SUSE-SU-2025:02912-1: moderate: Security update for govulncheck-vulndb
SUSE-SU-2025:02909-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP4)
SUSE-SU-2025:02911-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP5)
SUSE-SU-2025:02914-1: moderate: Security update for docker
SUSE-SU-2025:02915-1: moderate: Security update for jq
SUSE-SU-2025:02917-1: important: Security update for the Linux Kernel (Live Patch 56 for SLE 15 SP3)
SUSE-SU-2025:02918-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)
SUSE-SU-2025:02894-1: important: Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)
SUSE-SU-2025:02908-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)
SUSE-SU-2025:02896-1: low: Security update for 389-ds
SUSE-SU-2025:02902-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP5)
SUSE-SU-2025:02897-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP4)
SUSE-SU-2025:02875-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)
SUSE-SU-2025:02860-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP4)
SUSE-SU-2025:02886-1: low: Security update for lua51-luajit
SUSE-SU-2025:02876-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP5)
SUSE-SU-2025:02859-1: important: Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)
SUSE-SU-2025:02884-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP5)
SUSE-SU-2025:02883-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5)
openSUSE-SU-2025:15457-1: moderate: apache2-mod_security2-2.9.12-1.1 on GA media
openSUSE-SU-2025:15460-1: moderate: glibc-2.42-1.1 on GA media
openSUSE-SU-2025:15459-1: moderate: cflow-1.8-2.1 on GA media
openSUSE-SU-2025:15458-1: moderate: cairo-devel-1.18.4-3.1 on GA media
openSUSE-SU-2025:15461-1: moderate: openbao-2.3.2-1.1 on GA media
SUSE-SU-2025:02922-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6)
SUSE-SU-2025:02912-1: moderate: Security update for govulncheck-vulndb
# Security update for govulncheck-vulndb
Announcement ID: SUSE-SU-2025:02912-1
Release Date: 2025-08-19T12:52:35Z
Rating: moderate
References:
* jsc#PED-11136
Cross-References:
* CVE-2021-21411
* CVE-2024-44906
* CVE-2025-44779
* CVE-2025-47907
* CVE-2025-50738
* CVE-2025-53534
* CVE-2025-53942
* CVE-2025-54386
* CVE-2025-54388
* CVE-2025-54410
* CVE-2025-54424
* CVE-2025-54576
* CVE-2025-54799
* CVE-2025-54801
* CVE-2025-54996
* CVE-2025-54997
* CVE-2025-54998
* CVE-2025-54999
* CVE-2025-55000
* CVE-2025-55001
* CVE-2025-55003
* CVE-2025-5999
* CVE-2025-6000
* CVE-2025-6004
* CVE-2025-6011
* CVE-2025-6013
* CVE-2025-6014
* CVE-2025-6015
* CVE-2025-6037
* CVE-2025-7195
* CVE-2025-8341
CVSS scores:
* CVE-2021-21411 ( NVD ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
* CVE-2024-44906 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2025-44779 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2025-47907 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-47907 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
* CVE-2025-47907 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
* CVE-2025-50738 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-53534 ( NVD ): 7.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-53942 ( NVD ): 7.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-54386 ( NVD ): 7.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-54388 ( SUSE ): 5.1
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2025-54388 ( SUSE ): 5.2 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2025-54388 ( NVD ): 5.1
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-54410 ( SUSE ): 2.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-54410 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
* CVE-2025-54410 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
* CVE-2025-54424 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-54576 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-54799 ( NVD ): 2.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-54801 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-54996 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-54997 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-54998 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-54999 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-54999 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-55000 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-55001 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-55003 ( NVD ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-5999 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-6000 ( SUSE ): 5.5
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
* CVE-2025-6000 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-6000 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-6004 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-6011 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-6013 ( SUSE ): 7.4
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-6013 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-6013 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-6014 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-6015 ( NVD ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-6037 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-7195 ( NVD ): 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L
* CVE-2025-8341 ( NVD ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6
An update that solves 31 vulnerabilities and contains one feature can now be
installed.
## Description:
This update for govulncheck-vulndb fixes the following issues:
* Update to version 0.0.20250814T182633 2025-08-14T18:26:33Z (jsc#PED-11136)
Go CVE Numbering Authority IDs added or updated with aliases: * GO-2025-3765
CVE-2024-44906 GHSA-h4h6-vccr-44h2 * GO-2025-3829 CVE-2025-54410
GHSA-4vq8-7jfc-9cvp
* Update to version 0.0.20250811T192933 2025-08-11T19:29:33Z (jsc#PED-11136)
Go CVE Numbering Authority IDs added or updated with aliases: * GO-2025-3822
CVE-2025-53942 GHSA-9g4j-v8w5-7x42 * GO-2025-3829 CVE-2025-54410
GHSA-4vq8-7jfc-9cvp * GO-2025-3830 CVE-2025-54388 GHSA-x4rx-4gw3-53p4 *
GO-2025-3831 CVE-2025-50738 GHSA-hfcf-79gh-f3jc * GO-2025-3832 CVE-2021-21411
GHSA-652x-m2gr-hppm * GO-2025-3833 CVE-2025-54576 GHSA-7rh7-c77v-6434 *
GO-2025-3834 CVE-2025-54424 GHSA-8j63-96wh-wh3j * GO-2025-3835 CVE-2025-54386
GHSA-q6gg-9f92-r9wg * GO-2025-3836 CVE-2025-6037 GHSA-6c5r-4wfc-3mcx *
GO-2025-3837 CVE-2025-5999 GHSA-6h4p-m86h-hhgh * GO-2025-3838 CVE-2025-6000
GHSA-mr4h-qf9j-f665 * GO-2025-3839 CVE-2025-6011 GHSA-mwgr-84fv-3jh9 *
GO-2025-3840 CVE-2025-6004 GHSA-qgj7-fmq2-6cc4 * GO-2025-3841 CVE-2025-6014
GHSA-qv3p-fmv3-9hww * GO-2025-3842 CVE-2025-6015 GHSA-v6r4-35f9-9rpw *
GO-2025-3843 CVE-2025-8341 GHSA-3c93-92r7-j934 * GO-2025-3844 CVE-2025-53534
GHSA-fm3m-jrgm-5ppg * GO-2025-3845 CVE-2025-54801 GHSA-qx2q-88mx-vhg7 *
GO-2025-3847 CVE-2025-54799 GHSA-q82r-2j7m-9rv4 * GO-2025-3848 CVE-2025-6013
GHSA-7rx2-769v-hrwf * GO-2025-3851 CVE-2025-44779 GHSA-93jv-pvg8-hf3v *
GO-2025-3852 CVE-2025-7195 GHSA-856v-8qm2-9wjv * GO-2025-3853 CVE-2025-55000
GHSA-f7c3-mhj2-9pvg * GO-2025-3854 CVE-2025-54999 GHSA-hh28-h22f-8357 *
GO-2025-3855 CVE-2025-54998 GHSA-j3xv-7fxp-gfhx * GO-2025-3856 CVE-2025-55003
GHSA-rxp7-9q75-vj3p * GO-2025-3857 CVE-2025-54996 GHSA-vf84-mxrq-crqc *
GO-2025-3858 CVE-2025-54997 GHSA-xp75-r577-cvhp * GO-2025-3859 CVE-2025-55001
GHSA-2q8q-8fgw-9p6p
* Update to version 0.0.20250807T150727 2025-08-07T15:07:27Z (jsc#PED-11136)
Go CVE Numbering Authority IDs added or updated with aliases: * GO-2025-3849
CVE-2025-47907
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2912=1
* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2912=1
## Package List:
* openSUSE Leap 15.6 (noarch)
* govulncheck-vulndb-0.0.20250814T182633-150000.1.98.1
* SUSE Package Hub 15 15-SP6 (noarch)
* govulncheck-vulndb-0.0.20250814T182633-150000.1.98.1
## References:
* https://www.suse.com/security/cve/CVE-2021-21411.html
* https://www.suse.com/security/cve/CVE-2024-44906.html
* https://www.suse.com/security/cve/CVE-2025-44779.html
* https://www.suse.com/security/cve/CVE-2025-47907.html
* https://www.suse.com/security/cve/CVE-2025-50738.html
* https://www.suse.com/security/cve/CVE-2025-53534.html
* https://www.suse.com/security/cve/CVE-2025-53942.html
* https://www.suse.com/security/cve/CVE-2025-54386.html
* https://www.suse.com/security/cve/CVE-2025-54388.html
* https://www.suse.com/security/cve/CVE-2025-54410.html
* https://www.suse.com/security/cve/CVE-2025-54424.html
* https://www.suse.com/security/cve/CVE-2025-54576.html
* https://www.suse.com/security/cve/CVE-2025-54799.html
* https://www.suse.com/security/cve/CVE-2025-54801.html
* https://www.suse.com/security/cve/CVE-2025-54996.html
* https://www.suse.com/security/cve/CVE-2025-54997.html
* https://www.suse.com/security/cve/CVE-2025-54998.html
* https://www.suse.com/security/cve/CVE-2025-54999.html
* https://www.suse.com/security/cve/CVE-2025-55000.html
* https://www.suse.com/security/cve/CVE-2025-55001.html
* https://www.suse.com/security/cve/CVE-2025-55003.html
* https://www.suse.com/security/cve/CVE-2025-5999.html
* https://www.suse.com/security/cve/CVE-2025-6000.html
* https://www.suse.com/security/cve/CVE-2025-6004.html
* https://www.suse.com/security/cve/CVE-2025-6011.html
* https://www.suse.com/security/cve/CVE-2025-6013.html
* https://www.suse.com/security/cve/CVE-2025-6014.html
* https://www.suse.com/security/cve/CVE-2025-6015.html
* https://www.suse.com/security/cve/CVE-2025-6037.html
* https://www.suse.com/security/cve/CVE-2025-7195.html
* https://www.suse.com/security/cve/CVE-2025-8341.html
* https://jira.suse.com/browse/PED-11136
SUSE-SU-2025:02909-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP4)
# Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP4)
Announcement ID: SUSE-SU-2025:02909-1
Release Date: 2025-08-19T12:03:55Z
Rating: important
References:
* bsc#1232927
* bsc#1244631
* bsc#1245218
* bsc#1245350
* bsc#1247350
* bsc#1247351
Cross-References:
* CVE-2024-36978
* CVE-2025-38079
* CVE-2025-38083
* CVE-2025-38494
* CVE-2025-38495
CVSS scores:
* CVE-2024-36978 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36978 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38079 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves five vulnerabilities and has one security fix can now be
installed.
## Description:
This update for the Linux Kernel 5.14.21-150400_24_147 fixes several issues.
The following security issues were fixed:
* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
* CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept
(bsc#1245218).
* CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
* CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in
multiq_tune() (bsc#1244631).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2909=1 SUSE-2025-2910=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-2909=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-2910=1
## Package List:
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_28-debugsource-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-debuginfo-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_35-debugsource-10-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_28-debugsource-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-debuginfo-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_35-debugsource-10-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-36978.html
* https://www.suse.com/security/cve/CVE-2025-38079.html
* https://www.suse.com/security/cve/CVE-2025-38083.html
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232927
* https://bugzilla.suse.com/show_bug.cgi?id=1244631
* https://bugzilla.suse.com/show_bug.cgi?id=1245218
* https://bugzilla.suse.com/show_bug.cgi?id=1245350
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351
SUSE-SU-2025:02911-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:02911-1
Release Date: 2025-08-19T12:33:37Z
Rating: important
References:
* bsc#1232927
* bsc#1245218
* bsc#1245350
* bsc#1247350
* bsc#1247351
Cross-References:
* CVE-2025-38079
* CVE-2025-38083
* CVE-2025-38494
* CVE-2025-38495
CVSS scores:
* CVE-2025-38079 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves four vulnerabilities and has one security fix can now be
installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_88 fixes several issues.
The following security issues were fixed:
* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
* CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept
(bsc#1245218).
* CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2911=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2911=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_88-default-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-9-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_21-debugsource-9-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_88-default-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-9-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_21-debugsource-9-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38079.html
* https://www.suse.com/security/cve/CVE-2025-38083.html
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232927
* https://bugzilla.suse.com/show_bug.cgi?id=1245218
* https://bugzilla.suse.com/show_bug.cgi?id=1245350
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351
SUSE-SU-2025:02914-1: moderate: Security update for docker
# Security update for docker
Announcement ID: SUSE-SU-2025:02914-1
Release Date: 2025-08-19T12:56:06Z
Rating: moderate
References:
* bsc#1246556
* bsc#1247367
Cross-References:
* CVE-2025-54388
CVSS scores:
* CVE-2025-54388 ( SUSE ): 5.1
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2025-54388 ( SUSE ): 5.2 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2025-54388 ( NVD ): 5.1
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products:
* Basesystem Module 15-SP7
* Containers Module 15-SP6
* Containers Module 15-SP7
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability and has one security fix can now be
installed.
## Description:
This update for docker fixes the following issues:
* Update to Docker 28.3.3-ce.
* CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published
container ports accessible from remote hosts. (bsc#1247367)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2914=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2914=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2914=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2914=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2914=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-2914=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2914=1
* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-2914=1
* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2025-2914=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2914=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2914=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2914=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2914=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2914=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2914=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2914=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2914=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2914=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2914=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2914=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-2914=1
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-2914=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2914=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2914=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* openSUSE Leap 15.6 (noarch)
* docker-bash-completion-28.3.3_ce-150000.230.1
* docker-rootless-extras-28.3.3_ce-150000.230.1
* docker-zsh-completion-28.3.3_ce-150000.230.1
* docker-fish-completion-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* Containers Module 15-SP6 (noarch)
* docker-bash-completion-28.3.3_ce-150000.230.1
* docker-zsh-completion-28.3.3_ce-150000.230.1
* docker-rootless-extras-28.3.3_ce-150000.230.1
* Containers Module 15-SP7 (noarch)
* docker-bash-completion-28.3.3_ce-150000.230.1
* docker-zsh-completion-28.3.3_ce-150000.230.1
* docker-rootless-extras-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* docker-bash-completion-28.3.3_ce-150000.230.1
* docker-fish-completion-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* docker-bash-completion-28.3.3_ce-150000.230.1
* docker-rootless-extras-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* docker-bash-completion-28.3.3_ce-150000.230.1
* docker-rootless-extras-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* docker-bash-completion-28.3.3_ce-150000.230.1
* docker-rootless-extras-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* docker-bash-completion-28.3.3_ce-150000.230.1
* docker-rootless-extras-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* docker-bash-completion-28.3.3_ce-150000.230.1
* docker-fish-completion-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* docker-bash-completion-28.3.3_ce-150000.230.1
* docker-rootless-extras-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* docker-bash-completion-28.3.3_ce-150000.230.1
* docker-rootless-extras-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* docker-bash-completion-28.3.3_ce-150000.230.1
* docker-fish-completion-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* docker-bash-completion-28.3.3_ce-150000.230.1
* docker-rootless-extras-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* docker-bash-completion-28.3.3_ce-150000.230.1
* docker-rootless-extras-28.3.3_ce-150000.230.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* SUSE Enterprise Storage 7.1 (noarch)
* docker-bash-completion-28.3.3_ce-150000.230.1
* docker-fish-completion-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* docker-28.3.3_ce-150000.230.1
* docker-debuginfo-28.3.3_ce-150000.230.1
## References:
* https://www.suse.com/security/cve/CVE-2025-54388.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246556
* https://bugzilla.suse.com/show_bug.cgi?id=1247367
SUSE-SU-2025:02915-1: moderate: Security update for jq
# Security update for jq
Announcement ID: SUSE-SU-2025:02915-1
Release Date: 2025-08-19T12:57:02Z
Rating: moderate
References:
* bsc#1244116
Cross-References:
* CVE-2025-48060
CVSS scores:
* CVE-2025-48060 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-48060 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-48060 ( NVD ): 7.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-48060 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for jq fixes the following issues:
* CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2915=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2915=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2915=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2915=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2915=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-2915=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2915=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2915=1
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-2915=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2915=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2915=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libjq1-debuginfo-1.6-150000.3.9.1
* libjq-devel-1.6-150000.3.9.1
* jq-1.6-150000.3.9.1
* libjq1-1.6-150000.3.9.1
* jq-debugsource-1.6-150000.3.9.1
* jq-debuginfo-1.6-150000.3.9.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libjq1-debuginfo-1.6-150000.3.9.1
* jq-1.6-150000.3.9.1
* libjq1-1.6-150000.3.9.1
* jq-debugsource-1.6-150000.3.9.1
* jq-debuginfo-1.6-150000.3.9.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libjq1-debuginfo-1.6-150000.3.9.1
* jq-1.6-150000.3.9.1
* libjq1-1.6-150000.3.9.1
* jq-debugsource-1.6-150000.3.9.1
* jq-debuginfo-1.6-150000.3.9.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libjq1-debuginfo-1.6-150000.3.9.1
* jq-1.6-150000.3.9.1
* libjq1-1.6-150000.3.9.1
* jq-debugsource-1.6-150000.3.9.1
* jq-debuginfo-1.6-150000.3.9.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libjq1-debuginfo-1.6-150000.3.9.1
* jq-1.6-150000.3.9.1
* libjq1-1.6-150000.3.9.1
* jq-debugsource-1.6-150000.3.9.1
* jq-debuginfo-1.6-150000.3.9.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libjq1-debuginfo-1.6-150000.3.9.1
* jq-1.6-150000.3.9.1
* libjq1-1.6-150000.3.9.1
* jq-debugsource-1.6-150000.3.9.1
* jq-debuginfo-1.6-150000.3.9.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libjq1-debuginfo-1.6-150000.3.9.1
* libjq-devel-1.6-150000.3.9.1
* jq-1.6-150000.3.9.1
* libjq1-1.6-150000.3.9.1
* jq-debugsource-1.6-150000.3.9.1
* jq-debuginfo-1.6-150000.3.9.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libjq1-debuginfo-1.6-150000.3.9.1
* libjq-devel-1.6-150000.3.9.1
* jq-1.6-150000.3.9.1
* libjq1-1.6-150000.3.9.1
* jq-debugsource-1.6-150000.3.9.1
* jq-debuginfo-1.6-150000.3.9.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* libjq1-debuginfo-1.6-150000.3.9.1
* jq-1.6-150000.3.9.1
* libjq1-1.6-150000.3.9.1
* jq-debugsource-1.6-150000.3.9.1
* jq-debuginfo-1.6-150000.3.9.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* libjq1-debuginfo-1.6-150000.3.9.1
* jq-1.6-150000.3.9.1
* libjq1-1.6-150000.3.9.1
* jq-debugsource-1.6-150000.3.9.1
* jq-debuginfo-1.6-150000.3.9.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* libjq1-debuginfo-1.6-150000.3.9.1
* jq-1.6-150000.3.9.1
* libjq1-1.6-150000.3.9.1
* jq-debugsource-1.6-150000.3.9.1
* jq-debuginfo-1.6-150000.3.9.1
## References:
* https://www.suse.com/security/cve/CVE-2025-48060.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244116
SUSE-SU-2025:02917-1: important: Security update for the Linux Kernel (Live Patch 56 for SLE 15 SP3)
# Security update for the Linux Kernel (Live Patch 56 for SLE 15 SP3)
Announcement ID: SUSE-SU-2025:02917-1
Release Date: 2025-08-19T13:04:09Z
Rating: important
References:
* bsc#1244631
* bsc#1245218
* bsc#1245350
* bsc#1247350
* bsc#1247351
Cross-References:
* CVE-2024-36978
* CVE-2025-38079
* CVE-2025-38083
* CVE-2025-38494
* CVE-2025-38495
CVSS scores:
* CVE-2024-36978 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36978 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38079 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves five vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.3.18-150300_59_201 fixes several issues.
The following security issues were fixed:
* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
* CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept
(bsc#1245218).
* CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
* CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in
multiq_tune() (bsc#1244631).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2917=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2917=1
## Package List:
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_201-default-debuginfo-4-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_56-debugsource-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-4-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_201-preempt-debuginfo-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-preempt-4-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_201-default-debuginfo-4-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_56-debugsource-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-4-150300.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-36978.html
* https://www.suse.com/security/cve/CVE-2025-38079.html
* https://www.suse.com/security/cve/CVE-2025-38083.html
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244631
* https://bugzilla.suse.com/show_bug.cgi?id=1245218
* https://bugzilla.suse.com/show_bug.cgi?id=1245350
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351
SUSE-SU-2025:02918-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:02918-1
Release Date: 2025-08-19T14:33:37Z
Rating: important
References:
* bsc#1245218
* bsc#1245350
* bsc#1247350
* bsc#1247351
Cross-References:
* CVE-2025-38079
* CVE-2025-38083
* CVE-2025-38494
* CVE-2025-38495
CVSS scores:
* CVE-2025-38079 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise Live Patching 12-SP5
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves four vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_38 fixes several issues.
The following security issues were fixed:
* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
* CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept
(bsc#1245218).
* CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 12-SP5
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2025-2918=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2920=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2920=1
## Package List:
* SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
* kgraft-patch-4_12_14-122_228-default-14-2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_8-debugsource-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_38-default-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_38-default-debuginfo-5-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_8-debugsource-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_38-default-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_38-default-debuginfo-5-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38079.html
* https://www.suse.com/security/cve/CVE-2025-38083.html
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245218
* https://bugzilla.suse.com/show_bug.cgi?id=1245350
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351
SUSE-SU-2025:02894-1: important: Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)
# Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)
Announcement ID: SUSE-SU-2025:02894-1
Release Date: 2025-08-19T09:19:19Z
Rating: important
References:
* bsc#1244631
* bsc#1245218
* bsc#1245350
* bsc#1247350
* bsc#1247351
Cross-References:
* CVE-2024-36978
* CVE-2025-38079
* CVE-2025-38083
* CVE-2025-38494
* CVE-2025-38495
CVSS scores:
* CVE-2024-36978 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36978 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38079 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves five vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.3.18-150300_59_174 fixes several issues.
The following security issues were fixed:
* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
* CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept
(bsc#1245218).
* CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
* CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in
multiq_tune() (bsc#1244631).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2894=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2894=1
## Package List:
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_48-debugsource-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-default-debuginfo-15-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_174-preempt-debuginfo-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-preempt-15-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-36978.html
* https://www.suse.com/security/cve/CVE-2025-38079.html
* https://www.suse.com/security/cve/CVE-2025-38083.html
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244631
* https://bugzilla.suse.com/show_bug.cgi?id=1245218
* https://bugzilla.suse.com/show_bug.cgi?id=1245350
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351
SUSE-SU-2025:02908-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:02908-1
Release Date: 2025-08-19T11:33:53Z
Rating: important
References:
* bsc#1245218
* bsc#1245350
* bsc#1247350
* bsc#1247351
Cross-References:
* CVE-2025-38079
* CVE-2025-38083
* CVE-2025-38494
* CVE-2025-38495
CVSS scores:
* CVE-2025-38079 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 12-SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves four vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_33 fixes several issues.
The following security issues were fixed:
* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
* CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept
(bsc#1245218).
* CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 12-SP5
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2025-2908=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2900=1 SUSE-2025-2901=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2901=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-2900=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2895=1 SUSE-2025-2903=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2895=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-2903=1
## Package List:
* SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
* kgraft-patch-4_12_14-122_261-default-2-2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_73-default-15-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_17-debugsource-15-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_19-debugsource-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_73-default-debuginfo-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_73-default-15-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_19-debugsource-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_73-default-debuginfo-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le x86_64)
* kernel-livepatch-SLE15-SP5_Update_17-debugsource-15-150500.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_33-default-10-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-15-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_7-debugsource-10-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_4-debugsource-15-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-10-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_33-default-10-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-15-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_7-debugsource-10-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_4-debugsource-15-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-10-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38079.html
* https://www.suse.com/security/cve/CVE-2025-38083.html
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245218
* https://bugzilla.suse.com/show_bug.cgi?id=1245350
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351
SUSE-SU-2025:02896-1: low: Security update for 389-ds
# Security update for 389-ds
Announcement ID: SUSE-SU-2025:02896-1
Release Date: 2025-08-19T09:30:17Z
Rating: low
References:
* bsc#1242666
* bsc#1243428
Cross-References:
* CVE-2025-3416
CVSS scores:
* CVE-2025-3416 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-3416 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-3416 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* openSUSE Leap 15.4
An update that solves one vulnerability and has one security fix can now be
installed.
## Description:
This update for 389-ds fixes the following issues:
Update to version 2.0.20~git64.628a24b68:
Security fixes:
* CVE-2025-3416: Fixed openssl use after free (bsc#1242666)
Other fixes:
* resolve infinite loop due when loading RUV entryrdn (bsc#1243428)
Upstream changelog: * Issue 6119 - Synchronise accept_thread with slapd_daemon
(#6120) * Issue 6825 - RootDN Access Control Plugin with wildcards for IP addreā¦
(#6826) * Issue 6819 - Incorrect pwdpolicysubentry returned for an entry with
user password policy * Issue 6641 - modrdn fails when a user is member of
multiple groups (#6643) * Issue 6534 - CI fails with Fedora 41 and DNF5 * Revert
"Issue 5120 - ns-slapd doesn't start in referral mode (#6763)" * Issue 6438 -
Add basic dsidm organizational unit tests * Issue 6439 - Fix dsidm service
get_dn option * Issue 5120 - ns-slapd doesn't start in referral mode (#6763) *
Issue 6740 Certificate verify fails in FIPS mode * Issue 5356 - Set
DEFAULT_PASSWORD_STORAGE_SCHEME to PBKDF2-SHA512 in tests * Issue 6603 - Release
tarballs ship a different Cargo.lock * Issue 4982 - BUG - missing inttypes.h
(#4983) * Issue 6571 - (2nd) Nested group does not receive memberOf attribute
(#6697) * Issue 6686 - CLI - Re-enabling user accounts that reached inactivity
limit fails with error (#6687) * Issue 6288 - dsidm crash with account policy
when alt-state-attr is disabled (#6292) * Issue 6571 - Nested group does not
receive memberOf attribute (#6679) * Issue 6676 - Add GitHub workflow action and
fix pbkdf2 tests (#6677) * Issue 6155 - ldap-agent fails to start because of
permission error (#6179) * Issue 6632 - Replication init fails with ASAN build *
Issue 6561 - TLS 1.2 stickiness in FIPS mode * Bump openssl from 0.10.66 to
0.10.70 in /src * Issue 6004 - (2nd) idletimeout may be ignored (#6569)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2896=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* libsvrcore0-debuginfo-2.0.20~git64.628a24b68-150400.3.45.3
* 389-ds-2.0.20~git64.628a24b68-150400.3.45.3
* 389-ds-debugsource-2.0.20~git64.628a24b68-150400.3.45.3
* libsvrcore0-2.0.20~git64.628a24b68-150400.3.45.3
* 389-ds-snmp-debuginfo-2.0.20~git64.628a24b68-150400.3.45.3
* lib389-2.0.20~git64.628a24b68-150400.3.45.3
* 389-ds-snmp-2.0.20~git64.628a24b68-150400.3.45.3
* 389-ds-debuginfo-2.0.20~git64.628a24b68-150400.3.45.3
* 389-ds-devel-2.0.20~git64.628a24b68-150400.3.45.3
## References:
* https://www.suse.com/security/cve/CVE-2025-3416.html
* https://bugzilla.suse.com/show_bug.cgi?id=1242666
* https://bugzilla.suse.com/show_bug.cgi?id=1243428
SUSE-SU-2025:02902-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:02902-1
Release Date: 2025-08-19T09:34:28Z
Rating: important
References:
* bsc#1232927
* bsc#1245218
* bsc#1245350
* bsc#1247350
* bsc#1247351
Cross-References:
* CVE-2025-38079
* CVE-2025-38083
* CVE-2025-38494
* CVE-2025-38495
CVSS scores:
* CVE-2025-38079 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves four vulnerabilities and has one security fix can now be
installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_100 fixes several issues.
The following security issues were fixed:
* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
* CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept
(bsc#1245218).
* CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2902=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2902=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_25-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_25-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38079.html
* https://www.suse.com/security/cve/CVE-2025-38083.html
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232927
* https://bugzilla.suse.com/show_bug.cgi?id=1245218
* https://bugzilla.suse.com/show_bug.cgi?id=1245350
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351
SUSE-SU-2025:02897-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP4)
# Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP4)
Announcement ID: SUSE-SU-2025:02897-1
Release Date: 2025-08-19T10:03:56Z
Rating: important
References:
* bsc#1232927
* bsc#1244631
* bsc#1245218
* bsc#1245350
* bsc#1247350
* bsc#1247351
Cross-References:
* CVE-2024-36978
* CVE-2025-38079
* CVE-2025-38083
* CVE-2025-38494
* CVE-2025-38495
CVSS scores:
* CVE-2024-36978 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36978 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38079 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves five vulnerabilities and has one security fix can now be
installed.
## Description:
This update for the Linux Kernel 5.14.21-150400_24_167 fixes several issues.
The following security issues were fixed:
* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
* CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept
(bsc#1245218).
* CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
* CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in
multiq_tune() (bsc#1244631).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-2898=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-2904=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2025-2905=1 SUSE-SLE-Module-Live-Patching-15-SP4-2025-2899=1
SUSE-SLE-Module-Live-Patching-15-SP4-2025-2897=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2904=1 SUSE-2025-2905=1 SUSE-2025-2899=1
SUSE-2025-2897=1 SUSE-2025-2898=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-12-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_33-debugsource-12-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-3-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_37-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-3-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_36-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-12-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-12-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_33-debugsource-12-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-3-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_37-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_36-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-12-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-36978.html
* https://www.suse.com/security/cve/CVE-2025-38079.html
* https://www.suse.com/security/cve/CVE-2025-38083.html
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232927
* https://bugzilla.suse.com/show_bug.cgi?id=1244631
* https://bugzilla.suse.com/show_bug.cgi?id=1245218
* https://bugzilla.suse.com/show_bug.cgi?id=1245350
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351
SUSE-SU-2025:02875-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:02875-1
Release Date: 2025-08-19T06:04:44Z
Rating: important
References:
* bsc#1245218
* bsc#1245350
* bsc#1247350
* bsc#1247351
Cross-References:
* CVE-2025-38079
* CVE-2025-38083
* CVE-2025-38494
* CVE-2025-38495
CVSS scores:
* CVE-2025-38079 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves four vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_25 fixes several issues.
The following security issues were fixed:
* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
* CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept
(bsc#1245218).
* CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2866=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-2867=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2025-2865=1 SUSE-SLE-Module-Live-Patching-15-SP6-2025-2868=1
SUSE-SLE-Module-Live-Patching-15-SP6-2025-2869=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2025-2877=1 SUSE-SLE-Module-Live-Patching-15-SP6-2025-2872=1
SUSE-SLE-Module-Live-Patching-15-SP6-2025-2885=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2025-2864=1 SUSE-SLE-Module-Live-Patching-15-SP6-2025-2862=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2885=1 SUSE-2025-2877=1 SUSE-2025-2872=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2875=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2875=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
* kernel-livepatch-6_4_0-150600_10_11-rt-debuginfo-15-150600.2.1
* kernel-livepatch-6_4_0-150600_10_17-rt-debuginfo-13-150600.2.1
* kernel-livepatch-6_4_0-150600_10_8-rt-debuginfo-15-150600.2.1
* kernel-livepatch-6_4_0-150600_10_23-rt-debuginfo-10-150600.2.1
* kernel-livepatch-6_4_0-150600_10_29-rt-debuginfo-5-150600.2.1
* kernel-livepatch-SLE15-SP6-RT_Update_1-debugsource-19-150600.2.1
* kernel-livepatch-6_4_0-150600_10_34-rt-4-150600.2.1
* kernel-livepatch-SLE15-SP6-RT_Update_10-debugsource-4-150600.2.1
* kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1
* kernel-livepatch-SLE15-SP6-RT_Update_2-debugsource-15-150600.2.1
* kernel-livepatch-6_4_0-150600_10_17-rt-13-150600.2.1
* kernel-livepatch-6_4_0-150600_10_34-rt-debuginfo-4-150600.2.1
* kernel-livepatch-6_4_0-150600_10_5-rt-19-150600.2.1
* kernel-livepatch-6_4_0-150600_10_23-rt-10-150600.2.1
* kernel-livepatch-SLE15-SP6-RT_Update_3-debugsource-15-150600.2.1
* kernel-livepatch-SLE15-SP6-RT_Update_5-debugsource-13-150600.2.1
* kernel-livepatch-SLE15-SP6-RT_Update_7-debugsource-10-150600.2.1
* kernel-livepatch-SLE15-SP6-RT_Update_9-debugsource-5-150600.2.1
* kernel-livepatch-6_4_0-150600_10_29-rt-5-150600.2.1
* kernel-livepatch-6_4_0-150600_10_8-rt-15-150600.2.1
* kernel-livepatch-6_4_0-150600_10_5-rt-debuginfo-19-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-14-150600.2.1
* kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-19-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-19-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_3-debugsource-19-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-14-150600.2.1
* kernel-livepatch-6_4_0-150600_23_14-default-19-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_5-debugsource-14-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-19-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_2-debugsource-19-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-14-150600.2.1
* kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-19-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-19-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_3-debugsource-19-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-14-150600.2.1
* kernel-livepatch-6_4_0-150600_23_14-default-19-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_5-debugsource-14-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-19-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_2-debugsource-19-150600.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-13-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_20-debugsource-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-13-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_20-debugsource-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38079.html
* https://www.suse.com/security/cve/CVE-2025-38083.html
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245218
* https://bugzilla.suse.com/show_bug.cgi?id=1245350
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351
SUSE-SU-2025:02860-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP4)
# Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP4)
Announcement ID: SUSE-SU-2025:02860-1
Release Date: 2025-08-19T03:33:37Z
Rating: important
References:
* bsc#1232927
* bsc#1244631
* bsc#1245218
* bsc#1245350
* bsc#1247350
* bsc#1247351
Cross-References:
* CVE-2024-36978
* CVE-2025-38079
* CVE-2025-38083
* CVE-2025-38494
* CVE-2025-38495
CVSS scores:
* CVE-2024-36978 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36978 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38079 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves five vulnerabilities and has one security fix can now be
installed.
## Description:
This update for the Linux Kernel 5.14.21-150400_24_161 fixes several issues.
The following security issues were fixed:
* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
* CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept
(bsc#1245218).
* CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
* CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in
multiq_tune() (bsc#1244631).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2861=1 SUSE-2025-2870=1 SUSE-2025-2860=1
SUSE-2025-2863=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-2861=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-2870=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2025-2860=1 SUSE-SLE-Module-Live-Patching-15-SP4-2025-2863=1
## Package List:
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_34-debugsource-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-13-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_32-debugsource-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-debuginfo-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_39-debugsource-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_31-debugsource-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-13-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_34-debugsource-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-13-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_32-debugsource-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-debuginfo-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_39-debugsource-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_31-debugsource-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-13-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-36978.html
* https://www.suse.com/security/cve/CVE-2025-38079.html
* https://www.suse.com/security/cve/CVE-2025-38083.html
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232927
* https://bugzilla.suse.com/show_bug.cgi?id=1244631
* https://bugzilla.suse.com/show_bug.cgi?id=1245218
* https://bugzilla.suse.com/show_bug.cgi?id=1245350
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351
SUSE-SU-2025:02886-1: low: Security update for lua51-luajit
# Security update for lua51-luajit
Announcement ID: SUSE-SU-2025:02886-1
Release Date: 2025-08-19T07:08:40Z
Rating: low
References:
* bsc#1246077
* bsc#1246078
* bsc#1246079
Cross-References:
* CVE-2024-25176
* CVE-2024-25177
* CVE-2024-25178
CVSS scores:
* CVE-2024-25176 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2024-25176 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2024-25176 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-25177 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-25177 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-25177 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-25178 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-25178 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-25178 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected Products:
* openSUSE Leap 15.6
An update that solves three vulnerabilities can now be installed.
## Description:
This update for lua51-luajit fixes the following issues:
* CVE-2024-25176: Fixed stack-buffer-overflow in lj_strfmt_wfnum in
lj_strfmt_num.c (bsc#1246077)
* CVE-2024-25177: Fixed unsinking of IR_FSTORE for NULL metatable
(bsc#1246078)
* CVE-2024-25178: Fixed ut-of-bounds read in the stack-overflow handler in
lj_state.c (bsc#1246079)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2886=1
## Package List:
* openSUSE Leap 15.6 (aarch64 x86_64)
* lua51-luajit-devel-2.1.0~beta2-150000.3.3.1
* lua51-luajit-2.1.0~beta2-150000.3.3.1
* lua51-luajit-debuginfo-2.1.0~beta2-150000.3.3.1
* lua51-luajit-debugsource-2.1.0~beta2-150000.3.3.1
## References:
* https://www.suse.com/security/cve/CVE-2024-25176.html
* https://www.suse.com/security/cve/CVE-2024-25177.html
* https://www.suse.com/security/cve/CVE-2024-25178.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246077
* https://bugzilla.suse.com/show_bug.cgi?id=1246078
* https://bugzilla.suse.com/show_bug.cgi?id=1246079
SUSE-SU-2025:02876-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:02876-1
Release Date: 2025-08-19T06:04:10Z
Rating: important
References:
* bsc#1232927
* bsc#1245218
* bsc#1245350
* bsc#1247350
* bsc#1247351
Cross-References:
* CVE-2025-38079
* CVE-2025-38083
* CVE-2025-38494
* CVE-2025-38495
CVSS scores:
* CVE-2025-38079 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves four vulnerabilities and has one security fix can now be
installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_110 fixes several issues.
The following security issues were fixed:
* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
* CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept
(bsc#1245218).
* CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2876=1 SUSE-2025-2879=1 SUSE-2025-2880=1
SUSE-2025-2881=1 SUSE-2025-2882=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2876=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-2879=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2025-2880=1 SUSE-SLE-Module-Live-Patching-15-SP5-2025-2881=1
SUSE-SLE-Module-Live-Patching-15-SP5-2025-2882=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_94-default-5-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_24-debugsource-5-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_23-debugsource-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-5-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_22-debugsource-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_27-debugsource-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-5-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_94-default-5-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_24-debugsource-5-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_23-debugsource-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-5-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_22-debugsource-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_27-debugsource-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-5-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38079.html
* https://www.suse.com/security/cve/CVE-2025-38083.html
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232927
* https://bugzilla.suse.com/show_bug.cgi?id=1245218
* https://bugzilla.suse.com/show_bug.cgi?id=1245350
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351
SUSE-SU-2025:02859-1: important: Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)
# Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)
Announcement ID: SUSE-SU-2025:02859-1
Release Date: 2025-08-18T20:38:10Z
Rating: important
References:
* bsc#1244631
* bsc#1245218
* bsc#1245350
* bsc#1247350
* bsc#1247351
Cross-References:
* CVE-2024-36978
* CVE-2025-38079
* CVE-2025-38083
* CVE-2025-38494
* CVE-2025-38495
CVSS scores:
* CVE-2024-36978 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36978 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38079 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves five vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.3.18-150300_59_195 fixes several issues.
The following security issues were fixed:
* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
* CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept
(bsc#1245218).
* CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
* CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in
multiq_tune() (bsc#1244631).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2859=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2859=1
## Package List:
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_195-default-debuginfo-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-default-6-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_54-debugsource-6-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_195-preempt-debuginfo-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-preempt-6-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_195-default-6-150300.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-36978.html
* https://www.suse.com/security/cve/CVE-2025-38079.html
* https://www.suse.com/security/cve/CVE-2025-38083.html
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244631
* https://bugzilla.suse.com/show_bug.cgi?id=1245218
* https://bugzilla.suse.com/show_bug.cgi?id=1245350
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351
SUSE-SU-2025:02884-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:02884-1
Release Date: 2025-08-19T06:04:34Z
Rating: important
References:
* bsc#1232927
* bsc#1247350
* bsc#1247351
Cross-References:
* CVE-2025-38494
* CVE-2025-38495
CVSS scores:
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves two vulnerabilities and has one security fix can now be
installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_116 fixes several issues.
The following security issues were fixed:
* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2884=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2884=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_116-default-2-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_29-debugsource-2-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-2-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_116-default-2-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-2-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x)
* kernel-livepatch-SLE15-SP5_Update_29-debugsource-2-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232927
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351
SUSE-SU-2025:02883-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:02883-1
Release Date: 2025-08-19T06:04:22Z
Rating: important
References:
* bsc#1232927
* bsc#1245218
* bsc#1247350
* bsc#1247351
Cross-References:
* CVE-2025-38079
* CVE-2025-38494
* CVE-2025-38495
CVSS scores:
* CVE-2025-38079 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves three vulnerabilities and has one security fix can now be
installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_113 fixes several issues.
The following security issues were fixed:
* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
* CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept
(bsc#1245218).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2883=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2883=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-3-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-3-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38079.html
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232927
* https://bugzilla.suse.com/show_bug.cgi?id=1245218
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351
openSUSE-SU-2025:15457-1: moderate: apache2-mod_security2-2.9.12-1.1 on GA media
# apache2-mod_security2-2.9.12-1.1 on GA media
Announcement ID: openSUSE-SU-2025:15457-1
Rating: moderate
Cross-References:
* CVE-2025-54571
CVSS scores:
* CVE-2025-54571 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-54571 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the apache2-mod_security2-2.9.12-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* apache2-mod_security2 2.9.12-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-54571.html
openSUSE-SU-2025:15460-1: moderate: glibc-2.42-1.1 on GA media
# glibc-2.42-1.1 on GA media
Announcement ID: openSUSE-SU-2025:15460-1
Rating: moderate
Cross-References:
* CVE-2025-8058
CVSS scores:
* CVE-2025-8058 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H
* CVE-2025-8058 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the glibc-2.42-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* glibc 2.42-1.1
* glibc-devel 2.42-1.1
* glibc-devel-static 2.42-1.1
* glibc-extra 2.42-1.1
* glibc-gconv-modules-extra 2.42-1.1
* glibc-html 2.42-1.1
* glibc-i18ndata 2.42-1.1
* glibc-info 2.42-1.1
* glibc-lang 2.42-1.1
* glibc-locale 2.42-1.1
* glibc-locale-base 2.42-1.1
* glibc-profile 2.42-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-8058.html
openSUSE-SU-2025:15459-1: moderate: cflow-1.8-2.1 on GA media
# cflow-1.8-2.1 on GA media
Announcement ID: openSUSE-SU-2025:15459-1
Rating: moderate
Cross-References:
* CVE-2023-6031
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the cflow-1.8-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* cflow 1.8-2.1
## References:
* https://www.suse.com/security/cve/CVE-2023-6031.html
openSUSE-SU-2025:15458-1: moderate: cairo-devel-1.18.4-3.1 on GA media
# cairo-devel-1.18.4-3.1 on GA media
Announcement ID: openSUSE-SU-2025:15458-1
Rating: moderate
Cross-References:
* CVE-2025-50422
CVSS scores:
* CVE-2025-50422 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the cairo-devel-1.18.4-3.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* cairo-devel 1.18.4-3.1
* cairo-devel-32bit 1.18.4-3.1
* cairo-tools 1.18.4-3.1
* libcairo-gobject2 1.18.4-3.1
* libcairo-gobject2-32bit 1.18.4-3.1
* libcairo-script-interpreter2 1.18.4-3.1
* libcairo-script-interpreter2-32bit 1.18.4-3.1
* libcairo2 1.18.4-3.1
* libcairo2-32bit 1.18.4-3.1
## References:
* https://www.suse.com/security/cve/CVE-2025-50422.html
openSUSE-SU-2025:15461-1: moderate: openbao-2.3.2-1.1 on GA media
# openbao-2.3.2-1.1 on GA media
Announcement ID: openSUSE-SU-2025:15461-1
Rating: moderate
Cross-References:
* CVE-2025-54996
* CVE-2025-55000
* CVE-2025-55003
* CVE-2025-5999
* CVE-2025-6000
* CVE-2025-6004
* CVE-2025-6010
* CVE-2025-6011
* CVE-2025-6013
* CVE-2025-6014
* CVE-2025-6015
CVSS scores:
* CVE-2025-6000 ( SUSE ): 8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-6000 ( SUSE ): 5.5 CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
* CVE-2025-6013 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-6013 ( SUSE ): 7.4 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 11 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the openbao-2.3.2-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* openbao 2.3.2-1.1
* openbao-agent 2.3.2-1.1
* openbao-cassandra-database-plugin 2.3.2-1.1
* openbao-influxdb-database-plugin 2.3.2-1.1
* openbao-mysql-database-plugin 2.3.2-1.1
* openbao-mysql-legacy-database-plugin 2.3.2-1.1
* openbao-postgresql-database-plugin 2.3.2-1.1
* openbao-server 2.3.2-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-54996.html
* https://www.suse.com/security/cve/CVE-2025-55000.html
* https://www.suse.com/security/cve/CVE-2025-55003.html
* https://www.suse.com/security/cve/CVE-2025-5999.html
* https://www.suse.com/security/cve/CVE-2025-6000.html
* https://www.suse.com/security/cve/CVE-2025-6004.html
* https://www.suse.com/security/cve/CVE-2025-6010.html
* https://www.suse.com/security/cve/CVE-2025-6011.html
* https://www.suse.com/security/cve/CVE-2025-6013.html
* https://www.suse.com/security/cve/CVE-2025-6014.html
* https://www.suse.com/security/cve/CVE-2025-6015.html
SUSE-SU-2025:02922-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:02922-1
Release Date: 2025-08-19T19:33:29Z
Rating: important
References:
* bsc#1244337
* bsc#1247350
* bsc#1247351
Cross-References:
* CVE-2025-38494
* CVE-2025-38495
CVSS scores:
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves two vulnerabilities and has one security fix can now be
installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_60 fixes several issues.
The following security issues were fixed:
* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2922=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2922=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_60-default-2-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_13-debugsource-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-2-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_60-default-2-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_13-debugsource-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-2-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244337
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351
