Java, Kernel, Thunderbird, and more updates for SUSE

SUSE 5501 Published by

Multiple security updates have been released for SUSE Linux, including updates for Java and Mozilla Thunderbird. Additionally, several kernel live patches have been updated to improve system security.

SUSE-SU-2025:4005-1: important: Security update for java-1_8_0-openj9
SUSE-SU-2025:4003-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP5)
SUSE-SU-2025:4004-1: important: Security update for the Linux Kernel (Live Patch 61 for SLE 15 SP3)
openSUSE-SU-2025-20011-1: moderate: Security update for MozillaThunderbird
SUSE-SU-2025:4039-1: important: Security update for java-1_8_0-openjdk
SUSE-SU-2025:4036-1: important: Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP4)
openSUSE-SU-2025-20008-1: important: Security update for chromium
SUSE-SU-2025:4035-1: important: Security update for erlang26
openSUSE-SU-2025-20006-1: important: Security update for MozillaThunderbird
SUSE-SU-2025:4040-1: important: Security update for the Linux Kernel (Live Patch 42 for SUSE Linux Enterprise 15 SP4)




SUSE-SU-2025:4005-1: important: Security update for java-1_8_0-openj9


# Security update for java-1_8_0-openj9

Announcement ID: SUSE-SU-2025:4005-1
Release Date: 2025-11-10T01:04:28Z
Rating: important
References:

* bsc#1252414
* bsc#1252417

Cross-References:

* CVE-2025-53057
* CVE-2025-53066

CVSS scores:

* CVE-2025-53057 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-53057 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-53057 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-53066 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-53066 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-53066 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for java-1_8_0-openj9 fixes the following issues:

Update to OpenJDK 8u472 build 08 with OpenJDK 0.56.0 virtual machine (including
Oracle October 2025 CPU changes):

* CVE-2025-53057: Fixed unauthenticated attacker achieving unauthorized access
to critical data or complete access (bsc#1252414)
* CVE-2025-53066: Fixed unauthenticated attacker achieving unauthorized
creation, deletion or modification access to critical data (bsc#1252417)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-4005=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4005=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4005=1

## Package List:

* SUSE Package Hub 15 15-SP6 (ppc64le s390x)
* java-1_8_0-openj9-src-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-demo-debuginfo-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-debugsource-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-headless-debuginfo-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-demo-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-devel-debuginfo-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-accessibility-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-debuginfo-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-headless-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-devel-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-1.8.0.472-150200.3.60.3
* SUSE Package Hub 15 15-SP7 (ppc64le s390x)
* java-1_8_0-openj9-src-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-demo-debuginfo-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-debugsource-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-headless-debuginfo-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-demo-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-devel-debuginfo-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-accessibility-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-debuginfo-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-headless-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-devel-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-1.8.0.472-150200.3.60.3
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openj9-src-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-demo-debuginfo-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-debugsource-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-headless-debuginfo-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-demo-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-devel-debuginfo-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-accessibility-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-debuginfo-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-headless-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-devel-1.8.0.472-150200.3.60.3
* java-1_8_0-openj9-1.8.0.472-150200.3.60.3
* openSUSE Leap 15.6 (noarch)
* java-1_8_0-openj9-javadoc-1.8.0.472-150200.3.60.3

## References:

* https://www.suse.com/security/cve/CVE-2025-53057.html
* https://www.suse.com/security/cve/CVE-2025-53066.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252414
* https://bugzilla.suse.com/show_bug.cgi?id=1252417



SUSE-SU-2025:4003-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP5)


# Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:4003-1
Release Date: 2025-11-09T06:04:02Z
Rating: important
References:

* bsc#1248631
* bsc#1249847

Cross-References:

* CVE-2022-50252
* CVE-2025-38664

CVSS scores:

* CVE-2022-50252 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50252 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_121 fixes several issues.

The following security issues were fixed:

* CVE-2025-38664: ice: Fix a null pointer dereference in
ice_copy_and_init_pkg() (bsc#1248631).
* CVE-2022-50252: igb: Do not free q_vector unless new one was allocated
(bsc#1249847).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4003=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-4003=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-4002=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-4002=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_44-debugsource-3-150400.4.1
* kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-3-150400.4.1
* kernel-livepatch-5_14_21-150400_24_176-default-3-150400.4.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_44-debugsource-3-150400.4.1
* kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-3-150400.4.1
* kernel-livepatch-5_14_21-150400_24_176-default-3-150400.4.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_30-debugsource-3-150500.4.1
* kernel-livepatch-5_14_21-150500_55_121-default-debuginfo-3-150500.4.1
* kernel-livepatch-5_14_21-150500_55_121-default-3-150500.4.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_30-debugsource-3-150500.4.1
* kernel-livepatch-5_14_21-150500_55_121-default-debuginfo-3-150500.4.1
* kernel-livepatch-5_14_21-150500_55_121-default-3-150500.4.1

## References:

* https://www.suse.com/security/cve/CVE-2022-50252.html
* https://www.suse.com/security/cve/CVE-2025-38664.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248631
* https://bugzilla.suse.com/show_bug.cgi?id=1249847



SUSE-SU-2025:4004-1: important: Security update for the Linux Kernel (Live Patch 61 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 61 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:4004-1
Release Date: 2025-11-09T07:03:52Z
Rating: important
References:

* bsc#1248631
* bsc#1249841
* bsc#1249847

Cross-References:

* CVE-2022-50248
* CVE-2022-50252
* CVE-2025-38664

CVSS scores:

* CVE-2022-50248 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50248 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-50252 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50252 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_218 fixes several issues.

The following security issues were fixed:

* CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path
(bsc#1249841).
* CVE-2025-38664: ice: Fix a null pointer dereference in
ice_copy_and_init_pkg() (bsc#1248631).
* CVE-2022-50252: igb: Do not free q_vector unless new one was allocated
(bsc#1249847).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-4004=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-4004=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_61-debugsource-2-150300.2.1
* kernel-livepatch-5_3_18-150300_59_218-default-debuginfo-2-150300.2.1
* kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_218-preempt-2-150300.2.1
* kernel-livepatch-5_3_18-150300_59_218-preempt-debuginfo-2-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-50248.html
* https://www.suse.com/security/cve/CVE-2022-50252.html
* https://www.suse.com/security/cve/CVE-2025-38664.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248631
* https://bugzilla.suse.com/show_bug.cgi?id=1249841
* https://bugzilla.suse.com/show_bug.cgi?id=1249847



openSUSE-SU-2025-20011-1: moderate: Security update for MozillaThunderbird


openSUSE security update: security update for mozillathunderbird
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20011-1
Rating: moderate
References:

* bsc#1247774
* bsc#1251263

Cross-References:

* CVE-2025-11708
* CVE-2025-11709
* CVE-2025-11710
* CVE-2025-11711
* CVE-2025-11712
* CVE-2025-11713
* CVE-2025-11714
* CVE-2025-11715

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 8 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for MozillaThunderbird fixes the following issues:

Mozilla Thunderbird 140.4:

* changed: Account Hub is now disabled by default for second
email account
* changed: Flatpak runtime has been updated to Freedesktop SDK
24.08
* fixed: Users could not read mail signed with OpenPGP v6 and
PQC keys
* fixed: Image preview in Insert Image dialog failed with CSP
error for web resources
* fixed: Emptying trash on exit did not work with some
providers
* fixed: Thunderbird could crash when applying filters
* fixed: Users were unable to override expired mail server
certificate
* fixed: Opening Website header link in RSS feed incorrectly
re-encoded URL parameters
* fixed: Security fixes

MFSA 2025-85 (bsc#1251263):

* CVE-2025-11708
Use-after-free in MediaTrackGraphImpl::GetInstance()
* CVE-2025-11709
Out of bounds read/write in a privileged process triggered by
WebGL textures
* CVE-2025-11710
Cross-process information leaked due to malicious IPC
messages
* CVE-2025-11711
Some non-writable Object properties could be modified
* CVE-2025-11712
An OBJECT tag type attribute overrode browser behavior on web
resources without a content-type
* CVE-2025-11713
Potential user-assisted code execution in ???Copy as cURL???
command
* CVE-2025-11714
Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR
140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
* CVE-2025-11715
Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird
ESR 140.4, Firefox 144 and Thunderbird 144

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-15=1

Package List:

- openSUSE Leap 16.0:

MozillaThunderbird-140.4.0-bp160.1.1
MozillaThunderbird-openpgp-librnp-140.4.0-bp160.1.1
MozillaThunderbird-translations-common-140.4.0-bp160.1.1
MozillaThunderbird-translations-other-140.4.0-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-11708.html
* https://www.suse.com/security/cve/CVE-2025-11709.html
* https://www.suse.com/security/cve/CVE-2025-11710.html
* https://www.suse.com/security/cve/CVE-2025-11711.html
* https://www.suse.com/security/cve/CVE-2025-11712.html
* https://www.suse.com/security/cve/CVE-2025-11713.html
* https://www.suse.com/security/cve/CVE-2025-11714.html
* https://www.suse.com/security/cve/CVE-2025-11715.html



SUSE-SU-2025:4039-1: important: Security update for java-1_8_0-openjdk


# Security update for java-1_8_0-openjdk

Announcement ID: SUSE-SU-2025:4039-1
Release Date: 2025-11-10T15:05:47Z
Rating: important
References:

* bsc#1252414
* bsc#1252417

Cross-References:

* CVE-2025-53057
* CVE-2025-53066

CVSS scores:

* CVE-2025-53057 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-53057 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-53057 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-53066 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-53066 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-53066 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* Legacy Module 15-SP6
* Legacy Module 15-SP7
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for java-1_8_0-openjdk fixes the following issues:

Update to version jdk8u472 (icedtea-3.37.0):

* CVE-2025-53057: Fixed certificate handling leading to unauthorized creation,
deletion or modification access to critical data (bsc#1252414)
* CVE-2025-53066: Fixed Path factories leading to unauthorized access to
critical data or complete access (bsc#1252417)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4039=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4039=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4039=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4039=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4039=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4039=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4039=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-4039=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4039=1

* Legacy Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-4039=1

* Legacy Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2025-4039=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4039=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4039=1

## Package List:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-demo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debugsource-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debuginfo-1.8.0.472-150000.3.114.3
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-demo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debugsource-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debuginfo-1.8.0.472-150000.3.114.3
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-demo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debugsource-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debuginfo-1.8.0.472-150000.3.114.3
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-demo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debugsource-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debuginfo-1.8.0.472-150000.3.114.3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-demo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debugsource-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debuginfo-1.8.0.472-150000.3.114.3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-demo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debugsource-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debuginfo-1.8.0.472-150000.3.114.3
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-demo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debugsource-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debuginfo-1.8.0.472-150000.3.114.3
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-demo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debugsource-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debuginfo-1.8.0.472-150000.3.114.3
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-demo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-src-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debugsource-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-accessibility-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debuginfo-1.8.0.472-150000.3.114.3
* openSUSE Leap 15.6 (noarch)
* java-1_8_0-openjdk-javadoc-1.8.0.472-150000.3.114.3
* Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-demo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debugsource-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debuginfo-1.8.0.472-150000.3.114.3
* Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-demo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debugsource-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debuginfo-1.8.0.472-150000.3.114.3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-demo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debugsource-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debuginfo-1.8.0.472-150000.3.114.3
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-demo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debugsource-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-devel-1.8.0.472-150000.3.114.3
* java-1_8_0-openjdk-debuginfo-1.8.0.472-150000.3.114.3

## References:

* https://www.suse.com/security/cve/CVE-2025-53057.html
* https://www.suse.com/security/cve/CVE-2025-53066.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252414
* https://bugzilla.suse.com/show_bug.cgi?id=1252417



SUSE-SU-2025:4036-1: important: Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2025:4036-1
Release Date: 2025-11-10T14:04:16Z
Rating: important
References:

* bsc#1246019
* bsc#1248631
* bsc#1249207
* bsc#1249208
* bsc#1249847
* bsc#1252946

Cross-References:

* CVE-2022-50252
* CVE-2024-53164
* CVE-2025-38617
* CVE-2025-38618
* CVE-2025-38664

CVSS scores:

* CVE-2022-50252 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50252 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53164 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53164 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53164 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38617 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38617 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38618 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38618 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.144 fixes
various security issues

The following security issues were fixed:

* CVE-2022-50252: igb: Do not free q_vector unless new one was allocated
(bsc#1249847).
* CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1246019).
* CVE-2025-38617: net/packet: fix a race in packet_set_ring() and
packet_notifier() (bsc#1249208).
* CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY
(bsc#1249207).
* CVE-2025-38664: ice: Fix a null pointer dereference in
ice_copy_and_init_pkg() (bsc#1248631).

The following non security issue was fixed:

* bsc#1249208: fix livepatching target module name (bsc#1252946)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4036=1 SUSE-2025-4034=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-4036=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-4034=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_136-default-18-150400.4.1
* kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-16-150400.4.1
* kernel-livepatch-SLE15-SP4_Update_34-debugsource-16-150400.4.1
* kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-18-150400.4.1
* kernel-livepatch-SLE15-SP4_Update_32-debugsource-18-150400.4.1
* kernel-livepatch-5_14_21-150400_24_144-default-16-150400.4.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_136-default-18-150400.4.1
* kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-16-150400.4.1
* kernel-livepatch-SLE15-SP4_Update_34-debugsource-16-150400.4.1
* kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-18-150400.4.1
* kernel-livepatch-SLE15-SP4_Update_32-debugsource-18-150400.4.1
* kernel-livepatch-5_14_21-150400_24_144-default-16-150400.4.1

## References:

* https://www.suse.com/security/cve/CVE-2022-50252.html
* https://www.suse.com/security/cve/CVE-2024-53164.html
* https://www.suse.com/security/cve/CVE-2025-38617.html
* https://www.suse.com/security/cve/CVE-2025-38618.html
* https://www.suse.com/security/cve/CVE-2025-38664.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246019
* https://bugzilla.suse.com/show_bug.cgi?id=1248631
* https://bugzilla.suse.com/show_bug.cgi?id=1249207
* https://bugzilla.suse.com/show_bug.cgi?id=1249208
* https://bugzilla.suse.com/show_bug.cgi?id=1249847
* https://bugzilla.suse.com/show_bug.cgi?id=1252946



openSUSE-SU-2025-20008-1: important: Security update for chromium


openSUSE security update: security update for chromium
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20008-1
Rating: important
References:

* bsc#1252881

Cross-References:

* CVE-2025-12428
* CVE-2025-12429
* CVE-2025-12430
* CVE-2025-12431
* CVE-2025-12432
* CVE-2025-12433
* CVE-2025-12434
* CVE-2025-12435
* CVE-2025-12436
* CVE-2025-12437
* CVE-2025-12438
* CVE-2025-12439
* CVE-2025-12440
* CVE-2025-12441
* CVE-2025-12443
* CVE-2025-12444
* CVE-2025-12445
* CVE-2025-12446
* CVE-2025-12447
* CVE-2025-54874

CVSS scores:

* CVE-2025-54874 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-54874 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 20 vulnerabilities and has one bug fix can now be installed.

Description:

This update for chromium fixes the following issues:

Chromium 142.0.7444.59, the stable channel promotion of 142.

Security fixes (boo#1252881):

* CVE-2025-12428: Type Confusion in V8
* CVE-2025-12429: Inappropriate implementation in V8
* CVE-2025-12430: Object lifecycle issue in Media
* CVE-2025-12431: Inappropriate implementation in Extensions
* CVE-2025-12432: Race in V8
* CVE-2025-12433: Inappropriate implementation in V8
* CVE-2025-12434: Race in Storage
* CVE-2025-12435: Incorrect security UI in Omnibox
* CVE-2025-12436: Policy bypass in Extensions
* CVE-2025-12437: Use after free in PageInfo
* CVE-2025-12438: Use after free in Ozone
* CVE-2025-12439: Inappropriate implementation in App-Bound Encryption
* CVE-2025-12440: Inappropriate implementation in Autofill
* CVE-2025-12441: Out of bounds read in V8
* CVE-2025-12443: Out of bounds read in WebXR
* CVE-2025-12444: Incorrect security UI in Fullscreen UI
* CVE-2025-12445: Policy bypass in Extensions
* CVE-2025-12446: Incorrect security UI in SplitView
* CVE-2025-12447: Incorrect security UI in Omnibox

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-12=1

Package List:

- openSUSE Leap 16.0:

chromedriver-142.0.7444.59-bp160.1.1
chromium-142.0.7444.59-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-12428.html
* https://www.suse.com/security/cve/CVE-2025-12429.html
* https://www.suse.com/security/cve/CVE-2025-12430.html
* https://www.suse.com/security/cve/CVE-2025-12431.html
* https://www.suse.com/security/cve/CVE-2025-12432.html
* https://www.suse.com/security/cve/CVE-2025-12433.html
* https://www.suse.com/security/cve/CVE-2025-12434.html
* https://www.suse.com/security/cve/CVE-2025-12435.html
* https://www.suse.com/security/cve/CVE-2025-12436.html
* https://www.suse.com/security/cve/CVE-2025-12437.html
* https://www.suse.com/security/cve/CVE-2025-12438.html
* https://www.suse.com/security/cve/CVE-2025-12439.html
* https://www.suse.com/security/cve/CVE-2025-12440.html
* https://www.suse.com/security/cve/CVE-2025-12441.html
* https://www.suse.com/security/cve/CVE-2025-12443.html
* https://www.suse.com/security/cve/CVE-2025-12444.html
* https://www.suse.com/security/cve/CVE-2025-12445.html
* https://www.suse.com/security/cve/CVE-2025-12446.html
* https://www.suse.com/security/cve/CVE-2025-12447.html
* https://www.suse.com/security/cve/CVE-2025-54874.html



SUSE-SU-2025:4035-1: important: Security update for erlang26


# Security update for erlang26

Announcement ID: SUSE-SU-2025:4035-1
Release Date: 2025-11-10T13:47:19Z
Rating: important
References:

* bsc#1249473

Cross-References:

* CVE-2025-48041

CVSS scores:

* CVE-2025-48041 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-48041 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-48041 ( NVD ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.3
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for erlang26 fixes the following issues:

* CVE-2025-48041: Fixed exhaustion of file handles in ssh (bsc#1249473)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-4035=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-4035=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4035=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-4035=1

## Package List:

* Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* erlang26-epmd-debuginfo-26.2.1-150300.7.19.1
* erlang26-epmd-26.2.1-150300.7.19.1
* erlang26-debuginfo-26.2.1-150300.7.19.1
* erlang26-26.2.1-150300.7.19.1
* erlang26-debugsource-26.2.1-150300.7.19.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* erlang26-dialyzer-26.2.1-150300.7.19.1
* erlang26-reltool-src-26.2.1-150300.7.19.1
* erlang26-doc-26.2.1-150300.7.19.1
* erlang26-wx-src-26.2.1-150300.7.19.1
* erlang26-et-src-26.2.1-150300.7.19.1
* erlang26-epmd-26.2.1-150300.7.19.1
* erlang26-debuginfo-26.2.1-150300.7.19.1
* erlang26-et-26.2.1-150300.7.19.1
* erlang26-diameter-26.2.1-150300.7.19.1
* erlang26-epmd-debuginfo-26.2.1-150300.7.19.1
* erlang26-debugger-26.2.1-150300.7.19.1
* erlang26-dialyzer-debuginfo-26.2.1-150300.7.19.1
* erlang26-wx-26.2.1-150300.7.19.1
* erlang26-observer-src-26.2.1-150300.7.19.1
* erlang26-debugger-src-26.2.1-150300.7.19.1
* erlang26-dialyzer-src-26.2.1-150300.7.19.1
* erlang26-26.2.1-150300.7.19.1
* erlang26-observer-26.2.1-150300.7.19.1
* erlang26-src-26.2.1-150300.7.19.1
* erlang26-wx-debuginfo-26.2.1-150300.7.19.1
* erlang26-reltool-26.2.1-150300.7.19.1
* erlang26-jinterface-src-26.2.1-150300.7.19.1
* erlang26-diameter-src-26.2.1-150300.7.19.1
* erlang26-jinterface-26.2.1-150300.7.19.1
* erlang26-debugsource-26.2.1-150300.7.19.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* erlang26-dialyzer-26.2.1-150300.7.19.1
* erlang26-reltool-src-26.2.1-150300.7.19.1
* erlang26-doc-26.2.1-150300.7.19.1
* erlang26-wx-src-26.2.1-150300.7.19.1
* erlang26-et-src-26.2.1-150300.7.19.1
* erlang26-epmd-26.2.1-150300.7.19.1
* erlang26-debuginfo-26.2.1-150300.7.19.1
* erlang26-et-26.2.1-150300.7.19.1
* erlang26-diameter-26.2.1-150300.7.19.1
* erlang26-epmd-debuginfo-26.2.1-150300.7.19.1
* erlang26-debugger-26.2.1-150300.7.19.1
* erlang26-dialyzer-debuginfo-26.2.1-150300.7.19.1
* erlang26-wx-26.2.1-150300.7.19.1
* erlang26-observer-src-26.2.1-150300.7.19.1
* erlang26-debugger-src-26.2.1-150300.7.19.1
* erlang26-dialyzer-src-26.2.1-150300.7.19.1
* erlang26-26.2.1-150300.7.19.1
* erlang26-observer-26.2.1-150300.7.19.1
* erlang26-src-26.2.1-150300.7.19.1
* erlang26-wx-debuginfo-26.2.1-150300.7.19.1
* erlang26-reltool-26.2.1-150300.7.19.1
* erlang26-jinterface-src-26.2.1-150300.7.19.1
* erlang26-diameter-src-26.2.1-150300.7.19.1
* erlang26-jinterface-26.2.1-150300.7.19.1
* erlang26-debugsource-26.2.1-150300.7.19.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* erlang26-epmd-debuginfo-26.2.1-150300.7.19.1
* erlang26-epmd-26.2.1-150300.7.19.1
* erlang26-debuginfo-26.2.1-150300.7.19.1
* erlang26-26.2.1-150300.7.19.1
* erlang26-debugsource-26.2.1-150300.7.19.1

## References:

* https://www.suse.com/security/cve/CVE-2025-48041.html
* https://bugzilla.suse.com/show_bug.cgi?id=1249473



openSUSE-SU-2025-20006-1: important: Security update for MozillaThunderbird


openSUSE security update: security update for mozillathunderbird
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20006-1
Rating: important
References:

* bsc#1249391

Cross-References:

* CVE-2025-10527
* CVE-2025-10528
* CVE-2025-10529
* CVE-2025-10532
* CVE-2025-10533
* CVE-2025-10536
* CVE-2025-10537

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 7 vulnerabilities and has one bug fix can now be installed.

Description:

This update for MozillaThunderbird fixes the following issues:

Changes in MozillaThunderbird:

Mozilla Thunderbird 140.3.0 ESR:

* Right-clicking 'List-ID' -> 'Unsubscribe' created double encoded
draft subject
* Thunderbird could crash on startup
* Thunderbird could crash when importing mail
* Opening Website header link in RSS feed incorrectly re-encoded
URL parameters
MFSA 2025-78 (bsc#1249391)
* CVE-2025-10527
Sandbox escape due to use-after-free in the Graphics:
Canvas2D component
* CVE-2025-10528
Sandbox escape due to undefined behavior, invalid pointer in
the Graphics: Canvas2D component
* CVE-2025-10529
Same-origin policy bypass in the Layout component
* CVE-2025-10532
Incorrect boundary conditions in the JavaScript: GC component
* CVE-2025-10533
Integer overflow in the SVG component
* CVE-2025-10536
Information disclosure in the Networking: Cache component
* CVE-2025-10537
Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird
ESR 140.3, Firefox 143 and Thunderbird 143

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-10=1

Package List:

- openSUSE Leap 16.0:

MozillaThunderbird-140.3.0-bp160.1.1
MozillaThunderbird-openpgp-librnp-140.3.0-bp160.1.1
MozillaThunderbird-translations-common-140.3.0-bp160.1.1
MozillaThunderbird-translations-other-140.3.0-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-10527.html
* https://www.suse.com/security/cve/CVE-2025-10528.html
* https://www.suse.com/security/cve/CVE-2025-10529.html
* https://www.suse.com/security/cve/CVE-2025-10532.html
* https://www.suse.com/security/cve/CVE-2025-10533.html
* https://www.suse.com/security/cve/CVE-2025-10536.html
* https://www.suse.com/security/cve/CVE-2025-10537.html



SUSE-SU-2025:4040-1: important: Security update for the Linux Kernel (Live Patch 42 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 42 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2025:4040-1
Release Date: 2025-11-10T19:03:48Z
Rating: important
References:

* bsc#1246019
* bsc#1248631
* bsc#1249207
* bsc#1249208
* bsc#1249847
* bsc#1252946

Cross-References:

* CVE-2022-50252
* CVE-2024-53164
* CVE-2025-38617
* CVE-2025-38618
* CVE-2025-38664

CVSS scores:

* CVE-2022-50252 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50252 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53164 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53164 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53164 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38617 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38617 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38618 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38618 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.170 fixes
various security issues

The following security issues were fixed:

* CVE-2022-50252: igb: Do not free q_vector unless new one was allocated
(bsc#1249847).
* CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1246019).
* CVE-2025-38617: net/packet: fix a race in packet_set_ring() and
packet_notifier() (bsc#1249208).
* CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY
(bsc#1249207).
* CVE-2025-38664: ice: Fix a null pointer dereference in
ice_copy_and_init_pkg() (bsc#1248631).

The following non security issue was fixed:

* bsc#1249208: fix livepatching target module name (bsc#1252946)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4042=1 SUSE-2025-4040=1 SUSE-2025-4041=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-4042=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-4040=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2025-4041=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-7-150400.4.1
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-7-150400.4.1
* kernel-livepatch-SLE15-SP4_Update_37-debugsource-10-150400.4.1
* kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-10-150400.4.1
* kernel-livepatch-5_14_21-150400_24_153-default-10-150400.4.1
* kernel-livepatch-5_14_21-150400_24_170-default-7-150400.4.1
* kernel-livepatch-5_14_21-150400_24_158-default-9-150400.4.1
* kernel-livepatch-SLE15-SP4_Update_38-debugsource-9-150400.4.1
* kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-9-150400.4.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-7-150400.4.1
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-7-150400.4.1
* kernel-livepatch-SLE15-SP4_Update_37-debugsource-10-150400.4.1
* kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-10-150400.4.1
* kernel-livepatch-5_14_21-150400_24_153-default-10-150400.4.1
* kernel-livepatch-5_14_21-150400_24_170-default-7-150400.4.1
* kernel-livepatch-5_14_21-150400_24_158-default-9-150400.4.1
* kernel-livepatch-SLE15-SP4_Update_38-debugsource-9-150400.4.1
* kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-9-150400.4.1

## References:

* https://www.suse.com/security/cve/CVE-2022-50252.html
* https://www.suse.com/security/cve/CVE-2024-53164.html
* https://www.suse.com/security/cve/CVE-2025-38617.html
* https://www.suse.com/security/cve/CVE-2025-38618.html
* https://www.suse.com/security/cve/CVE-2025-38664.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246019
* https://bugzilla.suse.com/show_bug.cgi?id=1248631
* https://bugzilla.suse.com/show_bug.cgi?id=1249207
* https://bugzilla.suse.com/show_bug.cgi?id=1249208
* https://bugzilla.suse.com/show_bug.cgi?id=1249847
* https://bugzilla.suse.com/show_bug.cgi?id=1252946


Kernel, Xorg-X11-Server-Xwayland, Expat, and more updates for AlmaLinux

Intel Microcode and Rust-sudo-rs updates for Ubuntu

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...