Iceinga-PHP-Library, Python, Helm, and more updates for SUSE

SUSE 5505 Published by

Several security updates have been released for SUSE Linux. The affected packages include icinga-php-library, icingaweb2, python39, poppler, helm, wireshark, libpng12, and more. Among these updates, some are classified as low risk (poppler), moderate risk (python39, libpng12, etc.), or important risk (helm, Linux Kernel, etc.). There have also been security updates released for various other packages, including openSUSE's grub2, ImageMagick, openssl-3, and Mozilla Firefox.

openSUSE-SU-2025:0473-1: moderate: Security update for icinga-php-library, icingaweb2
SUSE-SU-2025:4433-1: moderate: Security update for python39
SUSE-SU-2025:4434-1: low: Security update for poppler
SUSE-SU-2025:4437-1: important: Security update for helm
SUSE-SU-2025:4440-1: moderate: Security update for wireshark
SUSE-SU-2025:4432-1: moderate: Security update for libpng12
openSUSE-SU-2025:20164-1: important: Security update for openssl-3
openSUSE-SU-2025:20163-1: important: Security update for grub2
openSUSE-SU-2025:20162-1: important: Security update for ImageMagick
SUSE-SU-2025:4422-1: important: Security update for the Linux Kernel
SUSE-SU-2025:4421-1: moderate: Security update for buildah
SUSE-SU-2025:4424-1: important: Security update for MozillaFirefox
SUSE-SU-2025:4425-1: moderate: Security update for cups
SUSE-SU-2025:4426-1: moderate: Security update for xkbcomp




openSUSE-SU-2025:0473-1: moderate: Security update for icinga-php-library, icingaweb2


openSUSE Security Update: Security update for icinga-php-library, icingaweb2
_______________________________

Announcement ID: openSUSE-SU-2025:0473-1
Rating: moderate
References:
Cross-References: CVE-2025-27404 CVE-2025-27405 CVE-2025-27609
CVE-2025-30164
CVSS scores:
CVE-2025-27404 (SUSE): 7.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for icinga-php-library, icingaweb2 fixes the following issues:

Changes in icingaweb2:
- Update to 2.12.6
- Search box shows many magnifying glasses for some community themes
#5395
- Authentication hooks are not called with external backends #5415
- Improve Minimal layout #5386

- Update to 2.12.5
* PHP 8.4 Support We're again a little behind schedule, but now we
support PHP 8.4! This means that installations on Ubuntu 25.04 and
Fedora 42+ can now install Icinga Web without worrying about PHP
related incompatibilities. Icinga packages will be available in the
next few days.
* Good Things Take Time There's only a single (notable) recent issue
that is fixed with this release. All the others are a bit older.
- External URLs set up as dashlets are not embedded the same as
navigation items #5346
* But the team sat together a few weeks ago and fixed a bug here and
there. And of course, also in Icinga Web!
- Users who are not allowed to change the theme, cannot change the
theme mode either #5385
- Improved compatibility with several SSO authentication providers
#5000, #5227
- Filtering for older-than events with relative time does not work
#5263
- Empty values are NULL in CSV exports #5350
* Breaking, Somewhat This is mainly for developers. With the support of
PHP 8.4, we introduced a new environment variable,
ICINGAWEB_ENVIRONMENT. Unless set to dev, Icinga Web will not show nor
log deprecation notices anymore.

- Update to 2.12.4
- Database login broken after upgrade #5343

- Update to 2.12.3
- XSS in embedded content CVE-2025-27405
- DOM-based XSS CVE-2025-27404
- Open redirect on login page CVE-2025-30164
- Reflected XSS CVE-2025-27609
- Login against Postgres DB is case-sensitive #5223
- Role list has no functioning quick search #5300
- After clicking on Check now, the page does not refresh itself #5293
- Service States display wrong since update to 2.12.2 #5290

- Set right version for icinga-php-library.

- Fix usage of %requires_eq: invalid syntax previosly resulted in ignored
lines and now properly returns an error.

- Update to 2.12.2
- Sort by name of roles does not work properly #4789
- Settings menu flyout closes too fast / easy #5196
- CSP header is missing the script-src policy #5180
- Broken event overview due to IntlDateFormatter #5172
- Downtimes, which were started and canceled, are missing in the history
#5176
- Usage of IcingaWeb2 api command returns 404, but is successful #5183
- Allow fontawesome icons as menu items #5205
- Error while opening a navigation root item #5177
- Dashlets twice in dashboard & not deletable #5203
- PluginOutputRenderer gets called twice #5271
- Graphs disappear after form controls are used #4996
- Make subgroups of custom variables fully collapsible #5256

- Provide group as required by RPM 4.19

- Update to 2.12.1
- Add PHP 8.3 support
- Login Redirect Loop #5133
- UI database migration not fully compatible with PostgreSQL #5129
- Missing styles when logging out and in while CSP is enabled #5126

- Update to 2.12.0
- Support for PHP 8.2 #4918
- Support for Content-Security-Policy #4528
- Allow to initiate a refresh with __REFRESH__ #5108
- Don't refresh twice upon __CLOSE__ #5106
- Add event column-moved #5049
- Add copy-to-clipboard behavior #5041
- Access Oracle Database via tnsnames.ora / LDAP Naming Services #5062
- Reduce risk of crashing the x509 collector daemon #5115
- CSV export does not escape double quotes #4910
* Full changelog see:
https://github.com/Icinga/icingaweb2/milestone/79?closed=1
- Massive changes in spec needed.

- DB schema files are in schema not etc/schema in packaged tarball

- Add subpackge php-fpm with php-fpm configuration.
- Remove max php version restrictions for suse.
- Fix rights for /etc/icingaweb2/enabledModules directory as upstream use.

Changes in icinga-php-library:
- Update to 1.17.0
- No changelog from upstream.

- Update ot 0.14.1
- No changelog from upstream.

- Remove unneded requires and buildrequires icinga-php-common.
- Add missing requires.

- Update to 0.13.0
- No changelog from upstream.

- Update to 0.12.0
- No changelog from upstream.

- Update to 0.11.0
- No changelog from upstream.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2025-473=1

Package List:

- openSUSE Backports SLE-15-SP7 (noarch):

icinga-php-library-0.17.0-bp157.2.3.1
icingacli-2.12.6-bp157.2.3.1
icingaweb2-2.12.6-bp157.2.3.1
icingaweb2-common-2.12.6-bp157.2.3.1
icingaweb2-php-fpm-2.12.6-bp157.2.3.1
php-icinga-2.12.6-bp157.2.3.1

References:

https://www.suse.com/security/cve/CVE-2025-27404.html
https://www.suse.com/security/cve/CVE-2025-27405.html
https://www.suse.com/security/cve/CVE-2025-27609.html
https://www.suse.com/security/cve/CVE-2025-30164.html



SUSE-SU-2025:4433-1: moderate: Security update for python39


# Security update for python39

Announcement ID: SUSE-SU-2025:4433-1
Release Date: 2025-12-17T13:20:28Z
Rating: moderate
References:

Affected Products:

* openSUSE Leap 15.3
* openSUSE Leap 15.6

An update that can now be installed.

## Description:

This update for python39 fixes the following issues:

* Update to 3.9.25:
* Security
* gh-137836: Add support of the “plaintext” element, RAWTEXT elements “xmp”, “iframe”, “noembed” and “noframes”, and optionally RAWTEXT element “noscript” in html.parser.HTMLParser.
* gh-136063: email.message: ensure linear complexity for legacy HTTP parameters parsing. Patch by Bénédikt Tran.
* Library
* gh-98793: Fix argument typechecks in _overlapped.WSAConnect() and _overlapped.Overlapped.WSASendTo() functions. bpo-44817: Ignore WinError 53 (ERROR_BAD_NETPATH), 65 (ERROR_NETWORK_ACCESS_DENIED) and 161 (ERROR_BAD_PATHNAME) when using ntpath.realpath().
* Core and Builtins
* gh-120384: Fix an array out of bounds crash in list_ass_subscript, which could be invoked via some specificly tailored input: including concurrent modification of a list object, where one thread assigns a slice and another clears it.
* gh-120298: Fix use-after free in list_richcompare_impl which can be invoked via some specificly tailored evil input.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-4433=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4433=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* python39-curses-3.9.25-150300.4.87.1
* python39-tools-3.9.25-150300.4.87.1
* python39-debuginfo-3.9.25-150300.4.87.1
* python39-testsuite-debuginfo-3.9.25-150300.4.87.1
* python39-3.9.25-150300.4.87.1
* python39-curses-debuginfo-3.9.25-150300.4.87.1
* python39-dbm-3.9.25-150300.4.87.1
* python39-doc-devhelp-3.9.25-150300.4.87.1
* python39-base-3.9.25-150300.4.87.1
* python39-idle-3.9.25-150300.4.87.1
* python39-tk-3.9.25-150300.4.87.1
* python39-debugsource-3.9.25-150300.4.87.1
* libpython3_9-1_0-3.9.25-150300.4.87.1
* python39-testsuite-3.9.25-150300.4.87.1
* python39-devel-3.9.25-150300.4.87.1
* python39-base-debuginfo-3.9.25-150300.4.87.1
* python39-core-debugsource-3.9.25-150300.4.87.1
* libpython3_9-1_0-debuginfo-3.9.25-150300.4.87.1
* python39-doc-3.9.25-150300.4.87.1
* python39-tk-debuginfo-3.9.25-150300.4.87.1
* python39-dbm-debuginfo-3.9.25-150300.4.87.1
* openSUSE Leap 15.3 (x86_64)
* libpython3_9-1_0-32bit-debuginfo-3.9.25-150300.4.87.1
* libpython3_9-1_0-32bit-3.9.25-150300.4.87.1
* python39-32bit-debuginfo-3.9.25-150300.4.87.1
* python39-base-32bit-3.9.25-150300.4.87.1
* python39-base-32bit-debuginfo-3.9.25-150300.4.87.1
* python39-32bit-3.9.25-150300.4.87.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* python39-64bit-debuginfo-3.9.25-150300.4.87.1
* python39-64bit-3.9.25-150300.4.87.1
* python39-base-64bit-debuginfo-3.9.25-150300.4.87.1
* python39-base-64bit-3.9.25-150300.4.87.1
* libpython3_9-1_0-64bit-3.9.25-150300.4.87.1
* libpython3_9-1_0-64bit-debuginfo-3.9.25-150300.4.87.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python39-curses-3.9.25-150300.4.87.1
* python39-core-debugsource-3.9.25-150300.4.87.1
* python39-tools-3.9.25-150300.4.87.1
* python39-debuginfo-3.9.25-150300.4.87.1
* python39-testsuite-debuginfo-3.9.25-150300.4.87.1
* python39-3.9.25-150300.4.87.1
* python39-curses-debuginfo-3.9.25-150300.4.87.1
* python39-dbm-3.9.25-150300.4.87.1
* python39-doc-devhelp-3.9.25-150300.4.87.1
* python39-base-3.9.25-150300.4.87.1
* python39-idle-3.9.25-150300.4.87.1
* python39-debugsource-3.9.25-150300.4.87.1
* libpython3_9-1_0-3.9.25-150300.4.87.1
* python39-testsuite-3.9.25-150300.4.87.1
* python39-devel-3.9.25-150300.4.87.1
* python39-base-debuginfo-3.9.25-150300.4.87.1
* python39-tk-3.9.25-150300.4.87.1
* libpython3_9-1_0-debuginfo-3.9.25-150300.4.87.1
* python39-doc-3.9.25-150300.4.87.1
* python39-tk-debuginfo-3.9.25-150300.4.87.1
* python39-dbm-debuginfo-3.9.25-150300.4.87.1
* openSUSE Leap 15.6 (x86_64)
* libpython3_9-1_0-32bit-debuginfo-3.9.25-150300.4.87.1
* libpython3_9-1_0-32bit-3.9.25-150300.4.87.1
* python39-32bit-debuginfo-3.9.25-150300.4.87.1
* python39-base-32bit-3.9.25-150300.4.87.1
* python39-base-32bit-debuginfo-3.9.25-150300.4.87.1
* python39-32bit-3.9.25-150300.4.87.1



SUSE-SU-2025:4434-1: low: Security update for poppler


# Security update for poppler

Announcement ID: SUSE-SU-2025:4434-1
Release Date: 2025-12-17T13:31:23Z
Rating: low
References:

* bsc#1252337

Cross-References:

* CVE-2025-11896

CVSS scores:

* CVE-2025-11896 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-11896 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-11896 ( NVD ): 2.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for poppler fixes the following issues:

* CVE-2025-11896: Fixed infinite recursion leading to stack overflow due to
object loop in PDF CMap (bsc#1252337)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4434=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-4434=1 openSUSE-SLE-15.6-2025-4434=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4434=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4434=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-4434=1

## Package List:

* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* libpoppler-qt6-devel-24.03.0-150600.3.27.1
* poppler-qt6-debugsource-24.03.0-150600.3.27.1
* libpoppler-cpp0-debuginfo-24.03.0-150600.3.27.1
* libpoppler-qt5-devel-24.03.0-150600.3.27.1
* libpoppler-devel-24.03.0-150600.3.27.1
* libpoppler-cpp0-24.03.0-150600.3.27.1
* libpoppler-qt6-3-24.03.0-150600.3.27.1
* libpoppler-qt6-3-debuginfo-24.03.0-150600.3.27.1
* poppler-qt5-debugsource-24.03.0-150600.3.27.1
* libpoppler-qt5-1-24.03.0-150600.3.27.1
* poppler-debugsource-24.03.0-150600.3.27.1
* libpoppler-qt5-1-debuginfo-24.03.0-150600.3.27.1
* SUSE Package Hub 15 15-SP7 (x86_64)
* libpoppler135-32bit-24.03.0-150600.3.27.1
* libpoppler135-32bit-debuginfo-24.03.0-150600.3.27.1
* libpoppler-glib8-32bit-debuginfo-24.03.0-150600.3.27.1
* libpoppler-glib8-32bit-24.03.0-150600.3.27.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libpoppler-glib8-24.03.0-150600.3.27.1
* poppler-tools-debuginfo-24.03.0-150600.3.27.1
* poppler-tools-24.03.0-150600.3.27.1
* libpoppler-qt6-devel-24.03.0-150600.3.27.1
* libpoppler135-24.03.0-150600.3.27.1
* libpoppler135-debuginfo-24.03.0-150600.3.27.1
* libpoppler-cpp0-debuginfo-24.03.0-150600.3.27.1
* poppler-qt6-debugsource-24.03.0-150600.3.27.1
* libpoppler-qt5-devel-24.03.0-150600.3.27.1
* libpoppler-devel-24.03.0-150600.3.27.1
* libpoppler-cpp0-24.03.0-150600.3.27.1
* typelib-1_0-Poppler-0_18-24.03.0-150600.3.27.1
* libpoppler-qt6-3-24.03.0-150600.3.27.1
* libpoppler-qt6-3-debuginfo-24.03.0-150600.3.27.1
* poppler-qt5-debugsource-24.03.0-150600.3.27.1
* libpoppler-qt5-1-24.03.0-150600.3.27.1
* libpoppler-glib-devel-24.03.0-150600.3.27.1
* poppler-debugsource-24.03.0-150600.3.27.1
* libpoppler-qt5-1-debuginfo-24.03.0-150600.3.27.1
* libpoppler-glib8-debuginfo-24.03.0-150600.3.27.1
* openSUSE Leap 15.6 (x86_64)
* libpoppler135-32bit-debuginfo-24.03.0-150600.3.27.1
* libpoppler-glib8-32bit-debuginfo-24.03.0-150600.3.27.1
* libpoppler-cpp0-32bit-debuginfo-24.03.0-150600.3.27.1
* libpoppler-qt5-1-32bit-debuginfo-24.03.0-150600.3.27.1
* libpoppler135-32bit-24.03.0-150600.3.27.1
* libpoppler-cpp0-32bit-24.03.0-150600.3.27.1
* libpoppler-qt5-1-32bit-24.03.0-150600.3.27.1
* libpoppler-glib8-32bit-24.03.0-150600.3.27.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libpoppler-qt5-1-64bit-debuginfo-24.03.0-150600.3.27.1
* libpoppler-glib8-64bit-debuginfo-24.03.0-150600.3.27.1
* libpoppler135-64bit-debuginfo-24.03.0-150600.3.27.1
* libpoppler-cpp0-64bit-24.03.0-150600.3.27.1
* libpoppler-cpp0-64bit-debuginfo-24.03.0-150600.3.27.1
* libpoppler135-64bit-24.03.0-150600.3.27.1
* libpoppler-glib8-64bit-24.03.0-150600.3.27.1
* libpoppler-qt5-1-64bit-24.03.0-150600.3.27.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libpoppler-glib8-24.03.0-150600.3.27.1
* poppler-tools-debuginfo-24.03.0-150600.3.27.1
* poppler-tools-24.03.0-150600.3.27.1
* libpoppler135-24.03.0-150600.3.27.1
* libpoppler135-debuginfo-24.03.0-150600.3.27.1
* libpoppler-cpp0-debuginfo-24.03.0-150600.3.27.1
* libpoppler-devel-24.03.0-150600.3.27.1
* libpoppler-cpp0-24.03.0-150600.3.27.1
* typelib-1_0-Poppler-0_18-24.03.0-150600.3.27.1
* libpoppler-glib-devel-24.03.0-150600.3.27.1
* poppler-debugsource-24.03.0-150600.3.27.1
* libpoppler-glib8-debuginfo-24.03.0-150600.3.27.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libpoppler-glib8-24.03.0-150600.3.27.1
* poppler-tools-debuginfo-24.03.0-150600.3.27.1
* poppler-tools-24.03.0-150600.3.27.1
* libpoppler135-24.03.0-150600.3.27.1
* libpoppler135-debuginfo-24.03.0-150600.3.27.1
* libpoppler-cpp0-debuginfo-24.03.0-150600.3.27.1
* libpoppler-devel-24.03.0-150600.3.27.1
* libpoppler-cpp0-24.03.0-150600.3.27.1
* typelib-1_0-Poppler-0_18-24.03.0-150600.3.27.1
* libpoppler-glib-devel-24.03.0-150600.3.27.1
* poppler-debugsource-24.03.0-150600.3.27.1
* libpoppler-glib8-debuginfo-24.03.0-150600.3.27.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* libpoppler-qt6-devel-24.03.0-150600.3.27.1
* poppler-qt6-debugsource-24.03.0-150600.3.27.1
* libpoppler-cpp0-debuginfo-24.03.0-150600.3.27.1
* libpoppler-qt5-devel-24.03.0-150600.3.27.1
* libpoppler-devel-24.03.0-150600.3.27.1
* libpoppler-cpp0-24.03.0-150600.3.27.1
* libpoppler-qt6-3-24.03.0-150600.3.27.1
* libpoppler-qt6-3-debuginfo-24.03.0-150600.3.27.1
* poppler-qt5-debugsource-24.03.0-150600.3.27.1
* libpoppler-qt5-1-24.03.0-150600.3.27.1
* poppler-debugsource-24.03.0-150600.3.27.1
* libpoppler-qt5-1-debuginfo-24.03.0-150600.3.27.1
* SUSE Package Hub 15 15-SP6 (x86_64)
* libpoppler135-32bit-24.03.0-150600.3.27.1
* libpoppler135-32bit-debuginfo-24.03.0-150600.3.27.1
* libpoppler-glib8-32bit-debuginfo-24.03.0-150600.3.27.1
* libpoppler-glib8-32bit-24.03.0-150600.3.27.1

## References:

* https://www.suse.com/security/cve/CVE-2025-11896.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252337



SUSE-SU-2025:4437-1: important: Security update for helm


# Security update for helm

Announcement ID: SUSE-SU-2025:4437-1
Release Date: 2025-12-17T14:45:04Z
Rating: important
References:

Affected Products:

* Containers Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that can now be installed.

## Description:

This update for helm rebuilds it against current GO to fix security issues in
go-stdlib.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4437=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4437=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-4437=1

* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2025-4437=1

## Package List:

* SUSE Package Hub 15 15-SP7 (noarch)
* helm-fish-completion-3.19.1-150000.1.59.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* helm-debuginfo-3.19.1-150000.1.59.1
* helm-3.19.1-150000.1.59.1
* openSUSE Leap 15.6 (noarch)
* helm-zsh-completion-3.19.1-150000.1.59.1
* helm-bash-completion-3.19.1-150000.1.59.1
* helm-fish-completion-3.19.1-150000.1.59.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* helm-debuginfo-3.19.1-150000.1.59.1
* helm-3.19.1-150000.1.59.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* helm-bash-completion-3.19.1-150000.1.59.1
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* helm-debuginfo-3.19.1-150000.1.59.1
* helm-3.19.1-150000.1.59.1
* Containers Module 15-SP7 (noarch)
* helm-zsh-completion-3.19.1-150000.1.59.1
* helm-bash-completion-3.19.1-150000.1.59.1



SUSE-SU-2025:4440-1: moderate: Security update for wireshark


# Security update for wireshark

Announcement ID: SUSE-SU-2025:4440-1
Release Date: 2025-12-17T15:44:46Z
Rating: moderate
References:

* bsc#1254108
* bsc#1254472

Cross-References:

* CVE-2025-13499
* CVE-2025-13946

CVSS scores:

* CVE-2025-13499 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-13499 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2025-13499 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-13499 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-13946 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-13946 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP7
* Desktop Applications Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for wireshark fixes the following issues:

* CVE-2025-13499: Fixed Kafka dissector crash due to malformed packet
(bsc#1254108).
* CVE-2025-13946: Fixed MEGACO dissector infinite loop that allows denial of
service (bsc#1254472).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-4440=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-4440=1 openSUSE-SLE-15.6-2025-4440=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4440=1

## Package List:

* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* wireshark-ui-qt-debuginfo-4.2.14-150600.18.32.1
* wireshark-debugsource-4.2.14-150600.18.32.1
* wireshark-debuginfo-4.2.14-150600.18.32.1
* wireshark-ui-qt-4.2.14-150600.18.32.1
* wireshark-devel-4.2.14-150600.18.32.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libwiretap14-4.2.14-150600.18.32.1
* libwsutil15-debuginfo-4.2.14-150600.18.32.1
* wireshark-ui-qt-debuginfo-4.2.14-150600.18.32.1
* libwsutil15-4.2.14-150600.18.32.1
* wireshark-debugsource-4.2.14-150600.18.32.1
* libwiretap14-debuginfo-4.2.14-150600.18.32.1
* wireshark-4.2.14-150600.18.32.1
* libwireshark17-4.2.14-150600.18.32.1
* wireshark-debuginfo-4.2.14-150600.18.32.1
* wireshark-ui-qt-4.2.14-150600.18.32.1
* libwireshark17-debuginfo-4.2.14-150600.18.32.1
* wireshark-devel-4.2.14-150600.18.32.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libwiretap14-4.2.14-150600.18.32.1
* libwsutil15-debuginfo-4.2.14-150600.18.32.1
* libwsutil15-4.2.14-150600.18.32.1
* wireshark-debugsource-4.2.14-150600.18.32.1
* libwiretap14-debuginfo-4.2.14-150600.18.32.1
* wireshark-4.2.14-150600.18.32.1
* libwireshark17-4.2.14-150600.18.32.1
* wireshark-debuginfo-4.2.14-150600.18.32.1
* libwireshark17-debuginfo-4.2.14-150600.18.32.1

## References:

* https://www.suse.com/security/cve/CVE-2025-13499.html
* https://www.suse.com/security/cve/CVE-2025-13946.html
* https://bugzilla.suse.com/show_bug.cgi?id=1254108
* https://bugzilla.suse.com/show_bug.cgi?id=1254472



SUSE-SU-2025:4432-1: moderate: Security update for libpng12


# Security update for libpng12

Announcement ID: SUSE-SU-2025:4432-1
Release Date: 2025-12-17T13:07:34Z
Rating: moderate
References:

* bsc#1254157

Cross-References:

* CVE-2025-64505

CVSS scores:

* CVE-2025-64505 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-64505 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-64505 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for libpng12 fixes the following issues:

* CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via
malformed palette index (bsc#1254157)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4432=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4432=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4432=1

## Package List:

* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libpng12-0-debuginfo-1.2.57-150000.4.3.1
* libpng12-0-1.2.57-150000.4.3.1
* libpng12-devel-1.2.57-150000.4.3.1
* libpng12-debugsource-1.2.57-150000.4.3.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libpng12-devel-1.2.57-150000.4.3.1
* libpng12-debugsource-1.2.57-150000.4.3.1
* libpng12-compat-devel-1.2.57-150000.4.3.1
* libpng12-0-debuginfo-1.2.57-150000.4.3.1
* libpng12-0-1.2.57-150000.4.3.1
* openSUSE Leap 15.6 (x86_64)
* libpng12-compat-devel-32bit-1.2.57-150000.4.3.1
* libpng12-devel-32bit-1.2.57-150000.4.3.1
* libpng12-0-32bit-debuginfo-1.2.57-150000.4.3.1
* libpng12-0-32bit-1.2.57-150000.4.3.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libpng12-0-debuginfo-1.2.57-150000.4.3.1
* libpng12-0-1.2.57-150000.4.3.1
* libpng12-devel-1.2.57-150000.4.3.1
* libpng12-debugsource-1.2.57-150000.4.3.1

## References:

* https://www.suse.com/security/cve/CVE-2025-64505.html
* https://bugzilla.suse.com/show_bug.cgi?id=1254157



openSUSE-SU-2025:20164-1: important: Security update for openssl-3


openSUSE security update: security update for openssl-3
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025:20164-1
Rating: important
References:

* bsc#1250232
* bsc#1250233
* bsc#1250234

Cross-References:

* CVE-2025-9230
* CVE-2025-9231
* CVE-2025-9232

CVSS scores:

* CVE-2025-9230 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-9230 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-9231 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-9231 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-9232 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-9232 ( SUSE ): 6 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.

Description:

This update for openssl-3 fixes the following issues:

- CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232)
- CVE-2025-9231: Fixedk timing side-channel in SM2 algorithm on 64 bit ARM (bsc#1250233)
- CVE-2025-9232: Fixed out-of-bounds read in HTTP client no_proxy handling (bsc#1250234)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-107=1

Package List:

- openSUSE Leap 16.0:

libopenssl-3-devel-3.5.0-160000.4.1
libopenssl-3-fips-provider-3.5.0-160000.4.1
libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.4.1
libopenssl3-3.5.0-160000.4.1
libopenssl3-x86-64-v3-3.5.0-160000.4.1
openssl-3-3.5.0-160000.4.1
openssl-3-doc-3.5.0-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2025-9230.html
* https://www.suse.com/security/cve/CVE-2025-9231.html
* https://www.suse.com/security/cve/CVE-2025-9232.html



openSUSE-SU-2025:20163-1: important: Security update for grub2


openSUSE security update: security update for grub2
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025:20163-1
Rating: important
References:

* bsc#1234959
* bsc#1245636
* bsc#1245738
* bsc#1245953
* bsc#1246231
* bsc#1247242
* bsc#1249088
* bsc#1249385
* bsc#1252930
* bsc#1252931
* bsc#1252932
* bsc#1252933
* bsc#1252934
* bsc#1252935

Cross-References:

* CVE-2024-56738
* CVE-2025-54770
* CVE-2025-54771
* CVE-2025-61661
* CVE-2025-61662
* CVE-2025-61663
* CVE-2025-61664

CVSS scores:

* CVE-2024-56738 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-56738 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-54770 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-54770 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-54771 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-54771 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-61661 ( SUSE ): 4.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-61661 ( SUSE ): 4.3 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61662 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-61662 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-61663 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-61663 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-61664 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-61664 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 7 vulnerabilities and has 14 bug fixes can now be installed.

Description:

This update for grub2 fixes the following issues:

Changes in grub2:

- CVE-2025-54771: Fixed grub_file_close() does not properly controls the fs refcount (bsc#1252931)
- CVE-2025-54770: Fixed missing unregister call for net_set_vlan command may lead to use-after-free (bsc#1252930)
- CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933)
- CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934)
- CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935)
- CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932)

- Bump upstream SBAT generation to 6

- Fix "sparse file not allowed" error after grub2-reboot (bsc#1245738)
- Fix PowerPC network boot prefix to correctly locate grub.cfg (bsc#1249385)
- turn off page flipping for i386-pc using VBE video backend (bsc#1245636)
- Fix boot hangs in setting up serial console when ACPI SPCR table is present
and redirection is disabled (bsc#1249088)
- Fix timeout when loading initrd via http after PPC CAS reboot (bsc#1245953)
- Skip mount point in grub_find_device function (bsc#1246231)

- CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-106=1

Package List:

- openSUSE Leap 16.0:

grub2-2.12-160000.3.1
grub2-arm64-efi-2.12-160000.3.1
grub2-arm64-efi-bls-2.12-160000.3.1
grub2-arm64-efi-debug-2.12-160000.3.1
grub2-arm64-efi-extras-2.12-160000.3.1
grub2-branding-upstream-2.12-160000.3.1
grub2-common-2.12-160000.3.1
grub2-i386-pc-2.12-160000.3.1
grub2-i386-pc-debug-2.12-160000.3.1
grub2-i386-pc-extras-2.12-160000.3.1
grub2-powerpc-ieee1275-2.12-160000.3.1
grub2-powerpc-ieee1275-debug-2.12-160000.3.1
grub2-powerpc-ieee1275-extras-2.12-160000.3.1
grub2-s390x-emu-2.12-160000.3.1
grub2-s390x-emu-debug-2.12-160000.3.1
grub2-s390x-emu-extras-2.12-160000.3.1
grub2-snapper-plugin-2.12-160000.3.1
grub2-systemd-sleep-plugin-2.12-160000.3.1
grub2-x86_64-efi-2.12-160000.3.1
grub2-x86_64-efi-bls-2.12-160000.3.1
grub2-x86_64-efi-debug-2.12-160000.3.1
grub2-x86_64-efi-extras-2.12-160000.3.1
grub2-x86_64-xen-2.12-160000.3.1
grub2-x86_64-xen-debug-2.12-160000.3.1
grub2-x86_64-xen-extras-2.12-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2024-56738.html
* https://www.suse.com/security/cve/CVE-2025-54770.html
* https://www.suse.com/security/cve/CVE-2025-54771.html
* https://www.suse.com/security/cve/CVE-2025-61661.html
* https://www.suse.com/security/cve/CVE-2025-61662.html
* https://www.suse.com/security/cve/CVE-2025-61663.html
* https://www.suse.com/security/cve/CVE-2025-61664.html



openSUSE-SU-2025:20162-1: important: Security update for ImageMagick


openSUSE security update: security update for imagemagick
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025:20162-1
Rating: important
References:

* bsc#1248767
* bsc#1248780
* bsc#1248784
* bsc#1249362
* bsc#1252282
* bsc#1252749

Cross-References:

* CVE-2025-55212
* CVE-2025-55298
* CVE-2025-57803
* CVE-2025-57807
* CVE-2025-62171
* CVE-2025-62594

CVSS scores:

* CVE-2025-55212 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-55212 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55298 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-55298 ( SUSE ): 9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-57803 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-57803 ( SUSE ): 9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-57807 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-57807 ( SUSE ): 1 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-62171 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-62171 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-62594 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
* CVE-2025-62594 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 6 vulnerabilities and has 6 bug fixes can now be installed.

Description:

This update for ImageMagick fixes the following issues:

- CVE-2025-62594: unsigned underflow and division-by-zero can lead to OOB pointer arithmetic and process crash
(bsc#1252749).
- CVE-2025-57807: BlobStream Forward-Seek Under-Allocation (bsc#1249362).
- CVE-2025-62171: incomplete fix for integer overflow in BMP Decoder (bsc#1252282).
- CVE-2025-55298: format string bug vulnerability can lead to heap overflow (bsc#1248780).
- CVE-2025-57803: 32-bit integer overflow can lead to heap out-of-bounds (OOB) write (bsc#1248784).
- CVE-2025-55212: division-by-zero in ThumbnailImage() when passing a geometry string containing only a colon to
`montage -geometry` (bsc#1248767).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-105=1

Package List:

- openSUSE Leap 16.0:

ImageMagick-7.1.2.0-160000.4.1
ImageMagick-config-7-SUSE-7.1.2.0-160000.4.1
ImageMagick-config-7-upstream-limited-7.1.2.0-160000.4.1
ImageMagick-config-7-upstream-open-7.1.2.0-160000.4.1
ImageMagick-config-7-upstream-secure-7.1.2.0-160000.4.1
ImageMagick-config-7-upstream-websafe-7.1.2.0-160000.4.1
ImageMagick-devel-7.1.2.0-160000.4.1
ImageMagick-doc-7.1.2.0-160000.4.1
ImageMagick-extra-7.1.2.0-160000.4.1
libMagick++-7_Q16HDRI5-7.1.2.0-160000.4.1
libMagick++-devel-7.1.2.0-160000.4.1
libMagickCore-7_Q16HDRI10-7.1.2.0-160000.4.1
libMagickWand-7_Q16HDRI10-7.1.2.0-160000.4.1
perl-PerlMagick-7.1.2.0-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2025-55212.html
* https://www.suse.com/security/cve/CVE-2025-55298.html
* https://www.suse.com/security/cve/CVE-2025-57803.html
* https://www.suse.com/security/cve/CVE-2025-57807.html
* https://www.suse.com/security/cve/CVE-2025-62171.html
* https://www.suse.com/security/cve/CVE-2025-62594.html



SUSE-SU-2025:4422-1: important: Security update for the Linux Kernel


# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2025:4422-1
Release Date: 2025-12-17T10:53:11Z
Rating: important
References:

* bsc#1232223
* bsc#1237888
* bsc#1243474
* bsc#1245193
* bsc#1247076
* bsc#1247079
* bsc#1247500
* bsc#1247509
* bsc#1249547
* bsc#1249912
* bsc#1249982
* bsc#1250176
* bsc#1250237
* bsc#1250252
* bsc#1250705
* bsc#1251120
* bsc#1251786
* bsc#1252063
* bsc#1252267
* bsc#1252303
* bsc#1252353
* bsc#1252681
* bsc#1252763
* bsc#1252773
* bsc#1252780
* bsc#1252794
* bsc#1252795
* bsc#1252809
* bsc#1252817
* bsc#1252821
* bsc#1252836
* bsc#1252845
* bsc#1252862
* bsc#1252912
* bsc#1252917
* bsc#1252928
* bsc#1253018
* bsc#1253176
* bsc#1253275
* bsc#1253318
* bsc#1253324
* bsc#1253349
* bsc#1253352
* bsc#1253355
* bsc#1253360
* bsc#1253362
* bsc#1253363
* bsc#1253367
* bsc#1253369
* bsc#1253393
* bsc#1253395
* bsc#1253403
* bsc#1253407
* bsc#1253409
* bsc#1253412
* bsc#1253416
* bsc#1253421
* bsc#1253423
* bsc#1253424
* bsc#1253425
* bsc#1253427
* bsc#1253428
* bsc#1253431
* bsc#1253436
* bsc#1253438
* bsc#1253440
* bsc#1253441
* bsc#1253445
* bsc#1253448
* bsc#1253449
* bsc#1253453
* bsc#1253456
* bsc#1253472
* bsc#1253779

Cross-References:

* CVE-2022-50253
* CVE-2023-53676
* CVE-2025-21710
* CVE-2025-37916
* CVE-2025-38359
* CVE-2025-38361
* CVE-2025-39788
* CVE-2025-39805
* CVE-2025-39819
* CVE-2025-39859
* CVE-2025-39944
* CVE-2025-39980
* CVE-2025-40001
* CVE-2025-40021
* CVE-2025-40027
* CVE-2025-40030
* CVE-2025-40038
* CVE-2025-40040
* CVE-2025-40048
* CVE-2025-40055
* CVE-2025-40059
* CVE-2025-40064
* CVE-2025-40070
* CVE-2025-40074
* CVE-2025-40075
* CVE-2025-40083
* CVE-2025-40098
* CVE-2025-40105
* CVE-2025-40107
* CVE-2025-40109
* CVE-2025-40110
* CVE-2025-40111
* CVE-2025-40115
* CVE-2025-40116
* CVE-2025-40118
* CVE-2025-40120
* CVE-2025-40121
* CVE-2025-40127
* CVE-2025-40129
* CVE-2025-40139
* CVE-2025-40140
* CVE-2025-40141
* CVE-2025-40149
* CVE-2025-40154
* CVE-2025-40156
* CVE-2025-40157
* CVE-2025-40159
* CVE-2025-40164
* CVE-2025-40168
* CVE-2025-40169
* CVE-2025-40171
* CVE-2025-40172
* CVE-2025-40173
* CVE-2025-40176
* CVE-2025-40180
* CVE-2025-40183
* CVE-2025-40186
* CVE-2025-40188
* CVE-2025-40194
* CVE-2025-40198
* CVE-2025-40200
* CVE-2025-40204
* CVE-2025-40205
* CVE-2025-40206
* CVE-2025-40207

CVSS scores:

* CVE-2022-50253 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50253 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53676 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53676 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21710 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21710 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-37916 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-37916 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37916 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38359 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38359 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38359 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38361 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38361 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38361 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39788 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-39788 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-39805 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39805 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39819 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39819 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39859 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39859 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39944 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39980 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39980 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40001 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40001 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-40021 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-40021 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-40027 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40027 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40030 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40030 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40038 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40038 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40040 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40040 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40048 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40055 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40055 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40059 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40059 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40064 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40070 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40074 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40075 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40083 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40098 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40098 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40105 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-40105 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-40107 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40107 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40109 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40109 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40110 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40110 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40111 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40115 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40115 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40116 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40116 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40118 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40118 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40120 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40121 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40121 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40127 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40127 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40129 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40129 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40139 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40139 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40140 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-40140 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-40141 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40141 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-40149 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40149 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-40154 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40154 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40156 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40156 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40157 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40157 ( SUSE ): 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-40159 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40164 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40164 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40168 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40168 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-40169 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40169 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-40171 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40171 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40172 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40172 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40173 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40173 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40176 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40176 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40180 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40180 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-40183 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-40183 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-40186 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40186 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40188 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40188 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40194 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40198 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40198 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40200 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40200 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40204 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-40205 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40205 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40206 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40206 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40207 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40207 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP6
* Development Tools Module 15-SP6
* Legacy Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Availability Extension 15 SP6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Workstation Extension 15 SP6

An update that solves 65 vulnerabilities and has nine security fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security
issues

The following security issues were fixed:

* CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling
device (bsc#1249912).
* CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in
lio_target_nacl_info_show() (bsc#1251786).
* CVE-2025-21710: tcp: correct handling of extreme memory squeeze
(bsc#1237888).
* CVE-2025-37916: pds_core: remove write-after-free of client_id
(bsc#1243474).
* CVE-2025-38359: s390/mm: Fix in_atomic() handling in
do_secure_storage_access() (bsc#1247076).
* CVE-2025-38361: drm/amd/display: Check dce_hwseq before dereferencing it
(bsc#1247079).
* CVE-2025-39788: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
(bsc#1249547).
* CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove()
(bsc#1249982).
* CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176).
* CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by
ptp_ocp_watchdog (bsc#1250252).
* CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp()
(bsc#1251120).
* CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a
group (bsc#1252063).
* CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue
(bsc#1252303).
* CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent
(bsc#1252681).
* CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763).
* CVE-2025-40030: pinctrl: check the return value of
pinmux_ops::get_function_name() (bsc#1252773).
* CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP
isn't valid (bsc#1252817).
* CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise
(bsc#1252780).
* CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask
(bsc#1252862).
* CVE-2025-40055: ocfs2: fix double free in user_cluster_connect()
(bsc#1252821).
* CVE-2025-40059: coresight: Fix incorrect handling for return value of
devm_kzalloc (bsc#1252809).
* CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev()
(bsc#1252845).
* CVE-2025-40070: pps: fix warning in pps_register_cdev when register device
fail (bsc#1252836).
* CVE-2025-40074: ipv4: start using dst_dev_rcu() (bsc#1252794).
* CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795).
* CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue
(bsc#1252912).
* CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in
cs35l41_get_acpi_mute_state() (bsc#1252917).
* CVE-2025-40105: vfs: Don't leak disconnected dentries on umount
(bsc#1252928).
* CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in
smc_clc_prfx_set() (bsc#1253409).
* CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in
get_netdev_for_sock() (bsc#1253355).
* CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation
(bsc#1253403).
* CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in
smc_clc_prfx_match() (bsc#1253427).
* CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416).
* CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth
(bsc#1253421).
* CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold
fails (bsc#1253425).
* CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).

The following non security issues were fixed:

* ACPI: CPPC: Check _CPC validity for only the online CPUs (git-fixes).
* ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs (git-fixes).
* ACPI: CPPC: Perform fast check switch only for online CPUs (git-fixes).
* ACPI: PRM: Skip handlers with NULL handler_address or NULL VA (stable-
fixes).
* ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes).
* ACPI: property: Return present device nodes only on fwnode interface
(stable-fixes).
* ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids (stable-fixes).
* ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-
fixes).
* ACPICA: dispatcher: Use acpi_ds_clear_operands() in
acpi_ds_call_control_method() (stable-fixes).
* ALSA: hda: Fix missing pointer check in hda_component_manager_init function
(git-fixes).
* ALSA: serial-generic: remove shared static buffer (stable-fixes).
* ALSA: usb-audio: Add validation of UAC2/UAC3 effect units (stable-fixes).
* ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd
(git-fixes).
* ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (stable-
fixes).
* ALSA: usb-audio: add mono main switch to Presonus S1824c (stable-fixes).
* ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes).
* ALSA: usb-audio: don't log messages meant for 1810c when initializing 1824c
(git-fixes).
* ALSA: usb-audio: fix uac2 clock source at terminal parser (git-fixes).
* ASoC: codecs: va-macro: fix resource leak in probe error path (git-fixes).
* ASoC: cs4271: Fix regulator leak on probe failure (git-fixes).
* ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (stable-
fixes).
* ASoC: meson: aiu-encoder-i2s: fix bit clock polarity (stable-fixes).
* ASoC: qcom: sc8280xp: explicitly set S16LE format in
sc8280xp_be_hw_params_fixup() (stable-fixes).
* ASoC: stm32: sai: manage context in set_sysclk callback (stable-fixes).
* ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 (stable-
fixes).
* Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (git-
fixes).
* Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes).
* Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion
(git-fixes).
* Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (git-fixes).
* Bluetooth: L2CAP: export l2cap_chan_hold for modules (stable-fixes).
* Bluetooth: MGMT: cancel mesh send timer when hdev removed (git-fixes).
* Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes).
* Bluetooth: bcsp: receive data only if registered (stable-fixes).
* Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() (git-fixes).
* Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames
(stable-fixes).
* Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (git-
fixes).
* Bluetooth: hci_event: validate skb length for unknown CC opcode (git-fixes).
* Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes).
* HID: amd_sfh: Stop sensor before starting (git-fixes).
* HID: hid-ntrig: Prevent memory leak in ntrig_report_version() (git-fixes).
* HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (stable-fixes).
* HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (git-fixes).
* HID: uclogic: Fix potential memory leak in error path (git-fixes).
* Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes).
* Input: imx_sc_key - fix memory corruption on unload (git-fixes).
* Input: pegasus-notetaker - fix potential out-of-bounds access (git-fixes).
* KVM: Pass new routing entries and irqfd when updating IRTEs (git-fixes).
* KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-
fixes).
* KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing
(git-fixes).
* KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 (git-fixes).
* KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-
fixes).
* KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest
(git-fixes).
* KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure (git-fixes).
* KVM: SVM: WARN if an invalid posted interrupt IRTE entry is added (git-
fixes).
* KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported (git-
fixes).
* KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest
(git-fixes).
* KVM: VMX: Fix check for valid GVA on an EPT violation (git-fixes).
* KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest
(git-fixes).
* KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs (git-
fixes).
* KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter (git-fixes).
* KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE
(git-fixes).
* KVM: x86: Add helper to retrieve current value of user return MSR (git-
fixes).
* KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap
(git-fixes).
* KVM: x86: Don't treat ENTER and LEAVE as branches, because they aren't (git-
fixes).
* KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag (git-
fixes).
* NFS4: Fix state renewals missing after boot (git-fixes).
* NFS: check if suid/sgid was cleared after a write as needed (git-fixes).
* NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (git-fixes).
* NFSD: Skip close replay processing if XDR encoding fails (git-fixes).
* NFSD: free copynotify stateid in nfs4_free_ol_stateid() (git-fixes).
* NFSv4.1: fix mount hang after CREATE_SESSION failure (git-fixes).
* NFSv4: handle ERR_GRACE on delegation recalls (git-fixes).
* PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (stable-fixes).
* PCI/PM: Skip resuming to D0 if device is disconnected (stable-fixes).
* PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes).
* PCI: cadence: Check for the existence of cdns_pcie::ops before using it
(stable-fixes).
* PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() (stable-
fixes).
* PCI: j721e: Fix incorrect error message in probe() (git-fixes).
* PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-
fixes).
* PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes).
* RDMA/bnxt_re: Don't fail destroy QP and cleanup debugfs earlier (git-fixes).
* RDMA/bnxt_re: Fix a potential memory leak in destroy_gsi_sqp (git-fixes).
* RDMA/hns: Fix recv CQ and QP cache affinity (git-fixes).
* RDMA/hns: Fix the modification of max_send_sge (git-fixes).
* RDMA/hns: Fix wrong WQE data when QP wraps around (git-fixes).
* RDMA/irdma: Fix SD index calculation (git-fixes).
* RDMA/irdma: Set irdma_cq cq_num field during CQ create (git-fixes).
* accel/habanalabs/gaudi2: fix BMON disable configuration (stable-fixes).
* accel/habanalabs/gaudi2: read preboot status after recovering from dirty
state (stable-fixes).
* accel/habanalabs: return ENOMEM if less than requested pages were pinned
(stable-fixes).
* accel/habanalabs: support mapping cb with vmalloc-backed coherent memory
(stable-fixes).
* acpi,srat: Fix incorrect device handle check for Generic Initiator (git-
fixes).
* amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw (stable-fixes).
* block: avoid possible overflow for chunk_sectors check in blk_stack_limits()
(git-fixes).
* block: fix kobject double initialization in add_disk (git-fixes).
* btrfs: abort transaction on failure to add link to inode (git-fixes).
* btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() (git-
fix).
* btrfs: avoid using fixed char array size for tree names (git-fix).
* btrfs: do not update last_log_commit when logging inode due to a new name
(git-fixes).
* btrfs: fix COW handling in run_delalloc_nocow() (git-fix).
* btrfs: fix inode leak on failure to add link to inode (git-fixes).
* btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve (git-fix).
* btrfs: mark dirty extent range for out of bound prealloc extents (git-
fixes).
* btrfs: qgroup: correctly model root qgroup rsv in convert (git-fix).
* btrfs: rename err to ret in btrfs_link() (git-fixes).
* btrfs: run btrfs_error_commit_super() early (git-fix).
* btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-
fix).
* btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-
fixes).
* btrfs: send: fix duplicated rmdir operations when using extrefs (git-fixes).
* btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name
(git-fixes).
* btrfs: simplify error handling logic for btrfs_link() (git-fixes).
* btrfs: tree-checker: add dev extent item checks (git-fix).
* btrfs: tree-checker: add type and sequence check for inline backrefs (git-
fix).
* btrfs: tree-checker: fix the wrong output of data backref objectid (git-
fix).
* btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix).
* btrfs: tree-checker: validate dref root and objectid (git-fix).
* btrfs: use smp_mb__after_atomic() when forcing COW in
create_pending_snapshot() (git-fixes).
* char: misc: Does not request module for miscdevice with dynamic minor
(stable-fixes).
* char: misc: Make misc_register() reentry for miscdevice who wants dynamic
minor (stable-fixes).
* char: misc: restrict the dynamic range to exclude reserved minors (stable-
fixes).
* cramfs: Verify inode mode when loading from disk (git-fixes).
* crypto: aspeed - fix double free caused by devm (git-fixes).
* crypto: aspeed-acry - Convert to platform remove callback returning void
(stable-fixes).
* crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value (git-
fixes).
* crypto: iaa - Do not clobber req->base.data (git-fixes).
* crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() (stable-fixes).
* dmaengine: dw-edma: Set status for callback_result (stable-fixes).
* dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes).
* drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream
(stable-fixes).
* drm/amd/display: Disable VRR on DCE 6 (stable-fixes).
* drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes).
* drm/amd/display: Fix NULL deref in debugfs odm_combine_segments (git-fixes).
* drm/amd/display: Fix black screen with HDMI outputs (git-fixes).
* drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration (stable-
fixes).
* drm/amd/display: add more cyan skillfish devices (stable-fixes).
* drm/amd/display: ensure committing streams is seamless (stable-fixes).
* drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes).
* drm/amd/pm: Disable MCLK switching on SI at high pixel clocks (stable-
fixes).
* drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes).
* drm/amd/pm: Use cached metrics data on arcturus (stable-fixes).
* drm/amd: Avoid evicting resources at S5 (stable-fixes).
* drm/amd: Fix suspend failure with secure display TA (git-fixes).
* drm/amd: add more cyan skillfish PCI ids (stable-fixes).
* drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff (stable-fixes).
* drm/amdgpu: Allow kfd CRIU with no buffer objects (stable-fixes).
* drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices
(stable-fixes).
* drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl (stable-
fixes).
* drm/amdgpu: add support for cyan skillfish gpu_info (stable-fixes).
* drm/amdgpu: don't enable SMU on cyan skillfish (stable-fixes).
* drm/amdgpu: reject gang submissions under SRIOV (stable-fixes).
* drm/amdkfd: Handle lack of READ permissions in SVM mapping (stable-fixes).
* drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (stable-fixes).
* drm/amdkfd: fix vram allocation failure for a special case (stable-fixes).
* drm/amdkfd: return -ENOTTY for unsupported IOCTLs (stable-fixes).
* drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST (stable-
fixes).
* drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes).
* drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts (stable-
fixes).
* drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (git-
fixes).
* drm/i915: Fix conversion between clock ticks and nanoseconds (git-fixes).
* drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL (stable-
fixes).
* drm/msm/dsi/phy_7nm: Fix missing initial VCO rate (stable-fixes).
* drm/msm: make sure to not queue up recovery more than once (stable-fixes).
* drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf()
(stable-fixes).
* drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb (git-fixes).
* drm/tegra: Add call to put_pid() (git-fixes).
* drm/tegra: dc: Fix reference leak in tegra_dc_couple() (git-fixes).
* drm/tidss: Set crtc modesetting parameters with adjusted mode (stable-
fixes).
* drm/tidss: Use the crtc_* timings when programming the HW (stable-fixes).
* drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (git-
fixes).
* exfat: limit log print for IO error (git-fixes).
* extcon: adc-jack: Cleanup wakeup source only if it was enabled (git-fixes).
* extcon: adc-jack: Fix wakeup source leaks on device unbind (stable-fixes).
* fbcon: Set fb_display[i]->mode to NULL when the mode is released (stable-
fixes).
* fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds
(stable-fixes).
* fbdev: bitblit: bound-check glyph index in bit_putcs* (stable-fixes).
* fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (stable-
fixes).
* hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex (stable-
fixes).
* hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (stable-fixes).
* hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes).
* hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models
(stable-fixes).
* hwmon: (sbtsi_temp) AMD CPU extended temperature range support (stable-
fixes).
* hwmon: sy7636a: add alias (stable-fixes).
* iio: adc: imx93_adc: load calibrated values even calibration failed (stable-
fixes).
* iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before
setting register (stable-fixes).
* ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr
(stable-fixes).
* iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (git-
fixes).
* isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (git-fixes).
* jfs: Verify inode mode when loading from disk (git-fixes).
* jfs: fix uninitialized waitqueue in transaction manager (git-fixes).
* lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC
(git-fixes).
* md/raid1: fix data lost for writemostly rdev (git-fixes).
* md: fix mssing blktrace bio split events (git-fixes).
* media: adv7180: Add missing lock in suspend callback (stable-fixes).
* media: adv7180: Do not write format to device in set_fmt (stable-fixes).
* media: adv7180: Only validate format in querystd (stable-fixes).
* media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes).
* media: fix uninitialized symbol warnings (stable-fixes).
* media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR
(stable-fixes).
* media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer
(stable-fixes).
* media: imon: make send_packet() more robust (stable-fixes).
* media: ov08x40: Fix the horizontal flip control (stable-fixes).
* media: redrat3: use int type to store negative error codes (stable-fixes).
* media: uvcvideo: Use heuristic to find stream entity (git-fixes).
* memstick: Add timeout to prevent indefinite waiting (stable-fixes).
* mfd: da9063: Split chip variant reading in two bus transactions (stable-
fixes).
* mfd: madera: Work around false-positive -Wininitialized warning (stable-
fixes).
* mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes).
* mfd: stmpe: Remove IRQ domain upon removal (stable-fixes).
* minixfs: Verify inode mode when loading from disk (git-fixes).
* mm/mm_init: fix hash table order logging in alloc_large_system_hash() (git-
fixes).
* mm/secretmem: fix use-after-free race in fault handler (git-fixes).
* mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes).
* mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (stable-fixes).
* mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 (git-fixes).
* mtd: onenand: Pass correct pointer to IRQ handler (git-fixes).
* mtd: rawnand: cadence: fix DMA device NULL pointer dereference (git-fixes).
* mtdchar: fix integer overflow in read/write ioctls (git-fixes).
* net/mana: fix warning in the writer of client oob (git-fixes).
* net/smc: Remove validation of reserved bits in CLC Decline message
(bsc#1253779).
* net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (stable-fixes).
* net: phy: clear link parameters on admin link down (stable-fixes).
* net: phy: fixed_phy: let fixed_phy_unregister free the phy_device (stable-
fixes).
* net: phy: marvell: Fix 88e1510 downshift counter errata (stable-fixes).
* net: tcp: send zero-window ACK when no memory (bsc#1253779).
* net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (git-
fixes).
* nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode
dereferencing (git-fixes).
* nfsd: do not defer requests during idmap lookup in v4 compound decode
(bsc#1232223).
* nfsd: fix return error codes for nfsd_map_name_to_id (bsc#1232223).
* nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (git-fixes).
* perf script: add --addr2line option (bsc#1247509).
* phy: cadence: cdns-dphy: Enable lower resolutions in dphy (stable-fixes).
* phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet
(stable-fixes).
* phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0
(stable-fixes).
* pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc (git-fixes).
* pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() (git-
fixes).
* pinctrl: single: fix bias pull up/down handling in pin_config_set (stable-
fixes).
* platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos
(git-fixes).
* power: supply: qcom_battmgr: add OOI chemistry (stable-fixes).
* power: supply: qcom_battmgr: handle charging state change notifications
(stable-fixes).
* power: supply: sbs-charger: Support multiple devices (stable-fixes).
* regulator: fixed: fix GPIO descriptor leak on register failure (git-fixes).
* rtc: rx8025: fix incorrect register reference (git-fixes).
* s390/mm,fault: simplify kfence fault handling (bsc#1247076).
* scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (git-
fixes).
* scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes).
* scsi: core: sysfs: Correct sysfs attributes access rights (git-fixes).
* scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (git-
fixes).
* scsi: libfc: Prevent integer overflow in fc_fcp_recv_data() (git-fixes).
* scsi: mpi3mr: Correctly handle ATA device errors (git-fixes).
* scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers (git-fixes).
* scsi: mpt3sas: Correctly handle ATA device errors (git-fixes).
* scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (git-
fixes).
* scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (git-fixes).
* scsi: storvsc: Prefer returning channel with the same CPU as on the I/O
issuing CPU (bsc#1252267).
* selftests/bpf: Close fd in error path in drop_on_reuseport (git-fixes).
* selftests/bpf: Close obj in error path in xdp_adjust_tail (git-fixes).
* selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (git-fixes).
* selftests/bpf: Fix missing BUILD_BUG_ON() declaration (git-fixes).
* selftests/bpf: Fix missing UINT_MAX definitions in benchmarks (git-fixes).
* selftests/bpf: Fix string read in strncmp benchmark (git-fixes).
* selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure (git-
fixes).
* selftests/bpf: Use pid_t consistently in test_progs.c (git-fixes).
* selftests/bpf: fix signedness bug in redir_partial() (git-fixes).
* serial: 8250_exar: add support for Advantech 2 port card with Device ID
0x0018 (git-fixes).
* serial: 8250_mtk: Enable baud clock and manage in runtime PM (git-fixes).
* soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups (stable-fixes).
* soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes).
* soc: qcom: smem: Fix endian-unaware access of num_entries (stable-fixes).
* spi: Try to get ACPI GPIO IRQ earlier (git-fixes).
* spi: loopback-test: Don't use %pK through printk (stable-fixes).
* spi: rpc-if: Add resume support for RZ/G3E (stable-fixes).
* strparser: Fix signed/unsigned mismatch bug (git-fixes).
* tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate
psock->cork (bsc#1250705).
* thunderbolt: Use is_pciehp instead of is_hotplug_bridge (stable-fixes).
* tools/cpupower: Fix incorrect size in cpuidle_state_disable() (stable-
fixes).
* tools/cpupower: fix error return value in cpupower_write_sysfs() (stable-
fixes).
* tools/power x86_energy_perf_policy: Enhance HWP enable (stable-fixes).
* tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage (stable-
fixes).
* tools/power x86_energy_perf_policy: Prefer driver HWP limits (stable-fixes).
* tools: lib: thermal: don't preserve owner in install (stable-fixes).
* tools: lib: thermal: use pkg-config to locate libnl3 (stable-fixes).
* uio_hv_generic: Query the ringbuffer size for device (git-fixes).
* usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes).
* usb: cdns3: gadget: Use-after-free during failed initialization and exit of
cdnsp gadget (stable-fixes).
* usb: gadget: f_fs: Fix epfile null pointer access after ep enable (stable-
fixes).
* usb: gadget: f_hid: Fix zero length packet transfer (stable-fixes).
* usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (stable-fixes).
* usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (stable-
fixes).
* usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (stable-
fixes).
* video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (stable-
fixes).
* watchdog: s3c2410_wdt: Fix max_timeout being calculated larger (stable-
fixes).
* wifi: ath10k: Fix connection after GTK rekeying (stable-fixes).
* wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() (git-
fixes).
* wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 (stable-fixes).
* wifi: mac80211: Fix HE capabilities element check (stable-fixes).
* wifi: mac80211: reject address change while connecting (git-fixes).
* wifi: mac80211: skip rate verification for not captured PSDUs (git-fixes).
* wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup (git-
fixes).
* wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device
(stable-fixes).
* wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes).
* wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing (git-
fixes).
* wifi: rtw88: sdio: use indirect IO for device registers before power-on
(stable-fixes).
* wifi: zd1211rw: fix potential memory leak in __zd_usb_enable_rx() (git-
fixes).
* x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes).
* x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes).
* x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes).
* x86/CPU/AMD: Do the common init on future Zens too (git-fixes).
* x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes).
* x86/bugs: Fix reporting of LFENCE retpoline (git-fixes).
* x86/bugs: Report correct retbleed mitigation status (git-fixes).
* x86/vmscape: Add old Intel CPUs to affected list (git-fixes).
* xhci: dbc: Allow users to modify DbC poll interval via sysfs (stable-fixes).
* xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive
(git-fixes).
* xhci: dbc: Improve performance by removing delay in transfer event polling
(stable-fixes).
* xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event
(git-fixes).
* xhci: dbc: poll at different rate depending on data transfer activity
(stable-fixes).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-4422=1 openSUSE-SLE-15.6-2025-4422=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4422=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-4422=1

* Legacy Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-4422=1

* SUSE Linux Enterprise High Availability Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2025-4422=1

* SUSE Linux Enterprise Workstation Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-4422=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-4422=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.

## Package List:

* openSUSE Leap 15.6 (noarch nosrc)
* kernel-docs-6.4.0-150600.23.81.1
* openSUSE Leap 15.6 (noarch)
* kernel-devel-6.4.0-150600.23.81.2
* kernel-source-vanilla-6.4.0-150600.23.81.2
* kernel-source-6.4.0-150600.23.81.2
* kernel-docs-html-6.4.0-150600.23.81.1
* kernel-macros-6.4.0-150600.23.81.2
* openSUSE Leap 15.6 (nosrc ppc64le x86_64)
* kernel-debug-6.4.0-150600.23.81.3
* openSUSE Leap 15.6 (ppc64le x86_64)
* kernel-debug-devel-debuginfo-6.4.0-150600.23.81.3
* kernel-debug-devel-6.4.0-150600.23.81.3
* kernel-debug-debugsource-6.4.0-150600.23.81.3
* kernel-debug-debuginfo-6.4.0-150600.23.81.3
* openSUSE Leap 15.6 (x86_64)
* kernel-default-vdso-6.4.0-150600.23.81.3
* kernel-kvmsmall-vdso-6.4.0-150600.23.81.3
* kernel-debug-vdso-debuginfo-6.4.0-150600.23.81.3
* kernel-default-vdso-debuginfo-6.4.0-150600.23.81.3
* kernel-debug-vdso-6.4.0-150600.23.81.3
* kernel-kvmsmall-vdso-debuginfo-6.4.0-150600.23.81.3
* openSUSE Leap 15.6 (aarch64 ppc64le x86_64)
* kernel-kvmsmall-debugsource-6.4.0-150600.23.81.3
* kernel-kvmsmall-devel-debuginfo-6.4.0-150600.23.81.3
* kernel-default-base-rebuild-6.4.0-150600.23.81.3.150600.12.36.3
* kernel-kvmsmall-devel-6.4.0-150600.23.81.3
* kernel-default-base-6.4.0-150600.23.81.3.150600.12.36.3
* kernel-kvmsmall-debuginfo-6.4.0-150600.23.81.3
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* kernel-default-extra-debuginfo-6.4.0-150600.23.81.3
* kernel-default-optional-6.4.0-150600.23.81.3
* reiserfs-kmp-default-6.4.0-150600.23.81.3
* kernel-obs-build-debugsource-6.4.0-150600.23.81.3
* kernel-default-devel-6.4.0-150600.23.81.3
* kselftests-kmp-default-debuginfo-6.4.0-150600.23.81.3
* gfs2-kmp-default-6.4.0-150600.23.81.3
* kernel-obs-qa-6.4.0-150600.23.81.1
* kernel-default-debuginfo-6.4.0-150600.23.81.3
* kernel-default-devel-debuginfo-6.4.0-150600.23.81.3
* kernel-default-livepatch-6.4.0-150600.23.81.3
* kernel-default-extra-6.4.0-150600.23.81.3
* cluster-md-kmp-default-debuginfo-6.4.0-150600.23.81.3
* dlm-kmp-default-6.4.0-150600.23.81.3
* gfs2-kmp-default-debuginfo-6.4.0-150600.23.81.3
* ocfs2-kmp-default-6.4.0-150600.23.81.3
* kernel-default-optional-debuginfo-6.4.0-150600.23.81.3
* dlm-kmp-default-debuginfo-6.4.0-150600.23.81.3
* cluster-md-kmp-default-6.4.0-150600.23.81.3
* kselftests-kmp-default-6.4.0-150600.23.81.3
* ocfs2-kmp-default-debuginfo-6.4.0-150600.23.81.3
* reiserfs-kmp-default-debuginfo-6.4.0-150600.23.81.3
* kernel-obs-build-6.4.0-150600.23.81.3
* kernel-default-debugsource-6.4.0-150600.23.81.3
* kernel-syms-6.4.0-150600.23.81.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-6.4.0-150600.23.81.3
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_18-debugsource-1-150600.13.3.3
* kernel-default-livepatch-devel-6.4.0-150600.23.81.3
* kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-1-150600.13.3.3
* kernel-livepatch-6_4_0-150600_23_81-default-1-150600.13.3.3
* openSUSE Leap 15.6 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-6.4.0-150600.23.81.3
* openSUSE Leap 15.6 (nosrc s390x)
* kernel-zfcpdump-6.4.0-150600.23.81.3
* openSUSE Leap 15.6 (s390x)
* kernel-zfcpdump-debuginfo-6.4.0-150600.23.81.3
* kernel-zfcpdump-debugsource-6.4.0-150600.23.81.3
* openSUSE Leap 15.6 (nosrc)
* dtb-aarch64-6.4.0-150600.23.81.1
* openSUSE Leap 15.6 (aarch64)
* kselftests-kmp-64kb-debuginfo-6.4.0-150600.23.81.3
* dtb-cavium-6.4.0-150600.23.81.1
* dtb-sprd-6.4.0-150600.23.81.1
* kernel-64kb-debuginfo-6.4.0-150600.23.81.3
* dtb-qcom-6.4.0-150600.23.81.1
* reiserfs-kmp-64kb-6.4.0-150600.23.81.3
* kernel-64kb-extra-debuginfo-6.4.0-150600.23.81.3
* dtb-marvell-6.4.0-150600.23.81.1
* dtb-renesas-6.4.0-150600.23.81.1
* kernel-64kb-devel-debuginfo-6.4.0-150600.23.81.3
* dtb-apple-6.4.0-150600.23.81.1
* dtb-socionext-6.4.0-150600.23.81.1
* kernel-64kb-optional-6.4.0-150600.23.81.3
* dtb-allwinner-6.4.0-150600.23.81.1
* dtb-amd-6.4.0-150600.23.81.1
* ocfs2-kmp-64kb-debuginfo-6.4.0-150600.23.81.3
* cluster-md-kmp-64kb-debuginfo-6.4.0-150600.23.81.3
* kernel-64kb-extra-6.4.0-150600.23.81.3
* kernel-64kb-debugsource-6.4.0-150600.23.81.3
* dlm-kmp-64kb-6.4.0-150600.23.81.3
* dtb-xilinx-6.4.0-150600.23.81.1
* kselftests-kmp-64kb-6.4.0-150600.23.81.3
* kernel-64kb-devel-6.4.0-150600.23.81.3
* dtb-altera-6.4.0-150600.23.81.1
* dtb-amlogic-6.4.0-150600.23.81.1
* dtb-apm-6.4.0-150600.23.81.1
* dtb-lg-6.4.0-150600.23.81.1
* dtb-arm-6.4.0-150600.23.81.1
* cluster-md-kmp-64kb-6.4.0-150600.23.81.3
* dtb-amazon-6.4.0-150600.23.81.1
* dtb-exynos-6.4.0-150600.23.81.1
* dtb-mediatek-6.4.0-150600.23.81.1
* dtb-broadcom-6.4.0-150600.23.81.1
* dtb-hisilicon-6.4.0-150600.23.81.1
* dtb-nvidia-6.4.0-150600.23.81.1
* reiserfs-kmp-64kb-debuginfo-6.4.0-150600.23.81.3
* gfs2-kmp-64kb-debuginfo-6.4.0-150600.23.81.3
* dtb-freescale-6.4.0-150600.23.81.1
* dlm-kmp-64kb-debuginfo-6.4.0-150600.23.81.3
* dtb-rockchip-6.4.0-150600.23.81.1
* gfs2-kmp-64kb-6.4.0-150600.23.81.3
* ocfs2-kmp-64kb-6.4.0-150600.23.81.3
* kernel-64kb-optional-debuginfo-6.4.0-150600.23.81.3
* openSUSE Leap 15.6 (aarch64 nosrc)
* kernel-64kb-6.4.0-150600.23.81.3
* Basesystem Module 15-SP6 (aarch64 nosrc)
* kernel-64kb-6.4.0-150600.23.81.3
* Basesystem Module 15-SP6 (aarch64)
* kernel-64kb-devel-debuginfo-6.4.0-150600.23.81.3
* kernel-64kb-devel-6.4.0-150600.23.81.3
* kernel-64kb-debuginfo-6.4.0-150600.23.81.3
* kernel-64kb-debugsource-6.4.0-150600.23.81.3
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-6.4.0-150600.23.81.3
* Basesystem Module 15-SP6 (aarch64 ppc64le x86_64)
* kernel-default-base-6.4.0-150600.23.81.3.150600.12.36.3
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-6.4.0-150600.23.81.3
* kernel-default-debugsource-6.4.0-150600.23.81.3
* kernel-default-debuginfo-6.4.0-150600.23.81.3
* kernel-default-devel-debuginfo-6.4.0-150600.23.81.3
* Basesystem Module 15-SP6 (noarch)
* kernel-macros-6.4.0-150600.23.81.2
* kernel-devel-6.4.0-150600.23.81.2
* Basesystem Module 15-SP6 (nosrc s390x)
* kernel-zfcpdump-6.4.0-150600.23.81.3
* Basesystem Module 15-SP6 (s390x)
* kernel-zfcpdump-debuginfo-6.4.0-150600.23.81.3
* kernel-zfcpdump-debugsource-6.4.0-150600.23.81.3
* Development Tools Module 15-SP6 (noarch nosrc)
* kernel-docs-6.4.0-150600.23.81.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* kernel-obs-build-6.4.0-150600.23.81.3
* kernel-syms-6.4.0-150600.23.81.1
* kernel-obs-build-debugsource-6.4.0-150600.23.81.3
* Development Tools Module 15-SP6 (noarch)
* kernel-source-6.4.0-150600.23.81.2
* Legacy Module 15-SP6 (nosrc)
* kernel-default-6.4.0-150600.23.81.3
* Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* reiserfs-kmp-default-debuginfo-6.4.0-150600.23.81.3
* kernel-default-debugsource-6.4.0-150600.23.81.3
* kernel-default-debuginfo-6.4.0-150600.23.81.3
* reiserfs-kmp-default-6.4.0-150600.23.81.3
* SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le
s390x x86_64)
* ocfs2-kmp-default-debuginfo-6.4.0-150600.23.81.3
* kernel-default-debuginfo-6.4.0-150600.23.81.3
* ocfs2-kmp-default-6.4.0-150600.23.81.3
* cluster-md-kmp-default-debuginfo-6.4.0-150600.23.81.3
* dlm-kmp-default-6.4.0-150600.23.81.3
* gfs2-kmp-default-debuginfo-6.4.0-150600.23.81.3
* dlm-kmp-default-debuginfo-6.4.0-150600.23.81.3
* kernel-default-debugsource-6.4.0-150600.23.81.3
* cluster-md-kmp-default-6.4.0-150600.23.81.3
* gfs2-kmp-default-6.4.0-150600.23.81.3
* SUSE Linux Enterprise High Availability Extension 15 SP6 (nosrc)
* kernel-default-6.4.0-150600.23.81.3
* SUSE Linux Enterprise Workstation Extension 15 SP6 (nosrc)
* kernel-default-6.4.0-150600.23.81.3
* SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
* kernel-default-extra-6.4.0-150600.23.81.3
* kernel-default-extra-debuginfo-6.4.0-150600.23.81.3
* kernel-default-debugsource-6.4.0-150600.23.81.3
* kernel-default-debuginfo-6.4.0-150600.23.81.3
* SUSE Linux Enterprise Live Patching 15-SP6 (nosrc)
* kernel-default-6.4.0-150600.23.81.3
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-default-debuginfo-6.4.0-150600.23.81.3
* kernel-livepatch-6_4_0-150600_23_81-default-1-150600.13.3.3
* kernel-default-livepatch-6.4.0-150600.23.81.3
* kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-1-150600.13.3.3
* kernel-default-debugsource-6.4.0-150600.23.81.3
* kernel-livepatch-SLE15-SP6_Update_18-debugsource-1-150600.13.3.3
* kernel-default-livepatch-devel-6.4.0-150600.23.81.3

## References:

* https://www.suse.com/security/cve/CVE-2022-50253.html
* https://www.suse.com/security/cve/CVE-2023-53676.html
* https://www.suse.com/security/cve/CVE-2025-21710.html
* https://www.suse.com/security/cve/CVE-2025-37916.html
* https://www.suse.com/security/cve/CVE-2025-38359.html
* https://www.suse.com/security/cve/CVE-2025-38361.html
* https://www.suse.com/security/cve/CVE-2025-39788.html
* https://www.suse.com/security/cve/CVE-2025-39805.html
* https://www.suse.com/security/cve/CVE-2025-39819.html
* https://www.suse.com/security/cve/CVE-2025-39859.html
* https://www.suse.com/security/cve/CVE-2025-39944.html
* https://www.suse.com/security/cve/CVE-2025-39980.html
* https://www.suse.com/security/cve/CVE-2025-40001.html
* https://www.suse.com/security/cve/CVE-2025-40021.html
* https://www.suse.com/security/cve/CVE-2025-40027.html
* https://www.suse.com/security/cve/CVE-2025-40030.html
* https://www.suse.com/security/cve/CVE-2025-40038.html
* https://www.suse.com/security/cve/CVE-2025-40040.html
* https://www.suse.com/security/cve/CVE-2025-40048.html
* https://www.suse.com/security/cve/CVE-2025-40055.html
* https://www.suse.com/security/cve/CVE-2025-40059.html
* https://www.suse.com/security/cve/CVE-2025-40064.html
* https://www.suse.com/security/cve/CVE-2025-40070.html
* https://www.suse.com/security/cve/CVE-2025-40074.html
* https://www.suse.com/security/cve/CVE-2025-40075.html
* https://www.suse.com/security/cve/CVE-2025-40083.html
* https://www.suse.com/security/cve/CVE-2025-40098.html
* https://www.suse.com/security/cve/CVE-2025-40105.html
* https://www.suse.com/security/cve/CVE-2025-40107.html
* https://www.suse.com/security/cve/CVE-2025-40109.html
* https://www.suse.com/security/cve/CVE-2025-40110.html
* https://www.suse.com/security/cve/CVE-2025-40111.html
* https://www.suse.com/security/cve/CVE-2025-40115.html
* https://www.suse.com/security/cve/CVE-2025-40116.html
* https://www.suse.com/security/cve/CVE-2025-40118.html
* https://www.suse.com/security/cve/CVE-2025-40120.html
* https://www.suse.com/security/cve/CVE-2025-40121.html
* https://www.suse.com/security/cve/CVE-2025-40127.html
* https://www.suse.com/security/cve/CVE-2025-40129.html
* https://www.suse.com/security/cve/CVE-2025-40139.html
* https://www.suse.com/security/cve/CVE-2025-40140.html
* https://www.suse.com/security/cve/CVE-2025-40141.html
* https://www.suse.com/security/cve/CVE-2025-40149.html
* https://www.suse.com/security/cve/CVE-2025-40154.html
* https://www.suse.com/security/cve/CVE-2025-40156.html
* https://www.suse.com/security/cve/CVE-2025-40157.html
* https://www.suse.com/security/cve/CVE-2025-40159.html
* https://www.suse.com/security/cve/CVE-2025-40164.html
* https://www.suse.com/security/cve/CVE-2025-40168.html
* https://www.suse.com/security/cve/CVE-2025-40169.html
* https://www.suse.com/security/cve/CVE-2025-40171.html
* https://www.suse.com/security/cve/CVE-2025-40172.html
* https://www.suse.com/security/cve/CVE-2025-40173.html
* https://www.suse.com/security/cve/CVE-2025-40176.html
* https://www.suse.com/security/cve/CVE-2025-40180.html
* https://www.suse.com/security/cve/CVE-2025-40183.html
* https://www.suse.com/security/cve/CVE-2025-40186.html
* https://www.suse.com/security/cve/CVE-2025-40188.html
* https://www.suse.com/security/cve/CVE-2025-40194.html
* https://www.suse.com/security/cve/CVE-2025-40198.html
* https://www.suse.com/security/cve/CVE-2025-40200.html
* https://www.suse.com/security/cve/CVE-2025-40204.html
* https://www.suse.com/security/cve/CVE-2025-40205.html
* https://www.suse.com/security/cve/CVE-2025-40206.html
* https://www.suse.com/security/cve/CVE-2025-40207.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232223
* https://bugzilla.suse.com/show_bug.cgi?id=1237888
* https://bugzilla.suse.com/show_bug.cgi?id=1243474
* https://bugzilla.suse.com/show_bug.cgi?id=1245193
* https://bugzilla.suse.com/show_bug.cgi?id=1247076
* https://bugzilla.suse.com/show_bug.cgi?id=1247079
* https://bugzilla.suse.com/show_bug.cgi?id=1247500
* https://bugzilla.suse.com/show_bug.cgi?id=1247509
* https://bugzilla.suse.com/show_bug.cgi?id=1249547
* https://bugzilla.suse.com/show_bug.cgi?id=1249912
* https://bugzilla.suse.com/show_bug.cgi?id=1249982
* https://bugzilla.suse.com/show_bug.cgi?id=1250176
* https://bugzilla.suse.com/show_bug.cgi?id=1250237
* https://bugzilla.suse.com/show_bug.cgi?id=1250252
* https://bugzilla.suse.com/show_bug.cgi?id=1250705
* https://bugzilla.suse.com/show_bug.cgi?id=1251120
* https://bugzilla.suse.com/show_bug.cgi?id=1251786
* https://bugzilla.suse.com/show_bug.cgi?id=1252063
* https://bugzilla.suse.com/show_bug.cgi?id=1252267
* https://bugzilla.suse.com/show_bug.cgi?id=1252303
* https://bugzilla.suse.com/show_bug.cgi?id=1252353
* https://bugzilla.suse.com/show_bug.cgi?id=1252681
* https://bugzilla.suse.com/show_bug.cgi?id=1252763
* https://bugzilla.suse.com/show_bug.cgi?id=1252773
* https://bugzilla.suse.com/show_bug.cgi?id=1252780
* https://bugzilla.suse.com/show_bug.cgi?id=1252794
* https://bugzilla.suse.com/show_bug.cgi?id=1252795
* https://bugzilla.suse.com/show_bug.cgi?id=1252809
* https://bugzilla.suse.com/show_bug.cgi?id=1252817
* https://bugzilla.suse.com/show_bug.cgi?id=1252821
* https://bugzilla.suse.com/show_bug.cgi?id=1252836
* https://bugzilla.suse.com/show_bug.cgi?id=1252845
* https://bugzilla.suse.com/show_bug.cgi?id=1252862
* https://bugzilla.suse.com/show_bug.cgi?id=1252912
* https://bugzilla.suse.com/show_bug.cgi?id=1252917
* https://bugzilla.suse.com/show_bug.cgi?id=1252928
* https://bugzilla.suse.com/show_bug.cgi?id=1253018
* https://bugzilla.suse.com/show_bug.cgi?id=1253176
* https://bugzilla.suse.com/show_bug.cgi?id=1253275
* https://bugzilla.suse.com/show_bug.cgi?id=1253318
* https://bugzilla.suse.com/show_bug.cgi?id=1253324
* https://bugzilla.suse.com/show_bug.cgi?id=1253349
* https://bugzilla.suse.com/show_bug.cgi?id=1253352
* https://bugzilla.suse.com/show_bug.cgi?id=1253355
* https://bugzilla.suse.com/show_bug.cgi?id=1253360
* https://bugzilla.suse.com/show_bug.cgi?id=1253362
* https://bugzilla.suse.com/show_bug.cgi?id=1253363
* https://bugzilla.suse.com/show_bug.cgi?id=1253367
* https://bugzilla.suse.com/show_bug.cgi?id=1253369
* https://bugzilla.suse.com/show_bug.cgi?id=1253393
* https://bugzilla.suse.com/show_bug.cgi?id=1253395
* https://bugzilla.suse.com/show_bug.cgi?id=1253403
* https://bugzilla.suse.com/show_bug.cgi?id=1253407
* https://bugzilla.suse.com/show_bug.cgi?id=1253409
* https://bugzilla.suse.com/show_bug.cgi?id=1253412
* https://bugzilla.suse.com/show_bug.cgi?id=1253416
* https://bugzilla.suse.com/show_bug.cgi?id=1253421
* https://bugzilla.suse.com/show_bug.cgi?id=1253423
* https://bugzilla.suse.com/show_bug.cgi?id=1253424
* https://bugzilla.suse.com/show_bug.cgi?id=1253425
* https://bugzilla.suse.com/show_bug.cgi?id=1253427
* https://bugzilla.suse.com/show_bug.cgi?id=1253428
* https://bugzilla.suse.com/show_bug.cgi?id=1253431
* https://bugzilla.suse.com/show_bug.cgi?id=1253436
* https://bugzilla.suse.com/show_bug.cgi?id=1253438
* https://bugzilla.suse.com/show_bug.cgi?id=1253440
* https://bugzilla.suse.com/show_bug.cgi?id=1253441
* https://bugzilla.suse.com/show_bug.cgi?id=1253445
* https://bugzilla.suse.com/show_bug.cgi?id=1253448
* https://bugzilla.suse.com/show_bug.cgi?id=1253449
* https://bugzilla.suse.com/show_bug.cgi?id=1253453
* https://bugzilla.suse.com/show_bug.cgi?id=1253456
* https://bugzilla.suse.com/show_bug.cgi?id=1253472
* https://bugzilla.suse.com/show_bug.cgi?id=1253779



SUSE-SU-2025:4421-1: moderate: Security update for buildah


# Security update for buildah

Announcement ID: SUSE-SU-2025:4421-1
Release Date: 2025-12-17T09:04:40Z
Rating: moderate
References:

Affected Products:

* Containers Module 15-SP7
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that can now be installed.

## Description:

This update for buildah rebuilds it against the current security release of GO.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4421=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4421=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2025-4421=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4421=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-4421=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4421=1

* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2025-4421=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4421=1

## Package List:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* buildah-1.35.5-150500.3.50.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.50.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.50.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* buildah-1.35.5-150500.3.50.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* buildah-1.35.5-150500.3.50.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.50.1
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.50.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* buildah-1.35.5-150500.3.50.1



SUSE-SU-2025:4424-1: important: Security update for MozillaFirefox


# Security update for MozillaFirefox

Announcement ID: SUSE-SU-2025:4424-1
Release Date: 2025-12-17T11:10:08Z
Rating: important
References:

* bsc#1254551

Cross-References:

* CVE-2025-14321
* CVE-2025-14322
* CVE-2025-14323
* CVE-2025-14324
* CVE-2025-14325
* CVE-2025-14328
* CVE-2025-14329
* CVE-2025-14330
* CVE-2025-14331
* CVE-2025-14333

CVSS scores:

* CVE-2025-14321 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-14321 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-14321 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-14321 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-14322 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-14322 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-14322 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
* CVE-2025-14323 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-14323 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-14323 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-14324 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-14324 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-14324 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-14324 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-14325 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-14325 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-14325 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-14328 ( SUSE ): 5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-14328 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-14328 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-14329 ( SUSE ): 5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-14329 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-14329 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-14330 ( SUSE ): 5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-14330 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2025-14330 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-14330 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-14331 ( SUSE ): 5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-14331 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2025-14331 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-14331 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-14333 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-14333 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-14333 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-14333 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Desktop Applications Module 15-SP6
* Desktop Applications Module 15-SP7
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves 10 vulnerabilities can now be installed.

## Description:

This update for MozillaFirefox fixes the following issues:

Update to Firefox Extended Support Release 140.6.0 ESR (bsc#1254551).

* MFSA 2025-94
* CVE-2025-14321: use-after-free in the WebRTC: Signaling component.
* CVE-2025-14322: sandbox escape due to incorrect boundary conditions in the
Graphics: CanvasWebGL component.
* CVE-2025-14323: privilege escalation in the DOM: Notifications component.
* CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component.
* CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component.
* CVE-2025-14328: privilege escalation in the Netmonitor component.
* CVE-2025-14329: privilege escalation in the Netmonitor component.
* CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component.
* CVE-2025-14331: same-origin policy bypass in the Request Handling component.
* CVE-2025-14333: memory safety bugs.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4424=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-4424=1

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-4424=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4424=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4424=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4424=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4424=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4424=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4424=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4424=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4424=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4424=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4424=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4424=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-4424=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-translations-other-140.6.0-150200.152.213.1
* MozillaFirefox-debuginfo-140.6.0-150200.152.213.1
* MozillaFirefox-140.6.0-150200.152.213.1
* MozillaFirefox-debugsource-140.6.0-150200.152.213.1
* MozillaFirefox-branding-upstream-140.6.0-150200.152.213.1
* MozillaFirefox-translations-common-140.6.0-150200.152.213.1
* openSUSE Leap 15.6 (noarch)
* MozillaFirefox-devel-140.6.0-150200.152.213.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-translations-other-140.6.0-150200.152.213.1
* MozillaFirefox-debuginfo-140.6.0-150200.152.213.1
* MozillaFirefox-debugsource-140.6.0-150200.152.213.1
* MozillaFirefox-translations-common-140.6.0-150200.152.213.1
* MozillaFirefox-140.6.0-150200.152.213.1
* Desktop Applications Module 15-SP6 (noarch)
* MozillaFirefox-devel-140.6.0-150200.152.213.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-translations-other-140.6.0-150200.152.213.1
* MozillaFirefox-debuginfo-140.6.0-150200.152.213.1
* MozillaFirefox-debugsource-140.6.0-150200.152.213.1
* MozillaFirefox-translations-common-140.6.0-150200.152.213.1
* MozillaFirefox-140.6.0-150200.152.213.1
* Desktop Applications Module 15-SP7 (noarch)
* MozillaFirefox-devel-140.6.0-150200.152.213.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* MozillaFirefox-translations-other-140.6.0-150200.152.213.1
* MozillaFirefox-debuginfo-140.6.0-150200.152.213.1
* MozillaFirefox-debugsource-140.6.0-150200.152.213.1
* MozillaFirefox-translations-common-140.6.0-150200.152.213.1
* MozillaFirefox-140.6.0-150200.152.213.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* MozillaFirefox-devel-140.6.0-150200.152.213.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* MozillaFirefox-translations-other-140.6.0-150200.152.213.1
* MozillaFirefox-debuginfo-140.6.0-150200.152.213.1
* MozillaFirefox-debugsource-140.6.0-150200.152.213.1
* MozillaFirefox-translations-common-140.6.0-150200.152.213.1
* MozillaFirefox-140.6.0-150200.152.213.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* MozillaFirefox-devel-140.6.0-150200.152.213.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* MozillaFirefox-translations-other-140.6.0-150200.152.213.1
* MozillaFirefox-debuginfo-140.6.0-150200.152.213.1
* MozillaFirefox-debugsource-140.6.0-150200.152.213.1
* MozillaFirefox-translations-common-140.6.0-150200.152.213.1
* MozillaFirefox-140.6.0-150200.152.213.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* MozillaFirefox-devel-140.6.0-150200.152.213.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* MozillaFirefox-translations-other-140.6.0-150200.152.213.1
* MozillaFirefox-debuginfo-140.6.0-150200.152.213.1
* MozillaFirefox-debugsource-140.6.0-150200.152.213.1
* MozillaFirefox-translations-common-140.6.0-150200.152.213.1
* MozillaFirefox-140.6.0-150200.152.213.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* MozillaFirefox-devel-140.6.0-150200.152.213.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* MozillaFirefox-translations-other-140.6.0-150200.152.213.1
* MozillaFirefox-debuginfo-140.6.0-150200.152.213.1
* MozillaFirefox-debugsource-140.6.0-150200.152.213.1
* MozillaFirefox-translations-common-140.6.0-150200.152.213.1
* MozillaFirefox-140.6.0-150200.152.213.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* MozillaFirefox-devel-140.6.0-150200.152.213.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-translations-other-140.6.0-150200.152.213.1
* MozillaFirefox-debuginfo-140.6.0-150200.152.213.1
* MozillaFirefox-debugsource-140.6.0-150200.152.213.1
* MozillaFirefox-translations-common-140.6.0-150200.152.213.1
* MozillaFirefox-140.6.0-150200.152.213.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* MozillaFirefox-devel-140.6.0-150200.152.213.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-translations-other-140.6.0-150200.152.213.1
* MozillaFirefox-debuginfo-140.6.0-150200.152.213.1
* MozillaFirefox-debugsource-140.6.0-150200.152.213.1
* MozillaFirefox-translations-common-140.6.0-150200.152.213.1
* MozillaFirefox-140.6.0-150200.152.213.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* MozillaFirefox-devel-140.6.0-150200.152.213.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-translations-other-140.6.0-150200.152.213.1
* MozillaFirefox-debuginfo-140.6.0-150200.152.213.1
* MozillaFirefox-debugsource-140.6.0-150200.152.213.1
* MozillaFirefox-translations-common-140.6.0-150200.152.213.1
* MozillaFirefox-140.6.0-150200.152.213.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* MozillaFirefox-devel-140.6.0-150200.152.213.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* MozillaFirefox-translations-other-140.6.0-150200.152.213.1
* MozillaFirefox-debuginfo-140.6.0-150200.152.213.1
* MozillaFirefox-debugsource-140.6.0-150200.152.213.1
* MozillaFirefox-translations-common-140.6.0-150200.152.213.1
* MozillaFirefox-140.6.0-150200.152.213.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* MozillaFirefox-devel-140.6.0-150200.152.213.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* MozillaFirefox-translations-other-140.6.0-150200.152.213.1
* MozillaFirefox-debuginfo-140.6.0-150200.152.213.1
* MozillaFirefox-debugsource-140.6.0-150200.152.213.1
* MozillaFirefox-translations-common-140.6.0-150200.152.213.1
* MozillaFirefox-140.6.0-150200.152.213.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* MozillaFirefox-devel-140.6.0-150200.152.213.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* MozillaFirefox-translations-other-140.6.0-150200.152.213.1
* MozillaFirefox-debuginfo-140.6.0-150200.152.213.1
* MozillaFirefox-debugsource-140.6.0-150200.152.213.1
* MozillaFirefox-translations-common-140.6.0-150200.152.213.1
* MozillaFirefox-140.6.0-150200.152.213.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* MozillaFirefox-devel-140.6.0-150200.152.213.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* MozillaFirefox-translations-other-140.6.0-150200.152.213.1
* MozillaFirefox-debuginfo-140.6.0-150200.152.213.1
* MozillaFirefox-debugsource-140.6.0-150200.152.213.1
* MozillaFirefox-translations-common-140.6.0-150200.152.213.1
* MozillaFirefox-140.6.0-150200.152.213.1
* SUSE Enterprise Storage 7.1 (noarch)
* MozillaFirefox-devel-140.6.0-150200.152.213.1

## References:

* https://www.suse.com/security/cve/CVE-2025-14321.html
* https://www.suse.com/security/cve/CVE-2025-14322.html
* https://www.suse.com/security/cve/CVE-2025-14323.html
* https://www.suse.com/security/cve/CVE-2025-14324.html
* https://www.suse.com/security/cve/CVE-2025-14325.html
* https://www.suse.com/security/cve/CVE-2025-14328.html
* https://www.suse.com/security/cve/CVE-2025-14329.html
* https://www.suse.com/security/cve/CVE-2025-14330.html
* https://www.suse.com/security/cve/CVE-2025-14331.html
* https://www.suse.com/security/cve/CVE-2025-14333.html
* https://bugzilla.suse.com/show_bug.cgi?id=1254551



SUSE-SU-2025:4425-1: moderate: Security update for cups


# Security update for cups

Announcement ID: SUSE-SU-2025:4425-1
Release Date: 2025-12-17T11:20:35Z
Rating: moderate
References:

* bsc#1244057
* bsc#1254353

Cross-References:

* CVE-2025-58436

CVSS scores:

* CVE-2025-58436 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-58436 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-58436 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-58436 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* Desktop Applications Module 15-SP6
* Desktop Applications Module 15-SP7
* Development Tools Module 15-SP6
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for cups fixes the following issues:

Security issues fixed:

* CVE-2025-58436: single client sending slow messages to cupsd can delay the
application and make it unusable for other clients (bsc#1244057).

Other issues fixed:

* Update the CVE-2025-58436 patch to fix a regression that causes GTK
applications to hang (bsc#1254353).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-4425=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4425=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4425=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-4425=1

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-4425=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-4425=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-4425=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-4425=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-4425=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4425=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-4425=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-4425=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-4425=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-4425=1

## Package List:

* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libcups2-debuginfo-2.2.7-150000.3.83.1
* libcups2-2.2.7-150000.3.83.1
* cups-debuginfo-2.2.7-150000.3.83.1
* cups-debugsource-2.2.7-150000.3.83.1
* cups-config-2.2.7-150000.3.83.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libcups2-debuginfo-2.2.7-150000.3.83.1
* libcupsmime1-2.2.7-150000.3.83.1
* libcupsimage2-debuginfo-2.2.7-150000.3.83.1
* libcupsmime1-debuginfo-2.2.7-150000.3.83.1
* cups-client-debuginfo-2.2.7-150000.3.83.1
* libcups2-2.2.7-150000.3.83.1
* cups-2.2.7-150000.3.83.1
* cups-debuginfo-2.2.7-150000.3.83.1
* libcupscgi1-2.2.7-150000.3.83.1
* libcupsppdc1-debuginfo-2.2.7-150000.3.83.1
* libcupscgi1-debuginfo-2.2.7-150000.3.83.1
* cups-debugsource-2.2.7-150000.3.83.1
* libcupsppdc1-2.2.7-150000.3.83.1
* cups-config-2.2.7-150000.3.83.1
* cups-devel-2.2.7-150000.3.83.1
* libcupsimage2-2.2.7-150000.3.83.1
* cups-client-2.2.7-150000.3.83.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libcups2-debuginfo-2.2.7-150000.3.83.1
* libcupsmime1-2.2.7-150000.3.83.1
* libcupsimage2-debuginfo-2.2.7-150000.3.83.1
* libcupsmime1-debuginfo-2.2.7-150000.3.83.1
* cups-client-debuginfo-2.2.7-150000.3.83.1
* libcups2-2.2.7-150000.3.83.1
* cups-2.2.7-150000.3.83.1
* cups-debuginfo-2.2.7-150000.3.83.1
* libcupscgi1-2.2.7-150000.3.83.1
* libcupsppdc1-debuginfo-2.2.7-150000.3.83.1
* libcupscgi1-debuginfo-2.2.7-150000.3.83.1
* cups-debugsource-2.2.7-150000.3.83.1
* libcupsppdc1-2.2.7-150000.3.83.1
* cups-config-2.2.7-150000.3.83.1
* cups-devel-2.2.7-150000.3.83.1
* libcupsimage2-2.2.7-150000.3.83.1
* cups-client-2.2.7-150000.3.83.1
* Desktop Applications Module 15-SP6 (x86_64)
* libcups2-32bit-2.2.7-150000.3.83.1
* libcups2-32bit-debuginfo-2.2.7-150000.3.83.1
* Desktop Applications Module 15-SP7 (x86_64)
* libcups2-32bit-2.2.7-150000.3.83.1
* libcups2-32bit-debuginfo-2.2.7-150000.3.83.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* cups-ddk-debuginfo-2.2.7-150000.3.83.1
* cups-debugsource-2.2.7-150000.3.83.1
* cups-ddk-2.2.7-150000.3.83.1
* cups-debuginfo-2.2.7-150000.3.83.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* cups-ddk-debuginfo-2.2.7-150000.3.83.1
* cups-debugsource-2.2.7-150000.3.83.1
* cups-ddk-2.2.7-150000.3.83.1
* cups-debuginfo-2.2.7-150000.3.83.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* libcups2-debuginfo-2.2.7-150000.3.83.1
* libcups2-2.2.7-150000.3.83.1
* cups-debuginfo-2.2.7-150000.3.83.1
* cups-debugsource-2.2.7-150000.3.83.1
* cups-config-2.2.7-150000.3.83.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* libcups2-debuginfo-2.2.7-150000.3.83.1
* libcups2-2.2.7-150000.3.83.1
* cups-debuginfo-2.2.7-150000.3.83.1
* cups-debugsource-2.2.7-150000.3.83.1
* cups-config-2.2.7-150000.3.83.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libcups2-debuginfo-2.2.7-150000.3.83.1
* libcupsmime1-2.2.7-150000.3.83.1
* cups-ddk-2.2.7-150000.3.83.1
* libcupsimage2-debuginfo-2.2.7-150000.3.83.1
* libcupsmime1-debuginfo-2.2.7-150000.3.83.1
* cups-client-debuginfo-2.2.7-150000.3.83.1
* libcups2-2.2.7-150000.3.83.1
* cups-2.2.7-150000.3.83.1
* cups-debuginfo-2.2.7-150000.3.83.1
* libcupscgi1-2.2.7-150000.3.83.1
* libcupsppdc1-debuginfo-2.2.7-150000.3.83.1
* libcupscgi1-debuginfo-2.2.7-150000.3.83.1
* cups-debugsource-2.2.7-150000.3.83.1
* libcupsppdc1-2.2.7-150000.3.83.1
* cups-config-2.2.7-150000.3.83.1
* cups-ddk-debuginfo-2.2.7-150000.3.83.1
* cups-devel-2.2.7-150000.3.83.1
* libcupsimage2-2.2.7-150000.3.83.1
* cups-client-2.2.7-150000.3.83.1
* openSUSE Leap 15.6 (x86_64)
* libcupscgi1-32bit-2.2.7-150000.3.83.1
* libcups2-32bit-debuginfo-2.2.7-150000.3.83.1
* libcups2-32bit-2.2.7-150000.3.83.1
* libcupsimage2-32bit-debuginfo-2.2.7-150000.3.83.1
* libcupsmime1-32bit-2.2.7-150000.3.83.1
* libcupsmime1-32bit-debuginfo-2.2.7-150000.3.83.1
* libcupscgi1-32bit-debuginfo-2.2.7-150000.3.83.1
* libcupsppdc1-32bit-2.2.7-150000.3.83.1
* cups-devel-32bit-2.2.7-150000.3.83.1
* libcupsppdc1-32bit-debuginfo-2.2.7-150000.3.83.1
* libcupsimage2-32bit-2.2.7-150000.3.83.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libcups2-debuginfo-2.2.7-150000.3.83.1
* libcups2-2.2.7-150000.3.83.1
* cups-debuginfo-2.2.7-150000.3.83.1
* cups-debugsource-2.2.7-150000.3.83.1
* cups-config-2.2.7-150000.3.83.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libcups2-debuginfo-2.2.7-150000.3.83.1
* libcups2-2.2.7-150000.3.83.1
* cups-debuginfo-2.2.7-150000.3.83.1
* cups-debugsource-2.2.7-150000.3.83.1
* cups-config-2.2.7-150000.3.83.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libcups2-debuginfo-2.2.7-150000.3.83.1
* libcups2-2.2.7-150000.3.83.1
* cups-debuginfo-2.2.7-150000.3.83.1
* cups-debugsource-2.2.7-150000.3.83.1
* cups-config-2.2.7-150000.3.83.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libcups2-debuginfo-2.2.7-150000.3.83.1
* libcups2-2.2.7-150000.3.83.1
* cups-debuginfo-2.2.7-150000.3.83.1
* cups-debugsource-2.2.7-150000.3.83.1
* cups-config-2.2.7-150000.3.83.1

## References:

* https://www.suse.com/security/cve/CVE-2025-58436.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244057
* https://bugzilla.suse.com/show_bug.cgi?id=1254353



SUSE-SU-2025:4426-1: moderate: Security update for xkbcomp


# Security update for xkbcomp

Announcement ID: SUSE-SU-2025:4426-1
Release Date: 2025-12-17T11:22:48Z
Rating: moderate
References:

* bsc#1105832

Cross-References:

* CVE-2018-15853
* CVE-2018-15859
* CVE-2018-15861
* CVE-2018-15863

CVSS scores:

* CVE-2018-15853 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2018-15853 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2018-15853 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2018-15859 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2018-15859 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2018-15859 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2018-15861 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2018-15861 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2018-15861 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2018-15863 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2018-15863 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2018-15863 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves four vulnerabilities can now be installed.

## Description:

This update for xkbcomp fixes the following issues:

* CVE-2018-15863: NULL pointer dereference triggered by a a crafted keymap
file with a no-op modmask expression can lead to a crash (bsc#1105832).
* CVE-2018-15861: NULL pointer dereference triggered by a crafted keymap file
that induces an `xkb_intern_atom` failure can lead to a crash (bsc#1105832).
* CVE-2018-15859: NULL pointer dereference triggered by a specially a crafted
keymap file can lead to a crash (bsc#1105832).
* CVE-2018-15853: endless recursion triggered by a crafted keymap file that
induces boolean negation can lead to a crash (bsc#1105832).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4426=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4426=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4426=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* xkbcomp-devel-1.4.1-150000.3.6.1
* xkbcomp-1.4.1-150000.3.6.1
* xkbcomp-debugsource-1.4.1-150000.3.6.1
* xkbcomp-debuginfo-1.4.1-150000.3.6.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* xkbcomp-devel-1.4.1-150000.3.6.1
* xkbcomp-1.4.1-150000.3.6.1
* xkbcomp-debugsource-1.4.1-150000.3.6.1
* xkbcomp-debuginfo-1.4.1-150000.3.6.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* xkbcomp-devel-1.4.1-150000.3.6.1
* xkbcomp-1.4.1-150000.3.6.1
* xkbcomp-debugsource-1.4.1-150000.3.6.1
* xkbcomp-debuginfo-1.4.1-150000.3.6.1

## References:

* https://www.suse.com/security/cve/CVE-2018-15853.html
* https://www.suse.com/security/cve/CVE-2018-15859.html
* https://www.suse.com/security/cve/CVE-2018-15861.html
* https://www.suse.com/security/cve/CVE-2018-15863.html
* https://bugzilla.suse.com/show_bug.cgi?id=1105832


Keylime, Kernel, Tomcat, MySQL updates for AlmaLinux

Linux Kernel (Azure FIPS) update for Ubuntu 24.04 LTS

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...