Govulncheck-Vulndb, Kernel, Python, DjVuLibre, Grub updates for SUSE

SUSE 5495 Published by

SUSE Linux has released several security updates, including a moderate update for govulncheck-vulndb, an important update for the Linux Kernel (Live Patch 50 for SLE 15 SP3), a significant update for Python, DjVuLibre, and Grub2:

SUSE-SU-2025:02702-1: moderate: Security update for govulncheck-vulndb
SUSE-SU-2025:02697-1: important: Security update for the Linux Kernel (Live Patch 50 for SLE 15 SP3)
SUSE-SU-2025:02698-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP5)
SUSE-SU-2025:02700-1: moderate: Security update for python39
SUSE-SU-2025:02703-1: moderate: Security update for djvulibre
SUSE-SU-2025:02701-1: moderate: Security update for python
SUSE-SU-2025:02705-1: moderate: Security update for grub2
SUSE-SU-2025:02706-1: moderate: Security update for grub2
SUSE-SU-2025:02704-1: important: Security update for the Linux Kernel (Live Patch 58 for SLE 15 SP3)
SUSE-SU-2025:02699-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)
SUSE-SU-2025:02707-1: important: Security update for the Linux Kernel (Live Patch 59 for SLE 15 SP3)
SUSE-SU-2025:02708-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP4)
SUSE-SU-2025:02688-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)
SUSE-SU-2025:02693-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP6)
SUSE-SU-2025:02689-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)
SUSE-SU-2025:02691-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP6)
SUSE-SU-2025:02710-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP6)
openSUSE-SU-2025:15409-1: moderate: python313-3.13.5-4.1 on GA media
openSUSE-SU-2025:15406-1: moderate: kubeshark-cli-52.8.0-1.1 on GA media



SUSE-SU-2025:02702-1: moderate: Security update for govulncheck-vulndb


# Security update for govulncheck-vulndb

Announcement ID: SUSE-SU-2025:02702-1
Release Date: 2025-08-05T09:32:34Z
Rating: moderate
References:

* jsc#PED-11136

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that contains one feature can now be installed.

## Description:

This update for govulncheck-vulndb fixes the following issues:

* Update to version 0.0.20250730T213748 2025-07-30T21:37:48Z. (jsc#PED-11136)
* GO-2025-3758 GHSA-rx97-6c62-55mf
* GO-2025-3762 GHSA-g8qw-mgjx-rwjr
* GO-2025-3763 GHSA-8cqv-pj7f-pwpc
* GO-2025-3764 GHSA-6xp3-p59p-q4fj
* GO-2025-3765 GHSA-h4h6-vccr-44h2
* GO-2025-3766 GHSA-crvv-6w6h-cv34
* GO-2025-3767 GHSA-2hcm-q3f4-fjgw
* GO-2025-3768 GHSA-gpfc-mph4-qm24
* GO-2025-3769 GHSA-qh58-9v3j-wcjc
* GO-2025-3770 GHSA-vrw8-fxc6-2r93
* GO-2025-3771 GHSA-4578-6gjh-f2jm
* GO-2025-3772 GHSA-qwwm-c582-82rx
* GO-2025-3773 GHSA-w6p4-84vc-qc2w
* GO-2025-3774 GHSA-hj2p-8wj8-pfq4
* GO-2025-3776 GHSA-wj44-9vcg-wjq7
* GO-2025-3777 GHSA-65gg-3w2w-hr4h
* GO-2025-3778 GHSA-xh32-cx6c-cp4v
* GO-2025-3779 GHSA-h3qp-hwvr-9xcq
* GO-2025-3780 GHSA-8f5r-8cmq-7fmq
* GO-2025-3781 GHSA-9q7c-qmhm-jv86
* GO-2025-3782 GHSA-p7fw-vjjm-2rwp
* GO-2025-3783 GHSA-prpj-rchp-9j5h
* GO-2025-3784 GHSA-4wx8-5gm2-2j97
* GO-2025-3785 GHSA-jj2r-455p-5gvf
* GO-2025-3786 GHSA-3q2w-42mv-cph4
* GO-2025-3787 GHSA-fv92-fjc5-jj9h
* GO-2025-3788 GHSA-fhc2-8qx8-6vj7
* GO-2025-3789 GHSA-6hwc-9h8r-3vmf
* GO-2025-3790 GHSA-3v48-283x-f2w4
* GO-2025-3791 GHSA-56j4-446m-qrf6
* GO-2025-3792 GHSA-cm2r-rg7r-p7gg
* GO-2025-3793 GHSA-hc8f-m8g5-8362
* GO-2025-3794 GHSA-rmwh-g367-mj4x
* GO-2025-3795 GHSA-w7qc-6grj-w7r8
* GO-2025-3796 GHSA-v8fr-vxmw-6mf6
* GO-2025-3797 GHSA-wgvp-jj4w-88hf
* GO-2025-3798 GHSA-h34r-jxqm-qgpr
* GO-2025-3799 GHSA-fv2p-qj5p-wqq4
* GO-2025-3800 GHSA-gj54-gwj9-x2c6
* GO-2025-3801 GHSA-rj53-j6jw-7f7g
* GO-2025-3802 GHSA-557j-xg8c-q2mm
* GO-2025-3803 GHSA-p22h-3m2v-cmgh
* GO-2025-3804 GHSA-24ch-w38v-xmh8
* GO-2025-3805 GHSA-4vc8-wvhw-m5gv
* GO-2025-3806 GHSA-r64v-82fh-xc63
* GO-2025-3807 GHSA-phhq-63jg-fp7r
* GO-2025-3808 GHSA-3gv2-v3jx-r9fh
* GO-2025-3809 GHSA-ggmv-j932-q89q
* GO-2025-3810 GHSA-r7fm-3pqm-ww5w
* GO-2025-3811 GHSA-7xqm-7738-642x
* GO-2025-3812 GHSA-7xwp-2cpp-p8r7
* GO-2025-3814 GHSA-46m5-8hpj-p5p5
* GO-2025-3815 GHSA-5662-cv6m-63wh
* GO-2025-3816 GHSA-x6ph-r535-3vjw
* GO-2025-3817 GHSA-vqph-p5vc-g644
* GO-2025-3818 GHSA-4fwj-8595-wp25
* GO-2025-3819 GHSA-7h34-9chr-58qh
* GO-2025-3820 GHSA-wvw2-3jh4-4c39
* GO-2025-3823 GHSA-r5p3-955p-5ggq
* GO-2025-3824 GHSA-x9hg-5q6g-q3jr
* GO-2025-3825 GHSA-f9vc-vf3r-pqqq
* GO-2025-3826 GHSA-h27m-3qw8-3pw8
* GO-2025-3827 GHSA-526j-mv3p-f4vv
* GO-2025-3828

* Update to version 0.0.20250616T200841 2025-06-16T20:08:41Z. (jsc#PED-11136)

* GO-2025-3749

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2702=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2702=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* govulncheck-vulndb-0.0.20250730T213748-150000.1.92.1
* SUSE Package Hub 15 15-SP6 (noarch)
* govulncheck-vulndb-0.0.20250730T213748-150000.1.92.1

## References:

* https://jira.suse.com/browse/PED-11136



SUSE-SU-2025:02697-1: important: Security update for the Linux Kernel (Live Patch 50 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 50 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:02697-1
Release Date: 2025-08-05T09:04:38Z
Rating: important
References:

* bsc#1235250
* bsc#1245776
* bsc#1245793
* bsc#1245797

Cross-References:

* CVE-2024-56664
* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2024-56664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_182 fixes several issues.

The following security issues were fixed:

* CVE-2024-56664: bpf, sockmap: Fix race between element replace and close()
(bsc#1235250).
* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2697=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2697=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_182-default-11-150300.2.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_182-default-debuginfo-11-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_50-debugsource-11-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-default-11-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_182-preempt-11-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-preempt-debuginfo-11-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-56664.html
* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235250
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797



SUSE-SU-2025:02698-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP5)


# Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:02698-1
Release Date: 2025-08-05T09:04:48Z
Rating: important
References:

* bsc#1235250
* bsc#1245776
* bsc#1245793
* bsc#1245797
* bsc#1245804

Cross-References:

* CVE-2024-53125
* CVE-2024-56664
* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2024-53125 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_88 fixes several issues.

The following security issues were fixed:

* CVE-2024-56664: bpf, sockmap: Fix race between element replace and close()
(bsc#1235250).
* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def
(bsc#1245804).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2698=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2698=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_21-debugsource-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-8-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_21-debugsource-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-8-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-53125.html
* https://www.suse.com/security/cve/CVE-2024-56664.html
* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235250
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797
* https://bugzilla.suse.com/show_bug.cgi?id=1245804



SUSE-SU-2025:02700-1: moderate: Security update for python39


# Security update for python39

Announcement ID: SUSE-SU-2025:02700-1
Release Date: 2025-08-05T09:31:42Z
Rating: moderate
References:

* bsc#1247249

Cross-References:

* CVE-2025-8194

CVSS scores:

* CVE-2025-8194 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-8194 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-8194 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* openSUSE Leap 15.6

An update that solves one vulnerability can now be installed.

## Description:

This update for python39 fixes the following issues:

* CVE-2025-8194: Fixed denial of service caused by tar archives with negative
offsets (bsc#1247249).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2700=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2700=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python39-debuginfo-3.9.23-150300.4.81.1
* python39-tk-3.9.23-150300.4.81.1
* python39-doc-3.9.23-150300.4.81.1
* libpython3_9-1_0-3.9.23-150300.4.81.1
* python39-devel-3.9.23-150300.4.81.1
* python39-3.9.23-150300.4.81.1
* python39-doc-devhelp-3.9.23-150300.4.81.1
* python39-tk-debuginfo-3.9.23-150300.4.81.1
* python39-core-debugsource-3.9.23-150300.4.81.1
* python39-curses-debuginfo-3.9.23-150300.4.81.1
* python39-base-debuginfo-3.9.23-150300.4.81.1
* python39-base-3.9.23-150300.4.81.1
* python39-testsuite-debuginfo-3.9.23-150300.4.81.1
* python39-testsuite-3.9.23-150300.4.81.1
* python39-tools-3.9.23-150300.4.81.1
* python39-debugsource-3.9.23-150300.4.81.1
* python39-curses-3.9.23-150300.4.81.1
* libpython3_9-1_0-debuginfo-3.9.23-150300.4.81.1
* python39-dbm-3.9.23-150300.4.81.1
* python39-idle-3.9.23-150300.4.81.1
* python39-dbm-debuginfo-3.9.23-150300.4.81.1
* openSUSE Leap 15.6 (x86_64)
* python39-base-32bit-debuginfo-3.9.23-150300.4.81.1
* libpython3_9-1_0-32bit-debuginfo-3.9.23-150300.4.81.1
* python39-base-32bit-3.9.23-150300.4.81.1
* libpython3_9-1_0-32bit-3.9.23-150300.4.81.1
* python39-32bit-3.9.23-150300.4.81.1
* python39-32bit-debuginfo-3.9.23-150300.4.81.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* python39-debuginfo-3.9.23-150300.4.81.1
* python39-tk-3.9.23-150300.4.81.1
* python39-doc-3.9.23-150300.4.81.1
* libpython3_9-1_0-3.9.23-150300.4.81.1
* python39-devel-3.9.23-150300.4.81.1
* python39-3.9.23-150300.4.81.1
* python39-tk-debuginfo-3.9.23-150300.4.81.1
* python39-doc-devhelp-3.9.23-150300.4.81.1
* python39-core-debugsource-3.9.23-150300.4.81.1
* python39-curses-debuginfo-3.9.23-150300.4.81.1
* python39-base-debuginfo-3.9.23-150300.4.81.1
* python39-base-3.9.23-150300.4.81.1
* python39-testsuite-debuginfo-3.9.23-150300.4.81.1
* python39-testsuite-3.9.23-150300.4.81.1
* python39-tools-3.9.23-150300.4.81.1
* python39-debugsource-3.9.23-150300.4.81.1
* python39-curses-3.9.23-150300.4.81.1
* libpython3_9-1_0-debuginfo-3.9.23-150300.4.81.1
* python39-dbm-3.9.23-150300.4.81.1
* python39-idle-3.9.23-150300.4.81.1
* python39-dbm-debuginfo-3.9.23-150300.4.81.1
* openSUSE Leap 15.3 (x86_64)
* python39-base-32bit-debuginfo-3.9.23-150300.4.81.1
* libpython3_9-1_0-32bit-debuginfo-3.9.23-150300.4.81.1
* python39-base-32bit-3.9.23-150300.4.81.1
* libpython3_9-1_0-32bit-3.9.23-150300.4.81.1
* python39-32bit-3.9.23-150300.4.81.1
* python39-32bit-debuginfo-3.9.23-150300.4.81.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* python39-64bit-3.9.23-150300.4.81.1
* python39-64bit-debuginfo-3.9.23-150300.4.81.1
* libpython3_9-1_0-64bit-3.9.23-150300.4.81.1
* python39-base-64bit-debuginfo-3.9.23-150300.4.81.1
* libpython3_9-1_0-64bit-debuginfo-3.9.23-150300.4.81.1
* python39-base-64bit-3.9.23-150300.4.81.1

## References:

* https://www.suse.com/security/cve/CVE-2025-8194.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247249



SUSE-SU-2025:02703-1: moderate: Security update for djvulibre


# Security update for djvulibre

Announcement ID: SUSE-SU-2025:02703-1
Release Date: 2025-08-05T09:33:28Z
Rating: moderate
References:

* bsc#1245773

Cross-References:

* CVE-2025-53367

CVSS scores:

* CVE-2025-53367 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-53367 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2025-53367 ( NVD ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* Desktop Applications Module 15-SP6
* Desktop Applications Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for djvulibre fixes the following issues:

* CVE-2025-53367: Fixed a bug where a crafted document may lead to an out of
bound write. (bsc#1245773)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-2703=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2703=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2703=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2703=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-2703=1

## Package List:

* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* djvulibre-debuginfo-3.5.27-150200.11.17.1
* libdjvulibre21-3.5.27-150200.11.17.1
* djvulibre-debugsource-3.5.27-150200.11.17.1
* libdjvulibre-devel-3.5.27-150200.11.17.1
* libdjvulibre21-debuginfo-3.5.27-150200.11.17.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* djvulibre-debuginfo-3.5.27-150200.11.17.1
* djvulibre-3.5.27-150200.11.17.1
* djvulibre-debugsource-3.5.27-150200.11.17.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* djvulibre-debuginfo-3.5.27-150200.11.17.1
* djvulibre-3.5.27-150200.11.17.1
* djvulibre-debugsource-3.5.27-150200.11.17.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* djvulibre-debuginfo-3.5.27-150200.11.17.1
* libdjvulibre21-3.5.27-150200.11.17.1
* djvulibre-debugsource-3.5.27-150200.11.17.1
* libdjvulibre-devel-3.5.27-150200.11.17.1
* djvulibre-3.5.27-150200.11.17.1
* libdjvulibre21-debuginfo-3.5.27-150200.11.17.1
* openSUSE Leap 15.6 (noarch)
* djvulibre-doc-3.5.27-150200.11.17.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* djvulibre-debuginfo-3.5.27-150200.11.17.1
* libdjvulibre21-3.5.27-150200.11.17.1
* djvulibre-debugsource-3.5.27-150200.11.17.1
* libdjvulibre-devel-3.5.27-150200.11.17.1
* libdjvulibre21-debuginfo-3.5.27-150200.11.17.1

## References:

* https://www.suse.com/security/cve/CVE-2025-53367.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245773



SUSE-SU-2025:02701-1: moderate: Security update for python


# Security update for python

Announcement ID: SUSE-SU-2025:02701-1
Release Date: 2025-08-05T09:32:17Z
Rating: moderate
References:

* bsc#1247249

Cross-References:

* CVE-2025-8194

CVSS scores:

* CVE-2025-8194 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-8194 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-8194 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for python fixes the following issues:

* CVE-2025-8194: Fixed denial of service caused by tar archives with negative
offsets (bsc#1247249).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2701=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2701=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2701=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python-curses-2.7.18-150000.83.1
* python-2.7.18-150000.83.1
* python-xml-debuginfo-2.7.18-150000.83.1
* python-demo-2.7.18-150000.83.1
* python-base-debuginfo-2.7.18-150000.83.1
* python-debuginfo-2.7.18-150000.83.1
* python-gdbm-2.7.18-150000.83.1
* python-curses-debuginfo-2.7.18-150000.83.1
* python-gdbm-debuginfo-2.7.18-150000.83.1
* python-debugsource-2.7.18-150000.83.1
* python-tk-debuginfo-2.7.18-150000.83.1
* python-tk-2.7.18-150000.83.1
* libpython2_7-1_0-debuginfo-2.7.18-150000.83.1
* python-idle-2.7.18-150000.83.1
* libpython2_7-1_0-2.7.18-150000.83.1
* python-base-debugsource-2.7.18-150000.83.1
* python-xml-2.7.18-150000.83.1
* python-devel-2.7.18-150000.83.1
* python-base-2.7.18-150000.83.1
* openSUSE Leap 15.6 (x86_64)
* python-base-32bit-2.7.18-150000.83.1
* libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.83.1
* python-32bit-debuginfo-2.7.18-150000.83.1
* python-base-32bit-debuginfo-2.7.18-150000.83.1
* python-32bit-2.7.18-150000.83.1
* libpython2_7-1_0-32bit-2.7.18-150000.83.1
* openSUSE Leap 15.6 (noarch)
* python-doc-pdf-2.7.18-150000.83.1
* python-doc-2.7.18-150000.83.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* python-curses-2.7.18-150000.83.1
* python-2.7.18-150000.83.1
* python-xml-debuginfo-2.7.18-150000.83.1
* python-base-debuginfo-2.7.18-150000.83.1
* python-debuginfo-2.7.18-150000.83.1
* python-gdbm-2.7.18-150000.83.1
* python-curses-debuginfo-2.7.18-150000.83.1
* python-gdbm-debuginfo-2.7.18-150000.83.1
* python-debugsource-2.7.18-150000.83.1
* libpython2_7-1_0-debuginfo-2.7.18-150000.83.1
* libpython2_7-1_0-2.7.18-150000.83.1
* python-base-debugsource-2.7.18-150000.83.1
* python-xml-2.7.18-150000.83.1
* python-base-2.7.18-150000.83.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* python-curses-2.7.18-150000.83.1
* python-2.7.18-150000.83.1
* python-xml-debuginfo-2.7.18-150000.83.1
* python-base-debuginfo-2.7.18-150000.83.1
* python-debuginfo-2.7.18-150000.83.1
* python-gdbm-2.7.18-150000.83.1
* python-curses-debuginfo-2.7.18-150000.83.1
* python-gdbm-debuginfo-2.7.18-150000.83.1
* python-debugsource-2.7.18-150000.83.1
* libpython2_7-1_0-debuginfo-2.7.18-150000.83.1
* libpython2_7-1_0-2.7.18-150000.83.1
* python-base-debugsource-2.7.18-150000.83.1
* python-xml-2.7.18-150000.83.1
* python-base-2.7.18-150000.83.1

## References:

* https://www.suse.com/security/cve/CVE-2025-8194.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247249



SUSE-SU-2025:02705-1: moderate: Security update for grub2


# Security update for grub2

Announcement ID: SUSE-SU-2025:02705-1
Release Date: 2025-08-05T10:08:15Z
Rating: moderate
References:

* bsc#1234959

Cross-References:

* CVE-2024-56738

CVSS scores:

* CVE-2024-56738 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-56738 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-56738 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2

An update that solves one vulnerability can now be installed.

## Description:

This update for grub2 fixes the following issues:

* CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm
in grub_crypto_memcmp (bsc#1234959)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2705=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2705=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2705=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* grub2-2.04-150300.22.58.1
* grub2-debuginfo-2.04-150300.22.58.1
* grub2-branding-upstream-2.04-150300.22.58.1
* openSUSE Leap 15.3 (aarch64 s390x x86_64 i586)
* grub2-debugsource-2.04-150300.22.58.1
* openSUSE Leap 15.3 (noarch)
* grub2-i386-pc-2.04-150300.22.58.1
* grub2-snapper-plugin-2.04-150300.22.58.1
* grub2-powerpc-ieee1275-debug-2.04-150300.22.58.1
* grub2-i386-pc-debug-2.04-150300.22.58.1
* grub2-arm64-efi-extras-2.04-150300.22.58.1
* grub2-x86_64-xen-extras-2.04-150300.22.58.1
* grub2-i386-xen-2.04-150300.22.58.1
* grub2-i386-efi-debug-2.04-150300.22.58.1
* grub2-s390x-emu-extras-2.04-150300.22.58.1
* grub2-i386-efi-2.04-150300.22.58.1
* grub2-x86_64-xen-2.04-150300.22.58.1
* grub2-powerpc-ieee1275-extras-2.04-150300.22.58.1
* grub2-x86_64-efi-2.04-150300.22.58.1
* grub2-i386-efi-extras-2.04-150300.22.58.1
* grub2-arm64-efi-2.04-150300.22.58.1
* grub2-systemd-sleep-plugin-2.04-150300.22.58.1
* grub2-arm64-efi-debug-2.04-150300.22.58.1
* grub2-i386-pc-extras-2.04-150300.22.58.1
* grub2-powerpc-ieee1275-2.04-150300.22.58.1
* grub2-i386-xen-extras-2.04-150300.22.58.1
* grub2-x86_64-efi-extras-2.04-150300.22.58.1
* grub2-x86_64-efi-debug-2.04-150300.22.58.1
* openSUSE Leap 15.3 (s390x)
* grub2-s390x-emu-debug-2.04-150300.22.58.1
* grub2-s390x-emu-2.04-150300.22.58.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* grub2-debugsource-2.04-150300.22.58.1
* grub2-2.04-150300.22.58.1
* grub2-debuginfo-2.04-150300.22.58.1
* SUSE Linux Enterprise Micro 5.2 (noarch)
* grub2-i386-pc-2.04-150300.22.58.1
* grub2-x86_64-xen-2.04-150300.22.58.1
* grub2-snapper-plugin-2.04-150300.22.58.1
* grub2-x86_64-efi-2.04-150300.22.58.1
* grub2-arm64-efi-2.04-150300.22.58.1
* SUSE Linux Enterprise Micro 5.2 (s390x)
* grub2-s390x-emu-2.04-150300.22.58.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* grub2-debugsource-2.04-150300.22.58.1
* grub2-2.04-150300.22.58.1
* grub2-debuginfo-2.04-150300.22.58.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (noarch)
* grub2-i386-pc-2.04-150300.22.58.1
* grub2-x86_64-xen-2.04-150300.22.58.1
* grub2-snapper-plugin-2.04-150300.22.58.1
* grub2-x86_64-efi-2.04-150300.22.58.1
* grub2-arm64-efi-2.04-150300.22.58.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (s390x)
* grub2-s390x-emu-2.04-150300.22.58.1

## References:

* https://www.suse.com/security/cve/CVE-2024-56738.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234959



SUSE-SU-2025:02706-1: moderate: Security update for grub2


# Security update for grub2

Announcement ID: SUSE-SU-2025:02706-1
Release Date: 2025-08-05T10:08:33Z
Rating: moderate
References:

* bsc#1234959

Cross-References:

* CVE-2024-56738

CVSS scores:

* CVE-2024-56738 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-56738 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-56738 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise Micro 5.5

An update that solves one vulnerability can now be installed.

## Description:

This update for grub2 fixes the following issues:

* CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm
in grub_crypto_memcmp (bsc#1234959)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2706=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-2706=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* grub2-branding-upstream-2.06-150500.29.53.1
* grub2-2.06-150500.29.53.1
* grub2-debuginfo-2.06-150500.29.53.1
* openSUSE Leap 15.5 (aarch64 s390x x86_64 i586)
* grub2-debugsource-2.06-150500.29.53.1
* openSUSE Leap 15.5 (noarch)
* grub2-x86_64-xen-extras-2.06-150500.29.53.1
* grub2-arm64-efi-extras-2.06-150500.29.53.1
* grub2-i386-pc-2.06-150500.29.53.1
* grub2-x86_64-xen-2.06-150500.29.53.1
* grub2-x86_64-efi-2.06-150500.29.53.1
* grub2-x86_64-xen-debug-2.06-150500.29.53.1
* grub2-s390x-emu-extras-2.06-150500.29.53.1
* grub2-x86_64-efi-extras-2.06-150500.29.53.1
* grub2-powerpc-ieee1275-2.06-150500.29.53.1
* grub2-i386-efi-2.06-150500.29.53.1
* grub2-snapper-plugin-2.06-150500.29.53.1
* grub2-powerpc-ieee1275-extras-2.06-150500.29.53.1
* grub2-i386-pc-debug-2.06-150500.29.53.1
* grub2-systemd-sleep-plugin-2.06-150500.29.53.1
* grub2-i386-efi-debug-2.06-150500.29.53.1
* grub2-i386-pc-extras-2.06-150500.29.53.1
* grub2-i386-xen-2.06-150500.29.53.1
* grub2-i386-xen-extras-2.06-150500.29.53.1
* grub2-i386-xen-debug-2.06-150500.29.53.1
* grub2-x86_64-efi-debug-2.06-150500.29.53.1
* grub2-i386-efi-extras-2.06-150500.29.53.1
* grub2-arm64-efi-debug-2.06-150500.29.53.1
* grub2-arm64-efi-2.06-150500.29.53.1
* grub2-powerpc-ieee1275-debug-2.06-150500.29.53.1
* openSUSE Leap 15.5 (s390x)
* grub2-s390x-emu-debug-2.06-150500.29.53.1
* grub2-s390x-emu-2.06-150500.29.53.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* grub2-2.06-150500.29.53.1
* grub2-debuginfo-2.06-150500.29.53.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* grub2-x86_64-efi-2.06-150500.29.53.1
* grub2-powerpc-ieee1275-2.06-150500.29.53.1
* grub2-snapper-plugin-2.06-150500.29.53.1
* grub2-i386-pc-2.06-150500.29.53.1
* grub2-arm64-efi-2.06-150500.29.53.1
* grub2-x86_64-xen-2.06-150500.29.53.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* grub2-debugsource-2.06-150500.29.53.1
* SUSE Linux Enterprise Micro 5.5 (s390x)
* grub2-s390x-emu-2.06-150500.29.53.1

## References:

* https://www.suse.com/security/cve/CVE-2024-56738.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234959



SUSE-SU-2025:02704-1: important: Security update for the Linux Kernel (Live Patch 58 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 58 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:02704-1
Release Date: 2025-08-05T10:04:26Z
Rating: important
References:

* bsc#1245776
* bsc#1245793
* bsc#1245797

Cross-References:

* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_207 fixes several issues.

The following security issues were fixed:

* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2704=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2704=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_207-default-2-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-default-debuginfo-2-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_58-debugsource-2-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_207-preempt-debuginfo-2-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-preempt-2-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_207-default-2-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-default-debuginfo-2-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_58-debugsource-2-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797



SUSE-SU-2025:02699-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:02699-1
Release Date: 2025-08-05T09:04:57Z
Rating: important
References:

* bsc#1244337
* bsc#1245776

Cross-References:

* CVE-2025-37752

CVSS scores:

* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_53 fixes several issues.

The following security issue was fixed:

* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2699=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2699=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_53-default-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-2-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-2-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_53-default-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-2-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-2-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244337
* https://bugzilla.suse.com/show_bug.cgi?id=1245776



SUSE-SU-2025:02707-1: important: Security update for the Linux Kernel (Live Patch 59 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 59 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:02707-1
Release Date: 2025-08-05T10:34:35Z
Rating: important
References:

* bsc#1245793

Cross-References:

* CVE-2025-37797

CVSS scores:

* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves one vulnerability can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_211 fixes one issue.

The following security issue was fixed:

* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2707=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2707=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_59-debugsource-2-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-default-2-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-default-debuginfo-2-150300.2.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_59-debugsource-2-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-default-2-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-default-debuginfo-2-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_211-preempt-2-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-preempt-debuginfo-2-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245793



SUSE-SU-2025:02708-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:02708-1
Release Date: 2025-08-05T11:34:16Z
Rating: important
References:

* bsc#1245776
* bsc#1245793
* bsc#1245797
* bsc#1245804

Cross-References:

* CVE-2024-53125
* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2024-53125 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_167 fixes several issues.

The following security issues were fixed:

* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def
(bsc#1245804).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2708=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-2708=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-2-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-2-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-2-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-2-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-53125.html
* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797
* https://bugzilla.suse.com/show_bug.cgi?id=1245804



SUSE-SU-2025:02688-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:02688-1
Release Date: 2025-08-05T05:34:32Z
Rating: important
References:

* bsc#1235250
* bsc#1245776
* bsc#1245793
* bsc#1245797
* bsc#1245804

Cross-References:

* CVE-2024-53125
* CVE-2024-56664
* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2024-53125 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_30 fixes several issues.

The following security issues were fixed:

* CVE-2024-56664: bpf, sockmap: Fix race between element replace and close()
(bsc#1235250).
* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def
(bsc#1245804).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2688=1 SUSE-2025-2690=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2688=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-2690=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_30-default-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-9-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_4-debugsource-14-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-14-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_6-debugsource-9-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_30-default-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-9-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_4-debugsource-14-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-14-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_6-debugsource-9-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-53125.html
* https://www.suse.com/security/cve/CVE-2024-56664.html
* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235250
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797
* https://bugzilla.suse.com/show_bug.cgi?id=1245804



SUSE-SU-2025:02693-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:02693-1
Release Date: 2025-08-05T07:34:43Z
Rating: important
References:

* bsc#1244337
* bsc#1245776
* bsc#1245793
* bsc#1245797

Cross-References:

* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_50 fixes several issues.

The following security issues were fixed:

* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2693=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2693=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_50-default-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-2-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-2-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_50-default-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-2-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-2-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244337
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797



SUSE-SU-2025:02689-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:02689-1
Release Date: 2025-08-05T07:34:36Z
Rating: important
References:

* bsc#1245776
* bsc#1245793
* bsc#1245797

Cross-References:

* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_42 fixes several issues.

The following security issues were fixed:

* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2692=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-2689=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2689=1 SUSE-2025-2692=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_8-debugsource-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_38-default-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_9-debugsource-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_38-default-debuginfo-4-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_8-debugsource-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_38-default-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_9-debugsource-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_38-default-debuginfo-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-4-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797



SUSE-SU-2025:02691-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:02691-1
Release Date: 2025-08-05T06:33:59Z
Rating: important
References:

* bsc#1228645
* bsc#1235250
* bsc#1245771
* bsc#1245776
* bsc#1245793
* bsc#1245797
* bsc#1245804

Cross-References:

* CVE-2024-26809
* CVE-2024-41069
* CVE-2024-53125
* CVE-2024-56664
* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2024-26809 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26809 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-41069 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41069 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53125 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_14 fixes several issues.

The following security issues were fixed:

* CVE-2024-56664: bpf, sockmap: Fix race between element replace and close()
(bsc#1235250).
* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def
(bsc#1245804).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).
* CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228645).
* CVE-2024-26809: netfilter: nft_set_pipapo: release elements in clone only
from destroy path (bsc#1245771).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2691=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2691=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_2-debugsource-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_14-default-18-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_2-debugsource-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_14-default-18-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-26809.html
* https://www.suse.com/security/cve/CVE-2024-41069.html
* https://www.suse.com/security/cve/CVE-2024-53125.html
* https://www.suse.com/security/cve/CVE-2024-56664.html
* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1228645
* https://bugzilla.suse.com/show_bug.cgi?id=1235250
* https://bugzilla.suse.com/show_bug.cgi?id=1245771
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797
* https://bugzilla.suse.com/show_bug.cgi?id=1245804



SUSE-SU-2025:02710-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:02710-1
Release Date: 2025-08-05T15:04:52Z
Rating: important
References:

* bsc#1245776
* bsc#1245793
* bsc#1245797

Cross-References:

* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_47 fixes several issues.

The following security issues were fixed:

* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2710=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2710=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_10-debugsource-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-3-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_10-debugsource-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-3-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797



openSUSE-SU-2025:15409-1: moderate: python313-3.13.5-4.1 on GA media


# python313-3.13.5-4.1 on GA media

Announcement ID: openSUSE-SU-2025:15409-1
Rating: moderate

Cross-References:

* CVE-2025-8194

CVSS scores:

* CVE-2025-8194 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-8194 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python313-3.13.5-4.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python313 3.13.5-4.1
* python313-32bit 3.13.5-4.1
* python313-curses 3.13.5-4.1
* python313-dbm 3.13.5-4.1
* python313-idle 3.13.5-4.1
* python313-tk 3.13.5-4.1
* python313-x86-64-v3 3.13.5-4.1

## References:

* https://www.suse.com/security/cve/CVE-2025-8194.html



openSUSE-SU-2025:15406-1: moderate: kubeshark-cli-52.8.0-1.1 on GA media


# kubeshark-cli-52.8.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15406-1
Rating: moderate

Cross-References:

* CVE-2025-53547

CVSS scores:

* CVE-2025-53547 ( SUSE ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H
* CVE-2025-53547 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the kubeshark-cli-52.8.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* kubeshark-cli 52.8.0-1.1
* kubeshark-cli-bash-completion 52.8.0-1.1
* kubeshark-cli-fish-completion 52.8.0-1.1
* kubeshark-cli-zsh-completion 52.8.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-53547.html


GDK-Pixbuf2, Python3-Setuptools, Kernel, and more updates for Oracle Linux

Linux kernel updates for Ubuntu

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...