Gut, Python-Future, Nginx, Jetty-Minimal updates for SUSE

SUSE 5495 Published 2025-09-02 07:52 by Philipp Esselbach

News

There are new security updates available for SUSE.The updates include fixes for critical vulnerabilities in several packages: git, python-future, and jetty-minimal, which are classified as important, and nginx, which is classified as moderate.

SUSE-SU-2025:03037-1: important: Security update for git
SUSE-SU-2025:03038-1: important: Security update for python-future
SUSE-SU-2025:03039-1: moderate: Recommended update for nginx
SUSE-SU-2025:02993-2: important: Security update for jetty-minimal

SUSE-SU-2025:03037-1: important: Security update for git

# Security update for git

Announcement ID: SUSE-SU-2025:03037-1
Release Date: 2025-09-01T12:46:22Z
Rating: important
References:

* bsc#1245938
* bsc#1245939
* bsc#1245942
* bsc#1245943
* bsc#1245946
* jsc#PED-13447

Cross-References:

* CVE-2025-27613
* CVE-2025-27614
* CVE-2025-46835
* CVE-2025-48384
* CVE-2025-48385

CVSS scores:

* CVE-2025-27613 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-27613 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2025-27613 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
* CVE-2025-27614 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-27614 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-27614 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-46835 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-46835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2025-46835 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
* CVE-2025-48384 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-48384 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-48384 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-48385 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-48385 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-48385 ( NVD ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Proxy 4.3 LTS
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Retail Branch Server 4.3 LTS
* SUSE Manager Server 4.3
* SUSE Manager Server 4.3 LTS

An update that solves five vulnerabilities and contains one feature can now be
installed.

## Description:

This update for git fixes the following issues:

Updated to 2.43.7 (jsc#PED-13447):

* CVE-2025-27613: Fixed arbitrary writable file creation and truncation in
Gitk (bsc#1245938)
* CVE-2025-27614: Fixed arbitrary script execution via repo clonation in Gitk
(bsc#1245939)
* CVE-2025-46835: Fixed arbitrary writable file creation via untrusted
repository clonation in Git GUI (bsc#1245942)
* CVE-2025-48384: Fixed arbitrary writable file creation when cloning
untrusted repositories with submodules using the --recursive flag
(bsc#1245943)
* CVE-2025-48385: Fixed arbitrary code execution due to protocol injection via
fetching advertised bundle (bsc#1245946)

Other fixes:

* Drop git-credential-gnome-keyring package as it was dropped upstream, use
git-credential-libsecret instead
* git-add--interactive was removed upstream in favor of built in
implementation, which was already the default in SLE.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Manager Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3037=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-3037=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3037=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-3037=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3037=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3037=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3037=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3037=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3037=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3037=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3037=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3037=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3037=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3037=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3037=1

* SUSE Manager Proxy 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-3037=1

* SUSE Manager Retail Branch Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-LTS-2025-3037=1

## Package List:

* SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64)
* git-core-2.43.7-150300.10.51.1
* git-debuginfo-2.43.7-150300.10.51.1
* git-debugsource-2.43.7-150300.10.51.1
* git-core-debuginfo-2.43.7-150300.10.51.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* git-core-debuginfo-2.43.7-150300.10.51.1
* git-svn-2.43.7-150300.10.51.1
* git-web-2.43.7-150300.10.51.1
* git-debuginfo-2.43.7-150300.10.51.1
* gitk-2.43.7-150300.10.51.1
* git-debugsource-2.43.7-150300.10.51.1
* git-2.43.7-150300.10.51.1
* git-gui-2.43.7-150300.10.51.1
* git-cvs-2.43.7-150300.10.51.1
* git-daemon-2.43.7-150300.10.51.1
* git-core-2.43.7-150300.10.51.1
* git-daemon-debuginfo-2.43.7-150300.10.51.1
* git-arch-2.43.7-150300.10.51.1
* git-email-2.43.7-150300.10.51.1
* perl-Git-2.43.7-150300.10.51.1
* SUSE Enterprise Storage 7.1 (noarch)
* git-doc-2.43.7-150300.10.51.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* git-credential-libsecret-2.43.7-150300.10.51.1
* git-core-debuginfo-2.43.7-150300.10.51.1
* git-svn-2.43.7-150300.10.51.1
* git-web-2.43.7-150300.10.51.1
* git-debuginfo-2.43.7-150300.10.51.1
* git-p4-2.43.7-150300.10.51.1
* gitk-2.43.7-150300.10.51.1
* git-daemon-2.43.7-150300.10.51.1
* git-2.43.7-150300.10.51.1
* git-debugsource-2.43.7-150300.10.51.1
* git-gui-2.43.7-150300.10.51.1
* git-credential-libsecret-debuginfo-2.43.7-150300.10.51.1
* git-cvs-2.43.7-150300.10.51.1
* git-core-2.43.7-150300.10.51.1
* git-daemon-debuginfo-2.43.7-150300.10.51.1
* git-arch-2.43.7-150300.10.51.1
* git-email-2.43.7-150300.10.51.1
* perl-Git-2.43.7-150300.10.51.1
* openSUSE Leap 15.3 (noarch)
* git-doc-2.43.7-150300.10.51.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* git-core-debuginfo-2.43.7-150300.10.51.1
* git-debuginfo-2.43.7-150300.10.51.1
* git-debugsource-2.43.7-150300.10.51.1
* git-2.43.7-150300.10.51.1
* git-core-2.43.7-150300.10.51.1
* perl-Git-2.43.7-150300.10.51.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* git-core-debuginfo-2.43.7-150300.10.51.1
* git-svn-2.43.7-150300.10.51.1
* git-web-2.43.7-150300.10.51.1
* git-debuginfo-2.43.7-150300.10.51.1
* gitk-2.43.7-150300.10.51.1
* git-debugsource-2.43.7-150300.10.51.1
* git-2.43.7-150300.10.51.1
* git-gui-2.43.7-150300.10.51.1
* git-cvs-2.43.7-150300.10.51.1
* git-daemon-2.43.7-150300.10.51.1
* git-core-2.43.7-150300.10.51.1
* git-daemon-debuginfo-2.43.7-150300.10.51.1
* git-arch-2.43.7-150300.10.51.1
* git-email-2.43.7-150300.10.51.1
* perl-Git-2.43.7-150300.10.51.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* git-doc-2.43.7-150300.10.51.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* git-core-debuginfo-2.43.7-150300.10.51.1
* git-svn-2.43.7-150300.10.51.1
* git-web-2.43.7-150300.10.51.1
* git-debuginfo-2.43.7-150300.10.51.1
* gitk-2.43.7-150300.10.51.1
* git-debugsource-2.43.7-150300.10.51.1
* git-2.43.7-150300.10.51.1
* git-gui-2.43.7-150300.10.51.1
* git-cvs-2.43.7-150300.10.51.1
* git-daemon-2.43.7-150300.10.51.1
* git-core-2.43.7-150300.10.51.1
* git-daemon-debuginfo-2.43.7-150300.10.51.1
* git-arch-2.43.7-150300.10.51.1
* git-email-2.43.7-150300.10.51.1
* perl-Git-2.43.7-150300.10.51.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* git-doc-2.43.7-150300.10.51.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* git-core-debuginfo-2.43.7-150300.10.51.1
* git-svn-2.43.7-150300.10.51.1
* git-web-2.43.7-150300.10.51.1
* git-debuginfo-2.43.7-150300.10.51.1
* gitk-2.43.7-150300.10.51.1
* git-debugsource-2.43.7-150300.10.51.1
* git-2.43.7-150300.10.51.1
* git-gui-2.43.7-150300.10.51.1
* git-cvs-2.43.7-150300.10.51.1
* git-daemon-2.43.7-150300.10.51.1
* git-core-2.43.7-150300.10.51.1
* git-daemon-debuginfo-2.43.7-150300.10.51.1
* git-arch-2.43.7-150300.10.51.1
* git-email-2.43.7-150300.10.51.1
* perl-Git-2.43.7-150300.10.51.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* git-doc-2.43.7-150300.10.51.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* git-core-debuginfo-2.43.7-150300.10.51.1
* git-svn-2.43.7-150300.10.51.1
* git-web-2.43.7-150300.10.51.1
* git-debuginfo-2.43.7-150300.10.51.1
* gitk-2.43.7-150300.10.51.1
* git-debugsource-2.43.7-150300.10.51.1
* git-2.43.7-150300.10.51.1
* git-gui-2.43.7-150300.10.51.1
* git-cvs-2.43.7-150300.10.51.1
* git-daemon-2.43.7-150300.10.51.1
* git-core-2.43.7-150300.10.51.1
* git-daemon-debuginfo-2.43.7-150300.10.51.1
* git-arch-2.43.7-150300.10.51.1
* git-email-2.43.7-150300.10.51.1
* perl-Git-2.43.7-150300.10.51.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* git-doc-2.43.7-150300.10.51.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* git-core-debuginfo-2.43.7-150300.10.51.1
* git-svn-2.43.7-150300.10.51.1
* git-web-2.43.7-150300.10.51.1
* git-debuginfo-2.43.7-150300.10.51.1
* gitk-2.43.7-150300.10.51.1
* git-debugsource-2.43.7-150300.10.51.1
* git-2.43.7-150300.10.51.1
* git-gui-2.43.7-150300.10.51.1
* git-cvs-2.43.7-150300.10.51.1
* git-daemon-2.43.7-150300.10.51.1
* git-core-2.43.7-150300.10.51.1
* git-daemon-debuginfo-2.43.7-150300.10.51.1
* git-arch-2.43.7-150300.10.51.1
* git-email-2.43.7-150300.10.51.1
* perl-Git-2.43.7-150300.10.51.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* git-doc-2.43.7-150300.10.51.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* git-core-debuginfo-2.43.7-150300.10.51.1
* git-svn-2.43.7-150300.10.51.1
* git-web-2.43.7-150300.10.51.1
* git-debuginfo-2.43.7-150300.10.51.1
* gitk-2.43.7-150300.10.51.1
* git-debugsource-2.43.7-150300.10.51.1
* git-2.43.7-150300.10.51.1
* git-gui-2.43.7-150300.10.51.1
* git-cvs-2.43.7-150300.10.51.1
* git-daemon-2.43.7-150300.10.51.1
* git-core-2.43.7-150300.10.51.1
* git-daemon-debuginfo-2.43.7-150300.10.51.1
* git-arch-2.43.7-150300.10.51.1
* git-email-2.43.7-150300.10.51.1
* perl-Git-2.43.7-150300.10.51.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* git-doc-2.43.7-150300.10.51.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* git-core-debuginfo-2.43.7-150300.10.51.1
* git-svn-2.43.7-150300.10.51.1
* git-web-2.43.7-150300.10.51.1
* git-debuginfo-2.43.7-150300.10.51.1
* gitk-2.43.7-150300.10.51.1
* git-debugsource-2.43.7-150300.10.51.1
* git-2.43.7-150300.10.51.1
* git-gui-2.43.7-150300.10.51.1
* git-cvs-2.43.7-150300.10.51.1
* git-daemon-2.43.7-150300.10.51.1
* git-core-2.43.7-150300.10.51.1
* git-daemon-debuginfo-2.43.7-150300.10.51.1
* git-arch-2.43.7-150300.10.51.1
* git-email-2.43.7-150300.10.51.1
* perl-Git-2.43.7-150300.10.51.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* git-doc-2.43.7-150300.10.51.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* git-core-debuginfo-2.43.7-150300.10.51.1
* git-svn-2.43.7-150300.10.51.1
* git-web-2.43.7-150300.10.51.1
* git-debuginfo-2.43.7-150300.10.51.1
* gitk-2.43.7-150300.10.51.1
* git-debugsource-2.43.7-150300.10.51.1
* git-2.43.7-150300.10.51.1
* git-gui-2.43.7-150300.10.51.1
* git-cvs-2.43.7-150300.10.51.1
* git-daemon-2.43.7-150300.10.51.1
* git-core-2.43.7-150300.10.51.1
* git-daemon-debuginfo-2.43.7-150300.10.51.1
* git-arch-2.43.7-150300.10.51.1
* git-email-2.43.7-150300.10.51.1
* perl-Git-2.43.7-150300.10.51.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* git-doc-2.43.7-150300.10.51.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* git-core-debuginfo-2.43.7-150300.10.51.1
* git-svn-2.43.7-150300.10.51.1
* git-web-2.43.7-150300.10.51.1
* git-debuginfo-2.43.7-150300.10.51.1
* gitk-2.43.7-150300.10.51.1
* git-debugsource-2.43.7-150300.10.51.1
* git-2.43.7-150300.10.51.1
* git-gui-2.43.7-150300.10.51.1
* git-cvs-2.43.7-150300.10.51.1
* git-daemon-2.43.7-150300.10.51.1
* git-core-2.43.7-150300.10.51.1
* git-daemon-debuginfo-2.43.7-150300.10.51.1
* git-arch-2.43.7-150300.10.51.1
* git-email-2.43.7-150300.10.51.1
* perl-Git-2.43.7-150300.10.51.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* git-doc-2.43.7-150300.10.51.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* git-core-debuginfo-2.43.7-150300.10.51.1
* git-svn-2.43.7-150300.10.51.1
* git-web-2.43.7-150300.10.51.1
* git-debuginfo-2.43.7-150300.10.51.1
* gitk-2.43.7-150300.10.51.1
* git-debugsource-2.43.7-150300.10.51.1
* git-2.43.7-150300.10.51.1
* git-gui-2.43.7-150300.10.51.1
* git-cvs-2.43.7-150300.10.51.1
* git-daemon-2.43.7-150300.10.51.1
* git-core-2.43.7-150300.10.51.1
* git-daemon-debuginfo-2.43.7-150300.10.51.1
* git-arch-2.43.7-150300.10.51.1
* git-email-2.43.7-150300.10.51.1
* perl-Git-2.43.7-150300.10.51.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* git-doc-2.43.7-150300.10.51.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* git-core-debuginfo-2.43.7-150300.10.51.1
* git-svn-2.43.7-150300.10.51.1
* git-web-2.43.7-150300.10.51.1
* git-debuginfo-2.43.7-150300.10.51.1
* gitk-2.43.7-150300.10.51.1
* git-debugsource-2.43.7-150300.10.51.1
* git-2.43.7-150300.10.51.1
* git-gui-2.43.7-150300.10.51.1
* git-cvs-2.43.7-150300.10.51.1
* git-daemon-2.43.7-150300.10.51.1
* git-core-2.43.7-150300.10.51.1
* git-daemon-debuginfo-2.43.7-150300.10.51.1
* git-arch-2.43.7-150300.10.51.1
* git-email-2.43.7-150300.10.51.1
* perl-Git-2.43.7-150300.10.51.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* git-doc-2.43.7-150300.10.51.1
* SUSE Manager Proxy 4.3 LTS (x86_64)
* git-core-2.43.7-150300.10.51.1
* git-debuginfo-2.43.7-150300.10.51.1
* git-debugsource-2.43.7-150300.10.51.1
* git-core-debuginfo-2.43.7-150300.10.51.1
* SUSE Manager Retail Branch Server 4.3 LTS (x86_64)
* git-core-2.43.7-150300.10.51.1
* git-debuginfo-2.43.7-150300.10.51.1
* git-debugsource-2.43.7-150300.10.51.1
* git-core-debuginfo-2.43.7-150300.10.51.1

## References:

* https://www.suse.com/security/cve/CVE-2025-27613.html
* https://www.suse.com/security/cve/CVE-2025-27614.html
* https://www.suse.com/security/cve/CVE-2025-46835.html
* https://www.suse.com/security/cve/CVE-2025-48384.html
* https://www.suse.com/security/cve/CVE-2025-48385.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245938
* https://bugzilla.suse.com/show_bug.cgi?id=1245939
* https://bugzilla.suse.com/show_bug.cgi?id=1245942
* https://bugzilla.suse.com/show_bug.cgi?id=1245943
* https://bugzilla.suse.com/show_bug.cgi?id=1245946
* https://jira.suse.com/browse/PED-13447

SUSE-SU-2025:03038-1: important: Security update for python-future

# Security update for python-future

Announcement ID: SUSE-SU-2025:03038-1
Release Date: 2025-09-01T13:41:08Z
Rating: important
References:

* bsc#1248124

Cross-References:

* CVE-2025-50817

CVSS scores:

* CVE-2025-50817 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-50817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-50817 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6
* Python 3 Module 15-SP6
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for python-future fixes the following issues:

* CVE-2025-50817: Fixed arbitrary code execution via the automatic import of
file test.py (bsc#1248124)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3038=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3038=1

* Python 3 Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-3038=1

* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2025-3038=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3038=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3038=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3038=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3038=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3038=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3038=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3038=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3038=1

## Package List:

* openSUSE Leap 15.4 (noarch)
* python311-future-0.18.3-150400.6.6.1
* openSUSE Leap 15.6 (noarch)
* python311-future-0.18.3-150400.6.6.1
* Python 3 Module 15-SP6 (noarch)
* python311-future-0.18.3-150400.6.6.1
* Python 3 Module 15-SP7 (noarch)
* python311-future-0.18.3-150400.6.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* python311-future-0.18.3-150400.6.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* python311-future-0.18.3-150400.6.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* python311-future-0.18.3-150400.6.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* python311-future-0.18.3-150400.6.6.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* python311-future-0.18.3-150400.6.6.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* python311-future-0.18.3-150400.6.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* python311-future-0.18.3-150400.6.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* python311-future-0.18.3-150400.6.6.1

## References:

* https://www.suse.com/security/cve/CVE-2025-50817.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248124

SUSE-SU-2025:03039-1: moderate: Recommended update for nginx

# Recommended update for nginx

Announcement ID: SUSE-SU-2025:03039-1
Release Date: 2025-09-01T13:56:42Z
Rating: moderate
References:

* bsc#1246090

Affected Products:

* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that has one security fix can now be installed.

## Description:

This update for nginx fixes the following issues:

* Drop root priviledges while running logrotate (bsc#1246090)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-3039=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3039=1 openSUSE-SLE-15.6-2025-3039=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-3039=1

## Package List:

* Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* nginx-1.21.5-150600.10.9.1
* nginx-debugsource-1.21.5-150600.10.9.1
* nginx-debuginfo-1.21.5-150600.10.9.1
* Server Applications Module 15-SP7 (noarch)
* nginx-source-1.21.5-150600.10.9.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* nginx-1.21.5-150600.10.9.1
* nginx-debugsource-1.21.5-150600.10.9.1
* nginx-debuginfo-1.21.5-150600.10.9.1
* openSUSE Leap 15.6 (noarch)
* nginx-source-1.21.5-150600.10.9.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* nginx-1.21.5-150600.10.9.1
* nginx-debugsource-1.21.5-150600.10.9.1
* nginx-debuginfo-1.21.5-150600.10.9.1
* Server Applications Module 15-SP6 (noarch)
* nginx-source-1.21.5-150600.10.9.1

## References:

* https://bugzilla.suse.com/show_bug.cgi?id=1246090

SUSE-SU-2025:02993-2: important: Security update for jetty-minimal

# Security update for jetty-minimal

Announcement ID: SUSE-SU-2025:02993-2
Release Date: 2025-09-01T14:04:13Z
Rating: important
References:

* bsc#1244252

Cross-References:

* CVE-2025-5115

CVSS scores:

* CVE-2025-5115 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-5115 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-5115 ( NVD ): 7.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-5115 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6

An update that solves one vulnerability can now be installed.

## Description:

This update for jetty-minimal fixes the following issues:

Upgraded to version 9.4.58.v20250814: \- CVE-2025-5115: Fixed MadeYouReset DoS
attack via HTTP/2 protocol (including DNS over HTTPS) (bsc#1244252)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2993=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* jetty-http-9.4.58-150200.3.34.1
* jetty-io-9.4.58-150200.3.34.1
* jetty-security-9.4.58-150200.3.34.1
* jetty-minimal-javadoc-9.4.58-150200.3.34.1
* jetty-openid-9.4.58-150200.3.34.1
* jetty-util-ajax-9.4.58-150200.3.34.1
* jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1
* jetty-jmx-9.4.58-150200.3.34.1
* jetty-websocket-server-9.4.58-150200.3.34.1
* jetty-plus-9.4.58-150200.3.34.1
* jetty-start-9.4.58-150200.3.34.1
* jetty-jsp-9.4.58-150200.3.34.1
* jetty-quickstart-9.4.58-150200.3.34.1
* jetty-servlets-9.4.58-150200.3.34.1
* jetty-annotations-9.4.58-150200.3.34.1
* jetty-websocket-client-9.4.58-150200.3.34.1
* jetty-servlet-9.4.58-150200.3.34.1
* jetty-webapp-9.4.58-150200.3.34.1
* jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1
* jetty-websocket-common-9.4.58-150200.3.34.1
* jetty-client-9.4.58-150200.3.34.1
* jetty-deploy-9.4.58-150200.3.34.1
* jetty-cdi-9.4.58-150200.3.34.1
* jetty-ant-9.4.58-150200.3.34.1
* jetty-rewrite-9.4.58-150200.3.34.1
* jetty-xml-9.4.58-150200.3.34.1
* jetty-jaas-9.4.58-150200.3.34.1
* jetty-continuation-9.4.58-150200.3.34.1
* jetty-util-9.4.58-150200.3.34.1
* jetty-http-spi-9.4.58-150200.3.34.1
* jetty-server-9.4.58-150200.3.34.1
* jetty-fcgi-9.4.58-150200.3.34.1
* jetty-project-9.4.58-150200.3.34.1
* jetty-websocket-javadoc-9.4.58-150200.3.34.1
* jetty-jndi-9.4.58-150200.3.34.1
* jetty-websocket-servlet-9.4.58-150200.3.34.1
* jetty-websocket-api-9.4.58-150200.3.34.1
* jetty-proxy-9.4.58-150200.3.34.1

## References:

* https://www.suse.com/security/cve/CVE-2025-5115.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244252

Kernel and Python updates for AlmaLinux

ImageMagick update for Ubuntu

Gut, Python-Future, Nginx, Jetty-Minimal updates for SUSE

SUSE-SU-2025:03037-1: important: Security update for git

SUSE-SU-2025:03038-1: important: Security update for python-future

SUSE-SU-2025:03039-1: moderate: Recommended update for nginx

SUSE-SU-2025:02993-2: important: Security update for jetty-minimal

Windows

Linux

macOS

Community