Kernel, Abseil-CPP, FFmpeg, FontTools, Webkit2GTK, Open-VM-Tools updates for SUSE

SUSE 5537 Published by

Security updates have been released for SUSE Linux, addressing various vulnerabilities. These updates include security patches for the Linux kernel and other packages such as abseil-cpp, python-FontTools, ffmpeg-4, and webkit2gtk3. Additionally, openSUSE has received security updates for python-weasyprint, webkit2gtk3, and open-vm-tools.

SUSE-SU-2026:0191-1: important: Security update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:0190-1: moderate: Security update for abseil-cpp
SUSE-SU-2026:0203-1: important: Security update for the Linux Kernel (Live Patch 15 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:0202-1: important: Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 15 SP7)
SUSE-SU-2026:0206-1: important: Security update for the Linux Kernel (Live Patch 23 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:0204-1: important: Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:0199-1: moderate: Security update for python-FontTools
SUSE-SU-2026:0198-1: important: Security update for ffmpeg-4
openSUSE-SU-2026:20069-1: important: Security update for python-weasyprint
openSUSE-SU-2026:20065-1: important: Security update for webkit2gtk3
openSUSE-SU-2026:20067-1: important: Security update of open-vm-tools



SUSE-SU-2026:0191-1: important: Security update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:0191-1
Release Date: 2026-01-20T21:05:44Z
Rating: important
References:

* bsc#1248400
* bsc#1248615
* bsc#1248670
* bsc#1249242
* bsc#1250665
* bsc#1251165
* bsc#1251203
* bsc#1251787
* bsc#1253437
* bsc#1254451

Cross-References:

* CVE-2022-50233
* CVE-2022-50327
* CVE-2022-50409
* CVE-2022-50490
* CVE-2023-53676
* CVE-2024-58239
* CVE-2025-38476
* CVE-2025-38572
* CVE-2025-38608
* CVE-2025-40204

CVSS scores:

* CVE-2022-50233 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-50233 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50327 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50327 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-50327 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50409 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50409 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-50409 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50490 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50490 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53676 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53676 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-58239 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-58239 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-58239 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38476 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38476 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38476 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38572 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38572 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38572 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38608 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38608 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-38608 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40204 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves 10 vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.173 fixes
various security issues

The following security issues were fixed:

* CVE-2022-50233: bluetooth: device name can cause reading kernel memory by
not supplying terminal \0 (bsc#1249242).
* CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return
value (bsc#1254451).
* CVE-2022-50409: net: If sock is dead don't access sock's sk_wq in
sk_stream_wait_memory (bsc#1250665).
* CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace
(bsc#1251165).
* CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in
lio_target_nacl_info_show() (bsc#1251787).
* CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA
(bsc#1248615).
* CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline()
(bsc#1251203).
* CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment()
(bsc#1248400).
* CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data()
in ktls (bsc#1248670).
* CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-191=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-191=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_173-default-7-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_43-debugsource-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-7-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_173-default-7-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_43-debugsource-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-7-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-50233.html
* https://www.suse.com/security/cve/CVE-2022-50327.html
* https://www.suse.com/security/cve/CVE-2022-50409.html
* https://www.suse.com/security/cve/CVE-2022-50490.html
* https://www.suse.com/security/cve/CVE-2023-53676.html
* https://www.suse.com/security/cve/CVE-2024-58239.html
* https://www.suse.com/security/cve/CVE-2025-38476.html
* https://www.suse.com/security/cve/CVE-2025-38572.html
* https://www.suse.com/security/cve/CVE-2025-38608.html
* https://www.suse.com/security/cve/CVE-2025-40204.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248400
* https://bugzilla.suse.com/show_bug.cgi?id=1248615
* https://bugzilla.suse.com/show_bug.cgi?id=1248670
* https://bugzilla.suse.com/show_bug.cgi?id=1249242
* https://bugzilla.suse.com/show_bug.cgi?id=1250665
* https://bugzilla.suse.com/show_bug.cgi?id=1251165
* https://bugzilla.suse.com/show_bug.cgi?id=1251203
* https://bugzilla.suse.com/show_bug.cgi?id=1251787
* https://bugzilla.suse.com/show_bug.cgi?id=1253437
* https://bugzilla.suse.com/show_bug.cgi?id=1254451



SUSE-SU-2026:0190-1: moderate: Security update for abseil-cpp


# Security update for abseil-cpp

Announcement ID: SUSE-SU-2026:0190-1
Release Date: 2026-01-20T16:57:29Z
Rating: moderate
References:

* bsc#1237543

Cross-References:

* CVE-2025-0838

CVSS scores:

* CVE-2025-0838 ( SUSE ): 5.9
CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L
* CVE-2025-0838 ( SUSE ): 5.6 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L
* CVE-2025-0838 ( NVD ): 5.9
CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-0838 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3

An update that solves one vulnerability can now be installed.

## Description:

This update for abseil-cpp fixes the following issues:

* CVE-2025-0838: Fixed potential integer overflow in hash container
create/resize (bsc#1237543).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-190=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* abseil-cpp-devel-20211102.0-150300.7.9.1
* abseil-cpp-debuginfo-20211102.0-150300.7.9.1
* abseil-cpp-20211102.0-150300.7.9.1
* abseil-cpp-debugsource-20211102.0-150300.7.9.1

## References:

* https://www.suse.com/security/cve/CVE-2025-0838.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237543



SUSE-SU-2026:0203-1: important: Security update for the Linux Kernel (Live Patch 15 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 15 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:0203-1
Release Date: 2026-01-21T13:04:03Z
Rating: important
References:

* bsc#1250192
* bsc#1251787
* bsc#1253437

Cross-References:

* CVE-2023-53676
* CVE-2025-39682
* CVE-2025-40204

CVSS scores:

* CVE-2023-53676 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53676 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39682 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-40204 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.70 fixes
various security issues

The following security issues were fixed:

* CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in
lio_target_nacl_info_show() (bsc#1251787).
* CVE-2025-39682: tls: fix handling of zero-length records on the rx_list
(bsc#1250192).
* CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-203=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-203=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_70-default-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-5-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_15-debugsource-5-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_70-default-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-5-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_15-debugsource-5-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-53676.html
* https://www.suse.com/security/cve/CVE-2025-39682.html
* https://www.suse.com/security/cve/CVE-2025-40204.html
* https://bugzilla.suse.com/show_bug.cgi?id=1250192
* https://bugzilla.suse.com/show_bug.cgi?id=1251787
* https://bugzilla.suse.com/show_bug.cgi?id=1253437



SUSE-SU-2026:0202-1: important: Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 15 SP7)


# Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise
15 SP7)

Announcement ID: SUSE-SU-2026:0202-1
Release Date: 2026-01-21T14:35:51Z
Rating: important
References:

* bsc#1248670
* bsc#1250192
* bsc#1251787
* bsc#1253437

Cross-References:

* CVE-2023-53676
* CVE-2025-38608
* CVE-2025-39682
* CVE-2025-40204

CVSS scores:

* CVE-2023-53676 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53676 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38608 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38608 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-38608 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39682 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-40204 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.11 fixes
various security issues

The following security issues were fixed:

* CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in
lio_target_nacl_info_show() (bsc#1251787).
* CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data()
in ktls (bsc#1248670).
* CVE-2025-39682: tls: fix handling of zero-length records on the rx_list
(bsc#1250192).
* CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-205=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-202=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-202=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP7_Update_3-debugsource-5-150700.2.1
* kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1
* kernel-livepatch-6_4_0-150700_53_11-default-debuginfo-5-150700.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-53676.html
* https://www.suse.com/security/cve/CVE-2025-38608.html
* https://www.suse.com/security/cve/CVE-2025-39682.html
* https://www.suse.com/security/cve/CVE-2025-40204.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248670
* https://bugzilla.suse.com/show_bug.cgi?id=1250192
* https://bugzilla.suse.com/show_bug.cgi?id=1251787
* https://bugzilla.suse.com/show_bug.cgi?id=1253437



SUSE-SU-2026:0206-1: important: Security update for the Linux Kernel (Live Patch 23 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 23 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:0206-1
Release Date: 2026-01-21T15:38:12Z
Rating: important
References:

* bsc#1248400
* bsc#1248615
* bsc#1248670
* bsc#1250665
* bsc#1251165
* bsc#1251203
* bsc#1251787
* bsc#1253437
* bsc#1254451

Cross-References:

* CVE-2022-50327
* CVE-2022-50409
* CVE-2022-50490
* CVE-2023-53676
* CVE-2024-58239
* CVE-2025-38476
* CVE-2025-38572
* CVE-2025-38608
* CVE-2025-40204

CVSS scores:

* CVE-2022-50327 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50327 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-50327 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50409 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50409 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-50409 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50490 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50490 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53676 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53676 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-58239 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-58239 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-58239 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38476 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38476 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38476 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38572 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38572 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38572 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38608 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38608 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-38608 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40204 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves nine vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.94 fixes
various security issues

The following security issues were fixed:

* CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return
value (bsc#1254451).
* CVE-2022-50409: net: If sock is dead don't access sock's sk_wq in
sk_stream_wait_memory (bsc#1250665).
* CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace
(bsc#1251165).
* CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in
lio_target_nacl_info_show() (bsc#1251787).
* CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA
(bsc#1248615).
* CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline()
(bsc#1251203).
* CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment()
(bsc#1248400).
* CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data()
in ktls (bsc#1248670).
* CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-206=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-206=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_94-default-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-13-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_23-debugsource-13-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_94-default-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-13-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_23-debugsource-13-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-50327.html
* https://www.suse.com/security/cve/CVE-2022-50409.html
* https://www.suse.com/security/cve/CVE-2022-50490.html
* https://www.suse.com/security/cve/CVE-2023-53676.html
* https://www.suse.com/security/cve/CVE-2024-58239.html
* https://www.suse.com/security/cve/CVE-2025-38476.html
* https://www.suse.com/security/cve/CVE-2025-38572.html
* https://www.suse.com/security/cve/CVE-2025-38608.html
* https://www.suse.com/security/cve/CVE-2025-40204.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248400
* https://bugzilla.suse.com/show_bug.cgi?id=1248615
* https://bugzilla.suse.com/show_bug.cgi?id=1248670
* https://bugzilla.suse.com/show_bug.cgi?id=1250665
* https://bugzilla.suse.com/show_bug.cgi?id=1251165
* https://bugzilla.suse.com/show_bug.cgi?id=1251203
* https://bugzilla.suse.com/show_bug.cgi?id=1251787
* https://bugzilla.suse.com/show_bug.cgi?id=1253437
* https://bugzilla.suse.com/show_bug.cgi?id=1254451



SUSE-SU-2026:0204-1: important: Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:0204-1
Release Date: 2026-01-21T13:33:36Z
Rating: important
References:

* bsc#1251787
* bsc#1253437

Cross-References:

* CVE-2023-53676
* CVE-2025-40204

CVSS scores:

* CVE-2023-53676 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53676 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40204 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.73 fixes
various security issues

The following security issues were fixed:

* CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in
lio_target_nacl_info_show() (bsc#1251787).
* CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-204=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-204=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_16-debugsource-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_73-default-2-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_16-debugsource-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_73-default-2-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-53676.html
* https://www.suse.com/security/cve/CVE-2025-40204.html
* https://bugzilla.suse.com/show_bug.cgi?id=1251787
* https://bugzilla.suse.com/show_bug.cgi?id=1253437



SUSE-SU-2026:0199-1: moderate: Security update for python-FontTools


# Security update for python-FontTools

Announcement ID: SUSE-SU-2026:0199-1
Release Date: 2026-01-21T11:04:01Z
Rating: moderate
References:

* bsc#1254366

Cross-References:

* CVE-2025-66034

CVSS scores:

* CVE-2025-66034 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-66034 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L
* CVE-2025-66034 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L
* CVE-2025-66034 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for python-FontTools fixes the following issues:

* CVE-2025-66034: Fixed arbitrary file write vulnerability that could lead to
remote code execution (bsc#1254366).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-199=1 openSUSE-SLE-15.6-2026-199=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-199=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* python311-FontTools-4.47.2-150600.3.3.1
* SUSE Package Hub 15 15-SP7 (noarch)
* python311-FontTools-4.47.2-150600.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2025-66034.html
* https://bugzilla.suse.com/show_bug.cgi?id=1254366



SUSE-SU-2026:0198-1: important: Security update for ffmpeg-4


# Security update for ffmpeg-4

Announcement ID: SUSE-SU-2026:0198-1
Release Date: 2026-01-21T10:16:25Z
Rating: important
References:

* bsc#1220545
* bsc#1255392

Cross-References:

* CVE-2023-6601
* CVE-2025-63757

CVSS scores:

* CVE-2023-6601 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2023-6601 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
* CVE-2023-6601 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
* CVE-2025-63757 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-63757 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-63757 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Linux Enterprise Workstation Extension 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for ffmpeg-4 fixes the following issues:

* CVE-2023-6601: Fixed HLS Unsafe File Extension Bypass (bsc#1220545).
* CVE-2025-63757: Fixed integer overflow in yuv2ya16_X_c_template()
(bsc#1255392).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-198=1 openSUSE-SLE-15.6-2026-198=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-198=1

* SUSE Linux Enterprise Workstation Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-198=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libavcodec58_134-4.4.6-150600.13.38.1
* libavfilter7_110-4.4.6-150600.13.38.1
* ffmpeg-4-libswscale-devel-4.4.6-150600.13.38.1
* ffmpeg-4-libavcodec-devel-4.4.6-150600.13.38.1
* ffmpeg-4-debuginfo-4.4.6-150600.13.38.1
* libswscale5_9-debuginfo-4.4.6-150600.13.38.1
* ffmpeg-4-4.4.6-150600.13.38.1
* libavdevice58_13-debuginfo-4.4.6-150600.13.38.1
* libavcodec58_134-debuginfo-4.4.6-150600.13.38.1
* ffmpeg-4-libavdevice-devel-4.4.6-150600.13.38.1
* libavfilter7_110-debuginfo-4.4.6-150600.13.38.1
* ffmpeg-4-libpostproc-devel-4.4.6-150600.13.38.1
* libswresample3_9-4.4.6-150600.13.38.1
* libavdevice58_13-4.4.6-150600.13.38.1
* ffmpeg-4-libavutil-devel-4.4.6-150600.13.38.1
* libavutil56_70-4.4.6-150600.13.38.1
* libavformat58_76-debuginfo-4.4.6-150600.13.38.1
* ffmpeg-4-libavformat-devel-4.4.6-150600.13.38.1
* ffmpeg-4-private-devel-4.4.6-150600.13.38.1
* ffmpeg-4-libswresample-devel-4.4.6-150600.13.38.1
* libavutil56_70-debuginfo-4.4.6-150600.13.38.1
* ffmpeg-4-debugsource-4.4.6-150600.13.38.1
* libavresample4_0-4.4.6-150600.13.38.1
* libpostproc55_9-debuginfo-4.4.6-150600.13.38.1
* libswresample3_9-debuginfo-4.4.6-150600.13.38.1
* ffmpeg-4-libavresample-devel-4.4.6-150600.13.38.1
* ffmpeg-4-libavfilter-devel-4.4.6-150600.13.38.1
* libavformat58_76-4.4.6-150600.13.38.1
* libavresample4_0-debuginfo-4.4.6-150600.13.38.1
* libpostproc55_9-4.4.6-150600.13.38.1
* libswscale5_9-4.4.6-150600.13.38.1
* openSUSE Leap 15.6 (x86_64)
* libavcodec58_134-32bit-4.4.6-150600.13.38.1
* libavutil56_70-32bit-4.4.6-150600.13.38.1
* libavformat58_76-32bit-debuginfo-4.4.6-150600.13.38.1
* libswscale5_9-32bit-debuginfo-4.4.6-150600.13.38.1
* libavfilter7_110-32bit-debuginfo-4.4.6-150600.13.38.1
* libpostproc55_9-32bit-4.4.6-150600.13.38.1
* libavfilter7_110-32bit-4.4.6-150600.13.38.1
* libavutil56_70-32bit-debuginfo-4.4.6-150600.13.38.1
* libavresample4_0-32bit-debuginfo-4.4.6-150600.13.38.1
* libpostproc55_9-32bit-debuginfo-4.4.6-150600.13.38.1
* libavdevice58_13-32bit-debuginfo-4.4.6-150600.13.38.1
* libswresample3_9-32bit-debuginfo-4.4.6-150600.13.38.1
* libswresample3_9-32bit-4.4.6-150600.13.38.1
* libavcodec58_134-32bit-debuginfo-4.4.6-150600.13.38.1
* libavformat58_76-32bit-4.4.6-150600.13.38.1
* libavresample4_0-32bit-4.4.6-150600.13.38.1
* libswscale5_9-32bit-4.4.6-150600.13.38.1
* libavdevice58_13-32bit-4.4.6-150600.13.38.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libavfilter7_110-64bit-debuginfo-4.4.6-150600.13.38.1
* libavformat58_76-64bit-debuginfo-4.4.6-150600.13.38.1
* libswscale5_9-64bit-debuginfo-4.4.6-150600.13.38.1
* libavformat58_76-64bit-4.4.6-150600.13.38.1
* libavresample4_0-64bit-4.4.6-150600.13.38.1
* libavresample4_0-64bit-debuginfo-4.4.6-150600.13.38.1
* libswresample3_9-64bit-debuginfo-4.4.6-150600.13.38.1
* libpostproc55_9-64bit-debuginfo-4.4.6-150600.13.38.1
* libswresample3_9-64bit-4.4.6-150600.13.38.1
* libavutil56_70-64bit-4.4.6-150600.13.38.1
* libavcodec58_134-64bit-4.4.6-150600.13.38.1
* libswscale5_9-64bit-4.4.6-150600.13.38.1
* libavdevice58_13-64bit-debuginfo-4.4.6-150600.13.38.1
* libpostproc55_9-64bit-4.4.6-150600.13.38.1
* libavdevice58_13-64bit-4.4.6-150600.13.38.1
* libavfilter7_110-64bit-4.4.6-150600.13.38.1
* libavcodec58_134-64bit-debuginfo-4.4.6-150600.13.38.1
* libavutil56_70-64bit-debuginfo-4.4.6-150600.13.38.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* libavcodec58_134-4.4.6-150600.13.38.1
* libavfilter7_110-4.4.6-150600.13.38.1
* ffmpeg-4-libswscale-devel-4.4.6-150600.13.38.1
* ffmpeg-4-libavcodec-devel-4.4.6-150600.13.38.1
* ffmpeg-4-debuginfo-4.4.6-150600.13.38.1
* libswscale5_9-debuginfo-4.4.6-150600.13.38.1
* ffmpeg-4-4.4.6-150600.13.38.1
* libavdevice58_13-debuginfo-4.4.6-150600.13.38.1
* libavcodec58_134-debuginfo-4.4.6-150600.13.38.1
* ffmpeg-4-libavdevice-devel-4.4.6-150600.13.38.1
* libavfilter7_110-debuginfo-4.4.6-150600.13.38.1
* ffmpeg-4-libpostproc-devel-4.4.6-150600.13.38.1
* libswresample3_9-4.4.6-150600.13.38.1
* libavdevice58_13-4.4.6-150600.13.38.1
* ffmpeg-4-libavutil-devel-4.4.6-150600.13.38.1
* libavutil56_70-4.4.6-150600.13.38.1
* libavformat58_76-debuginfo-4.4.6-150600.13.38.1
* ffmpeg-4-libavformat-devel-4.4.6-150600.13.38.1
* ffmpeg-4-private-devel-4.4.6-150600.13.38.1
* ffmpeg-4-libswresample-devel-4.4.6-150600.13.38.1
* libavutil56_70-debuginfo-4.4.6-150600.13.38.1
* ffmpeg-4-debugsource-4.4.6-150600.13.38.1
* libavresample4_0-4.4.6-150600.13.38.1
* libpostproc55_9-debuginfo-4.4.6-150600.13.38.1
* libswresample3_9-debuginfo-4.4.6-150600.13.38.1
* ffmpeg-4-libavresample-devel-4.4.6-150600.13.38.1
* ffmpeg-4-libavfilter-devel-4.4.6-150600.13.38.1
* libavformat58_76-4.4.6-150600.13.38.1
* libavresample4_0-debuginfo-4.4.6-150600.13.38.1
* libpostproc55_9-4.4.6-150600.13.38.1
* libswscale5_9-4.4.6-150600.13.38.1
* SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64)
* libavcodec58_134-4.4.6-150600.13.38.1
* libswscale5_9-debuginfo-4.4.6-150600.13.38.1
* libavutil56_70-4.4.6-150600.13.38.1
* libswresample3_9-debuginfo-4.4.6-150600.13.38.1
* libavformat58_76-debuginfo-4.4.6-150600.13.38.1
* libavcodec58_134-debuginfo-4.4.6-150600.13.38.1
* libavformat58_76-4.4.6-150600.13.38.1
* libswresample3_9-4.4.6-150600.13.38.1
* libavutil56_70-debuginfo-4.4.6-150600.13.38.1
* ffmpeg-4-debuginfo-4.4.6-150600.13.38.1
* ffmpeg-4-debugsource-4.4.6-150600.13.38.1
* libswscale5_9-4.4.6-150600.13.38.1

## References:

* https://www.suse.com/security/cve/CVE-2023-6601.html
* https://www.suse.com/security/cve/CVE-2025-63757.html
* https://bugzilla.suse.com/show_bug.cgi?id=1220545
* https://bugzilla.suse.com/show_bug.cgi?id=1255392



openSUSE-SU-2026:20069-1: important: Security update for python-weasyprint


openSUSE security update: security update for python-weasyprint
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20069-1
Rating: important
References:

* bsc#1256936

Cross-References:

* CVE-2025-68616

CVSS scores:

* CVE-2025-68616 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for python-weasyprint fixes the following issues:

Changes in python-weasyprint:

- CVE-2025-68616: Fixed a server-side request forgery in default fetcher (boo#1256936).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-86=1

Package List:

- openSUSE Leap 16.0:

python313-weasyprint-65.1-bp160.2.1

References:

* https://www.suse.com/security/cve/CVE-2025-68616.html



openSUSE-SU-2026:20065-1: important: Security update for webkit2gtk3


openSUSE security update: security update for webkit2gtk3
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20065-1
Rating: important
References:

* bsc#1250439
* bsc#1250440
* bsc#1250441
* bsc#1250442
* bsc#1251975
* bsc#1254164
* bsc#1254165
* bsc#1254166
* bsc#1254167
* bsc#1254168
* bsc#1254169
* bsc#1254170
* bsc#1254171
* bsc#1254172
* bsc#1254174
* bsc#1254175
* bsc#1254176
* bsc#1254177
* bsc#1254179
* bsc#1254208
* bsc#1254473
* bsc#1254498
* bsc#1254509
* bsc#1255183
* bsc#1255191
* bsc#1255194
* bsc#1255195
* bsc#1255198
* bsc#1255200
* bsc#1255497

Cross-References:

* CVE-2023-43000
* CVE-2025-13502
* CVE-2025-13947
* CVE-2025-14174
* CVE-2025-43272
* CVE-2025-43342
* CVE-2025-43343
* CVE-2025-43356
* CVE-2025-43368
* CVE-2025-43392
* CVE-2025-43419
* CVE-2025-43421
* CVE-2025-43425
* CVE-2025-43427
* CVE-2025-43429
* CVE-2025-43430
* CVE-2025-43431
* CVE-2025-43432
* CVE-2025-43434
* CVE-2025-43440
* CVE-2025-43443
* CVE-2025-43458
* CVE-2025-43480
* CVE-2025-43501
* CVE-2025-43529
* CVE-2025-43531
* CVE-2025-43535
* CVE-2025-43536
* CVE-2025-43541
* CVE-2025-66287

CVSS scores:

* CVE-2023-43000 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-43000 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-13502 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-13502 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-13947 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
* CVE-2025-14174 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-14174 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-43272 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-43342 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-43343 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-43343 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-43356 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-43368 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-43392 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-43392 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-43419 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-43419 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-43421 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-43421 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-43425 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-43425 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-43427 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-43427 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-43429 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-43429 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-43430 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-43430 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-43431 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
* CVE-2025-43432 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-43432 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-43434 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-43434 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-43440 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-43440 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-43443 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-43443 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-43458 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-43458 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-43480 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-43480 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-43501 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-43501 ( SUSE ): 6.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-43529 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-43529 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-43531 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-43531 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-43535 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-43535 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-43536 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-43536 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-43541 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-43541 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-66287 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-66287 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 30 vulnerabilities and has 30 bug fixes can now be installed.

Description:

This update for webkit2gtk3 fixes the following issues:

Update to version 2.50.4.

Security issues fixed:

- CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a
UIProcess crash due to an out-of-bounds read and an integer underflow (bsc#1254208).
- CVE-2025-13947: use of the file drag-and-drop mechanism may lead to remote information disclosure due to a lack of
verification of the origins of drag operations (bsc#1254473).
- CVE-2025-14174: processing maliciously crafted web content may lead to memory corruption due to improper validation
(bsc#1255497).
- CVE-2025-43272: processing maliciously crafted web content may lead to an unexpected process crash due to improper
memory handling (bsc#1250439).
- CVE-2025-43342: processing maliciously crafted web content may lead to an unexpected process crash due to a
correctness issue and missing checks (bsc#1250440).
- CVE-2025-43343: processing maliciously crafted web content may lead to an unexpected process crash due to improper
memory handling (bsc#1251975).
- CVE-2025-43356: a website may be able to access sensor information without user consent due to improper cache handling
(bsc#1250441).
- CVE-2025-43368: processing maliciously crafted web content may lead to an unexpected process crash due to a
use-after-free issue (bsc#1250442).
- CVE-2025-43392: websites may exfiltrate image data cross-origin due to issues with cache handling (bsc#1254165).
- CVE-2025-43419: processing maliciously crafted web content may lead to memory corruption due to improper memory
handling (bsc#1254166).
- CVE-2025-43421: processing maliciously crafted web content may lead to an unexpected process crash due to enabled
array allocation sinking (bsc#1254167).
- CVE-2025-43425: processing maliciously crafted web content may lead to an unexpected process crash due to improper
memory handling (bsc#1254168).
- CVE-2025-43427: processing maliciously crafted web content may lead to an unexpected process crash due to issues with
state management (bsc#1254169).
- CVE-2025-43429: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer
overflow issue (bsc#1254174).
- CVE-2025-43430: processing maliciously crafted web content may lead to an unexpected process crash due to issues with
state management (bsc#1254172).
- CVE-2025-43431: processing maliciously crafted web content may lead to memory corruption due to improper memory
handling (bsc#1254170).
- CVE-2025-43432: processing maliciously crafted web content may lead to an unexpected process crash due to a
use-after-free issue (bsc#1254171).
- CVE-2025-43434: processing maliciously crafted web content may lead to an unexpected process crash due to a
use-after-free issue (bsc#1254179).
- CVE-2025-43440: processing maliciously crafted web content may lead to an unexpected process crash due to missing
checks (bsc#1254177).
- CVE-2025-43443: processing maliciously crafted web content may lead to an unexpected process crash due to missing
checks (bsc#1254176).
- CVE-2025-43458: processing maliciously crafted web content may lead to an unexpected process crash due to issues with
state management (bsc#1254498).
- CVE-2025-43501: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer
overflow issue (bsc#1255194).
- CVE-2025-43529: processing maliciously crafted web content may lead to arbitrary code execution due to a
use-after-free issue (bsc#1255198).
- CVE-2025-43531: processing maliciously crafted web content may lead to an unexpected process crash due to a race
condition (bsc#1255183).
- CVE-2025-43535: processing maliciously crafted web content may lead to an unexpected process crash due to improper
memory handling (bsc#1255195).
- CVE-2025-43536: processing maliciously crafted web content may lead to an unexpected process crash due to a
use-after-free issue (bsc#1255200).
- CVE-2025-43541: processing maliciously crafted web content may lead to an unexpected process crash due to type
confusion (bsc#1255191).
- CVE-2025-66287: processing maliciously crafted web content may lead to an unexpected process crash due to improper
memory handling (bsc#1254509).

Other issues fixed and changes:

- Version 2.50.4:
* Correctly handle the program name passed to the sleep disabler.
* Ensure GStreamer is initialized before using the Quirks.
* Fix several crashes and rendering issues.

- Version 2.50.3:
* Fix seeking and looping of media elements that set the "loop" property.
* Fix several crashes and rendering issues.

- Version 2.50.2:
* Prevent unsafe URI schemes from participating in media playback.
* Make jsc_value_array_buffer_get_data() function introspectable.
* Fix logging in to Google accounts that have a WebAuthn second factor configured.
* Fix loading webkit://gpu when there are no threads configured for GPU rendering.
* Fix rendering gradiants that use the CSS hue interpolation method.
* Fix pasting image data from the clipboard.
* Fix font-family selection when the font name contains spaces.
* Fix the build with standard C libraries that lack execinfo.h, like Musl or uClibc.
* Fix capturing canvas snapshots in the Web Inspector.
* Fix several crashes and rendering issues.

- Version 2.50.1:
* Improve text rendering performance.
* Fix audio playback broken on instagram.
* Fix rendering of layers with fractional transforms.
* Fix the build with ENABLE(VIDEO) disabled.
* Fix the build in s390x.
* Fix several crashes and rendering issues.

- Version 2.50.0:
* Improved rendering performance by recording each layer once and replaying every dirty region in different worker
threads.
* Enable damage propagation to the UI process by default.
* CSS property font-variant-emoji is now enabled by default.
* Font synthesis properties (bold/italic) are now properly handled.
* Ensure web view is focused on tap gesture.
* Added new API to get the theme color of a WebKitWebView.

- Version 2.49.90:
* Add support for font collection / fragment identifiers.
* Fix web process deadlock on exit.
* Fix stuttering when playing WebP animations
* Fix CSS animations with cubic-bezier timing function.
* Do not start the MemoryPressureMonitor if it???s disabled
* Fix several crashes and rendering issues.
* Updated translations.

- Version 2.48.6:
* Fix emojis incorrectly rendered in their text variant.
* Add support for font collection / fragment identifiers.
* Fix web process deadlock on exit.
* Fix stuttering when playing WebP animations.
* Fix CSS animations with cubic-bezier timing function.
* Do not start the MemoryPressureMonitor if it's disabled.
* Fix several crashes and rendering issues.

- Fix a11y regression where AT-SPI roles were mapped incorrectly.
- Disable skia on ppc64le.

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-156=1

Package List:

- openSUSE Leap 16.0:

WebKitGTK-4.0-lang-2.50.4-160000.1.1
WebKitGTK-4.1-lang-2.50.4-160000.1.1
WebKitGTK-6.0-lang-2.50.4-160000.1.1
libjavascriptcoregtk-4_0-18-2.50.4-160000.1.1
libjavascriptcoregtk-4_1-0-2.50.4-160000.1.1
libjavascriptcoregtk-6_0-1-2.50.4-160000.1.1
libwebkit2gtk-4_0-37-2.50.4-160000.1.1
libwebkit2gtk-4_1-0-2.50.4-160000.1.1
libwebkitgtk-6_0-4-2.50.4-160000.1.1
typelib-1_0-JavaScriptCore-4_0-2.50.4-160000.1.1
typelib-1_0-JavaScriptCore-4_1-2.50.4-160000.1.1
typelib-1_0-JavaScriptCore-6_0-2.50.4-160000.1.1
typelib-1_0-WebKit-6_0-2.50.4-160000.1.1
typelib-1_0-WebKit2-4_0-2.50.4-160000.1.1
typelib-1_0-WebKit2-4_1-2.50.4-160000.1.1
typelib-1_0-WebKit2WebExtension-4_0-2.50.4-160000.1.1
typelib-1_0-WebKit2WebExtension-4_1-2.50.4-160000.1.1
typelib-1_0-WebKitWebProcessExtension-6_0-2.50.4-160000.1.1
webkit-jsc-4-2.50.4-160000.1.1
webkit-jsc-4.1-2.50.4-160000.1.1
webkit-jsc-6.0-2.50.4-160000.1.1
webkit2gtk-4_0-injected-bundles-2.50.4-160000.1.1
webkit2gtk-4_1-injected-bundles-2.50.4-160000.1.1
webkit2gtk3-devel-2.50.4-160000.1.1
webkit2gtk3-minibrowser-2.50.4-160000.1.1
webkit2gtk3-soup2-devel-2.50.4-160000.1.1
webkit2gtk3-soup2-minibrowser-2.50.4-160000.1.1
webkit2gtk4-devel-2.50.4-160000.1.1
webkit2gtk4-minibrowser-2.50.4-160000.1.1
webkitgtk-6_0-injected-bundles-2.50.4-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2023-43000.html
* https://www.suse.com/security/cve/CVE-2025-13502.html
* https://www.suse.com/security/cve/CVE-2025-13947.html
* https://www.suse.com/security/cve/CVE-2025-14174.html
* https://www.suse.com/security/cve/CVE-2025-43272.html
* https://www.suse.com/security/cve/CVE-2025-43342.html
* https://www.suse.com/security/cve/CVE-2025-43343.html
* https://www.suse.com/security/cve/CVE-2025-43356.html
* https://www.suse.com/security/cve/CVE-2025-43368.html
* https://www.suse.com/security/cve/CVE-2025-43392.html
* https://www.suse.com/security/cve/CVE-2025-43419.html
* https://www.suse.com/security/cve/CVE-2025-43421.html
* https://www.suse.com/security/cve/CVE-2025-43425.html
* https://www.suse.com/security/cve/CVE-2025-43427.html
* https://www.suse.com/security/cve/CVE-2025-43429.html
* https://www.suse.com/security/cve/CVE-2025-43430.html
* https://www.suse.com/security/cve/CVE-2025-43431.html
* https://www.suse.com/security/cve/CVE-2025-43432.html
* https://www.suse.com/security/cve/CVE-2025-43434.html
* https://www.suse.com/security/cve/CVE-2025-43440.html
* https://www.suse.com/security/cve/CVE-2025-43443.html
* https://www.suse.com/security/cve/CVE-2025-43458.html
* https://www.suse.com/security/cve/CVE-2025-43480.html
* https://www.suse.com/security/cve/CVE-2025-43501.html
* https://www.suse.com/security/cve/CVE-2025-43529.html
* https://www.suse.com/security/cve/CVE-2025-43531.html
* https://www.suse.com/security/cve/CVE-2025-43535.html
* https://www.suse.com/security/cve/CVE-2025-43536.html
* https://www.suse.com/security/cve/CVE-2025-43541.html
* https://www.suse.com/security/cve/CVE-2025-66287.html



openSUSE-SU-2026:20067-1: important: Security update of open-vm-tools


openSUSE security update: security update of open-vm-tools
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20067-1
Rating: important
References:

* bsc#1250373
* bsc#1250692

Cross-References:

* CVE-2025-41244

CVSS scores:

* CVE-2025-41244 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-41244 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has 2 bug fixes can now be installed.

Description:

This update for open-vm-tools fixes the following issues:

Update to open-vm-tools 13.0.5 based on build 24915695. (boo#1250692):

Please refer to the Release Notes at
https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/ReleaseNotes.md.

The granular changes that have gone into the open-vm-tools 13.0.5 release
are in the ChangeLog at
https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/open-vm-tools/ChangeLog.

There are no new features in the open-vm-tools 13.0.5 release. This is
primarily a maintenance release that addresses a security issue.

This release resolves and includes the patch for CVE-2025-41244. For more
information on this vulnerability and its impact on Broadcom products,
see VMSA-2025-0015.

A minor enhancement has been made for Guest OS Customization. The
DeployPkg plugin has been updated to use "systemctl reboot", if available.

For a more complete list of issues addressed in this release, see the
What's New and Resolved Issues section of the Release Notes.

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-158=1

Package List:

- openSUSE Leap 16.0:

libvmtools-devel-13.0.5-160000.1.1
libvmtools0-13.0.5-160000.1.1
open-vm-tools-13.0.5-160000.1.1
open-vm-tools-containerinfo-13.0.5-160000.1.1
open-vm-tools-desktop-13.0.5-160000.1.1
open-vm-tools-salt-minion-13.0.5-160000.1.1
open-vm-tools-sdmp-13.0.5-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-41244.html


BIND updates for Slackware

GLib, OpenCC, iperf3 updates for Ubuntu

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...