FFmpeg, PostgreSQL, ImageMagick, and more updates for SUSE

SUSE 5495 Published by

There are several new security updates available for SUSE. The updates include a moderate security update for ffmpeg-4 and multiple important security updates for packages such as postgresql16, ImageMagick, go1.24-openssl, and the Linux Kernel (with various live patches).

SUSE-SU-2025:03162-1: moderate: Security update for ffmpeg-4
SUSE-SU-2025:03005-2: important: Security update for postgresql16
SUSE-SU-2025:03164-1: important: Security update for ImageMagick
SUSE-SU-2025:03158-1: important: Security update for go1.24-openssl
SUSE-SU-2025:03156-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP4)
SUSE-SU-2025:03159-1: important: Security update for go1.23-openssl
SUSE-SU-2025:03160-1: important: Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP4)
openSUSE-SU-2025:15542-1: moderate: trivy-0.66.0-1.1 on GA media
SUSE-SU-2025:03175-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP4)
SUSE-SU-2025:03165-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4)
SUSE-SU-2025:03180-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)
SUSE-SU-2025:03179-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP4)




SUSE-SU-2025:03162-1: moderate: Security update for ffmpeg-4


# Security update for ffmpeg-4

Announcement ID: SUSE-SU-2025:03162-1
Release Date: 2025-09-11T09:16:33Z
Rating: moderate
References:

* bsc#1246790

Cross-References:

* CVE-2025-7700

CVSS scores:

* CVE-2025-7700 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-7700 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Linux Enterprise Workstation Extension 15 SP6
* SUSE Linux Enterprise Workstation Extension 15 SP7
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for ffmpeg-4 fixes the following issues:

* CVE-2025-7700: Fixed NULL Pointer Dereference in FFmpeg ALS Decoder
(bsc#1246790).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3162=1 openSUSE-SLE-15.6-2025-3162=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3162=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3162=1

* SUSE Linux Enterprise Workstation Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-3162=1

* SUSE Linux Enterprise Workstation Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2025-3162=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libavfilter7_110-4.4.6-150600.13.30.1
* libswresample3_9-debuginfo-4.4.6-150600.13.30.1
* ffmpeg-4-libswscale-devel-4.4.6-150600.13.30.1
* ffmpeg-4-debuginfo-4.4.6-150600.13.30.1
* ffmpeg-4-libpostproc-devel-4.4.6-150600.13.30.1
* ffmpeg-4-libavcodec-devel-4.4.6-150600.13.30.1
* ffmpeg-4-debugsource-4.4.6-150600.13.30.1
* libswscale5_9-4.4.6-150600.13.30.1
* libpostproc55_9-debuginfo-4.4.6-150600.13.30.1
* ffmpeg-4-libavdevice-devel-4.4.6-150600.13.30.1
* libavdevice58_13-debuginfo-4.4.6-150600.13.30.1
* ffmpeg-4-libavformat-devel-4.4.6-150600.13.30.1
* ffmpeg-4-4.4.6-150600.13.30.1
* libavdevice58_13-4.4.6-150600.13.30.1
* libavformat58_76-debuginfo-4.4.6-150600.13.30.1
* libswresample3_9-4.4.6-150600.13.30.1
* libavutil56_70-debuginfo-4.4.6-150600.13.30.1
* libavcodec58_134-4.4.6-150600.13.30.1
* libavutil56_70-4.4.6-150600.13.30.1
* libavformat58_76-4.4.6-150600.13.30.1
* libavfilter7_110-debuginfo-4.4.6-150600.13.30.1
* libpostproc55_9-4.4.6-150600.13.30.1
* libavresample4_0-4.4.6-150600.13.30.1
* libavresample4_0-debuginfo-4.4.6-150600.13.30.1
* ffmpeg-4-libavutil-devel-4.4.6-150600.13.30.1
* ffmpeg-4-libavfilter-devel-4.4.6-150600.13.30.1
* ffmpeg-4-libswresample-devel-4.4.6-150600.13.30.1
* ffmpeg-4-libavresample-devel-4.4.6-150600.13.30.1
* libavcodec58_134-debuginfo-4.4.6-150600.13.30.1
* libswscale5_9-debuginfo-4.4.6-150600.13.30.1
* ffmpeg-4-private-devel-4.4.6-150600.13.30.1
* openSUSE Leap 15.6 (x86_64)
* libpostproc55_9-32bit-debuginfo-4.4.6-150600.13.30.1
* libavresample4_0-32bit-4.4.6-150600.13.30.1
* libavfilter7_110-32bit-debuginfo-4.4.6-150600.13.30.1
* libavutil56_70-32bit-4.4.6-150600.13.30.1
* libavformat58_76-32bit-debuginfo-4.4.6-150600.13.30.1
* libpostproc55_9-32bit-4.4.6-150600.13.30.1
* libswscale5_9-32bit-4.4.6-150600.13.30.1
* libavcodec58_134-32bit-4.4.6-150600.13.30.1
* libavformat58_76-32bit-4.4.6-150600.13.30.1
* libavresample4_0-32bit-debuginfo-4.4.6-150600.13.30.1
* libswscale5_9-32bit-debuginfo-4.4.6-150600.13.30.1
* libavutil56_70-32bit-debuginfo-4.4.6-150600.13.30.1
* libavdevice58_13-32bit-4.4.6-150600.13.30.1
* libswresample3_9-32bit-debuginfo-4.4.6-150600.13.30.1
* libavdevice58_13-32bit-debuginfo-4.4.6-150600.13.30.1
* libswresample3_9-32bit-4.4.6-150600.13.30.1
* libavcodec58_134-32bit-debuginfo-4.4.6-150600.13.30.1
* libavfilter7_110-32bit-4.4.6-150600.13.30.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libavdevice58_13-64bit-debuginfo-4.4.6-150600.13.30.1
* libswresample3_9-64bit-debuginfo-4.4.6-150600.13.30.1
* libavformat58_76-64bit-debuginfo-4.4.6-150600.13.30.1
* libswresample3_9-64bit-4.4.6-150600.13.30.1
* libavcodec58_134-64bit-4.4.6-150600.13.30.1
* libavresample4_0-64bit-debuginfo-4.4.6-150600.13.30.1
* libavfilter7_110-64bit-debuginfo-4.4.6-150600.13.30.1
* libavformat58_76-64bit-4.4.6-150600.13.30.1
* libavfilter7_110-64bit-4.4.6-150600.13.30.1
* libavdevice58_13-64bit-4.4.6-150600.13.30.1
* libpostproc55_9-64bit-4.4.6-150600.13.30.1
* libswscale5_9-64bit-debuginfo-4.4.6-150600.13.30.1
* libavutil56_70-64bit-debuginfo-4.4.6-150600.13.30.1
* libavutil56_70-64bit-4.4.6-150600.13.30.1
* libavcodec58_134-64bit-debuginfo-4.4.6-150600.13.30.1
* libswscale5_9-64bit-4.4.6-150600.13.30.1
* libavresample4_0-64bit-4.4.6-150600.13.30.1
* libpostproc55_9-64bit-debuginfo-4.4.6-150600.13.30.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* libavfilter7_110-4.4.6-150600.13.30.1
* libswresample3_9-debuginfo-4.4.6-150600.13.30.1
* ffmpeg-4-libswscale-devel-4.4.6-150600.13.30.1
* ffmpeg-4-debuginfo-4.4.6-150600.13.30.1
* ffmpeg-4-libpostproc-devel-4.4.6-150600.13.30.1
* ffmpeg-4-libavcodec-devel-4.4.6-150600.13.30.1
* ffmpeg-4-debugsource-4.4.6-150600.13.30.1
* libswscale5_9-4.4.6-150600.13.30.1
* libpostproc55_9-debuginfo-4.4.6-150600.13.30.1
* ffmpeg-4-libavdevice-devel-4.4.6-150600.13.30.1
* libavdevice58_13-debuginfo-4.4.6-150600.13.30.1
* ffmpeg-4-libavformat-devel-4.4.6-150600.13.30.1
* ffmpeg-4-4.4.6-150600.13.30.1
* libavdevice58_13-4.4.6-150600.13.30.1
* libavformat58_76-debuginfo-4.4.6-150600.13.30.1
* libswresample3_9-4.4.6-150600.13.30.1
* libavutil56_70-debuginfo-4.4.6-150600.13.30.1
* libavcodec58_134-4.4.6-150600.13.30.1
* libavutil56_70-4.4.6-150600.13.30.1
* libavformat58_76-4.4.6-150600.13.30.1
* libavfilter7_110-debuginfo-4.4.6-150600.13.30.1
* libpostproc55_9-4.4.6-150600.13.30.1
* libavresample4_0-4.4.6-150600.13.30.1
* libavresample4_0-debuginfo-4.4.6-150600.13.30.1
* ffmpeg-4-libavutil-devel-4.4.6-150600.13.30.1
* ffmpeg-4-libavfilter-devel-4.4.6-150600.13.30.1
* ffmpeg-4-libswresample-devel-4.4.6-150600.13.30.1
* ffmpeg-4-libavresample-devel-4.4.6-150600.13.30.1
* libavcodec58_134-debuginfo-4.4.6-150600.13.30.1
* libswscale5_9-debuginfo-4.4.6-150600.13.30.1
* ffmpeg-4-private-devel-4.4.6-150600.13.30.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* libavfilter7_110-4.4.6-150600.13.30.1
* libswresample3_9-debuginfo-4.4.6-150600.13.30.1
* ffmpeg-4-libswscale-devel-4.4.6-150600.13.30.1
* ffmpeg-4-debuginfo-4.4.6-150600.13.30.1
* ffmpeg-4-libpostproc-devel-4.4.6-150600.13.30.1
* ffmpeg-4-libavcodec-devel-4.4.6-150600.13.30.1
* ffmpeg-4-debugsource-4.4.6-150600.13.30.1
* libswscale5_9-4.4.6-150600.13.30.1
* libpostproc55_9-debuginfo-4.4.6-150600.13.30.1
* ffmpeg-4-libavdevice-devel-4.4.6-150600.13.30.1
* libavdevice58_13-debuginfo-4.4.6-150600.13.30.1
* ffmpeg-4-libavformat-devel-4.4.6-150600.13.30.1
* ffmpeg-4-4.4.6-150600.13.30.1
* libavdevice58_13-4.4.6-150600.13.30.1
* libavformat58_76-debuginfo-4.4.6-150600.13.30.1
* libswresample3_9-4.4.6-150600.13.30.1
* libavutil56_70-debuginfo-4.4.6-150600.13.30.1
* libavcodec58_134-4.4.6-150600.13.30.1
* libavutil56_70-4.4.6-150600.13.30.1
* libavformat58_76-4.4.6-150600.13.30.1
* libavfilter7_110-debuginfo-4.4.6-150600.13.30.1
* libpostproc55_9-4.4.6-150600.13.30.1
* libavresample4_0-4.4.6-150600.13.30.1
* libavresample4_0-debuginfo-4.4.6-150600.13.30.1
* ffmpeg-4-libavutil-devel-4.4.6-150600.13.30.1
* ffmpeg-4-libavfilter-devel-4.4.6-150600.13.30.1
* ffmpeg-4-libswresample-devel-4.4.6-150600.13.30.1
* ffmpeg-4-libavresample-devel-4.4.6-150600.13.30.1
* libavcodec58_134-debuginfo-4.4.6-150600.13.30.1
* libswscale5_9-debuginfo-4.4.6-150600.13.30.1
* ffmpeg-4-private-devel-4.4.6-150600.13.30.1
* SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
* libavformat58_76-debuginfo-4.4.6-150600.13.30.1
* libswresample3_9-debuginfo-4.4.6-150600.13.30.1
* libswresample3_9-4.4.6-150600.13.30.1
* libavutil56_70-debuginfo-4.4.6-150600.13.30.1
* libavcodec58_134-4.4.6-150600.13.30.1
* ffmpeg-4-debuginfo-4.4.6-150600.13.30.1
* libavutil56_70-4.4.6-150600.13.30.1
* libavcodec58_134-debuginfo-4.4.6-150600.13.30.1
* libavformat58_76-4.4.6-150600.13.30.1
* ffmpeg-4-debugsource-4.4.6-150600.13.30.1
* libswscale5_9-4.4.6-150600.13.30.1
* libswscale5_9-debuginfo-4.4.6-150600.13.30.1
* SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64)
* libavformat58_76-debuginfo-4.4.6-150600.13.30.1
* libswresample3_9-debuginfo-4.4.6-150600.13.30.1
* libswresample3_9-4.4.6-150600.13.30.1
* libavutil56_70-debuginfo-4.4.6-150600.13.30.1
* libavcodec58_134-4.4.6-150600.13.30.1
* ffmpeg-4-debuginfo-4.4.6-150600.13.30.1
* libavutil56_70-4.4.6-150600.13.30.1
* libavcodec58_134-debuginfo-4.4.6-150600.13.30.1
* libavformat58_76-4.4.6-150600.13.30.1
* ffmpeg-4-debugsource-4.4.6-150600.13.30.1
* libswscale5_9-4.4.6-150600.13.30.1
* libswscale5_9-debuginfo-4.4.6-150600.13.30.1

## References:

* https://www.suse.com/security/cve/CVE-2025-7700.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246790



SUSE-SU-2025:03005-2: important: Security update for postgresql16


# Security update for postgresql16

Announcement ID: SUSE-SU-2025:03005-2
Release Date: 2025-09-11T10:22:01Z
Rating: important
References:

* bsc#1248119
* bsc#1248120
* bsc#1248122

Cross-References:

* CVE-2025-8713
* CVE-2025-8714
* CVE-2025-8715

CVSS scores:

* CVE-2025-8713 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-8713 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-8713 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-8714 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-8714 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-8714 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-8715 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-8715 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-8715 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* Legacy Module 15-SP7
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves three vulnerabilities can now be installed.

## Description:

This update for postgresql16 fixes the following issues:

Upgraded to 16.10: * CVE-2025-8713: Fixed optimizer statistics exposing sampled
data within a view, partition, or child table (bsc#1248120) * CVE-2025-8714:
Fixed untrusted data inclusion in pg_dump allows superuser of origin server to
execute arbitrary code in psql client (bsc#1248122) * CVE-2025-8715: Fixed
improper neutralization of newlines in pg_dump leading to arbitrary code
execution in the psql client and in the restore target server (bsc#1248119)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3005=1 openSUSE-SLE-15.6-2025-3005=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3005=1

* Legacy Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2025-3005=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3005=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3005=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-3005=1

* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-3005=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* postgresql16-test-16.10-150600.16.21.1
* postgresql16-pltcl-debuginfo-16.10-150600.16.21.1
* postgresql16-llvmjit-devel-16.10-150600.16.21.1
* postgresql16-plperl-debuginfo-16.10-150600.16.21.1
* postgresql16-plpython-debuginfo-16.10-150600.16.21.1
* postgresql16-llvmjit-debuginfo-16.10-150600.16.21.1
* postgresql16-pltcl-16.10-150600.16.21.1
* postgresql16-server-debuginfo-16.10-150600.16.21.1
* postgresql16-server-devel-16.10-150600.16.21.1
* postgresql16-debuginfo-16.10-150600.16.21.1
* postgresql16-llvmjit-16.10-150600.16.21.1
* postgresql16-16.10-150600.16.21.1
* postgresql16-contrib-16.10-150600.16.21.1
* postgresql16-server-16.10-150600.16.21.1
* postgresql16-plperl-16.10-150600.16.21.1
* postgresql16-plpython-16.10-150600.16.21.1
* postgresql16-debugsource-16.10-150600.16.21.1
* postgresql16-devel-debuginfo-16.10-150600.16.21.1
* postgresql16-server-devel-debuginfo-16.10-150600.16.21.1
* postgresql16-contrib-debuginfo-16.10-150600.16.21.1
* postgresql16-devel-16.10-150600.16.21.1
* openSUSE Leap 15.6 (noarch)
* postgresql16-docs-16.10-150600.16.21.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql16-debugsource-16.10-150600.16.21.1
* postgresql16-16.10-150600.16.21.1
* postgresql16-debuginfo-16.10-150600.16.21.1
* Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* postgresql16-debugsource-16.10-150600.16.21.1
* postgresql16-devel-debuginfo-16.10-150600.16.21.1
* postgresql16-contrib-debuginfo-16.10-150600.16.21.1
* postgresql16-devel-16.10-150600.16.21.1
* postgresql16-debuginfo-16.10-150600.16.21.1
* postgresql16-contrib-16.10-150600.16.21.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql16-debugsource-16.10-150600.16.21.1
* postgresql16-test-16.10-150600.16.21.1
* postgresql16-debuginfo-16.10-150600.16.21.1
* postgresql16-llvmjit-debuginfo-16.10-150600.16.21.1
* postgresql16-llvmjit-16.10-150600.16.21.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* postgresql16-debugsource-16.10-150600.16.21.1
* postgresql16-llvmjit-devel-16.10-150600.16.21.1
* postgresql16-test-16.10-150600.16.21.1
* postgresql16-debuginfo-16.10-150600.16.21.1
* postgresql16-llvmjit-debuginfo-16.10-150600.16.21.1
* postgresql16-llvmjit-16.10-150600.16.21.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql16-plpython-16.10-150600.16.21.1
* postgresql16-debugsource-16.10-150600.16.21.1
* postgresql16-devel-debuginfo-16.10-150600.16.21.1
* postgresql16-server-devel-debuginfo-16.10-150600.16.21.1
* postgresql16-contrib-debuginfo-16.10-150600.16.21.1
* postgresql16-pltcl-16.10-150600.16.21.1
* postgresql16-server-debuginfo-16.10-150600.16.21.1
* postgresql16-server-devel-16.10-150600.16.21.1
* postgresql16-devel-16.10-150600.16.21.1
* postgresql16-debuginfo-16.10-150600.16.21.1
* postgresql16-plperl-debuginfo-16.10-150600.16.21.1
* postgresql16-pltcl-debuginfo-16.10-150600.16.21.1
* postgresql16-plpython-debuginfo-16.10-150600.16.21.1
* postgresql16-contrib-16.10-150600.16.21.1
* postgresql16-server-16.10-150600.16.21.1
* postgresql16-plperl-16.10-150600.16.21.1
* Server Applications Module 15-SP6 (noarch)
* postgresql16-docs-16.10-150600.16.21.1
* Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* postgresql16-debugsource-16.10-150600.16.21.1
* postgresql16-server-debuginfo-16.10-150600.16.21.1
* postgresql16-server-devel-16.10-150600.16.21.1
* postgresql16-debuginfo-16.10-150600.16.21.1
* postgresql16-16.10-150600.16.21.1
* postgresql16-server-16.10-150600.16.21.1

## References:

* https://www.suse.com/security/cve/CVE-2025-8713.html
* https://www.suse.com/security/cve/CVE-2025-8714.html
* https://www.suse.com/security/cve/CVE-2025-8715.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248119
* https://bugzilla.suse.com/show_bug.cgi?id=1248120
* https://bugzilla.suse.com/show_bug.cgi?id=1248122



SUSE-SU-2025:03164-1: important: Security update for ImageMagick


# Security update for ImageMagick

Announcement ID: SUSE-SU-2025:03164-1
Release Date: 2025-09-11T11:06:46Z
Rating: important
References:

* bsc#1247475
* bsc#1248076
* bsc#1248077
* bsc#1248078
* bsc#1248079
* bsc#1248767
* bsc#1248780
* bsc#1248784

Cross-References:

* CVE-2025-55004
* CVE-2025-55005
* CVE-2025-55154
* CVE-2025-55160
* CVE-2025-55212
* CVE-2025-55298
* CVE-2025-57803

CVSS scores:

* CVE-2025-55004 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55004 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2025-55004 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
* CVE-2025-55004 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2025-55005 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55005 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-55005 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-55154 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55154 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-55154 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-55154 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-55160 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55160 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2025-55160 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-55160 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
* CVE-2025-55212 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55212 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-55212 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-55298 ( SUSE ): 9.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-55298 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-55298 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-57803 ( SUSE ): 9.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-57803 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-57803 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Desktop Applications Module 15-SP6
* Development Tools Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves seven vulnerabilities and has one security fix can now be
installed.

## Description:

This update for ImageMagick fixes the following issues:

* CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when
processing images with separate alpha channels (bsc#1248076).
* CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to
sRGB colorspaces (bsc#1248077).
* CVE-2025-55154: Fixed integer overflow when performing magnified size
calculations in ReadOneMNGIMage (bsc#1248078).
* CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in
CloneSplayTree (bsc#1248079).
* CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a
geometry string containing only a colon to `montage -geometry`
(bsc#1248767).
* CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability
(bsc#1248780).
* CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer
overflow (bsc#1248784).

Other fixes:

* Fixed output file placeholders (bsc#1247475).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3164=1 openSUSE-SLE-15.6-2025-3164=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-3164=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-3164=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.20.1
* ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.20.1
* ImageMagick-debugsource-7.1.1.21-150600.3.20.1
* ImageMagick-devel-7.1.1.21-150600.3.20.1
* ImageMagick-debuginfo-7.1.1.21-150600.3.20.1
* ImageMagick-config-7-SUSE-7.1.1.21-150600.3.20.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.20.1
* libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.20.1
* perl-PerlMagick-debuginfo-7.1.1.21-150600.3.20.1
* libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.20.1
* perl-PerlMagick-7.1.1.21-150600.3.20.1
* ImageMagick-extra-7.1.1.21-150600.3.20.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.20.1
* ImageMagick-extra-debuginfo-7.1.1.21-150600.3.20.1
* libMagick++-devel-7.1.1.21-150600.3.20.1
* ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.20.1
* ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.20.1
* libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.20.1
* ImageMagick-7.1.1.21-150600.3.20.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.20.1
* openSUSE Leap 15.6 (x86_64)
* libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.20.1
* libMagick++-devel-32bit-7.1.1.21-150600.3.20.1
* libMagickCore-7_Q16HDRI10-32bit-7.1.1.21-150600.3.20.1
* libMagickWand-7_Q16HDRI10-32bit-7.1.1.21-150600.3.20.1
* libMagick++-7_Q16HDRI5-32bit-7.1.1.21-150600.3.20.1
* libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.20.1
* ImageMagick-devel-32bit-7.1.1.21-150600.3.20.1
* libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.1.21-150600.3.20.1
* openSUSE Leap 15.6 (noarch)
* ImageMagick-doc-7.1.1.21-150600.3.20.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* ImageMagick-devel-64bit-7.1.1.21-150600.3.20.1
* libMagick++-7_Q16HDRI5-64bit-7.1.1.21-150600.3.20.1
* libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.20.1
* libMagickCore-7_Q16HDRI10-64bit-7.1.1.21-150600.3.20.1
* libMagickWand-7_Q16HDRI10-64bit-7.1.1.21-150600.3.20.1
* libMagick++-devel-64bit-7.1.1.21-150600.3.20.1
* libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.1.21-150600.3.20.1
* libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.20.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.20.1
* ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.20.1
* ImageMagick-debugsource-7.1.1.21-150600.3.20.1
* ImageMagick-devel-7.1.1.21-150600.3.20.1
* ImageMagick-debuginfo-7.1.1.21-150600.3.20.1
* ImageMagick-config-7-SUSE-7.1.1.21-150600.3.20.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.20.1
* libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.20.1
* libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.20.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.20.1
* libMagick++-devel-7.1.1.21-150600.3.20.1
* ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.20.1
* ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.20.1
* libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.20.1
* ImageMagick-7.1.1.21-150600.3.20.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.20.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* perl-PerlMagick-7.1.1.21-150600.3.20.1
* ImageMagick-debuginfo-7.1.1.21-150600.3.20.1
* ImageMagick-debugsource-7.1.1.21-150600.3.20.1
* perl-PerlMagick-debuginfo-7.1.1.21-150600.3.20.1

## References:

* https://www.suse.com/security/cve/CVE-2025-55004.html
* https://www.suse.com/security/cve/CVE-2025-55005.html
* https://www.suse.com/security/cve/CVE-2025-55154.html
* https://www.suse.com/security/cve/CVE-2025-55160.html
* https://www.suse.com/security/cve/CVE-2025-55212.html
* https://www.suse.com/security/cve/CVE-2025-55298.html
* https://www.suse.com/security/cve/CVE-2025-57803.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247475
* https://bugzilla.suse.com/show_bug.cgi?id=1248076
* https://bugzilla.suse.com/show_bug.cgi?id=1248077
* https://bugzilla.suse.com/show_bug.cgi?id=1248078
* https://bugzilla.suse.com/show_bug.cgi?id=1248079
* https://bugzilla.suse.com/show_bug.cgi?id=1248767
* https://bugzilla.suse.com/show_bug.cgi?id=1248780
* https://bugzilla.suse.com/show_bug.cgi?id=1248784



SUSE-SU-2025:03158-1: important: Security update for go1.24-openssl


# Security update for go1.24-openssl

Announcement ID: SUSE-SU-2025:03158-1
Release Date: 2025-09-11T03:04:54Z
Rating: important
References:

* bsc#1236217
* bsc#1244156
* bsc#1244157
* bsc#1244158
* bsc#1246118
* bsc#1247719
* bsc#1247720
* jsc#SLE-18320

Cross-References:

* CVE-2025-0913
* CVE-2025-22874
* CVE-2025-4673
* CVE-2025-4674
* CVE-2025-47906
* CVE-2025-47907

CVSS scores:

* CVE-2025-0913 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-0913 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-0913 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-22874 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-22874 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-22874 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-4673 ( SUSE ): 8.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
* CVE-2025-4673 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-4673 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-4674 ( SUSE ): 9.3
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-4674 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-4674 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-47906 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-47906 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-47907 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-47907 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
* CVE-2025-47907 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Affected Products:

* Development Tools Module 15-SP6
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves six vulnerabilities, contains one feature and has one
security fix can now be installed.

## Description:

This security update of go1.24-openssl fixes the following issues:

Update to version 1.24.6 cut from the go1.24-fips-release branch at the revision
tagged go1.24.6-1-openssl-fips. Refs jsc#SLE-18320

* Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be
passed as a hash length buffer of zeros.

go1.24.6 (released 2025-08-06) includes security fixes to the database/sql and
os/exec packages, as well as bug fixes to the runtime. ( boo#1236217 go1.24
release tracking)

CVE-2025-47906 CVE-2025-47907:

* go#74804 go#74466 boo#1247719 security: fix CVE-2025-47906 os/exec: LookPath
bug: incorrect expansion of "", "." and ".." in some PATH configurations
* go#74833 go#74831 boo#1247720 security: fix CVE-2025-47907 database/sql:
incorrect results returned from Rows.Scan

* go#73800 runtime: RSS seems to have increased in Go 1.24 while the runtime
accounting has not

* go#74416 runtime: use-after-free of allpSnapshot in findRunnable
* go#74694 runtime: segfaults in runtime.(*unwinder).next
* go#74760 os/user:nolibgcc: TestGroupIdsTestUser failures

go1.24.5 (released 2025-07-08) includes security fixes to the go command, as
well as bug fixes to the compiler, the linker, the , and the go command. (
boo#1236217 go1.24 release tracking) j CVE-2025-4674:

* go#74381 go#74380 boo#1246118 security: fix CVE-2025-4674 cmd/go: disable
support for multiple vcs in one module

* go#73908 runtime: bad frame pointer during panic during duffcopy

* go#74098 cmd/compile: regression on ppc64le bit operations
* go#74113 cmd/go: crash on unknown GOEXPERIMENT during toolchain selection
* go#74290 runtime: heap mspan limit is set too late, causing data race
between span allocation and conservative scanning
* go#74294 internal/trace: stress tests triggering suspected deadlock in
tracer
* go#74346 runtime: memlock not unlocked in all control flow paths in
sysReserveAlignedSbrk
* go#74363 runtime/pprof: crash "cannot read stack of running goroutine" in
goroutine profile
* go#74403 cmd/link: duplicated definition of symbol
github.com/ebitengine/purego.syscall15XABI0 when running with ASAN

go1.24.4 (released 2025-06-05) includes security fixes to the crypto/x509,
net/http, and os packages, as well as bug fixes to the linker, the go command,
and the hash/maphash and os packages. ( boo#1236217 go1.24 release tracking)

CVE-2025-22874 CVE-2025-0913 CVE-2025-4673 * go#73700 go#73702 boo#1244158
security: fix CVE-2025-22874 crypto/x509: ExtKeyUsageAny bypasses policy
validation * go#73720 go#73612 boo#1244157 security: fix CVE-2025-0913 os:
inconsistent handling of O_CREATE|O_EXCL on Unix and Windows * go#73906 go#73816
boo#1244156 security: fix CVE-2025-4673 net/http: sensitive headers not cleared
on cross-origin redirect

* go#73570 os: Root.Mkdir creates directories with zero permissions on OpenBSD
* go#73669 hash/maphash: hashing channels with purego impl. of
maphash.Comparable panics
* go#73678 runtime/debug: BuildSetting does not document DefaultGODEBUG
* go#73809 cmd/go: add fips140 module selection mechanism
* go#73832 cmd/link: Go 1.24.3 and 1.23.9 regression - duplicated definition
of symbol dlopen

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-3158=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-3158=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3158=1 openSUSE-SLE-15.6-2025-3158=1

## Package List:

* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* go1.24-openssl-race-1.24.6-150600.13.9.1
* go1.24-openssl-doc-1.24.6-150600.13.9.1
* go1.24-openssl-1.24.6-150600.13.9.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* go1.24-openssl-race-1.24.6-150600.13.9.1
* go1.24-openssl-debuginfo-1.24.6-150600.13.9.1
* go1.24-openssl-doc-1.24.6-150600.13.9.1
* go1.24-openssl-1.24.6-150600.13.9.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* go1.24-openssl-debuginfo-1.24.6-150600.13.9.1
* go1.24-openssl-doc-1.24.6-150600.13.9.1
* go1.24-openssl-1.24.6-150600.13.9.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.24-openssl-race-1.24.6-150600.13.9.1

## References:

* https://www.suse.com/security/cve/CVE-2025-0913.html
* https://www.suse.com/security/cve/CVE-2025-22874.html
* https://www.suse.com/security/cve/CVE-2025-4673.html
* https://www.suse.com/security/cve/CVE-2025-4674.html
* https://www.suse.com/security/cve/CVE-2025-47906.html
* https://www.suse.com/security/cve/CVE-2025-47907.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236217
* https://bugzilla.suse.com/show_bug.cgi?id=1244156
* https://bugzilla.suse.com/show_bug.cgi?id=1244157
* https://bugzilla.suse.com/show_bug.cgi?id=1244158
* https://bugzilla.suse.com/show_bug.cgi?id=1246118
* https://bugzilla.suse.com/show_bug.cgi?id=1247719
* https://bugzilla.suse.com/show_bug.cgi?id=1247720
* https://jira.suse.com/browse/SLE-18320



SUSE-SU-2025:03156-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:03156-1
Release Date: 2025-09-10T22:26:58Z
Rating: important
References:

* bsc#1231676
* bsc#1231943
* bsc#1232271
* bsc#1237930
* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1246030

Cross-References:

* CVE-2022-49053
* CVE-2024-47674
* CVE-2024-47706
* CVE-2024-49867
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2022-49053 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47674 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47706 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-49867 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves nine vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_133 fixes several issues.

The following security issues were fixed:

* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner
kthread during umount (bsc#1232271).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case
(bsc#1231676).
* CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain
(bsc#1231943).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3156=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3156=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_133-default-14-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_31-debugsource-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-debuginfo-14-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_133-default-14-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_31-debugsource-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-debuginfo-14-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49053.html
* https://www.suse.com/security/cve/CVE-2024-47674.html
* https://www.suse.com/security/cve/CVE-2024-47706.html
* https://www.suse.com/security/cve/CVE-2024-49867.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231676
* https://bugzilla.suse.com/show_bug.cgi?id=1231943
* https://bugzilla.suse.com/show_bug.cgi?id=1232271
* https://bugzilla.suse.com/show_bug.cgi?id=1237930
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



SUSE-SU-2025:03159-1: important: Security update for go1.23-openssl


# Security update for go1.23-openssl

Announcement ID: SUSE-SU-2025:03159-1
Release Date: 2025-09-11T03:05:08Z
Rating: important
References:

* bsc#1229122
* bsc#1236045
* bsc#1236046
* bsc#1236801
* bsc#1238572
* bsc#1240550
* bsc#1244156
* bsc#1244157
* bsc#1246118
* bsc#1247719
* bsc#1247720
* bsc#1247816
* jsc#SLE-18320

Cross-References:

* CVE-2024-45336
* CVE-2024-45341
* CVE-2025-0913
* CVE-2025-22866
* CVE-2025-22870
* CVE-2025-22871
* CVE-2025-4673
* CVE-2025-4674
* CVE-2025-47906
* CVE-2025-47907

CVSS scores:

* CVE-2024-45336 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-45336 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2024-45341 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-45341 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2025-0913 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-0913 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-0913 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-22866 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-22866 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-22866 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-22870 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-22870 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-22870 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-22871 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
* CVE-2025-22871 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-22871 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-4673 ( SUSE ): 8.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
* CVE-2025-4673 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-4673 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-4674 ( SUSE ): 9.3
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-4674 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-4674 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-47906 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-47906 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-47907 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-47907 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
* CVE-2025-47907 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Affected Products:

* Development Tools Module 15-SP6
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves 10 vulnerabilities, contains one feature and has two
security fixes can now be installed.

## Description:

This update for go1.23-openssl fixes the following issues:

Update to version 1.23.12 cut from the go1.23-fips-release branch at the
revision tagged go1.23.12-1-openssl-fips. ( jsc#SLE-18320)

* Rebase to 1.23.12
* Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be
passed as a hash length buffer of zeros.

Packaging improvements:

* Update go_bootstrap_version to go1.21 from go1.20 to shorten the bootstrap
chain. go1.21 can optionally be bootstrapped with gccgo and serve as the
inital version of go1.x.
* Refs boo#1247816 bootstrap go1.21 with gccgo

go1.23.12 (released 2025-08-06) includes security fixes to the database/sql and
os/exec packages, as well as bug fixes to the runtime.

CVE-2025-47906 CVE-2025-47907: * go#74803 go#74466 boo#1247719 security: fix
CVE-2025-47906 os/exec: LookPath bug: incorrect expansion of "", "." and ".." in
some PATH configurations * go#74832 go#74831 boo#1247720 security: fix
CVE-2025-47907 database/sql: incorrect results returned from Rows.Scan

* go#74415 runtime: use-after-free of allpSnapshot in findRunnable
* go#74693 runtime: segfaults in runtime.(*unwinder).next
* go#74721 cmd/go: TestScript/build_trimpath_cgo fails to decode dwarf on
release-branch.go1.23
* go#74726 cmd/cgo/internal/testsanitizers: failures with signal: segmentation
fault or exit status 66

go1.23.11 (released 2025-07-08) includes security fixes to the go command, as
well as bug fixes to the compiler, the linker, and the runtime.

CVE-2025-4674: * go#74382 go#74380 boo#1246118 security: fix CVE-2025-4674
cmd/go: disable support for multiple vcs in one module

* go#73907 runtime: bad frame pointer during panic during duffcopy
* go#74289 runtime: heap mspan limit is set too late, causing data race
between span allocation and conservative scanning
* go#74293 internal/trace: stress tests triggering suspected deadlock in
tracer
* go#74362 runtime/pprof: crash "cannot read stack of running goroutine" in
goroutine profile
* go#74402 cmd/link: duplicated definition of symbol
github.com/ebitengine/purego.syscall15XABI0 when running with ASAN

go1.23.10 (released 2025-06-05) includes security fixes to the net/http and os
packages, as well as bug fixes to the linker. (boo#1229122 go1.23 release
tracking)

CVE-2025-0913 CVE-2025-4673: * go#73719 go#73612 boo#1244157 security: fix
CVE-2025-0913 os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows *
go#73905 go#73816 boo#1244156 security: fix CVE-2025-4673 net/http: sensitive
headers not cleared on cross-origin redirect

* go#73677 runtime/debug: BuildSetting does not document DefaultGODEBUG
* go#73831 cmd/link: Go 1.24.3 and 1.23.9 regression - duplicated definition
of symbol dlopen

go1.23.9 (released 2025-05-06) includes fixes to the runtime and the linker.
(boo#1229122 go1.23 release tracking)

* go#73091 cmd/link: linkname directive on userspace variable can override
runtime variable
* go#73380 runtime, x/sys/unix: Connectx is broken on darwin/amd64

go1.23.8 (released 2025-04-01) includes security fixes to the net/http package,
as well as bug fixes to the runtime and the go command.

CVE-2025-22871: * go#72010 go#71988 boo#1240550 security: fix CVE-2025-22871
net/http: reject bare LF in chunked encoding

* go#72114 runtime: process hangs for mips hardware
* go#72871 runtime: cgo callback on extra M treated as external code after
nested cgo callback returns
* go#72937 internal/godebugs: winsymlink and winreadlinkvolume have incorrect
defaults for Go 1.22

go1.23.7 (released 2025-03-04) includes security fixes to the net/http package,
as well as bug fixes to cgo, the compiler, and the reflect, runtime, and syscall
packages.

CVE-2025-22870: * go#71985 go#71984 boo#1238572 security: fix CVE-2025-22870
net/http, x/net/proxy, x/net/http/httpproxy: proxy bypass using IPv6 zone IDs

* go#71727 runtime: usleep computes wrong tv_nsec on s390x
* go#71839 runtime: recover added in range-over-func loop body doesn't stop
panic propagation / segfaults printing error
* go#71848 os: spurious SIGCHILD on running child process
* go#71875 reflect: Value.Seq panicking on functional iterator methods
* go#71915 reflect: Value.Seq iteration value types not matching the type of
given int types
* go#71962 runtime/cgo: does not build with -Wdeclaration-after-statement

go1.23.6 (released 2025-02-04) includes security fixes to the crypto/elliptic
package, as well as bug fixes to the compiler and the go command.

CVE-2025-22866 * go#71423 go#71383 boo#1236801 security: fix CVE-2025-22866
crypto/internal/fips140/nistec: p256NegCond is variable time on ppc64le

* go#71263 cmd/go/internal/modfetch/codehost: test fails with git 2.47.1
* go#71230 cmd/compile: broken write barrier

go1.23.5 (released 2025-01-16) includes security fixes to the crypto/x509 and
net/http packages, as well as bug fixes to the compiler, the runtime, and the
net package.

CVE-2024-45341 CVE-2024-45336: * go#71208 go#71156 boo#1236045 security: fix
CVE-2024-45341 crypto/x509: usage of IPv6 zone IDs can bypass URI name
constraints * go#71211 go#70530 boo#1236046 security: fix CVE-2024-45336
net/http: sensitive headers incorrectly sent after cross-domain redirect

* go#69988 runtime: severe performance drop for cgo calls in go1.22.5
* go#70517 cmd/compile/internal/importer: flip enable alias to true
* go#70789 os: io.Copy(net.Conn, os.Stdin) on MacOS terminate immediately
without waiting for input
* go#71104 crypto/tls: TestVerifyConnection/TLSv12 failures
* go#71147 internal/trace: TestTraceCPUProfile/Stress failures

go1.23.4 (released 2024-12-03) includes fixes to the compiler, the runtime, the
trace command, and the syscall package.

* go#70644 crypto/rsa: new key generation prohibitively slow under race
detector
* go#70645 proposal: go/types: add Scope.Node convenience getter
* go#70646 x/tools/gopls: unimported completion corrupts import decl
(client=BBEdit)
* go#70648 crypto/tls: TestHandshakeClientECDHEECDSAAESGCM/TLSv12 failures
* go#70649 x/benchmarks/sweet/cmd/sweet: TestSweetEndToEnd failures
* go#70650 crypto/tls: TestGetClientCertificate/TLSv13 failures
* go#70651 x/tools/go/gcexportdata: simplify implementation assuming go >=
1.21
* go#70654 cmd/go: Incorrect output from go list
* go#70655 x/build/cmd/relui: add workflows for some remaining manual
recurring Go major release cycle tasks
* go#70657 proposal: bufio: Scanner.IterText/Scanner.IterBytes
* go#70658 x/net/http2: stuck extended CONNECT requests
* go#70659 os: TestRootDirFS failures on linux-mips64 and linux-mips64le arch-
mips
* go#70660 crypto/ecdsa: TestRFC6979 failures on s390x
* go#70664 x/mobile: target maccatalyst cannot find OpenGLES header
* go#70665 x/tools/gopls: refactor.extract.variable fails at package level
* go#70666 x/tools/gopls: panic in GetIfaceStubInfo
* go#70667 proposal: crypto/x509: support extracting X25519 public keys from
certificates
* go#70668 proposal: x/mobile: better support for unrecovered panics
* go#70669 cmd/go: local failure in TestScript/build_trimpath_cgo
* go#70670 cmd/link: unused functions aren't getting deadcoded from the binary
* go#70674 x/pkgsite: package removal request for
https://pkg.go.dev/github.com/uisdevsquad/go-test/debugmate
* go#70675 cmd/go/internal/lockedfile: mountrpc flake in TestTransform on
plan9
* go#70677 all: remote file server I/O flakiness with "Bad fid" errors on
plan9
* go#70678 internal/poll: deadlock on 'Intel(R) Xeon(R) Platinum' when an FD
is closed
* go#70679 mime/multipart: With go 1.23.3, mime/multipart does not link

Update to version 1.23.2.3 cut from the go1.23-fips-release branch at the
revision tagged go1.23.2-3-openssl-fips. ( jsc#SLE-18320)

* Add negative tests for openssl (#243)

go1.23.3 (released 2024-11-06) includes fixes to the linker, the runtime, and
the net/http, os, and syscall packages.

* go#69258 runtime: corrupted GoroutineProfile stack traces
* go#69259 runtime: multi-arch build via qemu fails to exec go binary
* go#69640 os: os.checkPidfd() crashes with SIGSYS
* go#69746 runtime: TestGdbAutotmpTypes failures
* go#69848 cmd/compile: syscall.Syscall15: nosplit stack over 792 byte limit
* go#69865 runtime: MutexProfile missing root frames in go1.23
* go#69882 time,runtime: too many concurrent timer firings for short
time.Ticker
* go#69978 time,runtime: too many concurrent timer firings for short, fast-
resetting time.Timer
* go#69992 cmd/link: LC_UUID not generated by go linker, resulting in failure
to access local network on macOS 15
* go#70001 net/http/pprof: coroutines + pprof makes the program panic
* go#70020 net/http: short writes with FileServer on macos

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3159=1 openSUSE-SLE-15.6-2025-3159=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-3159=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-3159=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* go1.23-openssl-1.23.12-150600.13.9.1
* go1.23-openssl-doc-1.23.12-150600.13.9.1
* go1.23-openssl-debuginfo-1.23.12-150600.13.9.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.23-openssl-race-1.23.12-150600.13.9.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* go1.23-openssl-1.23.12-150600.13.9.1
* go1.23-openssl-doc-1.23.12-150600.13.9.1
* go1.23-openssl-race-1.23.12-150600.13.9.1
* go1.23-openssl-debuginfo-1.23.12-150600.13.9.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* go1.23-openssl-1.23.12-150600.13.9.1
* go1.23-openssl-doc-1.23.12-150600.13.9.1
* go1.23-openssl-race-1.23.12-150600.13.9.1
* go1.23-openssl-debuginfo-1.23.12-150600.13.9.1

## References:

* https://www.suse.com/security/cve/CVE-2024-45336.html
* https://www.suse.com/security/cve/CVE-2024-45341.html
* https://www.suse.com/security/cve/CVE-2025-0913.html
* https://www.suse.com/security/cve/CVE-2025-22866.html
* https://www.suse.com/security/cve/CVE-2025-22870.html
* https://www.suse.com/security/cve/CVE-2025-22871.html
* https://www.suse.com/security/cve/CVE-2025-4673.html
* https://www.suse.com/security/cve/CVE-2025-4674.html
* https://www.suse.com/security/cve/CVE-2025-47906.html
* https://www.suse.com/security/cve/CVE-2025-47907.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229122
* https://bugzilla.suse.com/show_bug.cgi?id=1236045
* https://bugzilla.suse.com/show_bug.cgi?id=1236046
* https://bugzilla.suse.com/show_bug.cgi?id=1236801
* https://bugzilla.suse.com/show_bug.cgi?id=1238572
* https://bugzilla.suse.com/show_bug.cgi?id=1240550
* https://bugzilla.suse.com/show_bug.cgi?id=1244156
* https://bugzilla.suse.com/show_bug.cgi?id=1244157
* https://bugzilla.suse.com/show_bug.cgi?id=1246118
* https://bugzilla.suse.com/show_bug.cgi?id=1247719
* https://bugzilla.suse.com/show_bug.cgi?id=1247720
* https://bugzilla.suse.com/show_bug.cgi?id=1247816
* https://jira.suse.com/browse/SLE-18320



SUSE-SU-2025:03160-1: important: Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:03160-1
Release Date: 2025-09-11T05:03:56Z
Rating: important
References:

* bsc#1237930
* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1246030

Cross-References:

* CVE-2022-49053
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2022-49053 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_158 fixes several issues.

The following security issues were fixed:

* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3160=1 SUSE-2025-3157=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3160=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-3157=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-debuginfo-6-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_38-debugsource-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_36-debugsource-6-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-debuginfo-6-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_38-debugsource-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_36-debugsource-6-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49053.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237930
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



openSUSE-SU-2025:15542-1: moderate: trivy-0.66.0-1.1 on GA media


# trivy-0.66.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15542-1
Rating: moderate

Cross-References:

* CVE-2025-58058

CVSS scores:

* CVE-2025-58058 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58058 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the trivy-0.66.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* trivy 0.66.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-58058.html



SUSE-SU-2025:03175-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:03175-1
Release Date: 2025-09-11T13:04:57Z
Rating: important
References:

* bsc#1231676
* bsc#1231943
* bsc#1232271
* bsc#1237930
* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1246030

Cross-References:

* CVE-2022-49053
* CVE-2024-47674
* CVE-2024-47706
* CVE-2024-49867
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2022-49053 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47674 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47706 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-49867 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves nine vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_128 fixes several issues.

The following security issues were fixed:

* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner
kthread during umount (bsc#1232271).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case
(bsc#1231676).
* CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain
(bsc#1231943).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3175=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3175=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_128-default-16-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_29-debugsource-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_128-default-debuginfo-16-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_128-default-16-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_29-debugsource-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_128-default-debuginfo-16-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49053.html
* https://www.suse.com/security/cve/CVE-2024-47674.html
* https://www.suse.com/security/cve/CVE-2024-47706.html
* https://www.suse.com/security/cve/CVE-2024-49867.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231676
* https://bugzilla.suse.com/show_bug.cgi?id=1231943
* https://bugzilla.suse.com/show_bug.cgi?id=1232271
* https://bugzilla.suse.com/show_bug.cgi?id=1237930
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



SUSE-SU-2025:03165-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:03165-1
Release Date: 2025-09-11T15:33:53Z
Rating: important
References:

* bsc#1237930
* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1246030

Cross-References:

* CVE-2022-49053
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2022-49053 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_153 fixes several issues.

The following security issues were fixed:

* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3165=1 SUSE-2025-3177=1 SUSE-2025-3176=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3176=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-3165=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2025-3177=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_37-debugsource-6-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_34-debugsource-12-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_35-debugsource-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-debuginfo-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-6-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_37-debugsource-6-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_34-debugsource-12-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_35-debugsource-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-debuginfo-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-6-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49053.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237930
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



SUSE-SU-2025:03180-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:03180-1
Release Date: 2025-09-11T18:33:47Z
Rating: important
References:

* bsc#1237930
* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1246030

Cross-References:

* CVE-2022-49053
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2022-49053 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_141 fixes several issues.

The following security issues were fixed:

* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3180=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3180=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_141-default-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-13-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_33-debugsource-13-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_141-default-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-13-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_33-debugsource-13-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49053.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237930
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



SUSE-SU-2025:03179-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:03179-1
Release Date: 2025-09-11T17:33:44Z
Rating: important
References:

* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1246030

Cross-References:

* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_161 fixes several issues.

The following security issues were fixed:

* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3179=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3179=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_39-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-5-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_39-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-5-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1246030


Python3.12-Cryptography update for AlmaLinux 9

Cipher-Base, CUPS, QEMU security updates for Ubuntu

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...