.2-150200.11.60.1
* libswresample2-3.4.2-150200.11.60.1
* libavcodec57-3.4.2-150200.11.60.1
* libavformat57-3.4.2-150200.11.60.1
* libavformat57-debuginfo-3.4.2-150200.11.60.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libavresample3-3.4.2-150200.11.60.1
* libpostproc54-debuginfo-3.4.2-150200.11.60.1
* libavutil55-3.4.2-150200.11.60.1
* libpostproc54-3.4.2-150200.11.60.1
* libpostproc-devel-3.4.2-150200.11.60.1
* ffmpeg-debugsource-3.4.2-150200.11.60.1
* ffmpeg-debuginfo-3.4.2-150200.11.60.1
* libavformat57-debuginfo-3.4.2-150200.11.60.1
* libavutil-devel-3.4.2-150200.11.60.1
* libswresample-devel-3.4.2-150200.11.60.1
* libswresample2-debuginfo-3.4.2-150200.11.60.1
* libswscale4-debuginfo-3.4.2-150200.11.60.1
* libavutil55-debuginfo-3.4.2-150200.11.60.1
* libswscale4-3.4.2-150200.11.60.1
* libswresample2-3.4.2-150200.11.60.1
* libavcodec57-3.4.2-150200.11.60.1
* libavformat57-3.4.2-150200.11.60.1
* libavresample3-debuginfo-3.4.2-150200.11.60.1
* libswscale-devel-3.4.2-150200.11.60.1
* libavcodec57-debuginfo-3.4.2-150200.11.60.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libpostproc54-debuginfo-3.4.2-150200.11.60.1
* libavutil55-3.4.2-150200.11.60.1
* libpostproc54-3.4.2-150200.11.60.1
* libpostproc-devel-3.4.2-150200.11.60.1
* ffmpeg-debugsource-3.4.2-150200.11.60.1
* ffmpeg-debuginfo-3.4.2-150200.11.60.1
* libavutil-devel-3.4.2-150200.11.60.1
* libswresample-devel-3.4.2-150200.11.60.1
* libswresample2-debuginfo-3.4.2-150200.11.60.1
* libswscale4-debuginfo-3.4.2-150200.11.60.1
* libavutil55-debuginfo-3.4.2-150200.11.60.1
* libswscale4-3.4.2-150200.11.60.1
* libswresample2-3.4.2-150200.11.60.1
* libavcodec57-3.4.2-150200.11.60.1
* libswscale-devel-3.4.2-150200.11.60.1
* libavcodec57-debuginfo-3.4.2-150200.11.60.1
* SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
* libavresample3-3.4.2-150200.11.60.1
* ffmpeg-debugsource-3.4.2-150200.11.60.1
* ffmpeg-debuginfo-3.4.2-150200.11.60.1
* libavformat57-debuginfo-3.4.2-150200.11.60.1
* libavformat57-3.4.2-150200.11.60.1
* libavformat-devel-3.4.2-150200.11.60.1
* libavcodec-devel-3.4.2-150200.11.60.1
* libavresample3-debuginfo-3.4.2-150200.11.60.1
* libavresample-devel-3.4.2-150200.11.60.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* libpostproc54-debuginfo-3.4.2-150200.11.60.1
* libswscale4-debuginfo-3.4.2-150200.11.60.1
* libswresample-devel-3.4.2-150200.11.60.1
* libavutil-devel-3.4.2-150200.11.60.1
* libpostproc-devel-3.4.2-150200.11.60.1
* ffmpeg-debugsource-3.4.2-150200.11.60.1
* ffmpeg-debuginfo-3.4.2-150200.11.60.1
* libswresample2-debuginfo-3.4.2-150200.11.60.1
* libavresample3-debuginfo-3.4.2-150200.11.60.1
* libswscale-devel-3.4.2-150200.11.60.1
* libavutil55-debuginfo-3.4.2-150200.11.60.1
* libavcodec57-debuginfo-3.4.2-150200.11.60.1
* libavresample-devel-3.4.2-150200.11.60.1
* libavresample3-3.4.2-150200.11.60.1
* libavutil55-3.4.2-150200.11.60.1
* libpostproc54-3.4.2-150200.11.60.1
* libswscale4-3.4.2-150200.11.60.1
* libswresample2-3.4.2-150200.11.60.1
* libavcodec57-3.4.2-150200.11.60.1
* libavformat57-3.4.2-150200.11.60.1
* libavformat57-debuginfo-3.4.2-150200.11.60.1

## References:

* https://www.suse.com/security/cve/CVE-2023-51793.html
* https://www.suse.com/security/cve/CVE-2024-12361.html
* https://www.suse.com/security/cve/CVE-2024-35365.html
* https://www.suse.com/security/cve/CVE-2024-35368.html
* https://www.suse.com/security/cve/CVE-2024-36613.html
* https://www.suse.com/security/cve/CVE-2025-0518.html
* https://www.suse.com/security/cve/CVE-2025-22919.html
* https://www.suse.com/security/cve/CVE-2025-22921.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223272
* https://bugzilla.suse.com/show_bug.cgi?id=1234028
* https://bugzilla.suse.com/show_bug.cgi?id=1235091
* https://bugzilla.suse.com/show_bug.cgi?id=1235092
* https://bugzilla.suse.com/show_bug.cgi?id=1236007
* https://bugzilla.suse.com/show_bug.cgi?id=1237358
* https://bugzilla.suse.com/show_bug.cgi?id=1237371
* https://bugzilla.suse.com/show_bug.cgi?id=1237382



SUSE-SU-2025:1452-1: moderate: Security update for libva


# Security update for libva

Announcement ID: SUSE-SU-2025:1452-1
Release Date: 2025-05-05T07:44:00Z
Rating: moderate
References:

* bsc#1202828
* bsc#1217770
* bsc#1224413
* jsc#PED-11066
* jsc#PED-1174

Cross-References:

* CVE-2023-39929

CVSS scores:

* CVE-2023-39929 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves one vulnerability, contains two features and has two
security fixes can now be installed.

## Description:

This update for libva fixes the following issues:

Update to libva version 2.20.0, which includes security fix for:

* CVE-2023-39929: Uncontrolled search path may allow an authenticated user to
escalate privilege via local access (bsc#1224413, jsc#PED-11066)

This includes latest version of one of the components needed for Video
(processing) hardware support on Intel GPUs (bsc#1217770)

Update to version 2.20.0:

* av1: Revise offsets comments for av1 encode
* drm:
* Limit the array size to avoid out of range
* Remove no longer used helpers
* jpeg: add support for crop and partial decode
* trace:
* Add trace for vaExportSurfaceHandle
* Unlock mutex before return
* Fix minor issue about printf data type and value range
* va/backend:
* Annotate vafool as deprecated
* Document the vaGetDriver* APIs
* va/x11/va_fglrx: Remove some dead code
* va/x11/va_nvctrl: Remove some dead code
* va:
* Add new VADecodeErrorType to indicate the reset happended in the driver
* Add vendor string on va_TraceInitialize
* Added Q416 fourcc (three-plane 16-bit YUV 4:4:4)
* Drop no longer applicable vaGetDriverNames check
* Fix:don't leak driver names, when override is set
* Fix:set driver number to be zero if vaGetDriverNames failed
* Optimize code of getting driver name for all protocols/os (wayland,x11,drm,win32,android)
* Remove legacy code paths
* Remove unreachable "DRIVER BUG"
* win32:
* Only print win32 driver messages in DEBUG builds
* Remove duplicate adapter_luid entry
* x11/dri2: limit the array handling to avoid out of range access
* x11:
* Allow disabling DRI3 via LIBVA_DRI3_DISABLE env var
* Implement vaGetDriverNames
* Remove legacy code paths

Update to 2.19.0:

* add: Add mono_chrome to VAEncSequenceParameterBufferAV1
* add: Enable support for license acquisition of multiple protected playbacks
* fix: use secure_getenv instead of getenv
* trace: Improve and add VA trace log for AV1 encode
* trace: Unify va log message, replace va_TracePrint with va_TraceMsg.

Update to version 2.18.0:

* doc: Add build and install libva informatio in home page.
* fix:
* Add libva.def into distribution package
* NULL check before calling strncmp.
* Remove reference to non-existent symbol
* meson: docs:
* Add encoder interface for av1
* Use libva_version over project_version()
* va:
* Add VAProfileH264High10
* Always build with va-messaging API
* Fix the codying style of CHECK_DISPLAY
* Remove Android pre Jelly Bean workarounds
* Remove dummy isValid() hook
* Remove unused drm_sarea.h include & ANDROID references in va_dricommon.h
* va/sysdeps.h: remove Android section
* x11:
* Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var
* Use LIBVA_DRI3_DISABLE in GetNumCandidates

update to 2.17.0:

* win: Simplify signature for driver name loading
* win: Rewrite driver registry query and fix some bugs/leaks/inefficiencies
* win: Add missing null check after calloc
* va: Update security disclaimer
* dep:remove the file .cvsignore
* pkgconfig: add 'with-legacy' for emgd, nvctrl and fglrx
* meson: add 'with-legacy' for emgd, nvctrl and fglrx
* x11: move all FGLRX code to va_fglrx.c
* x11: move all NVCTRL code to va_nvctrl.c
* meson: stop using deprecated meson.source_root()
* meson: stop using configure_file copy=true
* va: correctly include the win32 (local) headers
* win: clean-up the coding style
* va: dos2unix all the files
* drm: remove unnecessary dri2 version/extension query
* trace: annotate internal functions with DLL_HIDDEN
* build/sysdeps: Remove HAVE_GNUC_VISIBILITY_ATTRIBUTE and use _GNUC_ support
level attribute instead
* meson: Check support for -Wl,-version-script and build link_args accordingly
* meson: Set va_win32 soversion to '' and remove the install_data rename
* fix: resouce check null
* va_trace: Add Win32 memory types in va_TraceSurfaceAttributes
* va_trace: va_TraceSurfaceAttributes should check the
VASurfaceAttribMemoryType
* va: Adds Win32 Node and Windows build support
* va: Adds compat_win32 abstraction for Windows build and prepares va common
code for windows build
* pkgconfig: Add Win32 package for when WITH_WIN32 is enabled
* meson: Add with_win32 option, makes libdrm non-mandatory on Win
* x11: add basic DRI3 support
* drm: remove VA_DRM_IsRenderNodeFd() helper
* drm: add radeon drm + radeonsi mesa combo

* needed for jira#PED-1174 (Video decoding/encoding support (VA-API, ...) for
Intel GPUs is outside of Mesa)

Update to 2.16.0:

* add: Add HierarchicalFlag & hierarchical_level_plus1 for AV1e.
* dep: Update README.md to remove badge links
* dep: Removed waffle-io badge from README to fix broken link
* dep: Drop mailing list, IRC and Slack
* autotools: use wayland-scanner private-code
* autotools: use the wayland-scanner.pc to locate the prog
* meson: use wayland-scanner private-code
* meson: request native wayland-scanner
* meson: use the wayland-scanner.pc to locate the prog
* meson: set HAVE_VA_X11 when applicable
* style:Correct slight coding style in several new commits
* trace: add Linux ftrace mode for va trace
* trace: Add missing pthread_mutex_destroy
* drm: remove no-longer needed X == X mappings
* drm: fallback to drm driver name == va driver name
* drm: simplify the mapping table
* x11: simplify the mapping table

Update to version 2.15.0 was part of Intel oneVPL GPU Runtime 2022Q2 Release
22.4.4

Update to 2.15.0:

* Add: new display HW attribute to report PCI ID
* Add: sample depth related parameters for AV1e
* Add: refresh_frame_flags for AV1e
* Add: missing fields in va_TraceVAEncSequenceParameterBufferHEVC.
* Add: nvidia-drm to the drm driver map
* Add: type and buffer for delta qp per block
* Deprecation: remove the va_fool support
* Fix:Correct the version of meson build on master branch
* Fix:X11 DRI2: check if device is a render node
* Build:Use also strong stack protection if supported
* Trace:print the string for profile/entrypoint/configattrib

Update to 2.14.0:

* add: Add av1 encode interfaces
* add: VA/X11 VAAPI driver mapping for crocus DRI driver
* doc: Add description of the fd management for surface importing
* ci: fix freebsd build
* meson: Copy public headers to build directory to support subproject

* CVE-2023-39929: Fixed an issue where an uncontrolled search path may allow
authenticated users to escalate privilege via local access. (bsc#1224413)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1452=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1452=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1452=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1452=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1452=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libva-drm2-debuginfo-2.20.0-150400.3.5.1
* libva-devel-2.20.0-150400.3.5.1
* libva-x11-2-2.20.0-150400.3.5.1
* libva2-2.20.0-150400.3.5.1
* libva-gl-devel-2.20.0-150400.3.5.1
* libva-glx2-2.20.0-150400.3.5.1
* libva-x11-2-debuginfo-2.20.0-150400.3.5.1
* libva-gl-debugsource-2.20.0-150400.3.5.1
* libva-glx2-debuginfo-2.20.0-150400.3.5.1
* libva-wayland2-2.20.0-150400.3.5.1
* libva-debugsource-2.20.0-150400.3.5.1
* libva-wayland2-debuginfo-2.20.0-150400.3.5.1
* libva-drm2-2.20.0-150400.3.5.1
* libva2-debuginfo-2.20.0-150400.3.5.1
* openSUSE Leap 15.4 (x86_64)
* libva-glx2-32bit-2.20.0-150400.3.5.1
* libva-drm2-32bit-debuginfo-2.20.0-150400.3.5.1
* libva-wayland2-32bit-debuginfo-2.20.0-150400.3.5.1
* libva-devel-32bit-2.20.0-150400.3.5.1
* libva-x11-2-32bit-2.20.0-150400.3.5.1
* libva2-32bit-2.20.0-150400.3.5.1
* libva-x11-2-32bit-debuginfo-2.20.0-150400.3.5.1
* libva-glx2-32bit-debuginfo-2.20.0-150400.3.5.1
* libva-gl-devel-32bit-2.20.0-150400.3.5.1
* libva2-32bit-debuginfo-2.20.0-150400.3.5.1
* libva-wayland2-32bit-2.20.0-150400.3.5.1
* libva-drm2-32bit-2.20.0-150400.3.5.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libva-glx2-64bit-2.20.0-150400.3.5.1
* libva-drm2-64bit-2.20.0-150400.3.5.1
* libva-glx2-64bit-debuginfo-2.20.0-150400.3.5.1
* libva2-64bit-debuginfo-2.20.0-150400.3.5.1
* libva-gl-devel-64bit-2.20.0-150400.3.5.1
* libva-drm2-64bit-debuginfo-2.20.0-150400.3.5.1
* libva-wayland2-64bit-2.20.0-150400.3.5.1
* libva-x11-2-64bit-2.20.0-150400.3.5.1
* libva-devel-64bit-2.20.0-150400.3.5.1
* libva2-64bit-2.20.0-150400.3.5.1
* libva-x11-2-64bit-debuginfo-2.20.0-150400.3.5.1
* libva-wayland2-64bit-debuginfo-2.20.0-150400.3.5.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libva-drm2-debuginfo-2.20.0-150400.3.5.1
* libva-devel-2.20.0-150400.3.5.1
* libva-x11-2-2.20.0-150400.3.5.1
* libva2-2.20.0-150400.3.5.1
* libva-x11-2-debuginfo-2.20.0-150400.3.5.1
* libva-wayland2-2.20.0-150400.3.5.1
* libva-debugsource-2.20.0-150400.3.5.1
* libva-wayland2-debuginfo-2.20.0-150400.3.5.1
* libva-drm2-2.20.0-150400.3.5.1
* libva2-debuginfo-2.20.0-150400.3.5.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libva-drm2-debuginfo-2.20.0-150400.3.5.1
* libva-devel-2.20.0-150400.3.5.1
* libva-x11-2-2.20.0-150400.3.5.1
* libva2-2.20.0-150400.3.5.1
* libva-x11-2-debuginfo-2.20.0-150400.3.5.1
* libva-wayland2-2.20.0-150400.3.5.1
* libva-debugsource-2.20.0-150400.3.5.1
* libva-wayland2-debuginfo-2.20.0-150400.3.5.1
* libva-drm2-2.20.0-150400.3.5.1
* libva2-debuginfo-2.20.0-150400.3.5.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libva-drm2-debuginfo-2.20.0-150400.3.5.1
* libva-devel-2.20.0-150400.3.5.1
* libva-x11-2-2.20.0-150400.3.5.1
* libva2-2.20.0-150400.3.5.1
* libva-x11-2-debuginfo-2.20.0-150400.3.5.1
* libva-wayland2-2.20.0-150400.3.5.1
* libva-debugsource-2.20.0-150400.3.5.1
* libva-wayland2-debuginfo-2.20.0-150400.3.5.1
* libva-drm2-2.20.0-150400.3.5.1
* libva2-debuginfo-2.20.0-150400.3.5.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libva-drm2-debuginfo-2.20.0-150400.3.5.1
* libva-devel-2.20.0-150400.3.5.1
* libva-x11-2-2.20.0-150400.3.5.1
* libva2-2.20.0-150400.3.5.1
* libva-x11-2-debuginfo-2.20.0-150400.3.5.1
* libva-wayland2-2.20.0-150400.3.5.1
* libva-debugsource-2.20.0-150400.3.5.1
* libva-wayland2-debuginfo-2.20.0-150400.3.5.1
* libva-drm2-2.20.0-150400.3.5.1
* libva2-debuginfo-2.20.0-150400.3.5.1

## References:

* https://www.suse.com/security/cve/CVE-2023-39929.html
* https://bugzilla.suse.com/show_bug.cgi?id=1202828
* https://bugzilla.suse.com/show_bug.cgi?id=1217770
* https://bugzilla.suse.com/show_bug.cgi?id=1224413
* https://jira.suse.com/browse/PED-11066
* https://jira.suse.com/browse/PED-1174



SUSE-SU-2025:1453-1: moderate: Security update for libva


# Security update for libva

Announcement ID: SUSE-SU-2025:1453-1
Release Date: 2025-05-05T07:44:16Z
Rating: moderate
References:

* bsc#1202828
* bsc#1217770
* bsc#1224413
* jsc#PED-11066

Cross-References:

* CVE-2023-39929

CVSS scores:

* CVE-2023-39929 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability, contains one feature and has two
security fixes can now be installed.

## Description:

This update for libva fixes the following issues:

Update to libva version 2.20.0, which includes security fix for:

* CVE-2023-39929: uncontrolled search path may allow an authenticated user to
escalate privilege via local access (bsc#1224413, jsc#PED-11066)

This includes latest version of one of the components needed for Video
(processing) hardware support on Intel GPUs (bsc#1217770)

Update to version 2.20.0:

* av1: Revise offsets comments for av1 encode
* drm:

* Limit the array size to avoid out of range
* Remove no longer used helpers
* jpeg: add support for crop and partial decode

* trace:

* Add trace for vaExportSurfaceHandle
* Unlock mutex before return
* Fix minor issue about printf data type and value range
* va/backend:

* Annotate vafool as deprecated
* Document the vaGetDriver* APIs
* va/x11/va_fglrx: Remove some dead code

* va/x11/va_nvctrl: Remove some dead code
* va:

* Add new VADecodeErrorType to indicate the reset happended in the driver
* Add vendor string on va_TraceInitialize
* Added Q416 fourcc (three-plane 16-bit YUV 4:4:4)
* Drop no longer applicable vaGetDriverNames check
* Fix:don't leak driver names, when override is set
* Fix:set driver number to be zero if vaGetDriverNames failed
* Optimize code of getting driver name for all protocols/os (wayland,x11,drm,win32,android)
* Remove legacy code paths
* Remove unreachable "DRIVER BUG"
* x11/dri2: limit the array handling to avoid out of range access

* x11:

* Allow disabling DRI3 via LIBVA_DRI3_DISABLE env var
* Implement vaGetDriverNames
* Remove legacy code paths

Update to 2.19.0:

* add: Add mono_chrome to VAEncSequenceParameterBufferAV1
* add: Enable support for license acquisition of multiple protected playbacks
* fix: use secure_getenv instead of getenv
* trace: Improve and add VA trace log for AV1 encode
* trace: Unify va log message, replace va_TracePrint with va_TraceMsg.

Update to version 2.18.0:

* doc: Add build and install libva informatio in home page.
* fix:

* Add libva.def into distribution package
* NULL check before calling strncmp.
* Remove reference to non-existent symbol
* meson: docs:

* Add encoder interface for av1
* Use libva_version over project_version()
* va:

* Add VAProfileH264High10
* Always build with va-messaging API
* Fix the codying style of CHECK_DISPLAY
* Remove Android pre Jelly Bean workarounds
* Remove dummy isValid() hook
* Remove unused drm_sarea.h include & ANDROID references in va_dricommon.h
* va/sysdeps.h: remove Android section
* x11:
* Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var

* Use LIBVA_DRI3_DISABLE in GetNumCandidates

* Add libva-wayland to baselibs.conf, now that its build have moved to the
main part of spec, source validator should no longer complain on SLE.

Update to 2.17.0:

* win: Simplify signature for driver name loading
* win: Rewrite driver registry query and fix some bugs/leaks/inefficiencies
* win: Add missing null check after calloc
* va: Update security disclaimer
* dep:remove the file .cvsignore
* pkgconfig: add 'with-legacy' for emgd, nvctrl and fglrx
* meson: add 'with-legacy' for emgd, nvctrl and fglrx
* x11: move all FGLRX code to va_fglrx.c
* x11: move all NVCTRL code to va_nvctrl.c
* meson: stop using deprecated meson.source_root()
* meson: stop using configure_file copy=true
* va: correctly include the win32 (local) headers
* win: clean-up the coding style
* va: dos2unix all the files
* drm: remove unnecessary dri2 version/extension query
* trace: annotate internal functions with DLL_HIDDEN
* build/sysdeps: Remove HAVE_GNUC_VISIBILITY_ATTRIBUTE and use _GNUC_ support
level attribute instead
* meson: Check support for -Wl,-version-script and build link_args accordingly
* meson: Set va_win32 soversion to '' and remove the install_data rename
* fix: resouce check null
* va_trace: Add Win32 memory types in va_TraceSurfaceAttributes
* va_trace: va_TraceSurfaceAttributes should check the
VASurfaceAttribMemoryType
* va: Adds Win32 Node and Windows build support
* va: Adds compat_win32 abstraction for Windows build and prepares va common
code for windows build
* pkgconfig: Add Win32 package for when WITH_WIN32 is enabled
* meson: Add with_win32 option, makes libdrm non-mandatory on Win
* x11: add basic DRI3 support
* drm: remove VA_DRM_IsRenderNodeFd() helper
* drm: add radeon drm + radeonsi mesa combo

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-1453=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1453=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1453=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1453=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1453=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* libva-x11-2-debuginfo-2.20.0-150500.3.5.1
* libva-devel-2.20.0-150500.3.5.1
* libva-debugsource-2.20.0-150500.3.5.1
* libva2-2.20.0-150500.3.5.1
* libva-gl-debugsource-2.20.0-150500.3.5.1
* libva-glx2-debuginfo-2.20.0-150500.3.5.1
* libva2-debuginfo-2.20.0-150500.3.5.1
* libva-wayland2-debuginfo-2.20.0-150500.3.5.1
* libva-glx2-2.20.0-150500.3.5.1
* libva-drm2-2.20.0-150500.3.5.1
* libva-gl-devel-2.20.0-150500.3.5.1
* libva-wayland2-2.20.0-150500.3.5.1
* libva-x11-2-2.20.0-150500.3.5.1
* libva-drm2-debuginfo-2.20.0-150500.3.5.1
* openSUSE Leap 15.5 (x86_64)
* libva-x11-2-32bit-debuginfo-2.20.0-150500.3.5.1
* libva2-32bit-debuginfo-2.20.0-150500.3.5.1
* libva-wayland2-32bit-debuginfo-2.20.0-150500.3.5.1
* libva2-32bit-2.20.0-150500.3.5.1
* libva-wayland2-32bit-2.20.0-150500.3.5.1
* libva-devel-32bit-2.20.0-150500.3.5.1
* libva-drm2-32bit-2.20.0-150500.3.5.1
* libva-glx2-32bit-debuginfo-2.20.0-150500.3.5.1
* libva-glx2-32bit-2.20.0-150500.3.5.1
* libva-gl-devel-32bit-2.20.0-150500.3.5.1
* libva-drm2-32bit-debuginfo-2.20.0-150500.3.5.1
* libva-x11-2-32bit-2.20.0-150500.3.5.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* libva2-64bit-2.20.0-150500.3.5.1
* libva-wayland2-64bit-2.20.0-150500.3.5.1
* libva-wayland2-64bit-debuginfo-2.20.0-150500.3.5.1
* libva-drm2-64bit-debuginfo-2.20.0-150500.3.5.1
* libva-drm2-64bit-2.20.0-150500.3.5.1
* libva-devel-64bit-2.20.0-150500.3.5.1
* libva2-64bit-debuginfo-2.20.0-150500.3.5.1
* libva-glx2-64bit-2.20.0-150500.3.5.1
* libva-x11-2-64bit-debuginfo-2.20.0-150500.3.5.1
* libva-x11-2-64bit-2.20.0-150500.3.5.1
* libva-gl-devel-64bit-2.20.0-150500.3.5.1
* libva-glx2-64bit-debuginfo-2.20.0-150500.3.5.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libva-x11-2-debuginfo-2.20.0-150500.3.5.1
* libva-devel-2.20.0-150500.3.5.1
* libva-debugsource-2.20.0-150500.3.5.1
* libva2-2.20.0-150500.3.5.1
* libva2-debuginfo-2.20.0-150500.3.5.1
* libva-wayland2-debuginfo-2.20.0-150500.3.5.1
* libva-drm2-2.20.0-150500.3.5.1
* libva-wayland2-2.20.0-150500.3.5.1
* libva-x11-2-2.20.0-150500.3.5.1
* libva-drm2-debuginfo-2.20.0-150500.3.5.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libva-x11-2-debuginfo-2.20.0-150500.3.5.1
* libva-devel-2.20.0-150500.3.5.1
* libva-debugsource-2.20.0-150500.3.5.1
* libva2-2.20.0-150500.3.5.1
* libva2-debuginfo-2.20.0-150500.3.5.1
* libva-wayland2-debuginfo-2.20.0-150500.3.5.1
* libva-drm2-2.20.0-150500.3.5.1
* libva-wayland2-2.20.0-150500.3.5.1
* libva-x11-2-2.20.0-150500.3.5.1
* libva-drm2-debuginfo-2.20.0-150500.3.5.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libva-x11-2-debuginfo-2.20.0-150500.3.5.1
* libva-devel-2.20.0-150500.3.5.1
* libva-debugsource-2.20.0-150500.3.5.1
* libva2-2.20.0-150500.3.5.1
* libva2-debuginfo-2.20.0-150500.3.5.1
* libva-wayland2-debuginfo-2.20.0-150500.3.5.1
* libva-drm2-2.20.0-150500.3.5.1
* libva-wayland2-2.20.0-150500.3.5.1
* libva-x11-2-2.20.0-150500.3.5.1
* libva-drm2-debuginfo-2.20.0-150500.3.5.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libva-x11-2-debuginfo-2.20.0-150500.3.5.1
* libva-devel-2.20.0-150500.3.5.1
* libva-debugsource-2.20.0-150500.3.5.1
* libva2-2.20.0-150500.3.5.1
* libva2-debuginfo-2.20.0-150500.3.5.1
* libva-wayland2-debuginfo-2.20.0-150500.3.5.1
* libva-drm2-2.20.0-150500.3.5.1
* libva-wayland2-2.20.0-150500.3.5.1
* libva-x11-2-2.20.0-150500.3.5.1
* libva-drm2-debuginfo-2.20.0-150500.3.5.1

## References:

* https://www.suse.com/security/cve/CVE-2023-39929.html
* https://bugzilla.suse.com/show_bug.cgi?id=1202828
* https://bugzilla.suse.com/show_bug.cgi?id=1217770
* https://bugzilla.suse.com/show_bug.cgi?id=1224413
* https://jira.suse.com/browse/PED-11066



SUSE-SU-2025:1445-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:1445-1
Release Date: 2025-05-04T16:10:06Z
Rating: important
References:

* bsc#1233294
* bsc#1235431
* bsc#1240840

Cross-References:

* CVE-2024-50205
* CVE-2024-56650
* CVE-2024-8805

CVSS scores:

* CVE-2024-50205 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50205 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-50205 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56650 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-8805 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-8805 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-8805 ( NVD ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_141 fixes several issues.

The following security issues were fixed:

* CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
(bsc#1240840).
* CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in
apply_constraint_to_size() (bsc#1233294).
* CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check()
(bsc#1235431).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1445=1 SUSE-2025-1441=1 SUSE-2025-1443=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-1445=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-1441=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2025-1443=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_119-default-debuginfo-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_125-default-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-11-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_26-debugsource-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_119-default-16-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_33-debugsource-6-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_28-debugsource-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-6-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_119-default-debuginfo-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_125-default-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-11-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_26-debugsource-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_119-default-16-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_33-debugsource-6-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_28-debugsource-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-6-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-50205.html
* https://www.suse.com/security/cve/CVE-2024-56650.html
* https://www.suse.com/security/cve/CVE-2024-8805.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233294
* https://bugzilla.suse.com/show_bug.cgi?id=1235431
* https://bugzilla.suse.com/show_bug.cgi?id=1240840



SUSE-SU-2025:1448-1: important: Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:1448-1
Release Date: 2025-05-05T06:37:05Z
Rating: important
References:

* bsc#1227753
* bsc#1233294
* bsc#1235431
* bsc#1240840

Cross-References:

* CVE-2023-52885
* CVE-2024-50205
* CVE-2024-56650
* CVE-2024-8805

CVSS scores:

* CVE-2023-52885 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52885 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50205 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50205 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-50205 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56650 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-8805 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-8805 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-8805 ( NVD ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_164 fixes several issues.

The following security issues were fixed:

* CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
(bsc#1240840).
* CVE-2023-52885: SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
(bsc#1227753).
* CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in
apply_constraint_to_size() (bsc#1233294).
* CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check()
(bsc#1235431).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-1448=1 SUSE-2025-1442=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1448=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-1442=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_164-default-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_158-default-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_158-default-debuginfo-17-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_45-debugsource-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_164-default-debuginfo-13-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_43-debugsource-17-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_164-preempt-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_158-preempt-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_164-preempt-debuginfo-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_158-preempt-debuginfo-17-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_158-default-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_164-default-13-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-52885.html
* https://www.suse.com/security/cve/CVE-2024-50205.html
* https://www.suse.com/security/cve/CVE-2024-56650.html
* https://www.suse.com/security/cve/CVE-2024-8805.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227753
* https://bugzilla.suse.com/show_bug.cgi?id=1233294
* https://bugzilla.suse.com/show_bug.cgi?id=1235431
* https://bugzilla.suse.com/show_bug.cgi?id=1240840



SUSE-SU-2025:1449-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:1449-1
Release Date: 2025-05-05T07:36:00Z
Rating: important
References:

* bsc#1235431
* bsc#1240840

Cross-References:

* CVE-2024-56650
* CVE-2024-8805

CVSS scores:

* CVE-2024-56650 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-8805 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-8805 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-8805 ( NVD ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_144 fixes several issues.

The following security issues were fixed:

* CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
(bsc#1240840).
* CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check()
(bsc#1235431).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1449=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-1449=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_144-default-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_34-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-5-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_144-default-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_34-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-5-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-56650.html
* https://www.suse.com/security/cve/CVE-2024-8805.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235431
* https://bugzilla.suse.com/show_bug.cgi?id=1240840



SUSE-SU-2025:1444-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:1444-1
Release Date: 2025-05-04T13:39:40Z
Rating: important
References:

* bsc#1235431

Cross-References:

* CVE-2024-56650

CVSS scores:

* CVE-2024-56650 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves one vulnerability can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_147 fixes one issue.

The following security issue was fixed:

* CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check()
(bsc#1235431).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1444=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-1444=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_35-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-debuginfo-5-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_35-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-debuginfo-5-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-56650.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235431



openSUSE-SU-2025:15051-1: moderate: chromedriver-136.0.7103.59-1.1 on GA media


# chromedriver-136.0.7103.59-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15051-1
Rating: moderate

Cross-References:

* CVE-2025-4050
* CVE-2025-4051
* CVE-2025-4052
* CVE-2025-4096

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the chromedriver-136.0.7103.59-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* chromedriver 136.0.7103.59-1.1
* chromium 136.0.7103.59-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-4050.html
* https://www.suse.com/security/cve/CVE-2025-4051.html
* https://www.suse.com/security/cve/CVE-2025-4052.html
* https://www.suse.com/security/cve/CVE-2025-4096.html


Yelp, XMLRPC, Firefox, NodeJS, Kernel, Thunderbird, Ruby, 389-ds-base, Kpatch-Patch, OSBuild updates for RHEL

C-Ares, Corosync, OpenJDK, MySQL updates for Ubuntu

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...