Grub2, Chromium, Firefox, and more updates for SUSE

SUSE 5507 Published by

There are multiple security updates available for SUSE Linux, addressing various vulnerabilities in different packages. The affected packages include grub2, chromium, libxslt, Mozilla Firefox, postgres-scram, runc, alloy, poppler, openexr, expat, samba, and several others. Some of the updates are classified as moderate or important, while one is critical for Samba.

SUSE-SU-2025:4152-1: moderate: Security update for grub2
openSUSE-SU-2025-20076-1: important: Security update for chromium
openSUSE-SU-2025-20050-1: important: Security update for libxslt
openSUSE-SU-2025-20065-1: important: Security update for MozillaFirefox
openSUSE-SU-2025-20059-1: important: Security update for ongres-scram
openSUSE-SU-2025-20072-1: important: Security update for runc
openSUSE-SU-2025-20073-1: moderate: Security update for alloy
openSUSE-SU-2025-20068-1: important: Security update for poppler
openSUSE-SU-2025-20056-1: moderate: Security update for openexr
openSUSE-SU-2025-20055-1: important: Security update for expat
openSUSE-SU-2025-20048-1: critical: Security update for samba
SUSE-SU-2025:4156-1: important: Security update for podman
SUSE-SU-2025:4159-1: important: Security update for tomcat
SUSE-SU-2025:4157-1: important: Security update for podman
SUSE-SU-2025:4158-1: moderate: Security update for cups-filters




SUSE-SU-2025:4152-1: moderate: Security update for grub2


# Security update for grub2

Announcement ID: SUSE-SU-2025:4152-1
Release Date: 2025-11-21T09:10:40Z
Rating: moderate
References:

* bsc#1252931
* bsc#1252932
* bsc#1252933
* bsc#1252934
* bsc#1252935

Cross-References:

* CVE-2025-54771
* CVE-2025-61661
* CVE-2025-61662
* CVE-2025-61663
* CVE-2025-61664

CVSS scores:

* CVE-2025-54771 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-54771 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-54771 ( NVD ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-61661 ( SUSE ): 4.3
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61661 ( SUSE ): 4.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-61661 ( NVD ): 4.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-61662 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-61662 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-61662 ( NVD ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-61663 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-61663 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-61663 ( NVD ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-61664 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-61664 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-61664 ( NVD ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise Micro 5.5

An update that solves five vulnerabilities can now be installed.

## Description:

This update for grub2 fixes the following issues:

* CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs
refcount (bsc#1252931)
* CVE-2025-61662: Fixed missing unregister call for gettext command may lead
to use-after-free (bsc#1252933)
* CVE-2025-61663: Fixed missing unregister call for normal commands may lead
to use-after-free (bsc#1252934)
* CVE-2025-61664: Fixed missing unregister call for normal_exit command may
lead to use-after-free (bsc#1252935)
* CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function
(bsc#1252932)

Other fixes:

* Bump upstream SBAT generation to 6

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-4152=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-4152=1

## Package List:

* openSUSE Leap 15.5 (aarch64 s390x x86_64 i586)
* grub2-debugsource-2.06-150500.29.59.1
* openSUSE Leap 15.5 (noarch)
* grub2-i386-pc-2.06-150500.29.59.1
* grub2-i386-xen-debug-2.06-150500.29.59.1
* grub2-powerpc-ieee1275-2.06-150500.29.59.1
* grub2-arm64-efi-debug-2.06-150500.29.59.1
* grub2-x86_64-efi-2.06-150500.29.59.1
* grub2-i386-efi-2.06-150500.29.59.1
* grub2-i386-efi-extras-2.06-150500.29.59.1
* grub2-i386-pc-extras-2.06-150500.29.59.1
* grub2-x86_64-efi-extras-2.06-150500.29.59.1
* grub2-i386-xen-extras-2.06-150500.29.59.1
* grub2-powerpc-ieee1275-extras-2.06-150500.29.59.1
* grub2-i386-xen-2.06-150500.29.59.1
* grub2-arm64-efi-2.06-150500.29.59.1
* grub2-i386-pc-debug-2.06-150500.29.59.1
* grub2-s390x-emu-extras-2.06-150500.29.59.1
* grub2-snapper-plugin-2.06-150500.29.59.1
* grub2-powerpc-ieee1275-debug-2.06-150500.29.59.1
* grub2-x86_64-efi-debug-2.06-150500.29.59.1
* grub2-x86_64-xen-extras-2.06-150500.29.59.1
* grub2-x86_64-xen-debug-2.06-150500.29.59.1
* grub2-x86_64-xen-2.06-150500.29.59.1
* grub2-i386-efi-debug-2.06-150500.29.59.1
* grub2-systemd-sleep-plugin-2.06-150500.29.59.1
* grub2-arm64-efi-extras-2.06-150500.29.59.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* grub2-branding-upstream-2.06-150500.29.59.1
* grub2-debuginfo-2.06-150500.29.59.1
* grub2-2.06-150500.29.59.1
* openSUSE Leap 15.5 (s390x)
* grub2-s390x-emu-debug-2.06-150500.29.59.1
* grub2-s390x-emu-2.06-150500.29.59.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* grub2-debuginfo-2.06-150500.29.59.1
* grub2-2.06-150500.29.59.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* grub2-snapper-plugin-2.06-150500.29.59.1
* grub2-i386-pc-2.06-150500.29.59.1
* grub2-powerpc-ieee1275-2.06-150500.29.59.1
* grub2-x86_64-efi-2.06-150500.29.59.1
* grub2-arm64-efi-2.06-150500.29.59.1
* grub2-x86_64-xen-2.06-150500.29.59.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* grub2-debugsource-2.06-150500.29.59.1
* SUSE Linux Enterprise Micro 5.5 (s390x)
* grub2-s390x-emu-2.06-150500.29.59.1

## References:

* https://www.suse.com/security/cve/CVE-2025-54771.html
* https://www.suse.com/security/cve/CVE-2025-61661.html
* https://www.suse.com/security/cve/CVE-2025-61662.html
* https://www.suse.com/security/cve/CVE-2025-61663.html
* https://www.suse.com/security/cve/CVE-2025-61664.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252931
* https://bugzilla.suse.com/show_bug.cgi?id=1252932
* https://bugzilla.suse.com/show_bug.cgi?id=1252933
* https://bugzilla.suse.com/show_bug.cgi?id=1252934
* https://bugzilla.suse.com/show_bug.cgi?id=1252935



openSUSE-SU-2025-20076-1: important: Security update for chromium


openSUSE security update: security update for chromium
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20076-1
Rating: important
References:

* bsc#1253698

Cross-References:

* CVE-2025-13223
* CVE-2025-13224

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has one bug fix can now be installed.

Description:

This update for chromium fixes the following issues:

Changes in chromium:

Chromium 142.0.7444.175 (boo#1253698):

* CVE-2025-13223: Type Confusion in V8
* CVE-2025-13224: Type Confusion in V8

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-24=1

Package List:

- openSUSE Leap 16.0:

chromedriver-142.0.7444.162-bp160.1.1
chromium-142.0.7444.162-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-13223.html
* https://www.suse.com/security/cve/CVE-2025-13224.html



openSUSE-SU-2025-20050-1: important: Security update for libxslt


openSUSE security update: security update for libxslt
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20050-1
Rating: important
References:

* bsc#1250553
* bsc#1251979

Cross-References:

* CVE-2025-10911
* CVE-2025-11731

CVSS scores:

* CVE-2025-10911 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-10911 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-11731 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-11731 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for libxslt fixes the following issues:

Changes in libxslt:

- CVE-2025-11731: Fixed type confusion in exsltFuncResultCompfunction leading to denial of service (bsc#1251979)
- CVE-2025-10911: Fixed use-after-free with key data stored cross-RVT (bsc#1250553)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-24=1

Package List:

- openSUSE Leap 16.0:

libexslt0-1.1.43-160000.3.1
libxslt-devel-1.1.43-160000.3.1
libxslt-tools-1.1.43-160000.3.1
libxslt1-1.1.43-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-10911.html
* https://www.suse.com/security/cve/CVE-2025-11731.html



openSUSE-SU-2025-20065-1: important: Security update for MozillaFirefox


openSUSE security update: security update for mozillafirefox
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20065-1
Rating: important
References:

* bsc#1249391
* bsc#1250452
* bsc#1251263
* bsc#1253188

Cross-References:

* CVE-2025-10527
* CVE-2025-10528
* CVE-2025-10529
* CVE-2025-10532
* CVE-2025-10533
* CVE-2025-10536
* CVE-2025-10537
* CVE-2025-11708
* CVE-2025-11709
* CVE-2025-11710
* CVE-2025-11711
* CVE-2025-11712
* CVE-2025-11713
* CVE-2025-11714
* CVE-2025-11715
* CVE-2025-13012
* CVE-2025-13013
* CVE-2025-13014
* CVE-2025-13015
* CVE-2025-13016
* CVE-2025-13017
* CVE-2025-13018
* CVE-2025-13019
* CVE-2025-13020

CVSS scores:

* CVE-2025-13012 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-13013 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2025-13014 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2025-13015 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
* CVE-2025-13016 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-13017 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2025-13018 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2025-13019 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2025-13020 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 24 vulnerabilities and has 4 bug fixes can now be installed.

Description:

This update for MozillaFirefox fixes the following issues:

Changes in MozillaFirefox:

Firefox Extended Support Release 140.5.0 ESR:

* Fixed: Various security fixes (MFSA 2025-88 bsc#1253188):

* CVE-2025-13012
Race condition in the Graphics component
* CVE-2025-13016
Incorrect boundary conditions in the JavaScript: WebAssembly
component
* CVE-2025-13017
Same-origin policy bypass in the DOM: Notifications component
* CVE-2025-13018
Mitigation bypass in the DOM: Security component
* CVE-2025-13019
Same-origin policy bypass in the DOM: Workers component
* CVE-2025-13013
Mitigation bypass in the DOM: Core & HTML component
* CVE-2025-13020
Use-after-free in the WebRTC: Audio/Video component
* CVE-2025-13014
Use-after-free in the Audio/Video component
* CVE-2025-13015
Spoofing issue in Firefox

- Firefox Extended Support Release 140.4.0 ESR
* Fixed: Various security fixes.
MFSA 2025-83 (bsc#1251263)
* CVE-2025-11708
Use-after-free in MediaTrackGraphImpl::GetInstance()
* CVE-2025-11709
Out of bounds read/write in a privileged process triggered by
WebGL textures
* CVE-2025-11710
Cross-process information leaked due to malicious IPC
messages
* CVE-2025-11711
Some non-writable Object properties could be modified
* CVE-2025-11712
An OBJECT tag type attribute overrode browser behavior on web
resources without a content-type
* CVE-2025-11713
Potential user-assisted code execution in ???Copy as cURL???
command
* CVE-2025-11714
Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR
140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
* CVE-2025-11715
Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird
ESR 140.4, Firefox 144 and Thunderbird 144

- Firefox Extended Support Release 140.3.1 ESR (bsc#1250452)
* Fixed: Improved reliability when HTTP/3 connections fail:
Firefox no longer forces HTTP/2 during fallback, allowing the
server to choose the protocol and preventing stalls on some
sites.

Firefox Extended Support Release 140.3.0 ESR

* Fixed: Various security fixes (MFSA 2025-75 bsc#1249391)

* CVE-2025-10527
Sandbox escape due to use-after-free in the Graphics:
Canvas2D component
* CVE-2025-10528
Sandbox escape due to undefined behavior, invalid pointer in
the Graphics: Canvas2D component
* CVE-2025-10529
Same-origin policy bypass in the Layout component
* CVE-2025-10532
Incorrect boundary conditions in the JavaScript: GC component
* CVE-2025-10533
Integer overflow in the SVG component
* CVE-2025-10536
Information disclosure in the Networking: Cache component
* CVE-2025-10537
Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird
ESR 140.3, Firefox 143 and Thunderbird 143

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-39=1

Package List:

- openSUSE Leap 16.0:

MozillaFirefox-140.5.0-160000.1.1
MozillaFirefox-branding-upstream-140.5.0-160000.1.1
MozillaFirefox-devel-140.5.0-160000.1.1
MozillaFirefox-translations-common-140.5.0-160000.1.1
MozillaFirefox-translations-other-140.5.0-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-10527.html
* https://www.suse.com/security/cve/CVE-2025-10528.html
* https://www.suse.com/security/cve/CVE-2025-10529.html
* https://www.suse.com/security/cve/CVE-2025-10532.html
* https://www.suse.com/security/cve/CVE-2025-10533.html
* https://www.suse.com/security/cve/CVE-2025-10536.html
* https://www.suse.com/security/cve/CVE-2025-10537.html
* https://www.suse.com/security/cve/CVE-2025-11708.html
* https://www.suse.com/security/cve/CVE-2025-11709.html
* https://www.suse.com/security/cve/CVE-2025-11710.html
* https://www.suse.com/security/cve/CVE-2025-11711.html
* https://www.suse.com/security/cve/CVE-2025-11712.html
* https://www.suse.com/security/cve/CVE-2025-11713.html
* https://www.suse.com/security/cve/CVE-2025-11714.html
* https://www.suse.com/security/cve/CVE-2025-11715.html
* https://www.suse.com/security/cve/CVE-2025-13012.html
* https://www.suse.com/security/cve/CVE-2025-13013.html
* https://www.suse.com/security/cve/CVE-2025-13014.html
* https://www.suse.com/security/cve/CVE-2025-13015.html
* https://www.suse.com/security/cve/CVE-2025-13016.html
* https://www.suse.com/security/cve/CVE-2025-13017.html
* https://www.suse.com/security/cve/CVE-2025-13018.html
* https://www.suse.com/security/cve/CVE-2025-13019.html
* https://www.suse.com/security/cve/CVE-2025-13020.html



openSUSE-SU-2025-20059-1: important: Security update for ongres-scram


openSUSE security update: security update for ongres-scram
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20059-1
Rating: important
References:

* bsc#1250399

Cross-References:

* CVE-2025-59432

CVSS scores:

* CVE-2025-59432 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-59432 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for ongres-scram fixes the following issues:

- CVE-2025-59432: Fixed timing attack vulnerability in SCRAM Authentication (bsc#1250399)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-33=1

Package List:

- openSUSE Leap 16.0:

ongres-scram-3.1-160000.3.1
ongres-scram-client-3.1-160000.3.1
ongres-scram-javadoc-3.1-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-59432.html



openSUSE-SU-2025-20072-1: important: Security update for runc


openSUSE security update: security update for runc
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20072-1
Rating: important
References:

* bsc#1252110
* bsc#1252232

Cross-References:

* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881

CVSS scores:

* CVE-2025-31133 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-31133 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-52565 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52565 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-52881 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52881 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for runc fixes the following issues:

- Update to runc v1.3.3:
* CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: Fixed container breakouts by bypassing
runc's restrictions for writing to arbitrary /proc files (bsc#1252232)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-46=1

Package List:

- openSUSE Leap 16.0:

runc-1.3.3-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-31133.html
* https://www.suse.com/security/cve/CVE-2025-52565.html
* https://www.suse.com/security/cve/CVE-2025-52881.html



openSUSE-SU-2025-20073-1: moderate: Security update for alloy


openSUSE security update: security update for alloy
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20073-1
Rating: moderate
References:

* bsc#1248960
* bsc#1250621

Cross-References:

* CVE-2025-11065
* CVE-2025-58058

CVSS scores:

* CVE-2025-11065 ( SUSE ): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-11065 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-58058 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58058 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for alloy fixes the following issues:

- CVE-2025-58058: Removed dependency on vulnerable github.com/ulikunitz/xz (bsc#1248960).
- CVE-2025-11065: Fixed sensitive information leak in logs (bsc#1250621).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-47=1

Package List:

- openSUSE Leap 16.0:

alloy-1.11.3-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-11065.html
* https://www.suse.com/security/cve/CVE-2025-58058.html



openSUSE-SU-2025-20068-1: important: Security update for poppler


openSUSE security update: security update for poppler
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20068-1
Rating: important
References:

* bsc#1251940

Cross-References:

* CVE-2025-52885

CVSS scores:

* CVE-2025-52885 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-52885 ( SUSE ): 7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for poppler fixes the following issues:

- CVE-2025-52885: Fixed raw pointers leading to dangling pointers when the vector is resized (bsc#1251940)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-42=1

Package List:

- openSUSE Leap 16.0:

libpoppler-cpp2-25.04.0-160000.3.1
libpoppler-devel-25.04.0-160000.3.1
libpoppler-glib-devel-25.04.0-160000.3.1
libpoppler-glib8-25.04.0-160000.3.1
libpoppler-qt5-1-25.04.0-160000.3.1
libpoppler-qt5-devel-25.04.0-160000.3.1
libpoppler-qt6-3-25.04.0-160000.3.1
libpoppler-qt6-devel-25.04.0-160000.3.1
libpoppler148-25.04.0-160000.3.1
poppler-tools-25.04.0-160000.3.1
typelib-1_0-Poppler-0_18-25.04.0-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-52885.html



openSUSE-SU-2025-20056-1: moderate: Security update for openexr


openSUSE security update: security update for openexr
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20056-1
Rating: moderate
References:

* bsc#1253233

Cross-References:

* CVE-2025-64181

CVSS scores:

* CVE-2025-64181 ( SUSE ): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-64181 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for openexr fixes the following issues:

- CVE-2025-64181: Fixed use of uninitialized memory in function generic_unpack() (bsc#1253233)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-30=1

Package List:

- openSUSE Leap 16.0:

libIex-3_2-31-3.2.2-160000.3.1
libIex-3_2-31-x86-64-v3-3.2.2-160000.3.1
libIlmThread-3_2-31-3.2.2-160000.3.1
libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.3.1
libOpenEXR-3_2-31-3.2.2-160000.3.1
libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.3.1
libOpenEXRCore-3_2-31-3.2.2-160000.3.1
libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.3.1
libOpenEXRUtil-3_2-31-3.2.2-160000.3.1
libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.3.1
openexr-3.2.2-160000.3.1
openexr-devel-3.2.2-160000.3.1
openexr-doc-3.2.2-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-64181.html



openSUSE-SU-2025-20055-1: important: Security update for expat


openSUSE security update: security update for expat
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20055-1
Rating: important
References:

* bsc#1249584

Cross-References:

* CVE-2025-59375

CVSS scores:

* CVE-2025-59375 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-59375 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for expat fixes the following issues:

- CVE-2025-59375: Fixed large dynamic memory allocations via a small document submitted for parsing (bsc#1249584)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-29=1

Package List:

- openSUSE Leap 16.0:

expat-2.7.1-160000.3.1
libexpat-devel-2.7.1-160000.3.1
libexpat1-2.7.1-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-59375.html



openSUSE-SU-2025-20048-1: critical: Security update for samba


openSUSE security update: security update for samba
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20048-1
Rating: critical
References:

* bsc#1249087
* bsc#1249179
* bsc#1249180
* bsc#1249181
* bsc#1251279
* bsc#1251280

Cross-References:

* CVE-2025-10230
* CVE-2025-9640

CVSS scores:

* CVE-2025-10230 ( SUSE ): 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-9640 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 6 bug fixes can now be installed.

Description:

This update for samba fixes the following issues:

Update to 4.22.5:

* CVE-2025-10230: Command injection via WINS server hook script (bsc#1251280).
* CVE-2025-9640: uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279).

- Relax samba-gpupdate requirement for cepces, certmonger, and sscep
to a recommends. They are only required if utilizing certificate
auto enrollment (bsc#1249087).

- Disable timeouts for smb.service so that possibly slow running
ExecStartPre script 'update-samba-security-profile' doesn't
cause service start to fail due to timeouts (bsc#1249181).

- Ensure semanage is pulled in as a requirement when samba in
installed when selinux security access mechanism that is used
(bsc#1249180).

- don't attempt to label paths that don't exist, also remove
unecessary evaluation of semange & restorecon cmds (bsc#1249179).

Update to 4.22.4:

* netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with
SysvolReady=0
* getpwuid does not shift to new DC when current DC is down
* Windows security hardening locks out schannel'ed netlogon dc
calls like netr_DsRGetDCName-
* Unresponsive second DC can cause idmapping failure when using
idmap_ad-
* kinit command is failing with Missing cache Error.
* Figuring out the DC name from IP address fails and breaks
fork_domain_child().
* vfs_streams_depot fstatat broken.
* Delayed leader broadcast can block ctdb forever.
* Apparently there is a conflict between shadow_copy2 module
and virusfilter (action quarantine).
* Fix handling of empty GPO link.
* SMB ACL inheritance doesn't work for files created.

- adjust gpgme build dependency for future-proofing

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-22=1

Package List:

- openSUSE Leap 16.0:

ctdb-4.22.5+git.431.dc5a539f124-160000.1.1
ctdb-pcp-pmda-4.22.5+git.431.dc5a539f124-160000.1.1
ldb-tools-4.22.5+git.431.dc5a539f124-160000.1.1
libldb-devel-4.22.5+git.431.dc5a539f124-160000.1.1
libldb2-4.22.5+git.431.dc5a539f124-160000.1.1
python3-ldb-4.22.5+git.431.dc5a539f124-160000.1.1
samba-4.22.5+git.431.dc5a539f124-160000.1.1
samba-ad-dc-4.22.5+git.431.dc5a539f124-160000.1.1
samba-ad-dc-libs-4.22.5+git.431.dc5a539f124-160000.1.1
samba-ceph-4.22.5+git.431.dc5a539f124-160000.1.1
samba-client-4.22.5+git.431.dc5a539f124-160000.1.1
samba-client-libs-4.22.5+git.431.dc5a539f124-160000.1.1
samba-dcerpc-4.22.5+git.431.dc5a539f124-160000.1.1
samba-devel-4.22.5+git.431.dc5a539f124-160000.1.1
samba-doc-4.22.5+git.431.dc5a539f124-160000.1.1
samba-dsdb-modules-4.22.5+git.431.dc5a539f124-160000.1.1
samba-gpupdate-4.22.5+git.431.dc5a539f124-160000.1.1
samba-ldb-ldap-4.22.5+git.431.dc5a539f124-160000.1.1
samba-libs-4.22.5+git.431.dc5a539f124-160000.1.1
samba-libs-python3-4.22.5+git.431.dc5a539f124-160000.1.1
samba-python3-4.22.5+git.431.dc5a539f124-160000.1.1
samba-test-4.22.5+git.431.dc5a539f124-160000.1.1
samba-tool-4.22.5+git.431.dc5a539f124-160000.1.1
samba-winbind-4.22.5+git.431.dc5a539f124-160000.1.1
samba-winbind-libs-4.22.5+git.431.dc5a539f124-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-10230.html
* https://www.suse.com/security/cve/CVE-2025-9640.html



SUSE-SU-2025:4156-1: important: Security update for podman


# Security update for podman

Announcement ID: SUSE-SU-2025:4156-1
Release Date: 2025-11-21T14:29:39Z
Rating: important
References:

* bsc#1253542

Cross-References:

* CVE-2025-47913

CVSS scores:

* CVE-2025-47913 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves one vulnerability can now be installed.

## Description:

This update for podman fixes the following issues:

* CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process
termination when receiving an unexpected message type in response to a key
listing or signing request (bsc#1253542)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-4156=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4156=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4156=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4156=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-4156=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-4156=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-4156=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* podmansh-4.9.5-150300.9.66.1
* podman-remote-4.9.5-150300.9.66.1
* podman-debuginfo-4.9.5-150300.9.66.1
* podman-4.9.5-150300.9.66.1
* podman-remote-debuginfo-4.9.5-150300.9.66.1
* openSUSE Leap 15.3 (noarch)
* podman-docker-4.9.5-150300.9.66.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* podman-4.9.5-150300.9.66.1
* podman-remote-debuginfo-4.9.5-150300.9.66.1
* podman-remote-4.9.5-150300.9.66.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* podman-4.9.5-150300.9.66.1
* podman-remote-debuginfo-4.9.5-150300.9.66.1
* podman-remote-4.9.5-150300.9.66.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* podman-4.9.5-150300.9.66.1
* podman-remote-debuginfo-4.9.5-150300.9.66.1
* podman-remote-4.9.5-150300.9.66.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* podman-4.9.5-150300.9.66.1
* podman-debuginfo-4.9.5-150300.9.66.1
* podman-remote-debuginfo-4.9.5-150300.9.66.1
* podman-remote-4.9.5-150300.9.66.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* podman-4.9.5-150300.9.66.1
* podman-debuginfo-4.9.5-150300.9.66.1
* podman-remote-debuginfo-4.9.5-150300.9.66.1
* podman-remote-4.9.5-150300.9.66.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* podman-4.9.5-150300.9.66.1
* podman-debuginfo-4.9.5-150300.9.66.1
* podman-remote-debuginfo-4.9.5-150300.9.66.1
* podman-remote-4.9.5-150300.9.66.1

## References:

* https://www.suse.com/security/cve/CVE-2025-47913.html
* https://bugzilla.suse.com/show_bug.cgi?id=1253542



SUSE-SU-2025:4159-1: important: Security update for tomcat


# Security update for tomcat

Announcement ID: SUSE-SU-2025:4159-1
Release Date: 2025-11-21T14:32:43Z
Rating: important
References:

* bsc#1252753
* bsc#1252756
* bsc#1252905

Cross-References:

* CVE-2025-55752
* CVE-2025-55754
* CVE-2025-61795

CVSS scores:

* CVE-2025-55752 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55752 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-55752 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-55754 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-55754 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-55754 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-61795 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61795 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61795 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Server 4.3
* SUSE Manager Server 4.3 LTS
* Web and Scripting Module 15-SP6
* Web and Scripting Module 15-SP7

An update that solves three vulnerabilities can now be installed.

## Description:

This update for tomcat fixes the following issues:

Update to Tomcat 9.0.111:

* CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if
PUT is enabled (bsc#1252753)
* CVE-2025-55754: Fixed improper neutralization of escape, meta, or control
sequences vulnerability (bsc#1252905)
* CVE-2025-61795: Fixed denial of service due to temporary copies during the
processing of multipart upload (bsc#1252756)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-4159=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4159=1

* Web and Scripting Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP6-2025-4159=1

* Web and Scripting Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2025-4159=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4159=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4159=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4159=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4159=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4159=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4159=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4159=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4159=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4159=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4159=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4159=1

* SUSE Manager Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-4159=1

## Package List:

* SUSE Enterprise Storage 7.1 (noarch)
* tomcat-servlet-4_0-api-9.0.111-150200.96.1
* tomcat-9.0.111-150200.96.1
* tomcat-lib-9.0.111-150200.96.1
* tomcat-webapps-9.0.111-150200.96.1
* tomcat-admin-webapps-9.0.111-150200.96.1
* tomcat-el-3_0-api-9.0.111-150200.96.1
* tomcat-jsp-2_3-api-9.0.111-150200.96.1
* openSUSE Leap 15.6 (noarch)
* tomcat-servlet-4_0-api-9.0.111-150200.96.1
* tomcat-9.0.111-150200.96.1
* tomcat-jsvc-9.0.111-150200.96.1
* tomcat-lib-9.0.111-150200.96.1
* tomcat-webapps-9.0.111-150200.96.1
* tomcat-javadoc-9.0.111-150200.96.1
* tomcat-embed-9.0.111-150200.96.1
* tomcat-admin-webapps-9.0.111-150200.96.1
* tomcat-el-3_0-api-9.0.111-150200.96.1
* tomcat-jsp-2_3-api-9.0.111-150200.96.1
* tomcat-docs-webapp-9.0.111-150200.96.1
* Web and Scripting Module 15-SP6 (noarch)
* tomcat-servlet-4_0-api-9.0.111-150200.96.1
* tomcat-9.0.111-150200.96.1
* tomcat-lib-9.0.111-150200.96.1
* tomcat-webapps-9.0.111-150200.96.1
* tomcat-admin-webapps-9.0.111-150200.96.1
* tomcat-el-3_0-api-9.0.111-150200.96.1
* tomcat-jsp-2_3-api-9.0.111-150200.96.1
* Web and Scripting Module 15-SP7 (noarch)
* tomcat-servlet-4_0-api-9.0.111-150200.96.1
* tomcat-9.0.111-150200.96.1
* tomcat-lib-9.0.111-150200.96.1
* tomcat-webapps-9.0.111-150200.96.1
* tomcat-admin-webapps-9.0.111-150200.96.1
* tomcat-el-3_0-api-9.0.111-150200.96.1
* tomcat-jsp-2_3-api-9.0.111-150200.96.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* tomcat-servlet-4_0-api-9.0.111-150200.96.1
* tomcat-9.0.111-150200.96.1
* tomcat-lib-9.0.111-150200.96.1
* tomcat-webapps-9.0.111-150200.96.1
* tomcat-admin-webapps-9.0.111-150200.96.1
* tomcat-el-3_0-api-9.0.111-150200.96.1
* tomcat-jsp-2_3-api-9.0.111-150200.96.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* tomcat-servlet-4_0-api-9.0.111-150200.96.1
* tomcat-9.0.111-150200.96.1
* tomcat-lib-9.0.111-150200.96.1
* tomcat-webapps-9.0.111-150200.96.1
* tomcat-admin-webapps-9.0.111-150200.96.1
* tomcat-el-3_0-api-9.0.111-150200.96.1
* tomcat-jsp-2_3-api-9.0.111-150200.96.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* tomcat-servlet-4_0-api-9.0.111-150200.96.1
* tomcat-9.0.111-150200.96.1
* tomcat-lib-9.0.111-150200.96.1
* tomcat-webapps-9.0.111-150200.96.1
* tomcat-admin-webapps-9.0.111-150200.96.1
* tomcat-el-3_0-api-9.0.111-150200.96.1
* tomcat-jsp-2_3-api-9.0.111-150200.96.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* tomcat-servlet-4_0-api-9.0.111-150200.96.1
* tomcat-9.0.111-150200.96.1
* tomcat-lib-9.0.111-150200.96.1
* tomcat-webapps-9.0.111-150200.96.1
* tomcat-admin-webapps-9.0.111-150200.96.1
* tomcat-el-3_0-api-9.0.111-150200.96.1
* tomcat-jsp-2_3-api-9.0.111-150200.96.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* tomcat-servlet-4_0-api-9.0.111-150200.96.1
* tomcat-9.0.111-150200.96.1
* tomcat-lib-9.0.111-150200.96.1
* tomcat-webapps-9.0.111-150200.96.1
* tomcat-admin-webapps-9.0.111-150200.96.1
* tomcat-el-3_0-api-9.0.111-150200.96.1
* tomcat-jsp-2_3-api-9.0.111-150200.96.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* tomcat-servlet-4_0-api-9.0.111-150200.96.1
* tomcat-9.0.111-150200.96.1
* tomcat-lib-9.0.111-150200.96.1
* tomcat-webapps-9.0.111-150200.96.1
* tomcat-admin-webapps-9.0.111-150200.96.1
* tomcat-el-3_0-api-9.0.111-150200.96.1
* tomcat-jsp-2_3-api-9.0.111-150200.96.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* tomcat-servlet-4_0-api-9.0.111-150200.96.1
* tomcat-9.0.111-150200.96.1
* tomcat-lib-9.0.111-150200.96.1
* tomcat-webapps-9.0.111-150200.96.1
* tomcat-admin-webapps-9.0.111-150200.96.1
* tomcat-el-3_0-api-9.0.111-150200.96.1
* tomcat-jsp-2_3-api-9.0.111-150200.96.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* tomcat-servlet-4_0-api-9.0.111-150200.96.1
* tomcat-9.0.111-150200.96.1
* tomcat-lib-9.0.111-150200.96.1
* tomcat-webapps-9.0.111-150200.96.1
* tomcat-admin-webapps-9.0.111-150200.96.1
* tomcat-el-3_0-api-9.0.111-150200.96.1
* tomcat-jsp-2_3-api-9.0.111-150200.96.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* tomcat-servlet-4_0-api-9.0.111-150200.96.1
* tomcat-9.0.111-150200.96.1
* tomcat-lib-9.0.111-150200.96.1
* tomcat-webapps-9.0.111-150200.96.1
* tomcat-admin-webapps-9.0.111-150200.96.1
* tomcat-el-3_0-api-9.0.111-150200.96.1
* tomcat-jsp-2_3-api-9.0.111-150200.96.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* tomcat-servlet-4_0-api-9.0.111-150200.96.1
* tomcat-9.0.111-150200.96.1
* tomcat-lib-9.0.111-150200.96.1
* tomcat-webapps-9.0.111-150200.96.1
* tomcat-admin-webapps-9.0.111-150200.96.1
* tomcat-el-3_0-api-9.0.111-150200.96.1
* tomcat-jsp-2_3-api-9.0.111-150200.96.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* tomcat-servlet-4_0-api-9.0.111-150200.96.1
* tomcat-9.0.111-150200.96.1
* tomcat-lib-9.0.111-150200.96.1
* tomcat-webapps-9.0.111-150200.96.1
* tomcat-admin-webapps-9.0.111-150200.96.1
* tomcat-el-3_0-api-9.0.111-150200.96.1
* tomcat-jsp-2_3-api-9.0.111-150200.96.1
* SUSE Manager Server 4.3 LTS (noarch)
* tomcat-servlet-4_0-api-9.0.111-150200.96.1
* tomcat-9.0.111-150200.96.1
* tomcat-lib-9.0.111-150200.96.1
* tomcat-webapps-9.0.111-150200.96.1
* tomcat-admin-webapps-9.0.111-150200.96.1
* tomcat-el-3_0-api-9.0.111-150200.96.1
* tomcat-jsp-2_3-api-9.0.111-150200.96.1

## References:

* https://www.suse.com/security/cve/CVE-2025-55752.html
* https://www.suse.com/security/cve/CVE-2025-55754.html
* https://www.suse.com/security/cve/CVE-2025-61795.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252753
* https://bugzilla.suse.com/show_bug.cgi?id=1252756
* https://bugzilla.suse.com/show_bug.cgi?id=1252905



SUSE-SU-2025:4157-1: important: Security update for podman


# Security update for podman

Announcement ID: SUSE-SU-2025:4157-1
Release Date: 2025-11-21T14:30:19Z
Rating: important
References:

* bsc#1253542

Cross-References:

* CVE-2025-47913

CVSS scores:

* CVE-2025-47913 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves one vulnerability can now be installed.

## Description:

This update for podman fixes the following issues:

* CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process
termination when receiving an unexpected message type in response to a key
listing or signing request (bsc#1253542)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4157=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-4157=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-4157=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-4157=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-4157=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4157=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4157=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4157=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4157=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* podman-4.9.5-150400.4.62.1
* podman-remote-debuginfo-4.9.5-150400.4.62.1
* podman-debuginfo-4.9.5-150400.4.62.1
* podman-remote-4.9.5-150400.4.62.1
* podmansh-4.9.5-150400.4.62.1
* openSUSE Leap 15.4 (noarch)
* podman-docker-4.9.5-150400.4.62.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* podman-4.9.5-150400.4.62.1
* podman-debuginfo-4.9.5-150400.4.62.1
* podman-remote-debuginfo-4.9.5-150400.4.62.1
* podman-remote-4.9.5-150400.4.62.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* podman-4.9.5-150400.4.62.1
* podman-debuginfo-4.9.5-150400.4.62.1
* podman-remote-debuginfo-4.9.5-150400.4.62.1
* podman-remote-4.9.5-150400.4.62.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* podman-4.9.5-150400.4.62.1
* podman-debuginfo-4.9.5-150400.4.62.1
* podman-remote-debuginfo-4.9.5-150400.4.62.1
* podman-remote-4.9.5-150400.4.62.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* podman-4.9.5-150400.4.62.1
* podman-debuginfo-4.9.5-150400.4.62.1
* podman-remote-debuginfo-4.9.5-150400.4.62.1
* podman-remote-4.9.5-150400.4.62.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* podman-4.9.5-150400.4.62.1
* podman-debuginfo-4.9.5-150400.4.62.1
* podman-remote-debuginfo-4.9.5-150400.4.62.1
* podman-remote-4.9.5-150400.4.62.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.62.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* podman-4.9.5-150400.4.62.1
* podman-debuginfo-4.9.5-150400.4.62.1
* podman-remote-debuginfo-4.9.5-150400.4.62.1
* podman-remote-4.9.5-150400.4.62.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.62.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* podman-4.9.5-150400.4.62.1
* podman-debuginfo-4.9.5-150400.4.62.1
* podman-remote-debuginfo-4.9.5-150400.4.62.1
* podman-remote-4.9.5-150400.4.62.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* podman-docker-4.9.5-150400.4.62.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* podman-4.9.5-150400.4.62.1
* podman-debuginfo-4.9.5-150400.4.62.1
* podman-remote-debuginfo-4.9.5-150400.4.62.1
* podman-remote-4.9.5-150400.4.62.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.62.1

## References:

* https://www.suse.com/security/cve/CVE-2025-47913.html
* https://bugzilla.suse.com/show_bug.cgi?id=1253542



SUSE-SU-2025:4158-1: moderate: Security update for cups-filters


# Security update for cups-filters

Announcement ID: SUSE-SU-2025:4158-1
Release Date: 2025-11-21T14:30:47Z
Rating: moderate
References:

* bsc#1253364
* bsc#1253373
* bsc#1253374

Cross-References:

* CVE-2025-57812
* CVE-2025-64503
* CVE-2025-64524

CVSS scores:

* CVE-2025-57812 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-57812 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-57812 ( NVD ): 3.7 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-64503 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-64503 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-64503 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-64524 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-64524 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-64524 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves three vulnerabilities can now be installed.

## Description:

This update for cups-filters fixes the following issues:

* CVE-2025-64503: Fixed out-of-bounds write in pdftoraster tool (bsc#1253374)
* CVE-2025-57812: Fixed multiple TIFF-related issues in libcupsfilters
(bsc#1253373)
* CVE-2025-64524: Fixed out-of-bounds write de to use of unvalidated length
parameter in the rastertopclx filter (bsc#1253364)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4158=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4158=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4158=1

## Package List:

* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* cups-filters-debugsource-1.25.0-150200.3.25.1
* cups-filters-devel-1.25.0-150200.3.25.1
* cups-filters-1.25.0-150200.3.25.1
* cups-filters-debuginfo-1.25.0-150200.3.25.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* cups-filters-debugsource-1.25.0-150200.3.25.1
* cups-filters-devel-1.25.0-150200.3.25.1
* cups-filters-1.25.0-150200.3.25.1
* cups-filters-debuginfo-1.25.0-150200.3.25.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* cups-filters-debugsource-1.25.0-150200.3.25.1
* cups-filters-devel-1.25.0-150200.3.25.1
* cups-filters-1.25.0-150200.3.25.1
* cups-filters-debuginfo-1.25.0-150200.3.25.1

## References:

* https://www.suse.com/security/cve/CVE-2025-57812.html
* https://www.suse.com/security/cve/CVE-2025-64503.html
* https://www.suse.com/security/cve/CVE-2025-64524.html
* https://bugzilla.suse.com/show_bug.cgi?id=1253364
* https://bugzilla.suse.com/show_bug.cgi?id=1253373
* https://bugzilla.suse.com/show_bug.cgi?id=1253374


Thunderbird, Expat, Rust-Toolkit, Systemd updates for Oracle Linux

Kernel updates for Ubuntu

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...