Several security updates have been released for SUSE Linux, including patches for qatengine and qatlib. Other affected packages include openjpeg, sccache, colord, runc, jasper, kubecolor, kernel-devel, zellij, OpenSMTPD, and java-1_8_0-openjdk. Additionally, updates have been made to aws-efs-utils, which also included a second update for sccache. A security patch for tiff has also been released as an important update.

SUSE-SU-2025:3942-1: moderate: Security update for qatengine, qatlib
SUSE-SU-2025:3943-1: moderate: Security update for qatengine, qatlib
SUSE-SU-2025:3946-1: moderate: Security update for openjpeg
SUSE-SU-2025:3944-1: moderate: Security update for sccache
SUSE-SU-2025:3949-1: moderate: Security update for colord
SUSE-SU-2025:3950-1: important: Security update for runc
SUSE-SU-2025:3947-1: moderate: Security update for jasper
openSUSE-SU-2025:15703-1: moderate: kubecolor-0.5.3-1.1 on GA media
openSUSE-SU-2025:15702-1: moderate: kernel-devel-6.17.7-1.1 on GA media
openSUSE-SU-2025:15704-1: moderate: zellij-0.43.1-2.1 on GA media
openSUSE-SU-2025:15700-1: moderate: OpenSMTPD-7.8.0p0-1.1 on GA media
openSUSE-SU-2025:15701-1: moderate: java-1_8_0-openjdk-1.8.0.472-1.1 on GA media
SUSE-SU-2025:3954-1: moderate: Security update for aws-efs-utils
SUSE-SU-2025:3955-1: moderate: Security update for sccache
SUSE-SU-2025:3957-1: important: Security update for tiff

SUSE-SU-2025:3942-1: moderate: Security update for qatengine, qatlib

# Security update for qatengine, qatlib

Announcement ID: SUSE-SU-2025:3942-1
Release Date: 2025-11-05T08:16:03Z
Rating: moderate
References:

* bsc#1233363
* bsc#1233365
* bsc#1233366

Cross-References:

* CVE-2024-28885
* CVE-2024-31074
* CVE-2024-33617

CVSS scores:

* CVE-2024-28885 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-28885 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-28885 ( NVD ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-28885 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-31074 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-31074 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-31074 ( NVD ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-31074 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-33617 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-33617 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-33617 ( NVD ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-33617 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Proxy 4.3 LTS
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Retail Branch Server 4.3 LTS
* SUSE Manager Server 4.3
* SUSE Manager Server 4.3 LTS

An update that solves three vulnerabilities can now be installed.

## Description:

This update for qatengine, qatlib fixes the following issues:

Note that the 1.6.1 release included in 1.7.0 fixes the following
vulnerabilities:

* bsc#1233363 (CVE-2024-28885)
* bsc#1233365 (CVE-2024-31074)
* bsc#1233366 (CVE-2024-33617)

Update to 1.7.0:

* ipp-crypto name change to cryptography-primitives
* QAT_SW GCM memory leak fix in cleanup function
* Update limitation section in README for v1.7.0 release
* Fix build with OPENSSL_NO_ENGINE
* Fix for build issues with qatprovider in qatlib
* Bug fixes and README updates to v1.7.0
* Remove qat_contig_mem driver support
* Add support for building QAT Engine ENGINE and PROVIDER modules with QuicTLS
3.x libraries
* Fix for DSA issue with openssl3.2
* Fix missing lower bounds check on index i
* Enabled SW Fallback support for FBSD
* Fix for segfault issue when SHIM config section is unavailable
* Fix for Coverity & Resource leak
* Fix for RSA failure with SVM enabled in openssl-3.2
* SM3 Memory Leak Issue Fix
* Fix qatprovider lib name issue with system openssl

Update to 1.6.0:

* Fix issue with make depend for QAT_SW
* QAT_HW GCM Memleak fix & bug fixes
* QAT2.0 FreeBSD14 intree driver support
* Fix OpenSSL 3.2 compatibility issues
* Optimize hex dump logging
* Clear job tlv on error
* QAT_HW RSA Encrypt and Decrypt provider support
* QAT_HW AES-CCM Provider support
* Add ECDH keymgmt support for provider
* Fix QAT_HW SM2 memory leak
* Enable qaeMemFreeNonZeroNUMA() for qatlib
* Fix polling issue for the process that doesn't have QAT_HW instance
* Fix SHA3 qctx initialization issue & potential memleak
* Fix compilation error in SM2 with qat_contig_mem
* Update year in copyright information to 2024

Update to 1.5.0:

* use new --enable-qat_insecure_algorithms to avoid regressions
* improve support for SM{2,3,4} ciphers
* improve SW fallback support
* many bug fixes, refactorisations and documentation updates

* update to 0.6.18:

* Fix address sanitizer issues
* Fix issues with Babassl & Openssl3.0
* Add QAT_HW SM4 CBC support
* Refactor ECX provider code into single file
* Fix QAT_HW AES-GCM bad mac record & memleak
* Fix SHA3 memory leak
* Fix sm4-cbc build error with system default OpenSSL
* Symmetric performance Optimization & memleak fixes
* Bug fix, README & v0.6.18 Version update
* Please refer README (Software requirements section) for dependent libraries
release version and other information.

* update to v0.6.17:

* Add security policy - c1a7a96
* Add dependancy update tool file - 522c41d
* Release v0.6.17 version update - c1a7a96
* Enable QAT_SW RSA & ECDSA support for BoringSSL - 1035e82
* Fix QAT_SW SM2 ECDSA Performance issue - f44a564
* CPP check and Makefile Bug fixes - 98ccbe8
* Fix buffer overflow issue with SHA3 and ECX - cab65f3
* Update version and README for v0.6.16 - 1c95fd7
* Split --with-qat_sw_install_dir into seperate configures - d5f5656
* Add seperate err files for Boringssl - 1a09627
* Fix QAT_HW & QAT_SW AES-GCM issue with s_server in provider - c775f5c
* Fix issue with disable flags in provider - 2e00636
* Fix coredump issue in provider with qat_sw gcm - 6703c13
* Fix err files regeneration failure - 510f3dc
* Add Provider Support for ChachaPoly and SM2 - a98e51d
* Bug Fixes in testapp and with disable flags. - 0945535
* QAT HW&SW Co-existence dynamic mechanism support. - 5baf5aa
* Fix issue with SIGUSR1 during reload. - 00ea833
* Refactor qat_hw instances based on Sym/Asym capabilities. - bb10128
* Replace deprecated pthread_yield with sched_yield. - d514406
* BoringSSL support for RSA and ECDSA. - 41c67c7
* Fix s_server lseek forever issue with qatprovider. - cb3db21
* Fix aes-cbc failure issue in testapp. - a530427
* Fix glibc version test - 2461966
* Fix issue with generator param and ECDSA verify. - c51fc17
* Provider Support for DSA, DH, HKDF, PRF, SHA3 & aes-cbc - 7cc5eb9
* Fix testapp issues and optimization - e7c2ba8
* Optimize setup and clear async event notification - 573fe48
* Fix Nginx worker process core dump in QAT_SW with pkill/killall - 4eb4473
* Add Cofactor to take optimized path in ECDH API - 9a23c7e
* Fix double free issue with QAT_SW - 1a16708
* Add thread mapping to specific QAT_HW instance - 5ee799a
* OpenSSL 3.0 Provider Support - 38086fa
* Update README and version to v0.6.12 - dca2957
* Fixed worker process hung forever after nginx reload - bfe97aa
* Remove OpenSSL 1.1.0 Support - da8682a
* Add QAT_SW SM2 ECDH & SM3 support - 04a6af2
* QAT_SW ECDSA SM2 sign and verify Support - d44ae7e
* Disable SM3, Bug fixes, Readme & version update - d995046

qatlib was updated to:

Update to 24.09.0:

* Improved performance scaling in multi-thread applications
* Set core affinity mapping based on NUMA (libnuma now required for building)
* bug fixes, see https://github.com/intel/qatlib#resolved-issues

Version update to 24.02.0

* Support DC NS (NoSession) APIs
* Support Symmetric Crypto SM3 & SM4
* Support Asymmetric Crypto SM2
* Support DC CompressBound APIs
* Bug Fixes. See Resolved section in README.md

Update to 23.11.0:

* use new --enable-legacy-algorithms to avoid regressions
* add support for data compression chaining (hash then compress)
* add support for additional configuration profiles
* add support DC NS (NoSession) APIs
* add support DC CompressBound APIs
* add Support for Chinese SM{2,3,4} ciphers
* bump shared library major to 4
* refactoring, bug fixes and documentation updates

Update to 22.07.2:

* Changed from yasm to nasm for assembly compilation
* Added configuration option to use C implementation of soft CRC
implementation instead of asm
* Added support for pkg-config
* Added missing lock around accesses to some global data in qatmgr
* Fix for QATE-86605 – improve error checking on size param used by qatmgr
debug function.
* Fix for issue #10
* Fixed link to Programmer's Guide
* Added support for Compression LZ4 and LZ4s algorithms
* Added support for Compression end-to-end integrity checks
* Added support for PKE Generic Point Multiply APIs
* Added support for CPM2.0b
* Updated library to support new version of QAT APIs
* Updated qat service to allow compression only and crypto only configurations
* Created qatlib-tests rpm package
* Added option to configure script to skip building sample code

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3942=1

* SUSE Manager Proxy 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-3942=1

* SUSE Manager Retail Branch Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-LTS-2025-3942=1

* SUSE Manager Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3942=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3942=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3942=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3942=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3942=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* libqat4-24.09.0-150400.3.6.1
* qatzip-debugsource-1.1.0-150400.3.3.1
* libqatzip3-1.1.0-150400.3.3.1
* qatlib-debugsource-24.09.0-150400.3.6.1
* libqat4-debuginfo-24.09.0-150400.3.6.1
* qatzip-1.1.0-150400.3.3.1
* qatengine-debugsource-1.7.0-150400.3.6.1
* qatlib-24.09.0-150400.3.6.1
* libqatzip3-debuginfo-1.1.0-150400.3.3.1
* libusdm0-debuginfo-24.09.0-150400.3.6.1
* qatlib-debuginfo-24.09.0-150400.3.6.1
* qatzip-devel-1.1.0-150400.3.3.1
* qatengine-debuginfo-1.7.0-150400.3.6.1
* qatengine-1.7.0-150400.3.6.1
* qatlib-devel-24.09.0-150400.3.6.1
* libusdm0-24.09.0-150400.3.6.1
* qatzip-debuginfo-1.1.0-150400.3.3.1
* SUSE Manager Proxy 4.3 LTS (x86_64)
* libqat4-24.09.0-150400.3.6.1
* qatzip-debugsource-1.1.0-150400.3.3.1
* libqatzip3-1.1.0-150400.3.3.1
* qatlib-debugsource-24.09.0-150400.3.6.1
* libqat4-debuginfo-24.09.0-150400.3.6.1
* qatzip-1.1.0-150400.3.3.1
* qatengine-debugsource-1.7.0-150400.3.6.1
* qatlib-24.09.0-150400.3.6.1
* libqatzip3-debuginfo-1.1.0-150400.3.3.1
* libusdm0-debuginfo-24.09.0-150400.3.6.1
* qatlib-debuginfo-24.09.0-150400.3.6.1
* qatzip-devel-1.1.0-150400.3.3.1
* qatengine-debuginfo-1.7.0-150400.3.6.1
* qatengine-1.7.0-150400.3.6.1
* qatlib-devel-24.09.0-150400.3.6.1
* libusdm0-24.09.0-150400.3.6.1
* qatzip-debuginfo-1.1.0-150400.3.3.1
* SUSE Manager Retail Branch Server 4.3 LTS (x86_64)
* libqat4-24.09.0-150400.3.6.1
* qatzip-debugsource-1.1.0-150400.3.3.1
* libqatzip3-1.1.0-150400.3.3.1
* qatlib-debugsource-24.09.0-150400.3.6.1
* libqat4-debuginfo-24.09.0-150400.3.6.1
* qatzip-1.1.0-150400.3.3.1
* qatengine-debugsource-1.7.0-150400.3.6.1
* qatlib-24.09.0-150400.3.6.1
* libqatzip3-debuginfo-1.1.0-150400.3.3.1
* libusdm0-debuginfo-24.09.0-150400.3.6.1
* qatlib-debuginfo-24.09.0-150400.3.6.1
* qatzip-devel-1.1.0-150400.3.3.1
* qatengine-debuginfo-1.7.0-150400.3.6.1
* qatengine-1.7.0-150400.3.6.1
* qatlib-devel-24.09.0-150400.3.6.1
* libusdm0-24.09.0-150400.3.6.1
* qatzip-debuginfo-1.1.0-150400.3.3.1
* SUSE Manager Server 4.3 LTS (x86_64)
* libqat4-24.09.0-150400.3.6.1
* qatzip-debugsource-1.1.0-150400.3.3.1
* libqatzip3-1.1.0-150400.3.3.1
* qatlib-debugsource-24.09.0-150400.3.6.1
* libqat4-debuginfo-24.09.0-150400.3.6.1
* qatzip-1.1.0-150400.3.3.1
* qatengine-debugsource-1.7.0-150400.3.6.1
* qatlib-24.09.0-150400.3.6.1
* libqatzip3-debuginfo-1.1.0-150400.3.3.1
* libusdm0-debuginfo-24.09.0-150400.3.6.1
* qatlib-debuginfo-24.09.0-150400.3.6.1
* qatzip-devel-1.1.0-150400.3.3.1
* qatengine-debuginfo-1.7.0-150400.3.6.1
* qatengine-1.7.0-150400.3.6.1
* qatlib-devel-24.09.0-150400.3.6.1
* libusdm0-24.09.0-150400.3.6.1
* qatzip-debuginfo-1.1.0-150400.3.3.1
* openSUSE Leap 15.4 (x86_64)
* libqat4-24.09.0-150400.3.6.1
* qatzip-debugsource-1.1.0-150400.3.3.1
* libqatzip3-1.1.0-150400.3.3.1
* qatlib-debugsource-24.09.0-150400.3.6.1
* libqat4-debuginfo-24.09.0-150400.3.6.1
* qatzip-1.1.0-150400.3.3.1
* qatengine-debugsource-1.7.0-150400.3.6.1
* qatlib-24.09.0-150400.3.6.1
* libusdm0-debuginfo-24.09.0-150400.3.6.1
* qatlib-debuginfo-24.09.0-150400.3.6.1
* libqatzip3-debuginfo-1.1.0-150400.3.3.1
* qatzip-devel-1.1.0-150400.3.3.1
* qatengine-debuginfo-1.7.0-150400.3.6.1
* qatengine-1.7.0-150400.3.6.1
* qatlib-devel-24.09.0-150400.3.6.1
* libusdm0-24.09.0-150400.3.6.1
* qatzip-debuginfo-1.1.0-150400.3.3.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* libqat4-24.09.0-150400.3.6.1
* qatzip-debugsource-1.1.0-150400.3.3.1
* libqatzip3-1.1.0-150400.3.3.1
* qatlib-debugsource-24.09.0-150400.3.6.1
* libqat4-debuginfo-24.09.0-150400.3.6.1
* qatzip-1.1.0-150400.3.3.1
* qatengine-debugsource-1.7.0-150400.3.6.1
* qatlib-24.09.0-150400.3.6.1
* libqatzip3-debuginfo-1.1.0-150400.3.3.1
* libusdm0-debuginfo-24.09.0-150400.3.6.1
* qatlib-debuginfo-24.09.0-150400.3.6.1
* qatzip-devel-1.1.0-150400.3.3.1
* qatengine-debuginfo-1.7.0-150400.3.6.1
* qatengine-1.7.0-150400.3.6.1
* qatlib-devel-24.09.0-150400.3.6.1
* libusdm0-24.09.0-150400.3.6.1
* qatzip-debuginfo-1.1.0-150400.3.3.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* libqat4-24.09.0-150400.3.6.1
* qatzip-debugsource-1.1.0-150400.3.3.1
* libqatzip3-1.1.0-150400.3.3.1
* qatlib-debugsource-24.09.0-150400.3.6.1
* libqat4-debuginfo-24.09.0-150400.3.6.1
* qatzip-1.1.0-150400.3.3.1
* qatengine-debugsource-1.7.0-150400.3.6.1
* qatlib-24.09.0-150400.3.6.1
* libqatzip3-debuginfo-1.1.0-150400.3.3.1
* libusdm0-debuginfo-24.09.0-150400.3.6.1
* qatlib-debuginfo-24.09.0-150400.3.6.1
* qatzip-devel-1.1.0-150400.3.3.1
* qatengine-debuginfo-1.7.0-150400.3.6.1
* qatengine-1.7.0-150400.3.6.1
* qatlib-devel-24.09.0-150400.3.6.1
* libusdm0-24.09.0-150400.3.6.1
* qatzip-debuginfo-1.1.0-150400.3.3.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
* libqat4-24.09.0-150400.3.6.1
* qatzip-debugsource-1.1.0-150400.3.3.1
* libqatzip3-1.1.0-150400.3.3.1
* qatlib-debugsource-24.09.0-150400.3.6.1
* libqat4-debuginfo-24.09.0-150400.3.6.1
* qatzip-1.1.0-150400.3.3.1
* qatengine-debugsource-1.7.0-150400.3.6.1
* qatlib-24.09.0-150400.3.6.1
* libqatzip3-debuginfo-1.1.0-150400.3.3.1
* libusdm0-debuginfo-24.09.0-150400.3.6.1
* qatlib-debuginfo-24.09.0-150400.3.6.1
* qatzip-devel-1.1.0-150400.3.3.1
* qatengine-debuginfo-1.7.0-150400.3.6.1
* qatengine-1.7.0-150400.3.6.1
* qatlib-devel-24.09.0-150400.3.6.1
* libusdm0-24.09.0-150400.3.6.1
* qatzip-debuginfo-1.1.0-150400.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2024-28885.html
* https://www.suse.com/security/cve/CVE-2024-31074.html
* https://www.suse.com/security/cve/CVE-2024-33617.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233363
* https://bugzilla.suse.com/show_bug.cgi?id=1233365
* https://bugzilla.suse.com/show_bug.cgi?id=1233366

SUSE-SU-2025:3943-1: moderate: Security update for qatengine, qatlib

# Security update for qatengine, qatlib

Announcement ID: SUSE-SU-2025:3943-1
Release Date: 2025-11-05T08:16:21Z
Rating: moderate
References:

* bsc#1233363
* bsc#1233365
* bsc#1233366

Cross-References:

* CVE-2024-28885
* CVE-2024-31074
* CVE-2024-33617

CVSS scores:

* CVE-2024-28885 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-28885 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-28885 ( NVD ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-28885 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-31074 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-31074 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-31074 ( NVD ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-31074 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-33617 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-33617 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-33617 ( NVD ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-33617 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves three vulnerabilities can now be installed.

## Description:

This update for qatengine, qatlib fixes the following issues:

Note that the 1.6.1 release included in 1.7.0 fixes the following
vulnerabilities:

* bsc#1233363 (CVE-2024-28885)
* bsc#1233365 (CVE-2024-31074)
* bsc#1233366 (CVE-2024-33617)

Update to 1.7.0:

* ipp-crypto name change to cryptography-primitives
* QAT_SW GCM memory leak fix in cleanup function
* Update limitation section in README for v1.7.0 release
* Fix build with OPENSSL_NO_ENGINE
* Fix for build issues with qatprovider in qatlib
* Bug fixes and README updates to v1.7.0
* Remove qat_contig_mem driver support
* Add support for building QAT Engine ENGINE and PROVIDER modules with QuicTLS
3.x libraries
* Fix for DSA issue with openssl3.2
* Fix missing lower bounds check on index i
* Enabled SW Fallback support for FBSD
* Fix for segfault issue when SHIM config section is unavailable
* Fix for Coverity & Resource leak
* Fix for RSA failure with SVM enabled in openssl-3.2
* SM3 Memory Leak Issue Fix
* Fix qatprovider lib name issue with system openssl

Update to 1.6.0:

* Fix issue with make depend for QAT_SW
* QAT_HW GCM Memleak fix & bug fixes
* QAT2.0 FreeBSD14 intree driver support
* Fix OpenSSL 3.2 compatibility issues
* Optimize hex dump logging
* Clear job tlv on error
* QAT_HW RSA Encrypt and Decrypt provider support
* QAT_HW AES-CCM Provider support
* Add ECDH keymgmt support for provider
* Fix QAT_HW SM2 memory leak
* Enable qaeMemFreeNonZeroNUMA() for qatlib
* Fix polling issue for the process that doesn't have QAT_HW instance
* Fix SHA3 qctx initialization issue & potential memleak
* Fix compilation error in SM2 with qat_contig_mem
* Update year in copyright information to 2024

Update to 1.5.0:

* use new --enable-qat_insecure_algorithms to avoid regressions
* improve support for SM{2,3,4} ciphers
* improve SW fallback support
* many bug fixes, refactorisations and documentation updates

qatlib was updated to 24.09.0:

* Improved performance scaling in multi-thread applications
* Set core affinity mapping based on NUMA (libnuma now required for building)
* bug fixes, see https://github.com/intel/qatlib#resolved-issues

version update to 24.02.0:

* Support DC NS (NoSession) APIs
* Support Symmetric Crypto SM3 & SM4
* Support Asymmetric Crypto SM2
* Support DC CompressBound APIs
* Bug Fixes. See Resolved section in README.md

update to 23.11.0:

* use new --enable-legacy-algorithms to avoid regressions
* add support for data compression chaining (hash then compress)
* add support for additional configuration profiles
* add support DC NS (NoSession) APIs
* add support DC CompressBound APIs
* add Support for Chinese SM{2,3,4} ciphers
* bump shared library major to 4
* refactoring, bug fixes and documentation updates

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3943=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3943=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3943=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3943=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3943=1

## Package List:

* openSUSE Leap 15.5 (x86_64)
* libqatzip3-debuginfo-1.1.0-150500.3.2.1
* qatzip-devel-1.1.0-150500.3.2.1
* qatengine-debugsource-1.7.0-150500.3.3.1
* libqatzip3-1.1.0-150500.3.2.1
* libqat4-24.09.0-150500.3.3.1
* qatlib-debuginfo-24.09.0-150500.3.3.1
* qatzip-debuginfo-1.1.0-150500.3.2.1
* qatengine-1.7.0-150500.3.3.1
* qatlib-debugsource-24.09.0-150500.3.3.1
* qatlib-24.09.0-150500.3.3.1
* libusdm0-24.09.0-150500.3.3.1
* qatzip-1.1.0-150500.3.2.1
* libqat4-debuginfo-24.09.0-150500.3.3.1
* qatzip-debugsource-1.1.0-150500.3.2.1
* libusdm0-debuginfo-24.09.0-150500.3.3.1
* qatengine-debuginfo-1.7.0-150500.3.3.1
* qatlib-devel-24.09.0-150500.3.3.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
* libusdm0-debuginfo-24.09.0-150500.3.3.1
* qatzip-devel-1.1.0-150500.3.2.1
* qatengine-debugsource-1.7.0-150500.3.3.1
* libqatzip3-1.1.0-150500.3.2.1
* libqat4-24.09.0-150500.3.3.1
* qatlib-debuginfo-24.09.0-150500.3.3.1
* qatzip-debuginfo-1.1.0-150500.3.2.1
* qatengine-1.7.0-150500.3.3.1
* qatlib-debugsource-24.09.0-150500.3.3.1
* qatlib-24.09.0-150500.3.3.1
* libusdm0-24.09.0-150500.3.3.1
* qatzip-1.1.0-150500.3.2.1
* libqat4-debuginfo-24.09.0-150500.3.3.1
* qatzip-debugsource-1.1.0-150500.3.2.1
* libqatzip3-debuginfo-1.1.0-150500.3.2.1
* qatengine-debuginfo-1.7.0-150500.3.3.1
* qatlib-devel-24.09.0-150500.3.3.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
* libusdm0-debuginfo-24.09.0-150500.3.3.1
* qatzip-devel-1.1.0-150500.3.2.1
* qatengine-debugsource-1.7.0-150500.3.3.1
* libqatzip3-1.1.0-150500.3.2.1
* libqat4-24.09.0-150500.3.3.1
* qatlib-debuginfo-24.09.0-150500.3.3.1
* qatzip-debuginfo-1.1.0-150500.3.2.1
* qatengine-1.7.0-150500.3.3.1
* qatlib-debugsource-24.09.0-150500.3.3.1
* qatlib-24.09.0-150500.3.3.1
* libusdm0-24.09.0-150500.3.3.1
* qatzip-1.1.0-150500.3.2.1
* libqat4-debuginfo-24.09.0-150500.3.3.1
* qatzip-debugsource-1.1.0-150500.3.2.1
* libqatzip3-debuginfo-1.1.0-150500.3.2.1
* qatengine-debuginfo-1.7.0-150500.3.3.1
* qatlib-devel-24.09.0-150500.3.3.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
* libusdm0-debuginfo-24.09.0-150500.3.3.1
* qatzip-devel-1.1.0-150500.3.2.1
* qatengine-debugsource-1.7.0-150500.3.3.1
* libqatzip3-1.1.0-150500.3.2.1
* libqat4-24.09.0-150500.3.3.1
* qatlib-debuginfo-24.09.0-150500.3.3.1
* qatzip-debuginfo-1.1.0-150500.3.2.1
* qatengine-1.7.0-150500.3.3.1
* qatlib-debugsource-24.09.0-150500.3.3.1
* qatlib-24.09.0-150500.3.3.1
* libusdm0-24.09.0-150500.3.3.1
* qatzip-1.1.0-150500.3.2.1
* libqat4-debuginfo-24.09.0-150500.3.3.1
* qatzip-debugsource-1.1.0-150500.3.2.1
* libqatzip3-debuginfo-1.1.0-150500.3.2.1
* qatengine-debuginfo-1.7.0-150500.3.3.1
* qatlib-devel-24.09.0-150500.3.3.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* libusdm0-debuginfo-24.09.0-150500.3.3.1
* qatzip-devel-1.1.0-150500.3.2.1
* qatengine-debugsource-1.7.0-150500.3.3.1
* libqatzip3-1.1.0-150500.3.2.1
* libqat4-24.09.0-150500.3.3.1
* qatlib-debuginfo-24.09.0-150500.3.3.1
* qatzip-debuginfo-1.1.0-150500.3.2.1
* qatengine-1.7.0-150500.3.3.1
* qatlib-debugsource-24.09.0-150500.3.3.1
* qatlib-24.09.0-150500.3.3.1
* libusdm0-24.09.0-150500.3.3.1
* qatzip-1.1.0-150500.3.2.1
* libqat4-debuginfo-24.09.0-150500.3.3.1
* qatzip-debugsource-1.1.0-150500.3.2.1
* libqatzip3-debuginfo-1.1.0-150500.3.2.1
* qatengine-debuginfo-1.7.0-150500.3.3.1
* qatlib-devel-24.09.0-150500.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2024-28885.html
* https://www.suse.com/security/cve/CVE-2024-31074.html
* https://www.suse.com/security/cve/CVE-2024-33617.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233363
* https://bugzilla.suse.com/show_bug.cgi?id=1233365
* https://bugzilla.suse.com/show_bug.cgi?id=1233366

SUSE-SU-2025:3946-1: moderate: Security update for openjpeg

# Security update for openjpeg

Announcement ID: SUSE-SU-2025:3946-1
Release Date: 2025-11-05T08:17:30Z
Rating: moderate
References:

* bsc#1227410
* bsc#1250467

Cross-References:

* CVE-2023-39327

CVSS scores:

* CVE-2023-39327 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2023-39327 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected Products:

* Desktop Applications Module 15-SP6
* Desktop Applications Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for openjpeg fixes the following issues:

* CVE-2023-39327: Fixed that malicious files can cause a large loop that
continuously prints warning messages on the terminal (bsc#1227410).

Other bug fixes:

* Ensure no bundled libraries are used (bsc#1250467).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-3946=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3946=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-3946=1

## Package List:

* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* openjpeg-debugsource-1.5.2-150000.4.15.1
* openjpeg-debuginfo-1.5.2-150000.4.15.1
* libopenjpeg1-1.5.2-150000.4.15.1
* openjpeg-devel-1.5.2-150000.4.15.1
* libopenjpeg1-debuginfo-1.5.2-150000.4.15.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* openjpeg-debugsource-1.5.2-150000.4.15.1
* openjpeg-debuginfo-1.5.2-150000.4.15.1
* libopenjpeg1-1.5.2-150000.4.15.1
* openjpeg-1.5.2-150000.4.15.1
* openjpeg-devel-1.5.2-150000.4.15.1
* libopenjpeg1-debuginfo-1.5.2-150000.4.15.1
* openSUSE Leap 15.6 (x86_64)
* openjpeg-devel-32bit-1.5.2-150000.4.15.1
* libopenjpeg1-32bit-1.5.2-150000.4.15.1
* libopenjpeg1-32bit-debuginfo-1.5.2-150000.4.15.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* openjpeg-debugsource-1.5.2-150000.4.15.1
* openjpeg-debuginfo-1.5.2-150000.4.15.1
* libopenjpeg1-1.5.2-150000.4.15.1
* openjpeg-devel-1.5.2-150000.4.15.1
* libopenjpeg1-debuginfo-1.5.2-150000.4.15.1

## References:

* https://www.suse.com/security/cve/CVE-2023-39327.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227410
* https://bugzilla.suse.com/show_bug.cgi?id=1250467

SUSE-SU-2025:3944-1: moderate: Security update for sccache

# Security update for sccache

Announcement ID: SUSE-SU-2025:3944-1
Release Date: 2025-11-05T08:16:38Z
Rating: moderate
References:

* bsc#1248003

Cross-References:

* CVE-2025-55159

CVSS scores:

* CVE-2025-55159 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55159 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2025-55159 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* Development Tools Module 15-SP6
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for sccache fixes the following issues:

* CVE-2025-55159 - updated slab with the uninit memory access fix
(bsc#1248003)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3944=1 openSUSE-SLE-15.6-2025-3944=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-3944=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-3944=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* sccache-debuginfo-0.4.2~4-150600.10.6.1
* sccache-0.4.2~4-150600.10.6.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* sccache-debuginfo-0.4.2~4-150600.10.6.1
* sccache-0.4.2~4-150600.10.6.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* sccache-debuginfo-0.4.2~4-150600.10.6.1
* sccache-0.4.2~4-150600.10.6.1

## References:

* https://www.suse.com/security/cve/CVE-2025-55159.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248003

SUSE-SU-2025:3949-1: moderate: Security update for colord

# Security update for colord

Announcement ID: SUSE-SU-2025:3949-1
Release Date: 2025-11-05T10:05:06Z
Rating: moderate
References:

* bsc#1250750

Cross-References:

* CVE-2021-42523

CVSS scores:

* CVE-2021-42523 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-42523 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* Desktop Applications Module 15-SP6
* Desktop Applications Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Linux Enterprise Workstation Extension 15 SP6
* SUSE Linux Enterprise Workstation Extension 15 SP7
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for colord fixes the following issues:

* CVE-2021-42523: The original fix was wrong and did not properly free the
error, resulting in a crash that has now been addressed (bsc#1250750).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3949=1 openSUSE-SLE-15.6-2025-3949=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3949=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3949=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-3949=1

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-3949=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3949=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3949=1

* SUSE Linux Enterprise Workstation Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-3949=1

* SUSE Linux Enterprise Workstation Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2025-3949=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* colord-debuginfo-1.4.6-150600.3.8.1
* libcolord2-1.4.6-150600.3.8.1
* libcolorhug2-1.4.6-150600.3.8.1
* colord-1.4.6-150600.3.8.1
* typelib-1_0-Colord-1_0-1.4.6-150600.3.8.1
* colord-debugsource-1.4.6-150600.3.8.1
* libcolord-devel-1.4.6-150600.3.8.1
* libcolord2-debuginfo-1.4.6-150600.3.8.1
* colord-color-profiles-1.4.6-150600.3.8.1
* typelib-1_0-Colorhug-1_0-1.4.6-150600.3.8.1
* libcolorhug2-debuginfo-1.4.6-150600.3.8.1
* openSUSE Leap 15.6 (noarch)
* colord-lang-1.4.6-150600.3.8.1
* openSUSE Leap 15.6 (x86_64)
* libcolord2-32bit-1.4.6-150600.3.8.1
* libcolord2-32bit-debuginfo-1.4.6-150600.3.8.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libcolord2-64bit-debuginfo-1.4.6-150600.3.8.1
* libcolord2-64bit-1.4.6-150600.3.8.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* colord-debuginfo-1.4.6-150600.3.8.1
* colord-debugsource-1.4.6-150600.3.8.1
* libcolord2-1.4.6-150600.3.8.1
* libcolord2-debuginfo-1.4.6-150600.3.8.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* colord-debuginfo-1.4.6-150600.3.8.1
* colord-debugsource-1.4.6-150600.3.8.1
* libcolord2-1.4.6-150600.3.8.1
* libcolord2-debuginfo-1.4.6-150600.3.8.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* colord-debuginfo-1.4.6-150600.3.8.1
* libcolorhug2-1.4.6-150600.3.8.1
* typelib-1_0-Colord-1_0-1.4.6-150600.3.8.1
* colord-debugsource-1.4.6-150600.3.8.1
* libcolord-devel-1.4.6-150600.3.8.1
* colord-color-profiles-1.4.6-150600.3.8.1
* typelib-1_0-Colorhug-1_0-1.4.6-150600.3.8.1
* libcolorhug2-debuginfo-1.4.6-150600.3.8.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* colord-debuginfo-1.4.6-150600.3.8.1
* libcolorhug2-1.4.6-150600.3.8.1
* typelib-1_0-Colord-1_0-1.4.6-150600.3.8.1
* colord-debugsource-1.4.6-150600.3.8.1
* libcolord-devel-1.4.6-150600.3.8.1
* colord-color-profiles-1.4.6-150600.3.8.1
* typelib-1_0-Colorhug-1_0-1.4.6-150600.3.8.1
* libcolorhug2-debuginfo-1.4.6-150600.3.8.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x)
* colord-debuginfo-1.4.6-150600.3.8.1
* libcolord2-1.4.6-150600.3.8.1
* libcolorhug2-1.4.6-150600.3.8.1
* colord-1.4.6-150600.3.8.1
* typelib-1_0-Colord-1_0-1.4.6-150600.3.8.1
* colord-debugsource-1.4.6-150600.3.8.1
* libcolord-devel-1.4.6-150600.3.8.1
* libcolord2-debuginfo-1.4.6-150600.3.8.1
* colord-color-profiles-1.4.6-150600.3.8.1
* typelib-1_0-Colorhug-1_0-1.4.6-150600.3.8.1
* libcolorhug2-debuginfo-1.4.6-150600.3.8.1
* SUSE Package Hub 15 15-SP6 (noarch)
* colord-lang-1.4.6-150600.3.8.1
* SUSE Package Hub 15 15-SP6 (aarch64_ilp32)
* libcolord2-64bit-debuginfo-1.4.6-150600.3.8.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x)
* colord-debuginfo-1.4.6-150600.3.8.1
* colord-debugsource-1.4.6-150600.3.8.1
* colord-1.4.6-150600.3.8.1
* SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
* colord-debuginfo-1.4.6-150600.3.8.1
* colord-debugsource-1.4.6-150600.3.8.1
* colord-1.4.6-150600.3.8.1
* SUSE Linux Enterprise Workstation Extension 15 SP6 (noarch)
* colord-lang-1.4.6-150600.3.8.1
* SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64)
* colord-debuginfo-1.4.6-150600.3.8.1
* colord-debugsource-1.4.6-150600.3.8.1
* colord-1.4.6-150600.3.8.1
* SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch)
* colord-lang-1.4.6-150600.3.8.1

## References:

* https://www.suse.com/security/cve/CVE-2021-42523.html
* https://bugzilla.suse.com/show_bug.cgi?id=1250750

SUSE-SU-2025:3950-1: important: Security update for runc

# Security update for runc

Announcement ID: SUSE-SU-2025:3950-1
Release Date: 2025-11-05T10:23:26Z
Rating: important
References:

* bsc#1252232

Cross-References:

* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881

CVSS scores:

* CVE-2025-31133 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-31133 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52565 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-52565 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52881 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-52881 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP7
* Containers Module 15-SP6
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves three vulnerabilities can now be installed.

## Description:

This update for runc fixes the following issues:

* CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount
race conditions (bsc#1252232).
* CVE-2025-52565: Fixed container escape with malicious config due to
/dev/console mount and related races (bsc#1252232).
* CVE-2025-52881: Fixed container escape and denial of service due to
arbitrary write gadgets and procfs write redirects (bsc#1252232).

Update to runc v1.2.7.

* Upstream changelog is available from
( https://github.com/opencontainers/runc/releases/tag/v1.2.7)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3950=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3950=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3950=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-3950=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-3950=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-3950=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3950=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-3950=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-3950=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-3950=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-3950=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-3950=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3950=1

* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-3950=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3950=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3950=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3950=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3950=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3950=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3950=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3950=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3950=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* runc-debuginfo-1.2.7-150000.80.1
* runc-1.2.7-150000.80.1

## References:

* https://www.suse.com/security/cve/CVE-2025-31133.html
* https://www.suse.com/security/cve/CVE-2025-52565.html
* https://www.suse.com/security/cve/CVE-2025-52881.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252232

SUSE-SU-2025:3947-1: moderate: Security update for jasper

# Security update for jasper

Announcement ID: SUSE-SU-2025:3947-1
Release Date: 2025-11-05T08:18:00Z
Rating: moderate
References:

* bsc#1218802
* bsc#1247901
* bsc#1247902
* bsc#1247904

Cross-References:

* CVE-2023-51257
* CVE-2025-8835
* CVE-2025-8836
* CVE-2025-8837

CVSS scores:

* CVE-2023-51257 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
* CVE-2023-51257 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51257 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-8835 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-8835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-8835 ( NVD ): 1.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-8835 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-8835 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-8836 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-8836 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-8836 ( NVD ): 1.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-8836 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-8837 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-8837 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2025-8837 ( NVD ): 1.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-8837 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-8837 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Desktop Applications Module 15-SP6
* Desktop Applications Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves four vulnerabilities can now be installed.

## Description:

This update for jasper fixes the following issues:

* Update to 4.2.8:

* CVE-2025-8837: Fixed a bug in the JPC decoder that could cause bad memory
accesses if the debug level is set sufficiently high (bsc#1247901).

* CVE-2025-8836: Added some missing range checking on several coding
parameters in the JPC encoder (bsc#1247902).
* CVE-2025-8835: Added a check for a missing color component in the
jas_image_chclrspc function (bsc#1247904).
* CVE-2023-51257: Fixed invalid memory write bug (bsc#1218802).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3947=1 openSUSE-SLE-15.6-2025-3947=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-3947=1

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-3947=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* jasper-4.2.8-150600.4.5.1
* jasper-debugsource-4.2.8-150600.4.5.1
* libjasper7-debuginfo-4.2.8-150600.4.5.1
* libjasper-devel-4.2.8-150600.4.5.1
* libjasper7-4.2.8-150600.4.5.1
* jasper-debuginfo-4.2.8-150600.4.5.1
* openSUSE Leap 15.6 (x86_64)
* libjasper7-32bit-4.2.8-150600.4.5.1
* libjasper7-32bit-debuginfo-4.2.8-150600.4.5.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libjasper7-64bit-debuginfo-4.2.8-150600.4.5.1
* libjasper7-64bit-4.2.8-150600.4.5.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* jasper-debugsource-4.2.8-150600.4.5.1
* libjasper7-debuginfo-4.2.8-150600.4.5.1
* libjasper-devel-4.2.8-150600.4.5.1
* libjasper7-4.2.8-150600.4.5.1
* jasper-debuginfo-4.2.8-150600.4.5.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* jasper-debugsource-4.2.8-150600.4.5.1
* libjasper7-debuginfo-4.2.8-150600.4.5.1
* libjasper-devel-4.2.8-150600.4.5.1
* libjasper7-4.2.8-150600.4.5.1
* jasper-debuginfo-4.2.8-150600.4.5.1

## References:

* https://www.suse.com/security/cve/CVE-2023-51257.html
* https://www.suse.com/security/cve/CVE-2025-8835.html
* https://www.suse.com/security/cve/CVE-2025-8836.html
* https://www.suse.com/security/cve/CVE-2025-8837.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218802
* https://bugzilla.suse.com/show_bug.cgi?id=1247901
* https://bugzilla.suse.com/show_bug.cgi?id=1247902
* https://bugzilla.suse.com/show_bug.cgi?id=1247904

openSUSE-SU-2025:15703-1: moderate: kubecolor-0.5.3-1.1 on GA media

# kubecolor-0.5.3-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15703-1
Rating: moderate

Cross-References:

* CVE-2025-47912
* CVE-2025-58185

CVSS scores:

* CVE-2025-47912 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-47912 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-58185 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58185 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the kubecolor-0.5.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* kubecolor 0.5.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-47912.html
* https://www.suse.com/security/cve/CVE-2025-58185.html

openSUSE-SU-2025:15702-1: moderate: kernel-devel-6.17.7-1.1 on GA media

# kernel-devel-6.17.7-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15702-1
Rating: moderate

Cross-References:

* CVE-2025-40018
* CVE-2025-40019
* CVE-2025-40025
* CVE-2025-40026
* CVE-2025-40027
* CVE-2025-40028
* CVE-2025-40029
* CVE-2025-40030
* CVE-2025-40031
* CVE-2025-40032
* CVE-2025-40033
* CVE-2025-40034
* CVE-2025-40035
* CVE-2025-40036
* CVE-2025-40037
* CVE-2025-40038
* CVE-2025-40039
* CVE-2025-40040
* CVE-2025-40041
* CVE-2025-40042
* CVE-2025-40043
* CVE-2025-40044
* CVE-2025-40045
* CVE-2025-40046
* CVE-2025-40047
* CVE-2025-40048
* CVE-2025-40049
* CVE-2025-40050
* CVE-2025-40051
* CVE-2025-40052
* CVE-2025-40053
* CVE-2025-40054
* CVE-2025-40055
* CVE-2025-40056
* CVE-2025-40057
* CVE-2025-40058
* CVE-2025-40059
* CVE-2025-40060
* CVE-2025-40061
* CVE-2025-40062
* CVE-2025-40063
* CVE-2025-40064
* CVE-2025-40065
* CVE-2025-40066
* CVE-2025-40067
* CVE-2025-40068
* CVE-2025-40069
* CVE-2025-40070
* CVE-2025-40071
* CVE-2025-40072
* CVE-2025-40073
* CVE-2025-40074
* CVE-2025-40075
* CVE-2025-40076
* CVE-2025-40077
* CVE-2025-40078
* CVE-2025-40079
* CVE-2025-40080
* CVE-2025-40081
* CVE-2025-40082
* CVE-2025-40084
* CVE-2025-40085
* CVE-2025-40086
* CVE-2025-40087
* CVE-2025-40088
* CVE-2025-40089
* CVE-2025-40090
* CVE-2025-40091
* CVE-2025-40092
* CVE-2025-40093
* CVE-2025-40094
* CVE-2025-40095
* CVE-2025-40096
* CVE-2025-40097
* CVE-2025-40098
* CVE-2025-40099
* CVE-2025-40100
* CVE-2025-40101
* CVE-2025-40102
* CVE-2025-40103
* CVE-2025-40104
* CVE-2025-40105
* CVE-2025-40106

CVSS scores:

* CVE-2025-40018 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40019 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40019 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40025 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40025 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40026 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2025-40026 ( SUSE ): 2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-40027 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40027 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40028 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40028 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40029 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40029 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40030 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40030 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40031 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40031 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40032 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40032 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40033 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40033 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40034 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40035 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40036 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40037 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40037 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40038 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40038 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40039 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40039 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40040 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40040 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40041 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40042 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40043 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-40043 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40044 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-40044 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40045 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40045 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40046 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40046 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40047 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40047 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40048 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40049 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-40049 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40050 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40051 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40052 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40053 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40053 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40054 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40055 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40055 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40056 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40056 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40057 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-40058 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40059 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40059 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40060 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40061 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40062 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40063 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40064 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40065 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40066 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40067 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40068 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40069 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40070 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40071 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40072 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40073 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40074 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40075 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40076 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40077 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40078 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40079 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40080 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40081 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40084 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-40084 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40085 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40085 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40086 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40086 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40087 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40088 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-40088 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40089 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40089 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40090 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40091 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-40091 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40092 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40092 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40093 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40094 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40094 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40095 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40095 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40096 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-40096 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40097 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40097 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40098 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40098 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40099 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-40099 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40100 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40100 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40101 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-40101 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-40102 ( SUSE ): 0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N
* CVE-2025-40102 ( SUSE ): 0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-40103 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-40103 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-40104 ( SUSE ): 0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N
* CVE-2025-40104 ( SUSE ): 0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-40105 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-40105 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-40106 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 83 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the kernel-devel-6.17.7-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* kernel-devel 6.17.7-1.1
* kernel-macros 6.17.7-1.1
* kernel-source 6.17.7-1.1
* kernel-source-vanilla 6.17.7-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-40018.html
* https://www.suse.com/security/cve/CVE-2025-40019.html
* https://www.suse.com/security/cve/CVE-2025-40025.html
* https://www.suse.com/security/cve/CVE-2025-40026.html
* https://www.suse.com/security/cve/CVE-2025-40027.html
* https://www.suse.com/security/cve/CVE-2025-40028.html
* https://www.suse.com/security/cve/CVE-2025-40029.html
* https://www.suse.com/security/cve/CVE-2025-40030.html
* https://www.suse.com/security/cve/CVE-2025-40031.html
* https://www.suse.com/security/cve/CVE-2025-40032.html
* https://www.suse.com/security/cve/CVE-2025-40033.html
* https://www.suse.com/security/cve/CVE-2025-40034.html
* https://www.suse.com/security/cve/CVE-2025-40035.html
* https://www.suse.com/security/cve/CVE-2025-40036.html
* https://www.suse.com/security/cve/CVE-2025-40037.html
* https://www.suse.com/security/cve/CVE-2025-40038.html
* https://www.suse.com/security/cve/CVE-2025-40039.html
* https://www.suse.com/security/cve/CVE-2025-40040.html
* https://www.suse.com/security/cve/CVE-2025-40041.html
* https://www.suse.com/security/cve/CVE-2025-40042.html
* https://www.suse.com/security/cve/CVE-2025-40043.html
* https://www.suse.com/security/cve/CVE-2025-40044.html
* https://www.suse.com/security/cve/CVE-2025-40045.html
* https://www.suse.com/security/cve/CVE-2025-40046.html
* https://www.suse.com/security/cve/CVE-2025-40047.html
* https://www.suse.com/security/cve/CVE-2025-40048.html
* https://www.suse.com/security/cve/CVE-2025-40049.html
* https://www.suse.com/security/cve/CVE-2025-40050.html
* https://www.suse.com/security/cve/CVE-2025-40051.html
* https://www.suse.com/security/cve/CVE-2025-40052.html
* https://www.suse.com/security/cve/CVE-2025-40053.html
* https://www.suse.com/security/cve/CVE-2025-40054.html
* https://www.suse.com/security/cve/CVE-2025-40055.html
* https://www.suse.com/security/cve/CVE-2025-40056.html
* https://www.suse.com/security/cve/CVE-2025-40057.html
* https://www.suse.com/security/cve/CVE-2025-40058.html
* https://www.suse.com/security/cve/CVE-2025-40059.html
* https://www.suse.com/security/cve/CVE-2025-40060.html
* https://www.suse.com/security/cve/CVE-2025-40061.html
* https://www.suse.com/security/cve/CVE-2025-40062.html
* https://www.suse.com/security/cve/CVE-2025-40063.html
* https://www.suse.com/security/cve/CVE-2025-40064.html
* https://www.suse.com/security/cve/CVE-2025-40065.html
* https://www.suse.com/security/cve/CVE-2025-40066.html
* https://www.suse.com/security/cve/CVE-2025-40067.html
* https://www.suse.com/security/cve/CVE-2025-40068.html
* https://www.suse.com/security/cve/CVE-2025-40069.html
* https://www.suse.com/security/cve/CVE-2025-40070.html
* https://www.suse.com/security/cve/CVE-2025-40071.html
* https://www.suse.com/security/cve/CVE-2025-40072.html
* https://www.suse.com/security/cve/CVE-2025-40073.html
* https://www.suse.com/security/cve/CVE-2025-40074.html
* https://www.suse.com/security/cve/CVE-2025-40075.html
* https://www.suse.com/security/cve/CVE-2025-40076.html
* https://www.suse.com/security/cve/CVE-2025-40077.html
* https://www.suse.com/security/cve/CVE-2025-40078.html
* https://www.suse.com/security/cve/CVE-2025-40079.html
* https://www.suse.com/security/cve/CVE-2025-40080.html
* https://www.suse.com/security/cve/CVE-2025-40081.html
* https://www.suse.com/security/cve/CVE-2025-40082.html
* https://www.suse.com/security/cve/CVE-2025-40084.html
* https://www.suse.com/security/cve/CVE-2025-40085.html
* https://www.suse.com/security/cve/CVE-2025-40086.html
* https://www.suse.com/security/cve/CVE-2025-40087.html
* https://www.suse.com/security/cve/CVE-2025-40088.html
* https://www.suse.com/security/cve/CVE-2025-40089.html
* https://www.suse.com/security/cve/CVE-2025-40090.html
* https://www.suse.com/security/cve/CVE-2025-40091.html
* https://www.suse.com/security/cve/CVE-2025-40092.html
* https://www.suse.com/security/cve/CVE-2025-40093.html
* https://www.suse.com/security/cve/CVE-2025-40094.html
* https://www.suse.com/security/cve/CVE-2025-40095.html
* https://www.suse.com/security/cve/CVE-2025-40096.html
* https://www.suse.com/security/cve/CVE-2025-40097.html
* https://www.suse.com/security/cve/CVE-2025-40098.html
* https://www.suse.com/security/cve/CVE-2025-40099.html
* https://www.suse.com/security/cve/CVE-2025-40100.html
* https://www.suse.com/security/cve/CVE-2025-40101.html
* https://www.suse.com/security/cve/CVE-2025-40102.html
* https://www.suse.com/security/cve/CVE-2025-40103.html
* https://www.suse.com/security/cve/CVE-2025-40104.html
* https://www.suse.com/security/cve/CVE-2025-40105.html
* https://www.suse.com/security/cve/CVE-2025-40106.html

openSUSE-SU-2025:15704-1: moderate: zellij-0.43.1-2.1 on GA media

# zellij-0.43.1-2.1 on GA media

Announcement ID: openSUSE-SU-2025:15704-1
Rating: moderate

Cross-References:

* CVE-2025-53901

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the zellij-0.43.1-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* zellij 0.43.1-2.1
* zellij-bash-completion 0.43.1-2.1
* zellij-fish-completion 0.43.1-2.1
* zellij-zsh-completion 0.43.1-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-53901.html

openSUSE-SU-2025:15700-1: moderate: OpenSMTPD-7.8.0p0-1.1 on GA media

# OpenSMTPD-7.8.0p0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15700-1
Rating: moderate

Cross-References:

* CVE-2025-62875

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the OpenSMTPD-7.8.0p0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* OpenSMTPD 7.8.0p0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-62875.html

openSUSE-SU-2025:15701-1: moderate: java-1_8_0-openjdk-1.8.0.472-1.1 on GA media

# java-1_8_0-openjdk-1.8.0.472-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15701-1
Rating: moderate

Cross-References:

* CVE-2025-53057
* CVE-2025-53066

CVSS scores:

* CVE-2025-53057 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-53057 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-53066 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-53066 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the java-1_8_0-openjdk-1.8.0.472-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* java-1_8_0-openjdk 1.8.0.472-1.1
* java-1_8_0-openjdk-accessibility 1.8.0.472-1.1
* java-1_8_0-openjdk-demo 1.8.0.472-1.1
* java-1_8_0-openjdk-devel 1.8.0.472-1.1
* java-1_8_0-openjdk-headless 1.8.0.472-1.1
* java-1_8_0-openjdk-javadoc 1.8.0.472-1.1
* java-1_8_0-openjdk-src 1.8.0.472-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-53057.html
* https://www.suse.com/security/cve/CVE-2025-53066.html

SUSE-SU-2025:3954-1: moderate: Security update for aws-efs-utils

# Security update for aws-efs-utils

Announcement ID: SUSE-SU-2025:3954-1
Release Date: 2025-11-05T14:06:41Z
Rating: moderate
References:

* bsc#1240044
* bsc#1248055
* bsc#1249851

Cross-References:

* CVE-2020-35881
* CVE-2025-55159

CVSS scores:

* CVE-2020-35881 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2020-35881 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-55159 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55159 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2025-55159 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.6
* Public Cloud Module 15-SP6
* Public Cloud Module 15-SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves two vulnerabilities and has one security fix can now be
installed.

## Description:

This update for aws-efs-utils fixes the following issues:

Update to version 2.3.3 (bsc#1240044).

Security issues fixed:

* CVE-2025-55159: slab: incorrect bounds check in `get_disjoint_mut` function
can lead to potential crash due to out-of-bounds access (bsc#1248055).
* CVE-2020-35881: traitobject: log4rs: out-of-bounds write due to fat pointer
layout assumptions (bsc#1249851).

Other issues fixed:

* Build and install efs-proxy binary (bsc#1240044).

* Fixed in version 2.3.3:

* Add environment variable support for AWS profiles and regions
* Regenerate Cargo.lock with rust 1.70.0
* Update circle-ci config
* Fix AWS Env Variable Test and Code Style Issue
* Remove CentOS 8 and Ubuntu 16.04 from verified Linux distribution list

* Fixed in version 2.3.2:

* Update version in amazon-efs-utils.spec to 2.3.1
* Fix incorrect package version

* Fixed in version 2.3.1:

* Fix backtrace version to resolve ubuntu and rhel build issues
* Pin Cargo.lock to avoid unexpected error across images

* Fixed in version 2.3.0:

* Add support for pod-identity credentials in the credentials chain
* Enable mounting with IPv6 when using with the 'stunnel' mount option

* Fixed in version 2.2.1:

* Update log4rs

* Fixed in version 2.2.0

* Use region-specific domain suffixes for dns endpoints where missing
* Merge PR #211 - Amend Debian control to use binary architecture

* Fixed in version 2.1.0

* Add mount option for specifying region
* Add new ISO regions to config file

* Fixed in version 2.0.4

* Add retry logic to and increase timeout for EC2 metadata token retrieval
requests

* Fixed in version 2.0.3:

* Upgrade py version
* Replace deprecated usage of datetime

* Fixed in version 2.0.2

* Check for efs-proxy PIDs when cleaning tunnel state files
* Add PID to log entries

* Fxied in version 2.0.1

* Disable Nagle's algorithm for efs-proxy TLS mounts to improve latencies

* Fixed in version 2.0.0:

* Replace stunnel, which provides TLS encryptions for mounts, with efs-proxy,
a component built in-house at AWS. Efs-proxy lays the foundation for
upcoming feature launches at EFS.

* Fixed in version 1.36.0:

* Support new mount option: crossaccount, conduct cross account mounts via ip
address. Use client AZ-ID to choose mount target.

* Fixed in version 1.35.2:

* Revert "Add warning if using older Version"
* Support MacOS Sonoma

* Fixed in version 1.35.1:

* Revert openssl requirement change
* Revert "Update EFS Documentation: Clarify Current FIPS Compliance Status"
* Update EFS Documentation: Clarify Current FIPS Compliance Status
* test: Change repo urls in eol debian9 build
* Check private key file size to skip generation
* test: Fix pytest that failed since commit 3dd89ca
* Fix should_check_efs_utils_version scope
* Add warning if using old version
* Add 'fsap' option as EFS-only option

* Fixed in version 1.35.0:

* Add parameters to allow mount fo pod impersonation feature in EFS CSI Driver
* Updated the README with support of Oracle8 distribution
* Readme troubleshooting section + table of contents
* Add efs-utils Support for MacOS Ventura EC2 instances

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3954=1 SUSE-2025-3954=1

* Public Cloud Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2025-3954=1

* Public Cloud Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2025-3954=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* aws-efs-utils-debuginfo-2.3.3-150600.17.6.1
* aws-efs-utils-2.3.3-150600.17.6.1
* Public Cloud Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* aws-efs-utils-2.3.3-150600.17.6.1
* Public Cloud Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* aws-efs-utils-2.3.3-150600.17.6.1

## References:

* https://www.suse.com/security/cve/CVE-2020-35881.html
* https://www.suse.com/security/cve/CVE-2025-55159.html
* https://bugzilla.suse.com/show_bug.cgi?id=1240044
* https://bugzilla.suse.com/show_bug.cgi?id=1248055
* https://bugzilla.suse.com/show_bug.cgi?id=1249851

SUSE-SU-2025:3955-1: moderate: Security update for sccache

# Security update for sccache

Announcement ID: SUSE-SU-2025:3955-1
Release Date: 2025-11-05T14:47:30Z
Rating: moderate
References:

* bsc#1248003

Cross-References:

* CVE-2025-55159

CVSS scores:

* CVE-2025-55159 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55159 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2025-55159 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.4

An update that solves one vulnerability can now be installed.

## Description:

This update for sccache fixes the following issues:

* CVE-2025-55159: updated slab with the uninit memory access fix (bsc#1248003)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3955=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* sccache-debugsource-0.4.2~4-150400.3.9.1
* sccache-0.4.2~4-150400.3.9.1
* sccache-debuginfo-0.4.2~4-150400.3.9.1

## References:

* https://www.suse.com/security/cve/CVE-2025-55159.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248003

SUSE-SU-2025:3957-1: important: Security update for tiff

# Security update for tiff

Announcement ID: SUSE-SU-2025:3957-1
Release Date: 2025-11-05T15:45:43Z
Rating: important
References:

* bsc#1248278
* bsc#1250413

Cross-References:

* CVE-2025-8851
* CVE-2025-9900

CVSS scores:

* CVE-2025-8851 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-8851 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-8851 ( NVD ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-8851 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-9900 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-9900 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-9900 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for tiff fixes the following issues:

Update to 4.7.1:

* CVE-2025-8851: Fixed stack-based buffer overflow (bsc#1248278).
* CVE-2025-9900: Fixed write-what-where via TIFFReadRGBAImageOriented
(bsc#1250413).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3957=1 openSUSE-SLE-15.6-2025-3957=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3957=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3957=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3957=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3957=1

## Package List:

* openSUSE Leap 15.6 (x86_64)
* libtiff6-32bit-4.7.1-150600.3.23.1
* libtiff-devel-32bit-4.7.1-150600.3.23.1
* libtiff6-32bit-debuginfo-4.7.1-150600.3.23.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* tiff-debuginfo-4.7.1-150600.3.23.1
* libtiff6-4.7.1-150600.3.23.1
* libtiff6-debuginfo-4.7.1-150600.3.23.1
* tiff-debugsource-4.7.1-150600.3.23.1
* libtiff-devel-4.7.1-150600.3.23.1
* tiff-4.7.1-150600.3.23.1
* openSUSE Leap 15.6 (noarch)
* tiff-docs-4.7.1-150600.3.23.1
* libtiff-devel-docs-4.7.1-150600.3.23.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libtiff6-64bit-4.7.1-150600.3.23.1
* libtiff6-64bit-debuginfo-4.7.1-150600.3.23.1
* libtiff-devel-64bit-4.7.1-150600.3.23.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* tiff-debuginfo-4.7.1-150600.3.23.1
* libtiff6-4.7.1-150600.3.23.1
* libtiff6-debuginfo-4.7.1-150600.3.23.1
* tiff-debugsource-4.7.1-150600.3.23.1
* libtiff-devel-4.7.1-150600.3.23.1
* Basesystem Module 15-SP6 (x86_64)
* libtiff6-32bit-4.7.1-150600.3.23.1
* libtiff6-32bit-debuginfo-4.7.1-150600.3.23.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* tiff-debuginfo-4.7.1-150600.3.23.1
* libtiff6-4.7.1-150600.3.23.1
* libtiff6-debuginfo-4.7.1-150600.3.23.1
* tiff-debugsource-4.7.1-150600.3.23.1
* libtiff-devel-4.7.1-150600.3.23.1
* Basesystem Module 15-SP7 (x86_64)
* libtiff6-32bit-4.7.1-150600.3.23.1
* libtiff6-32bit-debuginfo-4.7.1-150600.3.23.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* tiff-debugsource-4.7.1-150600.3.23.1
* tiff-debuginfo-4.7.1-150600.3.23.1
* tiff-4.7.1-150600.3.23.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* tiff-debugsource-4.7.1-150600.3.23.1
* tiff-debuginfo-4.7.1-150600.3.23.1
* tiff-4.7.1-150600.3.23.1

## References:

* https://www.suse.com/security/cve/CVE-2025-8851.html
* https://www.suse.com/security/cve/CVE-2025-9900.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248278
* https://bugzilla.suse.com/show_bug.cgi?id=1250413