Java-17-OpenJDK, Sqlite3, RabbitMQ-Server, and more updates for SUSE Linux

SUSE 5313 Published 2025-05-08 07:05 by Philipp Esselbach

News

SUSE-SU-2025:1490-1: important: Security update for java-17-openjdk

# Security update for java-17-openjdk

Announcement ID: SUSE-SU-2025:1490-1
Release Date: 2025-05-06T11:49:02Z
Rating: important
References:

* bsc#1241274
* bsc#1241275
* bsc#1241276

Cross-References:

* CVE-2025-21587
* CVE-2025-30691
* CVE-2025-30698

CVSS scores:

* CVE-2025-21587 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-21587 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-21587 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-30691 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-30691 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-30691 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-30698 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-30698 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-30698 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products:

* Basesystem Module 15-SP6
* Legacy Module 15-SP6
* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for java-17-openjdk fixes the following issues:

Update to upstream tag jdk-17.0.15+6 (April 2025 CPU)

CVEs:

* CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of
critical data (bsc#1241274)
* CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access
(bsc#1241275)
* CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS
(bsc#1241276)

Changes:

+ JDK-6355567: AdobeMarkerSegment causes failure to read
valid JPEG
+ JDK-8065099: [macos] javax/swing/PopupFactory/6276087/
/NonOpaquePopupMenuTest.java fails: no background shine
through
+ JDK-8179502: Enhance OCSP, CRL and Certificate Fetch
Timeouts
+ JDK-8198237: [macos] Test java/awt/Frame/
/ExceptionOnSetExtendedStateTest/
/ExceptionOnSetExtendedStateTest.java fails
+ JDK-8198666: Many java/awt/Modal/OnTop/ test fails on mac
+ JDK-8208565: [TEST_BUG] javax/swing/PopupFactory/6276087/
/NonOpaquePopupMenuTest.java throws NPE
+ JDK-8226933: [TEST_BUG]GTK L&F: There is no swatches or
RGB tab in JColorChooser
+ JDK-8226938: [TEST_BUG]GTK L&F: There is no Details
button in FileChooser Dialog
+ JDK-8266435: WBMPImageReader.read() should not truncate
the input stream
+ JDK-8267893: Improve jtreg test failure handler do get
native/mixed stack traces for cores and live processes
+ JDK-8270961: [TESTBUG] Move GotWrongOOMEException into
vm.share.gc package
+ JDK-8274893: Update java.desktop classes to use
try-with-resources
+ JDK-8276202: LogFileOutput.invalid_file_vm asserts when
being executed from a read only working directory
+ JDK-8277240: java/awt/Graphics2D/ScaledTransform/
/ScaledTransform.java dialog does not get disposed
+ JDK-8281234: The -protected option is not always checked
in keytool and jarsigner
+ JDK-8282314: nsk/jvmti/SuspendThread/suspendthrd003 may
leak memory
+ JDK-8283387: [macos] a11y : Screen magnifier does not
show selected Tab
+ JDK-8283404: [macos] a11y : Screen magnifier does not
show JMenu name
+ JDK-8283664: Remove jtreg tag manual=yesno for
java/awt/print/PrinterJob/PrintTextTest.java
+ JDK-8286779: javax.crypto.CryptoPolicyParser#isConsistent
always returns 'true'
+ JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit
access thread fields from native
+ JDK-8290400: Must run exe installers in jpackage jtreg
tests without UI
+ JDK-8292588: [macos] Multiscreen/MultiScreenLocationTest/
/MultiScreenLocationTest.java: Robot.mouseMove test failed on
Screen #0
+ JDK-8292704: sun/security/tools/jarsigner/compatibility/
/Compatibility.java use wrong key size for EC
+ JDK-8292848: AWT_Mixing and TrayIcon tests fail on el8
with hard-coded isOel7
+ JDK-8293345: SunPKCS11 provider checks on PKCS11
Mechanism are problematic
+ JDK-8293412: Remove unnecessary java.security.egd
overrides
+ JDK-8294067: [macOS] javax/swing/JComboBox/6559152/
/bug6559152.java Cannot select an item from popup with the
ENTER key.
+ JDK-8294316: SA core file support is broken on macosx-x64
starting with macOS 12.x
+ JDK-8295087: Manual Test to Automated Test Conversion
+ JDK-8295176: some langtools test pollutes source tree
+ JDK-8296591: Signature benchmark
+ JDK-8296818: Enhance JMH tests
java/security/Signatures.java
+ JDK-8299077: [REDO] JDK-4512626 Non-editable JTextArea
provides no visual indication of keyboard focus
+ JDK-8299127: [REDO] JDK-8194048 Regression automated test
'/open/test/jdk/javax/swing/text/DefaultCaret/HidingSelection/
/HidingSelectionTest.java' fails
+ JDK-8299128: [REDO] JDK-8213562 Test javax/swing/text/
/DefaultCaret/HidingSelection/MultiSelectionTest.java fails
+ JDK-8299739: HashedPasswordFileTest.java and ExceptionTest.java
can fail with java.lang.NullPointerException
+ JDK-8299994: java/security/Policy/Root/Root.java fails
when home directory is read-only
+ JDK-8301989: new
javax.swing.text.DefaultCaret().setBlinkRate(N) results in NPE
+ JDK-8302111: Serialization considerations
+ JDK-8305853: java/text/Format/DateFormat/
/DateFormatRegression.java fails with "Uncaught exception
thrown in test method Test4089106"
+ JDK-8306711: Improve diagnosis of `IntlTest` framework
+ JDK-8308341: JNI_GetCreatedJavaVMs returns a partially
initialized JVM
+ JDK-8309171: Test vmTestbase/nsk/jvmti/scenarios/
/jni_interception/JI05/ji05t001/TestDescription.java fails
after JDK-8308341
+ JDK-8309231: ProblemList vmTestbase/nsk/jvmti/scenarios/
/jni_interception/JI05/ji05t001/TestDescription.java
+ JDK-8309740: Expand timeout windows for tests in
JDK-8179502
+ JDK-8309841: Jarsigner should print a warning if an entry
is removed
+ JDK-8310234: Refactor Locale tests to use JUnit
+ JDK-8310629: java/security/cert/CertPathValidator/OCSP/
/OCSPTimeout.java fails with RuntimeException: Server not ready
+ JDK-8311306: Test com/sun/management/ThreadMXBean/
/ThreadCpuTimeArray.java failed: out of expected range
+ JDK-8311546: Certificate name constraints improperly
validated with leading period
+ JDK-8311663: Additional refactoring of Locale tests to
JUnit
+ JDK-8312416: Tests in Locale should have more descriptive
names
+ JDK-8312518: [macos13] setFullScreenWindow() shows black
screen on macOS 13 & above
+ JDK-8313633: [macOS] java/awt/dnd/NextDropActionTest/
/NextDropActionTest.java fails with
java.lang.RuntimeException: wrong next drop action!
+ JDK-8313710: jcmd: typo in the documentation of JFR.start
and JFR.dump
+ JDK-8314225: SIGSEGV in JavaThread::is_lock_owned
+ JDK-8314610: hotspot can't compile with the latest of
gtest because of <iomanip>
+ JDK-8314752: Use google test string comparison macros
+ JDK-8314909: tools/jpackage/windows/Win8282351Test.java
fails with java.lang.AssertionError: Expected [0]. Actual
[1618]:
+ JDK-8314975: JavadocTester should set source path if not
specified
+ JDK-8315486: vmTestbase/nsk/jdwp/ThreadReference/
/ForceEarlyReturn/forceEarlyReturn002/forceEarlyReturn002.java
timed out
+ JDK-8315825: Open some swing tests
+ JDK-8315882: Open some swing tests 2
+ JDK-8315883: Open source several Swing JToolbar tests
+ JDK-8315952: Open source several Swing JToolbar JTooltip
JTree tests
+ JDK-8316056: Open source several Swing JTree tests
+ JDK-8316146: Open some swing tests 4
+ JDK-8316149: Open source several Swing JTree JViewport
KeyboardManager tests
+ JDK-8316218: Open some swing tests 5
+ JDK-8316371: Open some swing tests 6
+ JDK-8316559: Refactor some util/Calendar tests to JUnit
+ JDK-8316627: JViewport Test headless failure
+ JDK-8316696: Remove the testing base classes: IntlTest
and CollatorTest
+ JDK-8317631: Refactor ChoiceFormat tests to use JUnit
+ JDK-8317636: Improve heap walking API tests to verify
correctness of field indexes
+ JDK-8318442: java/net/httpclient/ManyRequests2.java fails
intermittently on Linux
+ JDK-8319567: Update java/lang/invoke tests to support vm
flags
+ JDK-8319568: Update java/lang/reflect/exeCallerAccessTest/
/CallerAccessTest.java to accept vm flags
+ JDK-8319569: Several java/util tests should be updated to
accept VM flags
+ JDK-8319647: Few java/lang/System/LoggerFinder/modules
tests ignore vm flags
+ JDK-8319648: java/lang/SecurityManager tests ignore vm
flags
+ JDK-8319672: Several classloader tests ignore VM flags
+ JDK-8319673: Few security tests ignore VM flags
+ JDK-8319676: A couple of jdk/modules/incubator/ tests
ignore VM flags
+ JDK-8319677: Test jdk/internal/misc/VM/RuntimeArguments.java
should be marked as flagless
+ JDK-8319818: Address GCC 13.2.0 warnings
(stringop-overflow and dangling-pointer)
+ JDK-8320372: test/jdk/sun/security/x509/DNSName/
/LeadingPeriod.java validity check failed
+ JDK-8320676: Manual printer tests have no Pass/Fail
buttons, instructions close set 1
+ JDK-8320691: Timeout handler on Windows takes 2 hours to
complete
+ JDK-8320714: java/util/Locale/LocaleProvidersRun.java and
java/util/ResourceBundle/modules/visibility/
/VisibilityTest.java timeout after passing
+ JDK-8320916: jdk/jfr/event/gc/stacktrace/
/TestParallelMarkSweepAllocationPendingStackTrace.java failed
with "OutOfMemoryError: GC overhead limit exceeded"
+ JDK-8321818: vmTestbase/nsk/stress/strace/strace015.java
failed with 'Cannot read the array length because "<local4>"
is null'
+ JDK-8323196: jdk/jfr/api/consumer/filestream/TestOrdered.java
failed with "Events are not ordered! Reuse = false"
+ JDK-8324672: Update jdk/java/time/tck/java/time/TCKInstant.java
now() to be more robust
+ JDK-8324807: Manual printer tests have no Pass/Fail
buttons, instructions close set 2
+ JDK-8325024: java/security/cert/CertPathValidator/OCSP(
/OCSPTimeout.java incorrect comment information
+ JDK-8325042: Remove unused JVMDITools test files
+ JDK-8325529: Remove unused imports from `ModuleGenerator`
test file
+ JDK-8325659: Normalize Random usage by incubator vector
tests
+ JDK-8325906: Problemlist vmTestbase/vm/mlvm/meth/stress/
/compiler/deoptimize/Test.java#id1 until JDK-8320865 is fixed
+ JDK-8325908: Finish removal of IntlTest and CollatorTest
+ JDK-8325937: runtime/handshake/HandshakeDirectTest.java
causes "monitor end should be strictly below the frame pointer"
assertion failure on AArch64
+ JDK-8326421: Add jtreg test for large arrayCopy disjoint
case.
+ JDK-8326525: com/sun/tools/attach/BasicTests.java does
not verify AgentLoadException case
+ JDK-8327098: GTest needs larger combination limit
+ JDK-8327476: Upgrade JLine to 3.26.1
+ JDK-8327505: Test com/sun/jmx/remote/
/NotificationMarshalVersions/TestSerializationMismatch.java
fails
+ JDK-8327857: Remove applet usage from JColorChooser tests
Test4222508
+ JDK-8327859: Remove applet usage from JColorChooser tests
Test4319113
+ JDK-8327986: ASAN reports use-after-free in
DirectivesParserTest.empty_object_vm
+ JDK-8328005: Convert java/awt/im/JTextFieldTest.java
applet test to main
+ JDK-8328085: C2: Use after free in
PhaseChaitin::Register_Allocate()
+ JDK-8328121: Remove applet usage from JColorChooser tests
Test4759306
+ JDK-8328130: Remove applet usage from JColorChooser tests
Test4759934
+ JDK-8328185: Convert java/awt/image/MemoryLeakTest/
/MemoryLeakTest.java applet test to main
+ JDK-8328227: Remove applet usage from JColorChooser tests
Test4887836
+ JDK-8328368: Convert java/awt/image/multiresolution/
/MultiDisplayTest/MultiDisplayTest.java applet test to main
+ JDK-8328370: Convert java/awt/print/Dialog/PrintApplet.java
applet test to main
+ JDK-8328380: Remove applet usage from JColorChooser tests
Test6348456
+ JDK-8328387: Convert java/awt/Frame/FrameStateTest/
/FrameStateTest.html applet test to main
+ JDK-8328403: Remove applet usage from JColorChooser tests
Test6977726
+ JDK-8328553: Get rid of JApplet in
test/jdk/sanity/client/lib/SwingSet2/src/DemoModule.java
+ JDK-8328558: Convert javax/swing/JCheckBox/8032667/
/bug8032667.java applet test to main
+ JDK-8328717: Convert javax/swing/JColorChooser/8065098/
/bug8065098.java applet test to main
+ JDK-8328719: Convert java/awt/print/PageFormat/SetOrient.html
applet test to main
+ JDK-8328730: Convert java/awt/print/bug8023392/bug8023392.html
applet test to main
+ JDK-8328753: Open source few Undecorated Frame tests
+ JDK-8328819: Remove applet usage from JFileChooser tests
bug6698013
+ JDK-8328827: Convert java/awt/print/PrinterJob/
/PrinterDialogsModalityTest/PrinterDialogsModalityTest.html
applet test to main
+ JDK-8329210: Delete Redundant Printer Dialog Modality Test
+ JDK-8329320: Simplify awt/print/PageFormat/NullPaper.java
test
+ JDK-8329322: Convert PageFormat/Orient.java to use
PassFailJFrame
+ JDK-8329692: Add more details to FrameStateTest.java test
instructions
+ JDK-8330702: Update failure handler to don't generate
Error message if cores actions are empty
+ JDK-8331153: JFR: Improve logging of
jdk/jfr/api/consumer/filestream/TestOrdered.java
+ JDK-8331735: UpcallLinker::on_exit races with GC when
copying frame anchor
+ JDK-8331959: Update PKCS#11 Cryptographic Token Interface
to v3.1
+ JDK-8332158: [XWayland] test/jdk/java/awt/Mouse/
/EnterExitEvents/ResizingFrameTest.java
+ JDK-8332917: failure_handler should execute gdb "info
threads" command on linux
+ JDK-8333360: PrintNullString.java doesn't use float
arguments
+ JDK-8333391: Test com/sun/jdi/InterruptHangTest.java
failed: Thread was never interrupted during sleep
+ JDK-8333403: Write a test to check various components
events are triggered properly
+ JDK-8333427: langtools/tools/javac/newlines/NewLineTest.java
is failing on Japanese Windows
+ JDK-8334305: Remove all code for nsk.share.Log verbose
mode
+ JDK-8334490: Normalize string with locale invariant
`toLowerCase()`
+ JDK-8334777: Test javax/management/remote/mandatory/notif/
/NotifReconnectDeadlockTest.java failed with
NullPointerException
+ JDK-8335150: Test LogGeneratedClassesTest.java fails on
rpmbuild mock enviroment
+ JDK-8335172: Add manual steps to run security/auth/callback/
/TextCallbackHandler/Password.java test
+ JDK-8335789: [TESTBUG] XparColor.java test fails with
Error. Parse Exception: Invalid or unrecognized bugid: @
+ JDK-8336012: Fix usages of jtreg-reserved properties
+ JDK-8336498: [macos] [build]: install-file macro may run
into permission denied error
+ JDK-8336692: Redo fix for JDK-8284620
+ JDK-8336942: Improve test coverage for class loading
elements with annotations of different retentions
+ JDK-8337222: gc/TestDisableExplicitGC.java fails due to
unexpected CodeCache GC
+ JDK-8337494: Clarify JarInputStream behavior
+ JDK-8337692: Better TLS connection support
+ JDK-8337826: Improve logging in OCSPTimeout and
SimpleOCSPResponder to help diagnose JDK-8309754
+ JDK-8337886: java/awt/Frame/MaximizeUndecoratedTest.java
fails in OEL due to a slight color difference
+ JDK-8337951: Test sun/security/validator/samedn.sh
CertificateNotYetValidException: NotBefore validation
+ JDK-8338100: C2: assert(!n_loop->is_member(get_loop(lca)))
failed: control must not be back in the loop
+ JDK-8338426: Test java/nio/channels/Selector/WakeupNow.java
failed
+ JDK-8338430: Improve compiler transformations
+ JDK-8338571: [TestBug] DefaultCloseOperation.java test
not working as expected wrt instruction after JDK-8325851 fix
+ JDK-8338595: Add more linesize for MIME decoder in macro
bench test Base64Decode
+ JDK-8338668: Test javax/swing/JFileChooser/8080628/
/bug8080628.java doesn't test for GTK L&F
+ JDK-8339154: Cleanups and JUnit conversion of
test/jdk/java/util/zip/Available.java
+ JDK-8339261: Logs truncated in test
javax/net/ssl/DTLS/DTLSRehandshakeTest.java
+ JDK-8339356: Test javax/net/ssl/SSLSocket/Tls13PacketSize.java
failed with java.net.SocketException: An established
connection was aborted by the software in your host machine
+ JDK-8339524: Clean up a few ExtendedRobot tests
+ JDK-8339687: Rearrange reachabilityFence()s in
jdk.test.lib.util.ForceGC
+ JDK-8339728: [Accessibility,Windows,JAWS] Bug in the
getKeyChar method of the AccessBridge class
+ JDK-8339810: Clean up the code in sun.tools.jar.Main to
properly close resources and use ZipFile during extract
+ JDK-8339883: Open source several AWT/2D related tests
+ JDK-8339902: Open source couple TextField related tests
+ JDK-8339943: Frame not disposed in
java/awt/dnd/DropActionChangeTest.java
+ JDK-8340078: Open source several 2D tests
+ JDK-8340116: test/jdk/sun/security/tools/jarsigner/
/PreserveRawManifestEntryAndDigest.java can fail due to regex
+ JDK-8340411: open source several 2D imaging tests
+ JDK-8340480: Bad copyright notices in changes from
JDK-8339902
+ JDK-8340687: Open source closed frame tests #1
+ JDK-8340719: Open source AWT List tests
+ JDK-8340969: jdk/jfr/startupargs/TestStartDuration.java
should be marked as flagless
+ JDK-8341037: Use standard layouts in
DefaultFrameIconTest.java and MenuCrash.java
+ JDK-8341111: open source several AWT tests including menu
shortcut tests
+ JDK-8341316: [macos] javax/swing/ProgressMonitor/
/ProgressMonitorEscapeKeyPress.java fails sometimes in macos
+ JDK-8341412: Various test failures after JDK-8334305
+ JDK-8341424: GHA: Collect hs_errs from build time failures
+ JDK-8341453: java/awt/a11y/AccessibleJTableTest.java
fails in some cases where the test tables are not visible
+ JDK-8341722: Fix some warnings as errors when building on
Linux with toolchain clang
+ JDK-8341881: [REDO] java/nio/file/attribute/
/BasicFileAttributeView/CreationTime.java#tmp fails on alinux3
+ JDK-8341978: Improve JButton/bug4490179.java
+ JDK-8341982: Simplify JButton/bug4323121.java
+ JDK-8342098: Write a test to compare the images
+ JDK-8342145: File libCreationTimeHelper.c compile fails
on Alpine
+ JDK-8342270: Test sun/security/pkcs11/Provider/
/RequiredMechCheck.java needs write access to src tree
+ JDK-8342498: Add test for Allocation elimination after
use as alignment reference by SuperWord
+ JDK-8342508: Use latch in BasicMenuUI/bug4983388.java
instead of delay
+ JDK-8342541: Exclude List/KeyEventsTest/KeyEventsTest.java
from running on macOS
+ JDK-8342562: Enhance Deflater operations
+ JDK-8342602: Remove JButton/PressedButtonRightClickTest
test
+ JDK-8342607: Enhance register printing on x86_64 platforms
+ JDK-8342609: jpackage test helper function incorrectly
removes a directory instead of its contents only
+ JDK-8342634: javax/imageio/plugins/wbmp/
/WBMPStreamTruncateTest.java creates temp file in src dir
+ JDK-8342635: javax/swing/JFileChooser/FileSystemView/
/WindowsDefaultIconSizeTest.java creates tmp file in src dir
+ JDK-8342704: GHA: Report truncation is broken after
JDK-8341424
+ JDK-8342811: java/net/httpclient/PlainProxyConnectionTest.java
failed: Unexpected connection count: 5
+ JDK-8342858: Make target mac-jdk-bundle fails on chmod
command
+ JDK-8342988: GHA: Build JTReg in single step
+ JDK-8343007: Enhance Buffered Image handling
+ JDK-8343100: Consolidate EmptyFolderTest and
EmptyFolderPackageTest jpackage tests into single java file
+ JDK-8343101: Rework BasicTest.testTemp test cases
+ JDK-8343118: [TESTBUG] java/awt/PrintJob/PrintCheckboxTest/
/PrintCheckboxManualTest.java fails with Error. Can't find
HTML file PrintCheckboxManualTest.html
+ JDK-8343128: PassFailJFrame.java test result: Error. Bad
action for script: build}
+ JDK-8343129: Disable unstable check of
ThreadsListHandle.sanity_vm ThreadList values
+ JDK-8343178: Test BasicTest.java javac compile fails
cannot find symbol
+ JDK-8343378: Exceptions in javax/management
DeadLockTest.java do not cause test failure
+ JDK-8343491: javax/management/remote/mandatory/connection/
/DeadLockTest.java failing with NoSuchObjectException: no such
object in table
+ JDK-8343599: Kmem limit and max values swapped when
printing container information
+ JDK-8343724: [PPC64] Disallow OptoScheduling
+ JDK-8343882: BasicAnnoTests doesn't handle multiple
annotations at the same position
+ JDK-8344581: [TESTBUG] java/awt/Robot/
/ScreenCaptureRobotTest.java failing on macOS
+ JDK-8344589: Update IANA Language Subtag Registry to
Version 2024-11-19
+ JDK-8344646: The libjsig deprecation warning should go to
stderr not stdout
+ JDK-8345296: AArch64: VM crashes with SIGILL when prctl
is disallowed
+ JDK-8345368: java/io/File/createTempFile/SpecialTempFile.java
fails on Windows Server 2025
+ JDK-8345371: Bump update version for OpenJDK: jdk-17.0.15
+ JDK-8345375: Improve debuggability of
test/jdk/java/net/Socket/CloseAvailable.java
+ JDK-8345414: Google CAInterop test failures
+ JDK-8345468: test/jdk/javax/swing/JScrollBar/4865918/
/bug4865918.java fails in ubuntu22.04
+ JDK-8346055: javax/swing/text/StyledEditorKit/4506788/
/bug4506788.java fails in ubuntu22.04
+ JDK-8346324: javax/swing/JScrollBar/4865918/bug4865918.java
fails in CI
+ JDK-8346587: Distrust TLS server certificates anchored by
Camerfirma Root CAs
+ JDK-8346671: java/nio/file/Files/probeContentType/Basic.java
fails on Windows 2025
+ JDK-8346828: javax/swing/JScrollBar/4865918/bug4865918.java
still fails in CI
+ JDK-8346887: DrawFocusRect() may cause an assertion failure
+ JDK-8346908: Update JDK 17 javadoc man page
+ JDK-8346972: Test java/nio/channels/FileChannel/
/LoopingTruncate.java fails sometimes with IOException: There
is not enough space on the disk
+ JDK-8347424: Fix and rewrite
sun/security/x509/DNSName/LeadingPeriod.java test
+ JDK-8347427: JTabbedPane/8134116/Bug8134116.java has no
license header
+ JDK-8347740: java/io/File/createTempFile/SpecialTempFile.java
failing
+ JDK-8347847: Enhance jar file support
+ JDK-8347965: (tz) Update Timezone Data to 2025a
+ JDK-8348625: [21u, 17u] Revert JDK-8185862 to restore old
java.awt.headless behavior on Windows
+ JDK-8348675: TrayIcon tests fail in Ubuntu 24.10 Wayland
+ JDK-8349603: [21u, 17u, 11u] Update GHA JDKs after Jan/25
updates
+ JDK-8352097: (tz) zone.tab update missed in 2025a backport
+ JDK-8353905: [17u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.15

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-1490=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1490=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1490=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1490=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1490=1

* Legacy Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-1490=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1490=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1490=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1490=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1490=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1490=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1490=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1490=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1490=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1490=1

## Package List:

* SUSE Manager Retail Branch Server 4.3 (x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-jmods-17.0.15.0-150400.3.54.1
* java-17-openjdk-src-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* openSUSE Leap 15.4 (noarch)
* java-17-openjdk-javadoc-17.0.15.0-150400.3.54.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-jmods-17.0.15.0-150400.3.54.1
* java-17-openjdk-src-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* openSUSE Leap 15.6 (noarch)
* java-17-openjdk-javadoc-17.0.15.0-150400.3.54.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* SUSE Manager Proxy 4.3 (x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21587.html
* https://www.suse.com/security/cve/CVE-2025-30691.html
* https://www.suse.com/security/cve/CVE-2025-30698.html
* https://bugzilla.suse.com/show_bug.cgi?id=1241274
* https://bugzilla.suse.com/show_bug.cgi?id=1241275
* https://bugzilla.suse.com/show_bug.cgi?id=1241276

SUSE-SU-2025:1456-1: moderate: Security update for sqlite3

# Security update for sqlite3

Announcement ID: SUSE-SU-2025:1456-1
Release Date: 2025-05-05T10:52:31Z
Rating: moderate
References:

* bsc#1241020
* bsc#1241078
* jsc#SLE-16032

Cross-References:

* CVE-2025-29087
* CVE-2025-29088

CVSS scores:

* CVE-2025-29087 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-29087 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
* CVE-2025-29087 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-29087 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-29087 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L
* CVE-2025-29088 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-29088 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-29088 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-29088 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities and contains one feature can now be
installed.

## Description:

This update for sqlite3 fixes the following issues:

* CVE-2025-29087: Fixed integer overflow in sqlite concat function
(bsc#1241020)
* CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE
component (bsc#1241078)

Other fixes:

* Updated to version 3.49.1 from Factory (jsc#SLE-16032)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1456=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-1456=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-1456=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-1456=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-1456=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-1456=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1456=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-1456=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1456=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1456=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* sqlite3-tcl-3.49.1-150000.3.27.1
* sqlite3-debugsource-3.49.1-150000.3.27.1
* libsqlite3-0-debuginfo-3.49.1-150000.3.27.1
* sqlite3-tcl-debuginfo-3.49.1-150000.3.27.1
* sqlite3-debuginfo-3.49.1-150000.3.27.1
* sqlite3-3.49.1-150000.3.27.1
* sqlite3-devel-3.49.1-150000.3.27.1
* libsqlite3-0-3.49.1-150000.3.27.1
* openSUSE Leap 15.6 (x86_64)
* libsqlite3-0-32bit-debuginfo-3.49.1-150000.3.27.1
* libsqlite3-0-32bit-3.49.1-150000.3.27.1
* openSUSE Leap 15.6 (noarch)
* sqlite3-doc-3.49.1-150000.3.27.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* sqlite3-tcl-3.49.1-150000.3.27.1
* sqlite3-debugsource-3.49.1-150000.3.27.1
* libsqlite3-0-debuginfo-3.49.1-150000.3.27.1
* sqlite3-debuginfo-3.49.1-150000.3.27.1
* libsqlite3-0-3.49.1-150000.3.27.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* sqlite3-tcl-3.49.1-150000.3.27.1
* sqlite3-debugsource-3.49.1-150000.3.27.1
* libsqlite3-0-debuginfo-3.49.1-150000.3.27.1
* sqlite3-debuginfo-3.49.1-150000.3.27.1
* libsqlite3-0-3.49.1-150000.3.27.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* sqlite3-tcl-3.49.1-150000.3.27.1
* sqlite3-debugsource-3.49.1-150000.3.27.1
* libsqlite3-0-debuginfo-3.49.1-150000.3.27.1
* sqlite3-tcl-debuginfo-3.49.1-150000.3.27.1
* sqlite3-debuginfo-3.49.1-150000.3.27.1
* libsqlite3-0-3.49.1-150000.3.27.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* sqlite3-tcl-3.49.1-150000.3.27.1
* sqlite3-debugsource-3.49.1-150000.3.27.1
* libsqlite3-0-debuginfo-3.49.1-150000.3.27.1
* sqlite3-tcl-debuginfo-3.49.1-150000.3.27.1
* sqlite3-debuginfo-3.49.1-150000.3.27.1
* libsqlite3-0-3.49.1-150000.3.27.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* sqlite3-tcl-3.49.1-150000.3.27.1
* sqlite3-debugsource-3.49.1-150000.3.27.1
* libsqlite3-0-debuginfo-3.49.1-150000.3.27.1
* sqlite3-tcl-debuginfo-3.49.1-150000.3.27.1
* sqlite3-debuginfo-3.49.1-150000.3.27.1
* libsqlite3-0-3.49.1-150000.3.27.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* sqlite3-tcl-3.49.1-150000.3.27.1
* sqlite3-debugsource-3.49.1-150000.3.27.1
* libsqlite3-0-debuginfo-3.49.1-150000.3.27.1
* sqlite3-tcl-debuginfo-3.49.1-150000.3.27.1
* sqlite3-debuginfo-3.49.1-150000.3.27.1
* sqlite3-3.49.1-150000.3.27.1
* sqlite3-devel-3.49.1-150000.3.27.1
* libsqlite3-0-3.49.1-150000.3.27.1
* Basesystem Module 15-SP6 (x86_64)
* libsqlite3-0-32bit-debuginfo-3.49.1-150000.3.27.1
* libsqlite3-0-32bit-3.49.1-150000.3.27.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* sqlite3-debugsource-3.49.1-150000.3.27.1
* libsqlite3-0-debuginfo-3.49.1-150000.3.27.1
* libsqlite3-0-3.49.1-150000.3.27.1
* sqlite3-debuginfo-3.49.1-150000.3.27.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* sqlite3-debugsource-3.49.1-150000.3.27.1
* libsqlite3-0-debuginfo-3.49.1-150000.3.27.1
* libsqlite3-0-3.49.1-150000.3.27.1
* sqlite3-debuginfo-3.49.1-150000.3.27.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* sqlite3-debugsource-3.49.1-150000.3.27.1
* libsqlite3-0-debuginfo-3.49.1-150000.3.27.1
* libsqlite3-0-3.49.1-150000.3.27.1
* sqlite3-debuginfo-3.49.1-150000.3.27.1

## References:

* https://www.suse.com/security/cve/CVE-2025-29087.html
* https://www.suse.com/security/cve/CVE-2025-29088.html
* https://bugzilla.suse.com/show_bug.cgi?id=1241020
* https://bugzilla.suse.com/show_bug.cgi?id=1241078
* https://jira.suse.com/browse/SLE-16032

SUSE-SU-2025:1466-1: moderate: Security update for rabbitmq-server

# Security update for rabbitmq-server

Announcement ID: SUSE-SU-2025:1466-1
Release Date: 2025-05-06T06:06:40Z
Rating: moderate
References:

* bsc#1240071

Cross-References:

* CVE-2025-30219

CVSS scores:

* CVE-2025-30219 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-30219 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L
* CVE-2025-30219 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L

Affected Products:

* openSUSE Leap 15.3
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for rabbitmq-server fixes the following issues:

* CVE-2025-30219: Fixed XSS in an error message in Management UI (bsc#1240071)

Other fixes: \- Disable parallel make, this causes build failures

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-1466=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1466=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-1466=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* rabbitmq-server-plugins-3.8.11-150300.3.19.1
* erlang-rabbitmq-client-3.8.11-150300.3.19.1
* rabbitmq-server-3.8.11-150300.3.19.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* rabbitmq-server-plugins-3.8.11-150300.3.19.1
* erlang-rabbitmq-client-3.8.11-150300.3.19.1
* rabbitmq-server-3.8.11-150300.3.19.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* rabbitmq-server-plugins-3.8.11-150300.3.19.1
* erlang-rabbitmq-client-3.8.11-150300.3.19.1
* rabbitmq-server-3.8.11-150300.3.19.1

## References:

* https://www.suse.com/security/cve/CVE-2025-30219.html
* https://bugzilla.suse.com/show_bug.cgi?id=1240071

SUSE-SU-2025:1464-1: moderate: Security update for ImageMagick

# Security update for ImageMagick

Announcement ID: SUSE-SU-2025:1464-1
Release Date: 2025-05-05T18:49:06Z
Rating: moderate
References:

* bsc#1241658
* bsc#1241659

Cross-References:

* CVE-2025-43965
* CVE-2025-46393

CVSS scores:

* CVE-2025-43965 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-43965 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
* CVE-2025-43965 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-46393 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-46393 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
* CVE-2025-46393 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* Desktop Applications Module 15-SP6
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for ImageMagick fixes the following issues:

* CVE-2025-43965: Fixed mishandling of image depth after SetQuantumFormat is
used in MIFF image processing. (bsc#1241659)
* CVE-2025-46393: Fixed mishandling of packet_size leads to rendering of
channels in arbitrary order in multispectral MIFF image processing.
(bsc#1241658)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1464=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-1464=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.30.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.30.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.30.1
* ImageMagick-debugsource-7.1.0.9-150400.6.30.1
* ImageMagick-devel-7.1.0.9-150400.6.30.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.30.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.30.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.30.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.30.1
* ImageMagick-7.1.0.9-150400.6.30.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.30.1
* ImageMagick-extra-7.1.0.9-150400.6.30.1
* ImageMagick-extra-debuginfo-7.1.0.9-150400.6.30.1
* libMagick++-devel-7.1.0.9-150400.6.30.1
* perl-PerlMagick-7.1.0.9-150400.6.30.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.30.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.30.1
* openSUSE Leap 15.4 (x86_64)
* ImageMagick-devel-32bit-7.1.0.9-150400.6.30.1
* libMagick++-devel-32bit-7.1.0.9-150400.6.30.1
* libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.30.1
* libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.30.1
* libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.30.1
* libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.30.1
* libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.30.1
* libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.30.1
* openSUSE Leap 15.4 (noarch)
* ImageMagick-doc-7.1.0.9-150400.6.30.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libMagick++-7_Q16HDRI5-64bit-7.1.0.9-150400.6.30.1
* libMagick++-devel-64bit-7.1.0.9-150400.6.30.1
* libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.0.9-150400.6.30.1
* libMagickWand-7_Q16HDRI10-64bit-7.1.0.9-150400.6.30.1
* libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.30.1
* libMagickCore-7_Q16HDRI10-64bit-7.1.0.9-150400.6.30.1
* libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.30.1
* ImageMagick-devel-64bit-7.1.0.9-150400.6.30.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* ImageMagick-debuginfo-7.1.0.9-150400.6.30.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.30.1
* ImageMagick-debugsource-7.1.0.9-150400.6.30.1

## References:

* https://www.suse.com/security/cve/CVE-2025-43965.html
* https://www.suse.com/security/cve/CVE-2025-46393.html
* https://bugzilla.suse.com/show_bug.cgi?id=1241658
* https://bugzilla.suse.com/show_bug.cgi?id=1241659

SUSE-SU-2025:1487-1: important: Security update for java-11-openjdk

# Security update for java-11-openjdk

Announcement ID: SUSE-SU-2025:1487-1
Release Date: 2025-05-06T10:05:56Z
Rating: important
References:

* bsc#1241274
* bsc#1241275
* bsc#1241276

Cross-References:

* CVE-2025-21587
* CVE-2025-30691
* CVE-2025-30698

CVSS scores:

* CVE-2025-21587 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-21587 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-21587 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-30691 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-30691 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-30691 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-30698 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-30698 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-30698 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products:

* Legacy Module 15-SP6
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for java-11-openjdk fixes the following issues:

Upgrade to upstream tag jdk-11.0.27+6 (April 2025 CPU)

CVEs:

* CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of
critical data (bsc#1241274)
* CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access
(bsc#1241275)
* CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS
(bsc#1241276)

Changes:

+ JDK-8195675: Call to insertText with single character
from custom Input Method ignored
+ JDK-8202926: Test java/awt/Focus/
/WindowUpdateFocusabilityTest/
/WindowUpdateFocusabilityTest.html fails
+ JDK-8216539: tools/jar/modularJar/Basic.java timed out
+ JDK-8268364: jmethod clearing should be done during
unloading
+ JDK-8273914: Indy string concat changes order of
operations
+ JDK-8294316: SA core file support is broken on macosx-x64
starting with macOS 12.x
+ JDK-8306408: Fix the format of several tables in
building.md
+ JDK-8309841: Jarsigner should print a warning if an entry
is removed
+ JDK-8312049: runtime/logging/ClassLoadUnloadTest can be
improved
+ JDK-8320916: jdk/jfr/event/gc/stacktrace/
/TestParallelMarkSweepAllocationPendingStackTrace.java failed
with "OutOfMemoryError: GC overhead limit exceeded"
+ JDK-8327650: Test java/nio/channels/DatagramChannel/
/StressNativeSignal.java timed out
+ JDK-8328242: Add a log area to the PassFailJFrame
+ JDK-8331863: DUIterator_Fast used before it is constructed
+ JDK-8336012: Fix usages of jtreg-reserved properties
+ JDK-8337494: Clarify JarInputStream behavior
+ JDK-8337692: Better TLS connection support
+ JDK-8338430: Improve compiler transformations
+ JDK-8339560: Unaddressed comments during code review of
JDK-8337664
+ JDK-8339810: Clean up the code in sun.tools.jar.Main to
properly close resources and use ZipFile during extract
+ JDK-8339931: Update problem list for
WindowUpdateFocusabilityTest.java
+ JDK-8340387: Update OS detection code to recognize
Windows Server 2025
+ JDK-8341424: GHA: Collect hs_errs from build time failures
+ JDK-8342562: Enhance Deflater operations
+ JDK-8342704: GHA: Report truncation is broken after
JDK-8341424
+ JDK-8343007: Enhance Buffered Image handling
+ JDK-8343474: [updates] Customize README.md to specifics
of update project
+ JDK-8343599: Kmem limit and max values swapped when
printing container information
+ JDK-8343786: [11u] GHA: Bump macOS and Xcode versions to
macos-13 and XCode 14.3.1
+ JDK-8344589: Update IANA Language Subtag Registry to
Version 2024-11-19
+ JDK-8345509: Bump update version of OpenJDK: 11.0.27
+ JDK-8346587: Distrust TLS server certificates anchored by
Camerfirma Root CAs
+ JDK-8347427: JTabbedPane/8134116/Bug8134116.java has no
license header
+ JDK-8347847: Enhance jar file support
+ JDK-8347965: (tz) Update Timezone Data to 2025a
+ JDK-8349603: [21u, 17u, 11u] Update GHA JDKs after Jan/25
updates
+ JDK-8352097: (tz) zone.tab update missed in 2025a backport
+ JDK-8354087: [11u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.27

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1487=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1487=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1487=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1487=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1487=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1487=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1487=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1487=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1487=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1487=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1487=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-1487=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1487=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-1487=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1487=1

* Legacy Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-1487=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1487=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1487=1

## Package List:

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1
* java-11-openjdk-headless-11.0.27.0-150000.3.125.1
* java-11-openjdk-devel-11.0.27.0-150000.3.125.1
* java-11-openjdk-demo-11.0.27.0-150000.3.125.1
* java-11-openjdk-11.0.27.0-150000.3.125.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1
* java-11-openjdk-headless-11.0.27.0-150000.3.125.1
* java-11-openjdk-devel-11.0.27.0-150000.3.125.1
* java-11-openjdk-demo-11.0.27.0-150000.3.125.1
* java-11-openjdk-11.0.27.0-150000.3.125.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* java-11-openjdk-11.0.27.0-150000.3.125.1
* java-11-openjdk-demo-11.0.27.0-150000.3.125.1
* java-11-openjdk-headless-11.0.27.0-150000.3.125.1
* java-11-openjdk-devel-11.0.27.0-150000.3.125.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* java-11-openjdk-11.0.27.0-150000.3.125.1
* java-11-openjdk-demo-11.0.27.0-150000.3.125.1
* java-11-openjdk-headless-11.0.27.0-150000.3.125.1
* java-11-openjdk-devel-11.0.27.0-150000.3.125.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1
* java-11-openjdk-debuginfo-11.0.27.0-150000.3.125.1
* java-11-openjdk-headless-11.0.27.0-150000.3.125.1
* java-11-openjdk-devel-11.0.27.0-150000.3.125.1
* java-11-openjdk-demo-11.0.27.0-150000.3.125.1
* java-11-openjdk-11.0.27.0-150000.3.125.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1
* java-11-openjdk-headless-11.0.27.0-150000.3.125.1
* java-11-openjdk-devel-11.0.27.0-150000.3.125.1
* java-11-openjdk-demo-11.0.27.0-150000.3.125.1
* java-11-openjdk-11.0.27.0-150000.3.125.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-11.0.27.0-150000.3.125.1
* java-11-openjdk-demo-11.0.27.0-150000.3.125.1
* java-11-openjdk-headless-11.0.27.0-150000.3.125.1
* java-11-openjdk-devel-11.0.27.0-150000.3.125.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1
* java-11-openjdk-debuginfo-11.0.27.0-150000.3.125.1
* java-11-openjdk-headless-11.0.27.0-150000.3.125.1
* java-11-openjdk-devel-11.0.27.0-150000.3.125.1
* java-11-openjdk-demo-11.0.27.0-150000.3.125.1
* java-11-openjdk-11.0.27.0-150000.3.125.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1
* java-11-openjdk-headless-11.0.27.0-150000.3.125.1
* java-11-openjdk-devel-11.0.27.0-150000.3.125.1
* java-11-openjdk-demo-11.0.27.0-150000.3.125.1
* java-11-openjdk-11.0.27.0-150000.3.125.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* java-11-openjdk-11.0.27.0-150000.3.125.1
* java-11-openjdk-demo-11.0.27.0-150000.3.125.1
* java-11-openjdk-headless-11.0.27.0-150000.3.125.1
* java-11-openjdk-devel-11.0.27.0-150000.3.125.1
* SUSE Manager Proxy 4.3 (x86_64)
* java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1
* java-11-openjdk-headless-11.0.27.0-150000.3.125.1
* java-11-openjdk-devel-11.0.27.0-150000.3.125.1
* java-11-openjdk-demo-11.0.27.0-150000.3.125.1
* java-11-openjdk-11.0.27.0-150000.3.125.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1
* java-11-openjdk-headless-11.0.27.0-150000.3.125.1
* java-11-openjdk-devel-11.0.27.0-150000.3.125.1
* java-11-openjdk-demo-11.0.27.0-150000.3.125.1
* java-11-openjdk-11.0.27.0-150000.3.125.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1
* java-11-openjdk-headless-11.0.27.0-150000.3.125.1
* java-11-openjdk-devel-11.0.27.0-150000.3.125.1
* java-11-openjdk-demo-11.0.27.0-150000.3.125.1
* java-11-openjdk-11.0.27.0-150000.3.125.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1
* java-11-openjdk-debuginfo-11.0.27.0-150000.3.125.1
* java-11-openjdk-headless-11.0.27.0-150000.3.125.1
* java-11-openjdk-devel-11.0.27.0-150000.3.125.1
* java-11-openjdk-demo-11.0.27.0-150000.3.125.1
* java-11-openjdk-11.0.27.0-150000.3.125.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1
* java-11-openjdk-debuginfo-11.0.27.0-150000.3.125.1
* java-11-openjdk-devel-debuginfo-11.0.27.0-150000.3.125.1
* java-11-openjdk-jmods-11.0.27.0-150000.3.125.1
* java-11-openjdk-headless-11.0.27.0-150000.3.125.1
* java-11-openjdk-devel-11.0.27.0-150000.3.125.1
* java-11-openjdk-demo-11.0.27.0-150000.3.125.1
* java-11-openjdk-src-11.0.27.0-150000.3.125.1
* java-11-openjdk-11.0.27.0-150000.3.125.1
* java-11-openjdk-headless-debuginfo-11.0.27.0-150000.3.125.1
* openSUSE Leap 15.6 (noarch)
* java-11-openjdk-javadoc-11.0.27.0-150000.3.125.1
* Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1
* java-11-openjdk-debuginfo-11.0.27.0-150000.3.125.1
* java-11-openjdk-devel-debuginfo-11.0.27.0-150000.3.125.1
* java-11-openjdk-headless-11.0.27.0-150000.3.125.1
* java-11-openjdk-devel-11.0.27.0-150000.3.125.1
* java-11-openjdk-demo-11.0.27.0-150000.3.125.1
* java-11-openjdk-11.0.27.0-150000.3.125.1
* java-11-openjdk-headless-debuginfo-11.0.27.0-150000.3.125.1
* SUSE Package Hub 15 15-SP6 (noarch)
* java-11-openjdk-javadoc-11.0.27.0-150000.3.125.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* java-11-openjdk-debugsource-11.0.27.0-150000.3.125.1
* java-11-openjdk-debuginfo-11.0.27.0-150000.3.125.1
* java-11-openjdk-headless-11.0.27.0-150000.3.125.1
* java-11-openjdk-devel-11.0.27.0-150000.3.125.1
* java-11-openjdk-demo-11.0.27.0-150000.3.125.1
* java-11-openjdk-11.0.27.0-150000.3.125.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21587.html
* https://www.suse.com/security/cve/CVE-2025-30691.html
* https://www.suse.com/security/cve/CVE-2025-30698.html
* https://bugzilla.suse.com/show_bug.cgi?id=1241274
* https://bugzilla.suse.com/show_bug.cgi?id=1241275
* https://bugzilla.suse.com/show_bug.cgi?id=1241276

SUSE-SU-2025:1488-1: moderate: Security update for ImageMagick

# Security update for ImageMagick

Announcement ID: SUSE-SU-2025:1488-1
Release Date: 2025-05-06T10:57:33Z
Rating: moderate
References:

* bsc#1241658
* bsc#1241659

Cross-References:

* CVE-2025-43965
* CVE-2025-46393

CVSS scores:

* CVE-2025-43965 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-43965 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
* CVE-2025-43965 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-46393 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-46393 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
* CVE-2025-46393 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* Desktop Applications Module 15-SP6
* Development Tools Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for ImageMagick fixes the following issues:

* CVE-2025-43965: mishandling of image depth after SetQuantumFormat is used in
MIFF image processing. (bsc#1241659)
* CVE-2025-46393: mishandling of packet_size leads to rendering of channels in
arbitrary order in multispectral MIFF image processing. (bsc#1241658)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-1488=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-1488=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1488=1 openSUSE-SLE-15.6-2025-1488=1

## Package List:

* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* ImageMagick-debugsource-7.1.1.21-150600.3.3.1
* libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.3.1
* ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.3.1
* libMagick++-devel-7.1.1.21-150600.3.3.1
* ImageMagick-devel-7.1.1.21-150600.3.3.1
* libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.3.1
* libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.3.1
* ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.3.1
* ImageMagick-config-7-SUSE-7.1.1.21-150600.3.3.1
* ImageMagick-7.1.1.21-150600.3.3.1
* ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.3.1
* ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.3.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.3.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.3.1
* ImageMagick-debuginfo-7.1.1.21-150600.3.3.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.3.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* perl-PerlMagick-debuginfo-7.1.1.21-150600.3.3.1
* ImageMagick-debugsource-7.1.1.21-150600.3.3.1
* ImageMagick-debuginfo-7.1.1.21-150600.3.3.1
* perl-PerlMagick-7.1.1.21-150600.3.3.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* ImageMagick-debugsource-7.1.1.21-150600.3.3.1
* libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.3.1
* ImageMagick-extra-7.1.1.21-150600.3.3.1
* ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.3.1
* ImageMagick-extra-debuginfo-7.1.1.21-150600.3.3.1
* ImageMagick-devel-7.1.1.21-150600.3.3.1
* libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.3.1
* libMagick++-devel-7.1.1.21-150600.3.3.1
* ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.3.1
* libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.3.1
* perl-PerlMagick-7.1.1.21-150600.3.3.1
* perl-PerlMagick-debuginfo-7.1.1.21-150600.3.3.1
* ImageMagick-config-7-SUSE-7.1.1.21-150600.3.3.1
* ImageMagick-7.1.1.21-150600.3.3.1
* ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.3.1
* ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.3.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.3.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.3.1
* ImageMagick-debuginfo-7.1.1.21-150600.3.3.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.3.1
* openSUSE Leap 15.6 (x86_64)
* libMagick++-devel-32bit-7.1.1.21-150600.3.3.1
* libMagickCore-7_Q16HDRI10-32bit-7.1.1.21-150600.3.3.1
* ImageMagick-devel-32bit-7.1.1.21-150600.3.3.1
* libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.3.1
* libMagick++-7_Q16HDRI5-32bit-7.1.1.21-150600.3.3.1
* libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.1.21-150600.3.3.1
* libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.3.1
* libMagickWand-7_Q16HDRI10-32bit-7.1.1.21-150600.3.3.1
* openSUSE Leap 15.6 (noarch)
* ImageMagick-doc-7.1.1.21-150600.3.3.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libMagick++-7_Q16HDRI5-64bit-7.1.1.21-150600.3.3.1
* libMagickCore-7_Q16HDRI10-64bit-7.1.1.21-150600.3.3.1
* libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.3.1
* libMagickWand-7_Q16HDRI10-64bit-7.1.1.21-150600.3.3.1
* libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.3.1
* libMagick++-devel-64bit-7.1.1.21-150600.3.3.1
* libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.1.21-150600.3.3.1
* ImageMagick-devel-64bit-7.1.1.21-150600.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2025-43965.html
* https://www.suse.com/security/cve/CVE-2025-46393.html
* https://bugzilla.suse.com/show_bug.cgi?id=1241658
* https://bugzilla.suse.com/show_bug.cgi?id=1241659

SUSE-SU-2025:1492-1: moderate: Security update for rubygem-rack-1_6

# Security update for rubygem-rack-1_6

Announcement ID: SUSE-SU-2025:1492-1
Release Date: 2025-05-06T14:36:05Z
Rating: moderate
References:

* bsc#1238607

Cross-References:

* CVE-2025-27111

CVSS scores:

* CVE-2025-27111 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-27111 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-27111 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.6

An update that solves one vulnerability can now be installed.

## Description:

This update for rubygem-rack-1_6 fixes the following issues:

* CVE-2025-27111: Fixed Escape Sequence Injection vulnerability (bsc#1238607)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1492=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* ruby2.5-rubygem-rack-1_6-1.6.8-150000.3.6.1
* ruby2.5-rubygem-rack-testsuite-1_6-1.6.8-150000.3.6.1
* ruby2.5-rubygem-rack-doc-1_6-1.6.8-150000.3.6.1

## References:

* https://www.suse.com/security/cve/CVE-2025-27111.html
* https://bugzilla.suse.com/show_bug.cgi?id=1238607

SUSE-SU-2025:1500-1: moderate: Security update for opensaml

# Security update for opensaml

Announcement ID: SUSE-SU-2025:1500-1
Release Date: 2025-05-07T09:42:25Z
Rating: moderate
References:

* bsc#1239889

Cross-References:

* CVE-2025-31335

CVSS scores:

* CVE-2025-31335 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
* CVE-2025-31335 ( NVD ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Affected Products:

* openSUSE Leap 15.3
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for opensaml fixes the following issues:

* CVE-2025-31335: Fixed a bug where parameter manipulation allows the forging
of signed SAML messages. (bsc#1239889)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-1500=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1500=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-1500=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* opensaml-debuginfo-3.1.0-150300.3.3.1
* opensaml-bin-3.1.0-150300.3.3.1
* libsaml11-debuginfo-3.1.0-150300.3.3.1
* libsaml-devel-3.1.0-150300.3.3.1
* opensaml-schemas-3.1.0-150300.3.3.1
* opensaml-debugsource-3.1.0-150300.3.3.1
* opensaml-bin-debuginfo-3.1.0-150300.3.3.1
* libsaml11-3.1.0-150300.3.3.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* opensaml-debuginfo-3.1.0-150300.3.3.1
* opensaml-bin-3.1.0-150300.3.3.1
* libsaml11-debuginfo-3.1.0-150300.3.3.1
* libsaml-devel-3.1.0-150300.3.3.1
* opensaml-schemas-3.1.0-150300.3.3.1
* opensaml-debugsource-3.1.0-150300.3.3.1
* opensaml-bin-debuginfo-3.1.0-150300.3.3.1
* libsaml11-3.1.0-150300.3.3.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* opensaml-debuginfo-3.1.0-150300.3.3.1
* libsaml11-debuginfo-3.1.0-150300.3.3.1
* libsaml-devel-3.1.0-150300.3.3.1
* opensaml-schemas-3.1.0-150300.3.3.1
* opensaml-debugsource-3.1.0-150300.3.3.1
* libsaml11-3.1.0-150300.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2025-31335.html
* https://bugzilla.suse.com/show_bug.cgi?id=1239889

SUSE-SU-2025:1463-1: important: Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)

# Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:1463-1
Release Date: 2025-05-06T14:35:55Z
Rating: important
References:

* bsc#1233294
* bsc#1235431

Cross-References:

* CVE-2024-50205
* CVE-2024-56650

CVSS scores:

* CVE-2024-50205 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50205 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-50205 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56650 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_179 fixes several issues.

The following security issues were fixed:

* CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in
apply_constraint_to_size() (bsc#1233294).
* CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check()
(bsc#1235431).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-1491=1 SUSE-2025-1463=1 SUSE-2025-1458=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1458=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-1491=1 SUSE-SLE-Module-Live-
Patching-15-SP3-2025-1463=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_174-default-debuginfo-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-default-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-10-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_48-debugsource-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-8-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_49-debugsource-8-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_47-debugsource-10-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_174-preempt-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-preempt-debuginfo-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-preempt-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-preempt-debuginfo-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-preempt-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-preempt-debuginfo-9-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_174-default-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-8-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_49-debugsource-8-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_47-debugsource-10-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-50205.html
* https://www.suse.com/security/cve/CVE-2024-56650.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233294
* https://bugzilla.suse.com/show_bug.cgi?id=1235431

SUSE-SU-2025:1454-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)

# Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:1454-1
Release Date: 2025-05-06T09:44:33Z
Rating: important
References:

* bsc#1233294
* bsc#1235431
* bsc#1240840

Cross-References:

* CVE-2024-50205
* CVE-2024-56650
* CVE-2024-8805

CVSS scores:

* CVE-2024-50205 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50205 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-50205 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56650 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-8805 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-8805 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-8805 ( NVD ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_83 fixes several issues.

The following security issues were fixed:

* CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
(bsc#1240840).
* CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in
apply_constraint_to_size() (bsc#1233294).
* CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check()
(bsc#1235431).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-1482=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-1483=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2025-1484=1 SUSE-SLE-Module-Live-Patching-15-SP5-2025-1478=1
SUSE-SLE-Module-Live-Patching-15-SP5-2025-1479=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2025-1480=1 SUSE-SLE-Module-Live-Patching-15-SP5-2025-1481=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-1483=1 SUSE-2025-1484=1 SUSE-2025-1478=1
SUSE-2025-1479=1 SUSE-2025-1480=1 SUSE-2025-1481=1 SUSE-2025-1482=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1454=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-1454=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_12-debugsource-17-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_19-debugsource-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_65-default-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_65-default-debuginfo-15-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_13-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_73-default-debuginfo-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_62-default-debuginfo-15-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_15-debugsource-14-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_62-default-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_20-debugsource-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_68-default-14-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_14-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_73-default-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_68-default-debuginfo-14-150500.2.1
* kernel-livepatch-5_14_21-150500_55_59-default-17-150500.2.1
* kernel-livepatch-5_14_21-150500_55_59-default-debuginfo-17-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-7-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le x86_64)
* kernel-livepatch-SLE15-SP5_Update_17-debugsource-9-150500.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_17-debugsource-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_62-default-debuginfo-15-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_15-debugsource-14-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_14-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_12-debugsource-17-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_19-debugsource-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_13-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_73-default-debuginfo-9-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_20-debugsource-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_68-default-debuginfo-14-150500.2.1
* kernel-livepatch-5_14_21-150500_55_73-default-9-150500.2.1
* kernel-livepatch-5_14_21-150500_55_59-default-17-150500.2.1
* kernel-livepatch-5_14_21-150500_55_59-default-debuginfo-17-150500.2.1
* kernel-livepatch-5_14_21-150500_55_65-default-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_65-default-debuginfo-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_62-default-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_68-default-14-150500.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_122-default-14-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_27-debugsource-14-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_122-default-14-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_27-debugsource-14-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-50205.html
* https://www.suse.com/security/cve/CVE-2024-56650.html
* https://www.suse.com/security/cve/CVE-2024-8805.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233294
* https://bugzilla.suse.com/show_bug.cgi?id=1235431
* https://bugzilla.suse.com/show_bug.cgi?id=1240840

SUSE-SU-2025:1468-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)

# Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:1468-1
Release Date: 2025-05-06T09:06:58Z
Rating: important
References:

* bsc#1233677
* bsc#1235008
* bsc#1235431
* bsc#1240840

Cross-References:

* CVE-2024-53082
* CVE-2024-53237
* CVE-2024-56650
* CVE-2024-8805

CVSS scores:

* CVE-2024-53082 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-53082 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-53237 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53237 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53237 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53237 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56650 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-8805 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-8805 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-8805 ( NVD ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_25 fixes several issues.

The following security issues were fixed:

* CVE-2024-53237: Bluetooth: fix use-after-free in device_for_each_child()
(bsc#1235008).
* CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233677).
* CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
(bsc#1240840).
* CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check()
(bsc#1235431).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-1473=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-1468=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2025-1469=1 SUSE-SLE-Module-Live-Patching-15-SP6-2025-1470=1
SUSE-SLE-Module-Live-Patching-15-SP6-2025-1471=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2025-1472=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1468=1 SUSE-2025-1469=1 SUSE-2025-1470=1
SUSE-2025-1471=1 SUSE-2025-1472=1 SUSE-2025-1473=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_2-debugsource-13-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_5-debugsource-8-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_0-debugsource-15-150600.4.37.1
* kernel-livepatch-6_4_0-150600_21-default-debuginfo-15-150600.4.37.1
* kernel-livepatch-6_4_0-150600_23_7-default-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_14-default-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-13-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_3-debugsource-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-13-150600.2.1
* kernel-livepatch-6_4_0-150600_21-default-15-150600.4.37.1
* kernel-livepatch-SLE15-SP6_Update_4-debugsource-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_7-default-debuginfo-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-9-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_1-debugsource-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-8-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_2-debugsource-13-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_0-debugsource-15-150600.4.37.1
* kernel-livepatch-6_4_0-150600_23_7-default-13-150600.2.1
* kernel-livepatch-6_4_0-150600_21-default-debuginfo-15-150600.4.37.1
* kernel-livepatch-6_4_0-150600_23_14-default-13-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_5-debugsource-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-8-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_3-debugsource-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-13-150600.2.1
* kernel-livepatch-6_4_0-150600_21-default-15-150600.4.37.1
* kernel-livepatch-SLE15-SP6_Update_4-debugsource-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_7-default-debuginfo-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-9-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_1-debugsource-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-9-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-53082.html
* https://www.suse.com/security/cve/CVE-2024-53237.html
* https://www.suse.com/security/cve/CVE-2024-56650.html
* https://www.suse.com/security/cve/CVE-2024-8805.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233677
* https://bugzilla.suse.com/show_bug.cgi?id=1235008
* https://bugzilla.suse.com/show_bug.cgi?id=1235431
* https://bugzilla.suse.com/show_bug.cgi?id=1240840

SUSE-SU-2025:1467-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP5)

# Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:1467-1
Release Date: 2025-05-06T15:06:15Z
Rating: important
References:

* bsc#1235431

Cross-References:

* CVE-2024-56650

CVSS scores:

* CVE-2024-56650 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_88 fixes one issue.

The following security issue was fixed:

* CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check()
(bsc#1235431).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-1467=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1467=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-1493=1 SUSE-2025-1485=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-1493=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-1485=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1475=1 SUSE-2025-1474=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-1474=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-1475=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_51-debugsource-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-default-debuginfo-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-default-4-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_185-preempt-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-preempt-debuginfo-4-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_185-default-4-150300.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_22-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_21-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_91-default-4-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_22-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_21-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_91-default-4-150500.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_33-default-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-5-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_6-debugsource-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-5-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_7-debugsource-5-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_33-default-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-5-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_6-debugsource-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-5-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_7-debugsource-5-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-56650.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235431

SUSE-SU-2025:1504-1: important: Security update for libsoup

# Security update for libsoup

Announcement ID: SUSE-SU-2025:1504-1
Release Date: 2025-05-07T12:06:19Z
Rating: important
References:

* bsc#1240750
* bsc#1240752
* bsc#1240754
* bsc#1240756
* bsc#1240757
* bsc#1241162
* bsc#1241164
* bsc#1241214
* bsc#1241222
* bsc#1241223
* bsc#1241226
* bsc#1241238
* bsc#1241252
* bsc#1241263
* bsc#1241686
* bsc#1241688

Cross-References:

* CVE-2025-2784
* CVE-2025-32050
* CVE-2025-32051
* CVE-2025-32052
* CVE-2025-32053
* CVE-2025-32906
* CVE-2025-32907
* CVE-2025-32908
* CVE-2025-32909
* CVE-2025-32910
* CVE-2025-32911
* CVE-2025-32912
* CVE-2025-32913
* CVE-2025-32914
* CVE-2025-46420
* CVE-2025-46421

CVSS scores:

* CVE-2025-2784 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-2784 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-2784 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-32050 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32050 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32050 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32051 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32051 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32051 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32052 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-32052 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-32052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-32053 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-32053 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-32053 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-32906 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-32906 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32907 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32907 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32907 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-32908 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32908 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32908 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32909 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32909 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-32909 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-32910 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32910 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-32910 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-32911 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-32911 ( NVD ): 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-32912 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-32912 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-32913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32914 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-32914 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-46420 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-46420 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-46420 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-46421 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2025-46421 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves 16 vulnerabilities can now be installed.

## Description:

This update for libsoup fixes the following issues:

* CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space`
when sniffing conten (bsc#1240750)
* CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752)
* CVE-2025-32051: Fixed segmentation fault when parsing malformed data URI
(bsc#1240754)
* CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756)
* CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and
skip_insignificant_space() (bsc#1240757)
* CVE-2025-32906: Fixed out of bounds reads in soup_headers_parse_request()
(bsc#1241263)
* CVE-2025-32907: Fixed excessive memory consumption in server when client
requests a large amount of overlapping ranges in a single HTTP request
(bsc#1241222)
* CVE-2025-32908: Fixed HTTP request may lead to server crash due to HTTP/2
server not fully validating the values of pseudo-headers (bsc#1241223)
* CVE-2025-32909: Fixed NULL pointer dereference in the sniff_mp4 function in
soup-content-sniffer.c (bsc#1241226)
* CVE-2025-32910: Fixed NULL pointer deference on client when server omits the
realm parameter in an Unauthorized response with Digest authentication
(bsc#1241252)
* CVE-2025-32911: Fixed double free on
soup_message_headers_get_content_disposition() via "params" (bsc#1241238)
* CVE-2025-32912: Fixed NULL pointer dereference in SoupAuthDigest
(bsc#1241214)
* CVE-2025-32913: Fixed NULL pointer dereference in
soup_message_headers_get_content_disposition (bsc#1241162)
* CVE-2025-32914: Fixed out of bounds read in
`soup_multipart_new_from_message()` (bsc#1241164)
* CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via
soup-headers.c (bsc#1241686)
* CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect
(bsc#1241688)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1504=1 openSUSE-SLE-15.6-2025-1504=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1504=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libsoup-debugsource-3.4.4-150600.3.7.1
* libsoup-3_0-0-debuginfo-3.4.4-150600.3.7.1
* libsoup-devel-3.4.4-150600.3.7.1
* typelib-1_0-Soup-3_0-3.4.4-150600.3.7.1
* libsoup-3_0-0-3.4.4-150600.3.7.1
* openSUSE Leap 15.6 (x86_64)
* libsoup-3_0-0-32bit-3.4.4-150600.3.7.1
* libsoup-devel-32bit-3.4.4-150600.3.7.1
* libsoup-3_0-0-32bit-debuginfo-3.4.4-150600.3.7.1
* openSUSE Leap 15.6 (noarch)
* libsoup-lang-3.4.4-150600.3.7.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libsoup-3_0-0-64bit-3.4.4-150600.3.7.1
* libsoup-devel-64bit-3.4.4-150600.3.7.1
* libsoup-3_0-0-64bit-debuginfo-3.4.4-150600.3.7.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libsoup-debugsource-3.4.4-150600.3.7.1
* libsoup-3_0-0-debuginfo-3.4.4-150600.3.7.1
* libsoup-devel-3.4.4-150600.3.7.1
* typelib-1_0-Soup-3_0-3.4.4-150600.3.7.1
* libsoup-3_0-0-3.4.4-150600.3.7.1
* Basesystem Module 15-SP6 (noarch)
* libsoup-lang-3.4.4-150600.3.7.1

## References:

* https://www.suse.com/security/cve/CVE-2025-2784.html
* https://www.suse.com/security/cve/CVE-2025-32050.html
* https://www.suse.com/security/cve/CVE-2025-32051.html
* https://www.suse.com/security/cve/CVE-2025-32052.html
* https://www.suse.com/security/cve/CVE-2025-32053.html
* https://www.suse.com/security/cve/CVE-2025-32906.html
* https://www.suse.com/security/cve/CVE-2025-32907.html
* https://www.suse.com/security/cve/CVE-2025-32908.html
* https://www.suse.com/security/cve/CVE-2025-32909.html
* https://www.suse.com/security/cve/CVE-2025-32910.html
* https://www.suse.com/security/cve/CVE-2025-32911.html
* https://www.suse.com/security/cve/CVE-2025-32912.html
* https://www.suse.com/security/cve/CVE-2025-32913.html
* https://www.suse.com/security/cve/CVE-2025-32914.html
* https://www.suse.com/security/cve/CVE-2025-46420.html
* https://www.suse.com/security/cve/CVE-2025-46421.html
* https://bugzilla.suse.com/show_bug.cgi?id=1240750
* https://bugzilla.suse.com/show_bug.cgi?id=1240752
* https://bugzilla.suse.com/show_bug.cgi?id=1240754
* https://bugzilla.suse.com/show_bug.cgi?id=1240756
* https://bugzilla.suse.com/show_bug.cgi?id=1240757
* https://bugzilla.suse.com/show_bug.cgi?id=1241162
* https://bugzilla.suse.com/show_bug.cgi?id=1241164
* https://bugzilla.suse.com/show_bug.cgi?id=1241214
* https://bugzilla.suse.com/show_bug.cgi?id=1241222
* https://bugzilla.suse.com/show_bug.cgi?id=1241223
* https://bugzilla.suse.com/show_bug.cgi?id=1241226
* https://bugzilla.suse.com/show_bug.cgi?id=1241238
* https://bugzilla.suse.com/show_bug.cgi?id=1241252
* https://bugzilla.suse.com/show_bug.cgi?id=1241263
* https://bugzilla.suse.com/show_bug.cgi?id=1241686
* https://bugzilla.suse.com/show_bug.cgi?id=1241688

SUSE-SU-2025:1503-1: important: Security update for libsoup2

# Security update for libsoup2

Announcement ID: SUSE-SU-2025:1503-1
Release Date: 2025-05-07T12:06:08Z
Rating: important
References:

* bsc#1240750
* bsc#1240752
* bsc#1240756
* bsc#1240757
* bsc#1241164
* bsc#1241222
* bsc#1241686
* bsc#1241688

Cross-References:

* CVE-2025-2784
* CVE-2025-32050
* CVE-2025-32052
* CVE-2025-32053
* CVE-2025-32907
* CVE-2025-32914
* CVE-2025-46420
* CVE-2025-46421

CVSS scores:

* CVE-2025-2784 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-2784 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-2784 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-32050 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32050 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32050 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32052 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-32052 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-32052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-32053 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-32053 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-32053 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-32907 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32907 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32907 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-32914 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-32914 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-46420 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-46420 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-46420 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-46421 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2025-46421 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for libsoup2 fixes the following issues:

* CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space`
when sniffing conten (bsc#1240750)
* CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752)
* CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756)
* CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and
skip_insignificant_space() (bsc#1240757)
* CVE-2025-32907: Fixed excessive memory consumption in server when client
requests a large amount of overlapping ranges in a single HTTP request
(bsc#1241222)
* CVE-2025-32914: Fixed out of bounds read in
`soup_multipart_new_from_message()` (bsc#1241164)
* CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via
soup-headers.c (bsc#1241686)
* CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect
(bsc#1241688)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1503=1 openSUSE-SLE-15.6-2025-1503=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1503=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* typelib-1_0-Soup-2_4-2.74.3-150600.4.6.1
* libsoup-2_4-1-2.74.3-150600.4.6.1
* libsoup2-devel-2.74.3-150600.4.6.1
* libsoup2-debugsource-2.74.3-150600.4.6.1
* libsoup-2_4-1-debuginfo-2.74.3-150600.4.6.1
* openSUSE Leap 15.6 (x86_64)
* libsoup-2_4-1-32bit-debuginfo-2.74.3-150600.4.6.1
* libsoup2-devel-32bit-2.74.3-150600.4.6.1
* libsoup-2_4-1-32bit-2.74.3-150600.4.6.1
* openSUSE Leap 15.6 (noarch)
* libsoup2-lang-2.74.3-150600.4.6.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libsoup-2_4-1-64bit-2.74.3-150600.4.6.1
* libsoup-2_4-1-64bit-debuginfo-2.74.3-150600.4.6.1
* libsoup2-devel-64bit-2.74.3-150600.4.6.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* typelib-1_0-Soup-2_4-2.74.3-150600.4.6.1
* libsoup-2_4-1-2.74.3-150600.4.6.1
* libsoup2-devel-2.74.3-150600.4.6.1
* libsoup2-debugsource-2.74.3-150600.4.6.1
* libsoup-2_4-1-debuginfo-2.74.3-150600.4.6.1
* Basesystem Module 15-SP6 (noarch)
* libsoup2-lang-2.74.3-150600.4.6.1

## References:

* https://www.suse.com/security/cve/CVE-2025-2784.html
* https://www.suse.com/security/cve/CVE-2025-32050.html
* https://www.suse.com/security/cve/CVE-2025-32052.html
* https://www.suse.com/security/cve/CVE-2025-32053.html
* https://www.suse.com/security/cve/CVE-2025-32907.html
* https://www.suse.com/security/cve/CVE-2025-32914.html
* https://www.suse.com/security/cve/CVE-2025-46420.html
* https://www.suse.com/security/cve/CVE-2025-46421.html
* https://bugzilla.suse.com/show_bug.cgi?id=1240750
* https://bugzilla.suse.com/show_bug.cgi?id=1240752
* https://bugzilla.suse.com/show_bug.cgi?id=1240756
* https://bugzilla.suse.com/show_bug.cgi?id=1240757
* https://bugzilla.suse.com/show_bug.cgi?id=1241164
* https://bugzilla.suse.com/show_bug.cgi?id=1241222
* https://bugzilla.suse.com/show_bug.cgi?id=1241686
* https://bugzilla.suse.com/show_bug.cgi?id=1241688

SUSE-SU-2025:1506-1: important: Security update for MozillaThunderbird

# Security update for MozillaThunderbird

Announcement ID: SUSE-SU-2025:1506-1
Release Date: 2025-05-07T12:13:22Z
Rating: important
References:

* bsc#1241621

Cross-References:

* CVE-2025-2817
* CVE-2025-4082
* CVE-2025-4083
* CVE-2025-4084
* CVE-2025-4087
* CVE-2025-4091
* CVE-2025-4093

CVSS scores:

* CVE-2025-2817 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-2817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-2817 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-4082 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-4082 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-4082 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-4083 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-4083 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-4083 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-4084 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-4084 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-4084 ( NVD ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-4087 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-4087 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-4087 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-4091 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-4091 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-4091 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-4093 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-4093 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-4093 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Workstation Extension 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for MozillaThunderbird fixes the following issues:

Mozilla Thunderbird ESR 128.10 update (bsc#1241621):

* CVE-2025-4082: WebGL shader attribute memory corruption in Thunderbird for
macOS.
* CVE-2025-4087: Unsafe attribute access during XPath parsing.
* CVE-2025-4093: Memory safety bug fixed in Firefox ESR 128.10 and
Thunderbird.
* CVE-2025-4091: Memory safety bugs fixed in Firefox 138, Thunderbird 138,
Firefox ESR 128.10, and Thunderbird 128.10.
* CVE-2025-4083: Process isolation bypass using "javascript:" URI links in
cross-origin frames.
* CVE-2025-4084: Potential local code execution in "copy as cURL" command.
* CVE-2025-2817: Privilege escalation in Thunderbird Updater.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Workstation Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-1506=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1506=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1506=1

## Package List:

* SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
* MozillaThunderbird-debugsource-128.10.0-150200.8.212.1
* MozillaThunderbird-128.10.0-150200.8.212.1
* MozillaThunderbird-translations-common-128.10.0-150200.8.212.1
* MozillaThunderbird-debuginfo-128.10.0-150200.8.212.1
* MozillaThunderbird-translations-other-128.10.0-150200.8.212.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* MozillaThunderbird-debugsource-128.10.0-150200.8.212.1
* MozillaThunderbird-128.10.0-150200.8.212.1
* MozillaThunderbird-translations-common-128.10.0-150200.8.212.1
* MozillaThunderbird-debuginfo-128.10.0-150200.8.212.1
* MozillaThunderbird-translations-other-128.10.0-150200.8.212.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x)
* MozillaThunderbird-debugsource-128.10.0-150200.8.212.1
* MozillaThunderbird-128.10.0-150200.8.212.1
* MozillaThunderbird-translations-common-128.10.0-150200.8.212.1
* MozillaThunderbird-debuginfo-128.10.0-150200.8.212.1
* MozillaThunderbird-translations-other-128.10.0-150200.8.212.1

## References:

* https://www.suse.com/security/cve/CVE-2025-2817.html
* https://www.suse.com/security/cve/CVE-2025-4082.html
* https://www.suse.com/security/cve/CVE-2025-4083.html
* https://www.suse.com/security/cve/CVE-2025-4084.html
* https://www.suse.com/security/cve/CVE-2025-4087.html
* https://www.suse.com/security/cve/CVE-2025-4091.html
* https://www.suse.com/security/cve/CVE-2025-4093.html
* https://bugzilla.suse.com/show_bug.cgi?id=1241621

SUSE-SU-2025:1505-1: moderate: Security update for apparmor

# Security update for apparmor

Announcement ID: SUSE-SU-2025:1505-1
Release Date: 2025-05-07T12:06:44Z
Rating: moderate
References:

* bsc#1241678

Cross-References:

* CVE-2024-10041

CVSS scores:

* CVE-2024-10041 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-10041 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-10041 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves one vulnerability can now be installed.

## Description:

This update for apparmor fixes the following issues:

* Add dac_read_search capability for unix_chkpwd to allow it to read the
shadow file even if it has 000 permissions. This is needed after the
CVE-2024-10041 fix in PAM. (bsc#1241678)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-1505=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1505=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1505=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1505=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-1505=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-1505=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1505=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1505=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* ruby-apparmor-2.13.6-150300.3.24.1
* perl-apparmor-debuginfo-2.13.6-150300.3.24.1
* perl-apparmor-2.13.6-150300.3.24.1
* libapparmor-debugsource-2.13.6-150300.3.24.1
* libapparmor1-2.13.6-150300.3.24.1
* pam_apparmor-2.13.6-150300.3.24.1
* apache2-mod_apparmor-2.13.6-150300.3.24.1
* apparmor-debugsource-2.13.6-150300.3.24.1
* apparmor-parser-2.13.6-150300.3.24.1
* apparmor-parser-debuginfo-2.13.6-150300.3.24.1
* pam_apparmor-debuginfo-2.13.6-150300.3.24.1
* python3-apparmor-2.13.6-150300.3.24.1
* libapparmor1-debuginfo-2.13.6-150300.3.24.1
* ruby-apparmor-debuginfo-2.13.6-150300.3.24.1
* apache2-mod_apparmor-debuginfo-2.13.6-150300.3.24.1
* python3-apparmor-debuginfo-2.13.6-150300.3.24.1
* libapparmor-devel-2.13.6-150300.3.24.1
* openSUSE Leap 15.3 (noarch)
* apparmor-profiles-2.13.6-150300.3.24.1
* apparmor-utils-2.13.6-150300.3.24.1
* apparmor-abstractions-2.13.6-150300.3.24.1
* apparmor-parser-lang-2.13.6-150300.3.24.1
* apparmor-docs-2.13.6-150300.3.24.1
* apparmor-utils-lang-2.13.6-150300.3.24.1
* openSUSE Leap 15.3 (x86_64)
* libapparmor1-32bit-2.13.6-150300.3.24.1
* pam_apparmor-32bit-2.13.6-150300.3.24.1
* pam_apparmor-32bit-debuginfo-2.13.6-150300.3.24.1
* libapparmor1-32bit-debuginfo-2.13.6-150300.3.24.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* pam_apparmor-64bit-2.13.6-150300.3.24.1
* pam_apparmor-64bit-debuginfo-2.13.6-150300.3.24.1
* libapparmor1-64bit-2.13.6-150300.3.24.1
* libapparmor1-64bit-debuginfo-2.13.6-150300.3.24.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* perl-apparmor-debuginfo-2.13.6-150300.3.24.1
* perl-apparmor-2.13.6-150300.3.24.1
* libapparmor1-2.13.6-150300.3.24.1
* pam_apparmor-2.13.6-150300.3.24.1
* apache2-mod_apparmor-2.13.6-150300.3.24.1
* apparmor-debugsource-2.13.6-150300.3.24.1
* apparmor-parser-2.13.6-150300.3.24.1
* apparmor-parser-debuginfo-2.13.6-150300.3.24.1
* libapparmor1-debuginfo-2.13.6-150300.3.24.1
* pam_apparmor-debuginfo-2.13.6-150300.3.24.1
* python3-apparmor-2.13.6-150300.3.24.1
* libapparmor-debugsource-2.13.6-150300.3.24.1
* apache2-mod_apparmor-debuginfo-2.13.6-150300.3.24.1
* python3-apparmor-debuginfo-2.13.6-150300.3.24.1
* libapparmor-devel-2.13.6-150300.3.24.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* apparmor-profiles-2.13.6-150300.3.24.1
* apparmor-utils-2.13.6-150300.3.24.1
* apparmor-abstractions-2.13.6-150300.3.24.1
* apparmor-parser-lang-2.13.6-150300.3.24.1
* apparmor-docs-2.13.6-150300.3.24.1
* apparmor-utils-lang-2.13.6-150300.3.24.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64)
* pam_apparmor-32bit-debuginfo-2.13.6-150300.3.24.1
* pam_apparmor-32bit-2.13.6-150300.3.24.1
* libapparmor1-32bit-2.13.6-150300.3.24.1
* libapparmor1-32bit-debuginfo-2.13.6-150300.3.24.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* perl-apparmor-debuginfo-2.13.6-150300.3.24.1
* perl-apparmor-2.13.6-150300.3.24.1
* libapparmor1-2.13.6-150300.3.24.1
* pam_apparmor-2.13.6-150300.3.24.1
* apache2-mod_apparmor-2.13.6-150300.3.24.1
* apparmor-debugsource-2.13.6-150300.3.24.1
* apparmor-parser-2.13.6-150300.3.24.1
* apparmor-parser-debuginfo-2.13.6-150300.3.24.1
* libapparmor1-debuginfo-2.13.6-150300.3.24.1
* pam_apparmor-debuginfo-2.13.6-150300.3.24.1
* python3-apparmor-2.13.6-150300.3.24.1
* libapparmor-debugsource-2.13.6-150300.3.24.1
* apache2-mod_apparmor-debuginfo-2.13.6-150300.3.24.1
* python3-apparmor-debuginfo-2.13.6-150300.3.24.1
* libapparmor-devel-2.13.6-150300.3.24.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* apparmor-profiles-2.13.6-150300.3.24.1
* apparmor-utils-2.13.6-150300.3.24.1
* apparmor-abstractions-2.13.6-150300.3.24.1
* apparmor-parser-lang-2.13.6-150300.3.24.1
* apparmor-docs-2.13.6-150300.3.24.1
* apparmor-utils-lang-2.13.6-150300.3.24.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (x86_64)
* pam_apparmor-32bit-debuginfo-2.13.6-150300.3.24.1
* pam_apparmor-32bit-2.13.6-150300.3.24.1
* libapparmor1-32bit-2.13.6-150300.3.24.1
* libapparmor1-32bit-debuginfo-2.13.6-150300.3.24.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* perl-apparmor-debuginfo-2.13.6-150300.3.24.1
* perl-apparmor-2.13.6-150300.3.24.1
* libapparmor1-2.13.6-150300.3.24.1
* pam_apparmor-2.13.6-150300.3.24.1
* apache2-mod_apparmor-2.13.6-150300.3.24.1
* apparmor-debugsource-2.13.6-150300.3.24.1
* apparmor-parser-2.13.6-150300.3.24.1
* apparmor-parser-debuginfo-2.13.6-150300.3.24.1
* libapparmor1-debuginfo-2.13.6-150300.3.24.1
* pam_apparmor-debuginfo-2.13.6-150300.3.24.1
* python3-apparmor-2.13.6-150300.3.24.1
* libapparmor-debugsource-2.13.6-150300.3.24.1
* apache2-mod_apparmor-debuginfo-2.13.6-150300.3.24.1
* python3-apparmor-debuginfo-2.13.6-150300.3.24.1
* libapparmor-devel-2.13.6-150300.3.24.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* apparmor-profiles-2.13.6-150300.3.24.1
* apparmor-utils-2.13.6-150300.3.24.1
* apparmor-abstractions-2.13.6-150300.3.24.1
* apparmor-parser-lang-2.13.6-150300.3.24.1
* apparmor-docs-2.13.6-150300.3.24.1
* apparmor-utils-lang-2.13.6-150300.3.24.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* pam_apparmor-32bit-debuginfo-2.13.6-150300.3.24.1
* pam_apparmor-32bit-2.13.6-150300.3.24.1
* libapparmor1-32bit-2.13.6-150300.3.24.1
* libapparmor1-32bit-debuginfo-2.13.6-150300.3.24.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* perl-apparmor-debuginfo-2.13.6-150300.3.24.1
* perl-apparmor-2.13.6-150300.3.24.1
* libapparmor1-2.13.6-150300.3.24.1
* pam_apparmor-2.13.6-150300.3.24.1
* apache2-mod_apparmor-2.13.6-150300.3.24.1
* apparmor-debugsource-2.13.6-150300.3.24.1
* apparmor-parser-2.13.6-150300.3.24.1
* apparmor-parser-debuginfo-2.13.6-150300.3.24.1
* libapparmor1-debuginfo-2.13.6-150300.3.24.1
* pam_apparmor-debuginfo-2.13.6-150300.3.24.1
* python3-apparmor-2.13.6-150300.3.24.1
* libapparmor-debugsource-2.13.6-150300.3.24.1
* apache2-mod_apparmor-debuginfo-2.13.6-150300.3.24.1
* python3-apparmor-debuginfo-2.13.6-150300.3.24.1
* libapparmor-devel-2.13.6-150300.3.24.1
* SUSE Enterprise Storage 7.1 (noarch)
* apparmor-profiles-2.13.6-150300.3.24.1
* apparmor-utils-2.13.6-150300.3.24.1
* apparmor-abstractions-2.13.6-150300.3.24.1
* apparmor-parser-lang-2.13.6-150300.3.24.1
* apparmor-docs-2.13.6-150300.3.24.1
* apparmor-utils-lang-2.13.6-150300.3.24.1
* SUSE Enterprise Storage 7.1 (x86_64)
* pam_apparmor-32bit-debuginfo-2.13.6-150300.3.24.1
* pam_apparmor-32bit-2.13.6-150300.3.24.1
* libapparmor1-32bit-2.13.6-150300.3.24.1
* libapparmor1-32bit-debuginfo-2.13.6-150300.3.24.1
* SUSE Linux Enterprise Micro 5.1 (noarch)
* apparmor-abstractions-2.13.6-150300.3.24.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* pam_apparmor-2.13.6-150300.3.24.1
* apparmor-parser-debuginfo-2.13.6-150300.3.24.1
* apparmor-debugsource-2.13.6-150300.3.24.1
* apparmor-parser-2.13.6-150300.3.24.1
* libapparmor1-debuginfo-2.13.6-150300.3.24.1
* pam_apparmor-debuginfo-2.13.6-150300.3.24.1
* libapparmor-debugsource-2.13.6-150300.3.24.1
* libapparmor1-2.13.6-150300.3.24.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* pam_apparmor-2.13.6-150300.3.24.1
* apparmor-parser-debuginfo-2.13.6-150300.3.24.1
* apparmor-debugsource-2.13.6-150300.3.24.1
* apparmor-parser-2.13.6-150300.3.24.1
* libapparmor1-debuginfo-2.13.6-150300.3.24.1
* pam_apparmor-debuginfo-2.13.6-150300.3.24.1
* libapparmor-debugsource-2.13.6-150300.3.24.1
* libapparmor1-2.13.6-150300.3.24.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* pam_apparmor-2.13.6-150300.3.24.1
* apparmor-parser-debuginfo-2.13.6-150300.3.24.1
* apparmor-debugsource-2.13.6-150300.3.24.1
* apparmor-parser-2.13.6-150300.3.24.1
* libapparmor1-debuginfo-2.13.6-150300.3.24.1
* pam_apparmor-debuginfo-2.13.6-150300.3.24.1
* libapparmor-debugsource-2.13.6-150300.3.24.1
* libapparmor1-2.13.6-150300.3.24.1

## References:

* https://www.suse.com/security/cve/CVE-2024-10041.html
* https://bugzilla.suse.com/show_bug.cgi?id=1241678

SUSE-SU-2025:1508-1: moderate: Security update for openvpn

# Security update for openvpn

Announcement ID: SUSE-SU-2025:1508-1
Release Date: 2025-05-07T14:02:58Z
Rating: moderate
References:

* bsc#1240392

Cross-References:

* CVE-2025-2704

CVSS scores:

* CVE-2025-2704 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-2704 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-2704 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for openvpn fixes the following issues:

* CVE-2025-2704: Fixed remote DoS due to possible ASSERT() on OpenVPN servers
using --tls-crypt-v2 (bsc#1240392)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1508=1 openSUSE-SLE-15.6-2025-1508=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1508=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* openvpn-debuginfo-2.6.8-150600.3.17.1
* openvpn-devel-2.6.8-150600.3.17.1
* openvpn-down-root-plugin-debuginfo-2.6.8-150600.3.17.1
* openvpn-auth-pam-plugin-2.6.8-150600.3.17.1
* openvpn-dco-devel-2.6.8-150600.3.17.1
* openvpn-dco-2.6.8-150600.3.17.1
* openvpn-auth-pam-plugin-debuginfo-2.6.8-150600.3.17.1
* openvpn-dco-debuginfo-2.6.8-150600.3.17.1
* openvpn-dco-debugsource-2.6.8-150600.3.17.1
* openvpn-down-root-plugin-2.6.8-150600.3.17.1
* openvpn-2.6.8-150600.3.17.1
* openvpn-debugsource-2.6.8-150600.3.17.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* openvpn-debuginfo-2.6.8-150600.3.17.1
* openvpn-devel-2.6.8-150600.3.17.1
* openvpn-auth-pam-plugin-2.6.8-150600.3.17.1
* openvpn-dco-devel-2.6.8-150600.3.17.1
* openvpn-dco-2.6.8-150600.3.17.1
* openvpn-auth-pam-plugin-debuginfo-2.6.8-150600.3.17.1
* openvpn-dco-debuginfo-2.6.8-150600.3.17.1
* openvpn-dco-debugsource-2.6.8-150600.3.17.1
* openvpn-2.6.8-150600.3.17.1
* openvpn-debugsource-2.6.8-150600.3.17.1

## References:

* https://www.suse.com/security/cve/CVE-2025-2704.html
* https://bugzilla.suse.com/show_bug.cgi?id=1240392

SUSE-SU-2025:1510-1: important: Security update for libsoup

# Security update for libsoup

Announcement ID: SUSE-SU-2025:1510-1
Release Date: 2025-05-07T14:38:17Z
Rating: important
References:

* bsc#1240750
* bsc#1240752
* bsc#1240754
* bsc#1240756
* bsc#1240757
* bsc#1241162
* bsc#1241164
* bsc#1241214
* bsc#1241222
* bsc#1241226
* bsc#1241252
* bsc#1241263
* bsc#1241686
* bsc#1241688

Cross-References:

* CVE-2025-2784
* CVE-2025-32050
* CVE-2025-32051
* CVE-2025-32052
* CVE-2025-32053
* CVE-2025-32906
* CVE-2025-32907
* CVE-2025-32909
* CVE-2025-32910
* CVE-2025-32912
* CVE-2025-32913
* CVE-2025-32914
* CVE-2025-46420
* CVE-2025-46421

CVSS scores:

* CVE-2025-2784 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-2784 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-2784 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-32050 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32050 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32050 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32051 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32051 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32051 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32052 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-32052 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-32052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-32053 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-32053 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-32053 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-32906 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-32906 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32907 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32907 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32907 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-32909 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32909 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-32909 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-32910 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32910 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-32910 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-32912 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-32912 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-32913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32914 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-32914 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-46420 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-46420 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-46420 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-46421 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2025-46421 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves 14 vulnerabilities can now be installed.

## Description:

This update for libsoup fixes the following issues:

* CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space`
when sniffing conten (bsc#1240750)
* CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752)
* CVE-2025-32051: Fixed segmentation fault when parsing malformed data URI
(bsc#1240754)
* CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756)
* CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and
skip_insignificant_space() (bsc#1240757)
* CVE-2025-32906: Fixed out of bounds reads in soup_headers_parse_request()
(bsc#1241263)
* CVE-2025-32907: Fixed excessive memory consumption in server when client
requests a large amount of overlapping ranges in a single HTTP request
(bsc#1241222)
* CVE-2025-32909: Fixed NULL pointer dereference in the sniff_mp4 function in
soup-content-sniffer.c (bsc#1241226)
* CVE-2025-32910: Fixed NULL pointer deference on client when server omits the
realm parameter in an Unauthorized response with Digest authentication
(bsc#1241252)
* CVE-2025-32912: Fixed NULL pointer dereference in SoupAuthDigest
(bsc#1241214)
* CVE-2025-32913: Fixed NULL pointer dereference in
soup_message_headers_get_content_disposition (bsc#1241162)
* CVE-2025-32914: Fixed out of bounds read in
`soup_multipart_new_from_message()` (bsc#1241164)
* CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via
soup-headers.c (bsc#1241686)
* CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect
(bsc#1241688)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1510=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1510=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1510=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1510=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1510=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1510=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1510=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1510=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1510=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1510=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-1510=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1510=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1
* libsoup-devel-3.0.4-150400.3.7.1
* libsoup-3_0-0-3.0.4-150400.3.7.1
* libsoup-debugsource-3.0.4-150400.3.7.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1
* openSUSE Leap 15.4 (x86_64)
* libsoup-devel-32bit-3.0.4-150400.3.7.1
* libsoup-3_0-0-32bit-3.0.4-150400.3.7.1
* libsoup-3_0-0-32bit-debuginfo-3.0.4-150400.3.7.1
* openSUSE Leap 15.4 (noarch)
* libsoup-lang-3.0.4-150400.3.7.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libsoup-devel-64bit-3.0.4-150400.3.7.1
* libsoup-3_0-0-64bit-3.0.4-150400.3.7.1
* libsoup-3_0-0-64bit-debuginfo-3.0.4-150400.3.7.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1
* libsoup-devel-3.0.4-150400.3.7.1
* libsoup-3_0-0-3.0.4-150400.3.7.1
* libsoup-debugsource-3.0.4-150400.3.7.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* libsoup-lang-3.0.4-150400.3.7.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1
* libsoup-devel-3.0.4-150400.3.7.1
* libsoup-3_0-0-3.0.4-150400.3.7.1
* libsoup-debugsource-3.0.4-150400.3.7.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* libsoup-lang-3.0.4-150400.3.7.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1
* libsoup-devel-3.0.4-150400.3.7.1
* libsoup-3_0-0-3.0.4-150400.3.7.1
* libsoup-debugsource-3.0.4-150400.3.7.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* libsoup-lang-3.0.4-150400.3.7.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1
* libsoup-devel-3.0.4-150400.3.7.1
* libsoup-3_0-0-3.0.4-150400.3.7.1
* libsoup-debugsource-3.0.4-150400.3.7.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* libsoup-lang-3.0.4-150400.3.7.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1
* libsoup-devel-3.0.4-150400.3.7.1
* libsoup-3_0-0-3.0.4-150400.3.7.1
* libsoup-debugsource-3.0.4-150400.3.7.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* libsoup-lang-3.0.4-150400.3.7.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1
* libsoup-devel-3.0.4-150400.3.7.1
* libsoup-3_0-0-3.0.4-150400.3.7.1
* libsoup-debugsource-3.0.4-150400.3.7.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* libsoup-lang-3.0.4-150400.3.7.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1
* libsoup-devel-3.0.4-150400.3.7.1
* libsoup-3_0-0-3.0.4-150400.3.7.1
* libsoup-debugsource-3.0.4-150400.3.7.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* libsoup-lang-3.0.4-150400.3.7.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1
* libsoup-devel-3.0.4-150400.3.7.1
* libsoup-3_0-0-3.0.4-150400.3.7.1
* libsoup-debugsource-3.0.4-150400.3.7.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* libsoup-lang-3.0.4-150400.3.7.1
* SUSE Manager Proxy 4.3 (x86_64)
* typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1
* libsoup-devel-3.0.4-150400.3.7.1
* libsoup-3_0-0-3.0.4-150400.3.7.1
* libsoup-debugsource-3.0.4-150400.3.7.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1
* SUSE Manager Proxy 4.3 (noarch)
* libsoup-lang-3.0.4-150400.3.7.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1
* libsoup-devel-3.0.4-150400.3.7.1
* libsoup-3_0-0-3.0.4-150400.3.7.1
* libsoup-debugsource-3.0.4-150400.3.7.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* libsoup-lang-3.0.4-150400.3.7.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* typelib-1_0-Soup-3_0-3.0.4-150400.3.7.1
* libsoup-devel-3.0.4-150400.3.7.1
* libsoup-3_0-0-3.0.4-150400.3.7.1
* libsoup-debugsource-3.0.4-150400.3.7.1
* libsoup-3_0-0-debuginfo-3.0.4-150400.3.7.1
* SUSE Manager Server 4.3 (noarch)
* libsoup-lang-3.0.4-150400.3.7.1

## References:

* https://www.suse.com/security/cve/CVE-2025-2784.html
* https://www.suse.com/security/cve/CVE-2025-32050.html
* https://www.suse.com/security/cve/CVE-2025-32051.html
* https://www.suse.com/security/cve/CVE-2025-32052.html
* https://www.suse.com/security/cve/CVE-2025-32053.html
* https://www.suse.com/security/cve/CVE-2025-32906.html
* https://www.suse.com/security/cve/CVE-2025-32907.html
* https://www.suse.com/security/cve/CVE-2025-32909.html
* https://www.suse.com/security/cve/CVE-2025-32910.html
* https://www.suse.com/security/cve/CVE-2025-32912.html
* https://www.suse.com/security/cve/CVE-2025-32913.html
* https://www.suse.com/security/cve/CVE-2025-32914.html
* https://www.suse.com/security/cve/CVE-2025-46420.html
* https://www.suse.com/security/cve/CVE-2025-46421.html
* https://bugzilla.suse.com/show_bug.cgi?id=1240750
* https://bugzilla.suse.com/show_bug.cgi?id=1240752
* https://bugzilla.suse.com/show_bug.cgi?id=1240754
* https://bugzilla.suse.com/show_bug.cgi?id=1240756
* https://bugzilla.suse.com/show_bug.cgi?id=1240757
* https://bugzilla.suse.com/show_bug.cgi?id=1241162
* https://bugzilla.suse.com/show_bug.cgi?id=1241164
* https://bugzilla.suse.com/show_bug.cgi?id=1241214
* https://bugzilla.suse.com/show_bug.cgi?id=1241222
* https://bugzilla.suse.com/show_bug.cgi?id=1241226
* https://bugzilla.suse.com/show_bug.cgi?id=1241252
* https://bugzilla.suse.com/show_bug.cgi?id=1241263
* https://bugzilla.suse.com/show_bug.cgi?id=1241686
* https://bugzilla.suse.com/show_bug.cgi?id=1241688

SUSE-SU-2025:1509-1: important: Security update for libsoup2

# Security update for libsoup2

Announcement ID: SUSE-SU-2025:1509-1
Release Date: 2025-05-07T14:37:39Z
Rating: important
References:

* bsc#1240750
* bsc#1240752
* bsc#1240756
* bsc#1240757
* bsc#1241164
* bsc#1241222
* bsc#1241686
* bsc#1241688

Cross-References:

* CVE-2025-2784
* CVE-2025-32050
* CVE-2025-32052
* CVE-2025-32053
* CVE-2025-32907
* CVE-2025-32914
* CVE-2025-46420
* CVE-2025-46421

CVSS scores:

* CVE-2025-2784 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-2784 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-2784 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-32050 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32050 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32050 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32052 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-32052 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-32052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-32053 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-32053 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-32053 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-32907 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32907 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32907 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-32914 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-32914 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-46420 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-46420 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-46420 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-46421 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2025-46421 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for libsoup2 fixes the following issues:

* CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space`
when sniffing conten (bsc#1240750)
* CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752)
* CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756)
* CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and
skip_insignificant_space() (bsc#1240757)
* CVE-2025-32907: Fixed excessive memory consumption in server when client
requests a large amount of overlapping ranges in a single HTTP request
(bsc#1241222)
* CVE-2025-32914: Fixed out of bounds read in
`soup_multipart_new_from_message()` (bsc#1241164)
* CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via
soup-headers.c (bsc#1241686)
* CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect
(bsc#1241688)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1509=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-1509=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1509=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1509=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-1509=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-1509=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-1509=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-1509=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-1509=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1509=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1509=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1509=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1509=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1509=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1509=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1509=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1509=1

## Package List:

* SUSE Manager Proxy 4.3 (x86_64)
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1
* libsoup-2_4-1-2.74.2-150400.3.6.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1
* libsoup2-debugsource-2.74.2-150400.3.6.1
* libsoup2-devel-2.74.2-150400.3.6.1
* SUSE Manager Proxy 4.3 (noarch)
* libsoup2-lang-2.74.2-150400.3.6.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1
* libsoup-2_4-1-2.74.2-150400.3.6.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1
* libsoup2-debugsource-2.74.2-150400.3.6.1
* libsoup2-devel-2.74.2-150400.3.6.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* libsoup2-lang-2.74.2-150400.3.6.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1
* libsoup-2_4-1-2.74.2-150400.3.6.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1
* libsoup2-debugsource-2.74.2-150400.3.6.1
* libsoup2-devel-2.74.2-150400.3.6.1
* SUSE Manager Server 4.3 (noarch)
* libsoup2-lang-2.74.2-150400.3.6.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1
* libsoup-2_4-1-2.74.2-150400.3.6.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1
* libsoup2-debugsource-2.74.2-150400.3.6.1
* libsoup2-devel-2.74.2-150400.3.6.1
* openSUSE Leap 15.4 (x86_64)
* libsoup-2_4-1-32bit-2.74.2-150400.3.6.1
* libsoup-2_4-1-32bit-debuginfo-2.74.2-150400.3.6.1
* libsoup2-devel-32bit-2.74.2-150400.3.6.1
* openSUSE Leap 15.4 (noarch)
* libsoup2-lang-2.74.2-150400.3.6.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libsoup-2_4-1-64bit-2.74.2-150400.3.6.1
* libsoup-2_4-1-64bit-debuginfo-2.74.2-150400.3.6.1
* libsoup2-devel-64bit-2.74.2-150400.3.6.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libsoup-2_4-1-2.74.2-150400.3.6.1
* libsoup2-debugsource-2.74.2-150400.3.6.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libsoup-2_4-1-2.74.2-150400.3.6.1
* libsoup2-debugsource-2.74.2-150400.3.6.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libsoup-2_4-1-2.74.2-150400.3.6.1
* libsoup2-debugsource-2.74.2-150400.3.6.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libsoup-2_4-1-2.74.2-150400.3.6.1
* libsoup2-debugsource-2.74.2-150400.3.6.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libsoup-2_4-1-2.74.2-150400.3.6.1
* libsoup2-debugsource-2.74.2-150400.3.6.1
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1
* libsoup-2_4-1-2.74.2-150400.3.6.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1
* libsoup2-debugsource-2.74.2-150400.3.6.1
* libsoup2-devel-2.74.2-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* libsoup2-lang-2.74.2-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1
* libsoup-2_4-1-2.74.2-150400.3.6.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1
* libsoup2-debugsource-2.74.2-150400.3.6.1
* libsoup2-devel-2.74.2-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* libsoup2-lang-2.74.2-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1
* libsoup-2_4-1-2.74.2-150400.3.6.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1
* libsoup2-debugsource-2.74.2-150400.3.6.1
* libsoup2-devel-2.74.2-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* libsoup2-lang-2.74.2-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1
* libsoup-2_4-1-2.74.2-150400.3.6.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1
* libsoup2-debugsource-2.74.2-150400.3.6.1
* libsoup2-devel-2.74.2-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* libsoup2-lang-2.74.2-150400.3.6.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1
* libsoup-2_4-1-2.74.2-150400.3.6.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1
* libsoup2-debugsource-2.74.2-150400.3.6.1
* libsoup2-devel-2.74.2-150400.3.6.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* libsoup2-lang-2.74.2-150400.3.6.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1
* libsoup-2_4-1-2.74.2-150400.3.6.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1
* libsoup2-debugsource-2.74.2-150400.3.6.1
* libsoup2-devel-2.74.2-150400.3.6.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* libsoup2-lang-2.74.2-150400.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1
* libsoup-2_4-1-2.74.2-150400.3.6.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1
* libsoup2-debugsource-2.74.2-150400.3.6.1
* libsoup2-devel-2.74.2-150400.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* libsoup2-lang-2.74.2-150400.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libsoup-2_4-1-debuginfo-2.74.2-150400.3.6.1
* libsoup-2_4-1-2.74.2-150400.3.6.1
* typelib-1_0-Soup-2_4-2.74.2-150400.3.6.1
* libsoup2-debugsource-2.74.2-150400.3.6.1
* libsoup2-devel-2.74.2-150400.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* libsoup2-lang-2.74.2-150400.3.6.1

## References:

* https://www.suse.com/security/cve/CVE-2025-2784.html
* https://www.suse.com/security/cve/CVE-2025-32050.html
* https://www.suse.com/security/cve/CVE-2025-32052.html
* https://www.suse.com/security/cve/CVE-2025-32053.html
* https://www.suse.com/security/cve/CVE-2025-32907.html
* https://www.suse.com/security/cve/CVE-2025-32914.html
* https://www.suse.com/security/cve/CVE-2025-46420.html
* https://www.suse.com/security/cve/CVE-2025-46421.html
* https://bugzilla.suse.com/show_bug.cgi?id=1240750
* https://bugzilla.suse.com/show_bug.cgi?id=1240752
* https://bugzilla.suse.com/show_bug.cgi?id=1240756
* https://bugzilla.suse.com/show_bug.cgi?id=1240757
* https://bugzilla.suse.com/show_bug.cgi?id=1241164
* https://bugzilla.suse.com/show_bug.cgi?id=1241222
* https://bugzilla.suse.com/show_bug.cgi?id=1241686
* https://bugzilla.suse.com/show_bug.cgi?id=1241688

openSUSE-SU-2025:15055-1: moderate: weblate-5.11.3-1.1 on GA media

# weblate-5.11.3-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15055-1
Rating: moderate

Cross-References:

* CVE-2025-32021

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the weblate-5.11.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* weblate 5.11.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-32021.html

MariaDB update for Slackware

Kernel, libsoup, Horde Css Parser, Django updates for Ubuntu

SUSE-SU-2025:1490-1: important: Security update for java-17-openjdk

SUSE-SU-2025:1456-1: moderate: Security update for sqlite3

SUSE-SU-2025:1466-1: moderate: Security update for rabbitmq-server

SUSE-SU-2025:1464-1: moderate: Security update for ImageMagick

SUSE-SU-2025:1487-1: important: Security update for java-11-openjdk

SUSE-SU-2025:1488-1: moderate: Security update for ImageMagick

SUSE-SU-2025:1492-1: moderate: Security update for rubygem-rack-1_6

SUSE-SU-2025:1500-1: moderate: Security update for opensaml

SUSE-SU-2025:1463-1: important: Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)

SUSE-SU-2025:1454-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)

SUSE-SU-2025:1468-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)

SUSE-SU-2025:1467-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP5)

SUSE-SU-2025:1504-1: important: Security update for libsoup

SUSE-SU-2025:1503-1: important: Security update for libsoup2

SUSE-SU-2025:1506-1: important: Security update for MozillaThunderbird

SUSE-SU-2025:1505-1: moderate: Security update for apparmor

SUSE-SU-2025:1508-1: moderate: Security update for openvpn

SUSE-SU-2025:1510-1: important: Security update for libsoup

SUSE-SU-2025:1509-1: important: Security update for libsoup2

openSUSE-SU-2025:15055-1: moderate: weblate-5.11.3-1.1 on GA media

Windows

Linux

macOS

Community