SUSE-SU-2025:03545-1: important: Security update for docker-stable
SUSE-SU-2025:03543-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP4)
SUSE-SU-2025:03541-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4)
SUSE-SU-2025:03552-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP4)
SUSE-SU-2025:03547-1: important: Security update for go1.25
SUSE-SU-2025:03551-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP4)
SUSE-SU-2025:03554-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP5)
SUSE-SU-2025:03550-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP4)
SUSE-SU-2025:03548-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4)
SUSE-SU-2025:03553-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP5)
SUSE-SU-2025:03555-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP5)
SUSE-SU-2025:03561-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP5)
SUSE-SU-2025:03557-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)
SUSE-SU-2025:03562-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP5)
SUSE-SU-2025:03566-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)
SUSE-SU-2025:03567-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)
SUSE-SU-2025:03559-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP5)
SUSE-SU-2025:03563-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)
SUSE-SU-2025:03569-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)
SUSE-SU-2025:03568-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6)
SUSE-SU-2025:03572-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP7)
SUSE-SU-2025:03571-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)
SUSE-SU-2025:03584-1: important: Security update for podman
SUSE-SU-2025:03586-1: important: Security update for openssl-3-livepatches
SUSE-SU-2025:03587-1: moderate: Security update for haproxy
SUSE-SU-2025:03583-1: important: Security update for the Linux Kernel (Live Patch 60 for SLE 15 SP3)
SUSE-SU-2025:03580-1: important: Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)
SUSE-SU-2025:03589-1: moderate: Security update for haproxy
SUSE-SU-2025:03578-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP4)
SUSE-SU-2025:03545-1: important: Security update for docker-stable
# Security update for docker-stable
Announcement ID: SUSE-SU-2025:03545-1
Release Date: 2025-10-11T01:21:27Z
Rating: important
References:
* bsc#1001161
* bsc#1004490
* bsc#1007249
* bsc#1009961
* bsc#1012568
* bsc#1015661
* bsc#1016307
* bsc#1016992
* bsc#1019251
* bsc#1020806
* bsc#1021227
* bsc#1026827
* bsc#1028638
* bsc#1028639
* bsc#1029320
* bsc#1029630
* bsc#1030702
* bsc#1032287
* bsc#1032644
* bsc#1034053
* bsc#1034063
* bsc#1037436
* bsc#1037607
* bsc#1038476
* bsc#1038493
* bsc#1045628
* bsc#1046024
* bsc#1047218
* bsc#1048046
* bsc#1051429
* bsc#1055676
* bsc#1057743
* bsc#1058173
* bsc#1059011
* bsc#1064781
* bsc#1065609
* bsc#1066210
* bsc#1066801
* bsc#1069468
* bsc#1069758
* bsc#1072798
* bsc#1073877
* bsc#1074971
* bsc#1080978
* bsc#1084533
* bsc#1085117
* bsc#1085380
* bsc#1086185
* bsc#1089732
* bsc#1095817
* bsc#1096726
* bsc#1099277
* bsc#1100331
* bsc#1100727
* bsc#1102522
* bsc#1104821
* bsc#1105000
* bsc#1108038
* bsc#1112980
* bsc#1113313
* bsc#1114832
* bsc#1115464
* bsc#1118897
* bsc#1118898
* bsc#1118899
* bsc#1118990
* bsc#1119634
* bsc#1121412
* bsc#1121768
* bsc#1122469
* bsc#1124308
* bsc#1128376
* bsc#1128746
* bsc#1134068
* bsc#1138920
* bsc#1139649
* bsc#1142160
* bsc#1142413
* bsc#1143349
* bsc#1150397
* bsc#1153367
* bsc#1157330
* bsc#1158590
* bsc#1170415
* bsc#1170446
* bsc#1172377
* bsc#1174075
* bsc#1175081
* bsc#1176708
* bsc#1178760
* bsc#1178801
* bsc#1180243
* bsc#1180401
* bsc#1181594
* bsc#1181641
* bsc#1181677
* bsc#1181730
* bsc#1181732
* bsc#1182168
* bsc#1182476
* bsc#1182947
* bsc#1183855
* bsc#1184768
* bsc#1188447
* bsc#1190670
* bsc#1191015
* bsc#1191121
* bsc#1191334
* bsc#1191355
* bsc#1191434
* bsc#1192814
* bsc#1193273
* bsc#1193930
* bsc#1197284
* bsc#1197517
* bsc#1200022
* bsc#1200145
* bsc#1205375
* bsc#1206065
* bsc#1208074
* bsc#1210141
* bsc#1210797
* bsc#1211578
* bsc#1212368
* bsc#1213120
* bsc#1213229
* bsc#1213500
* bsc#1214107
* bsc#1214108
* bsc#1214109
* bsc#1215323
* bsc#1217513
* bsc#1219267
* bsc#1219268
* bsc#1219438
* bsc#1240150
* bsc#1247362
* bsc#1250508
* bsc#1250596
* bsc#885209
* bsc#907012
* bsc#907014
* bsc#908033
* bsc#909709
* bsc#909710
* bsc#909712
* bsc#913211
* bsc#913213
* bsc#920645
* bsc#930235
* bsc#931301
* bsc#935570
* bsc#938156
* bsc#942369
* bsc#942370
* bsc#946653
* bsc#949660
* bsc#950931
* bsc#953182
* bsc#954737
* bsc#954797
* bsc#954812
* bsc#956434
* bsc#958255
* bsc#959405
* bsc#963142
* bsc#964468
* bsc#964673
* bsc#965600
* bsc#965918
* bsc#968933
* bsc#968972
* bsc#970637
* bsc#974208
* bsc#976777
* bsc#977394
* bsc#978260
* bsc#980555
* bsc#983015
* bsc#984942
* bsc#987198
* bsc#988408
* bsc#988707
* bsc#989566
* bsc#993847
* bsc#995058
* bsc#995102
* bsc#995620
* bsc#996015
* bsc#999582
* jsc#SLE-16460
Cross-References:
* CVE-2014-3499
* CVE-2014-5277
* CVE-2014-6407
* CVE-2014-6408
* CVE-2014-8178
* CVE-2014-8179
* CVE-2014-9356
* CVE-2014-9357
* CVE-2014-9358
* CVE-2015-3627
* CVE-2015-3629
* CVE-2015-3630
* CVE-2015-3631
* CVE-2016-3697
* CVE-2016-8867
* CVE-2016-9962
* CVE-2017-14992
* CVE-2017-16539
* CVE-2018-10892
* CVE-2018-15664
* CVE-2018-16873
* CVE-2018-16874
* CVE-2018-16875
* CVE-2018-20699
* CVE-2019-13509
* CVE-2019-14271
* CVE-2020-12912
* CVE-2020-13401
* CVE-2020-15257
* CVE-2020-8694
* CVE-2020-8695
* CVE-2021-21284
* CVE-2021-21285
* CVE-2021-41089
* CVE-2021-41091
* CVE-2021-41092
* CVE-2021-41103
* CVE-2021-41190
* CVE-2021-43565
* CVE-2022-24769
* CVE-2022-27191
* CVE-2022-36109
* CVE-2023-28840
* CVE-2023-28841
* CVE-2023-28842
* CVE-2024-2365
* CVE-2024-23651
* CVE-2024-23652
* CVE-2024-23653
* CVE-2024-29018
* CVE-2024-41110
* CVE-2025-22868
* CVE-2025-22869
CVSS scores:
* CVE-2014-8178 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2014-8179 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2014-9356 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
* CVE-2015-3629 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2016-3697 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2016-3697 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2016-8867 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2016-9962 ( NVD ): 6.4 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2017-14992 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2017-14992 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2017-16539 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2017-16539 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2018-10892 ( SUSE ): 6.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
* CVE-2018-10892 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2018-10892 ( NVD ): 6.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
* CVE-2018-15664 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2018-15664 ( NVD ): 7.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
* CVE-2018-16873 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2018-16873 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2018-16873 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2018-16874 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2018-16874 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2018-16874 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2018-16875 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2018-16875 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2018-20699 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2018-20699 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2019-13509 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2019-13509 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2019-14271 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2019-14271 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2019-14271 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2020-12912 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2020-12912 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2020-13401 ( SUSE ): 6.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
* CVE-2020-13401 ( NVD ): 6.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
* CVE-2020-15257 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2020-15257 ( NVD ): 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
* CVE-2020-8694 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2020-8694 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2020-8695 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
* CVE-2020-8695 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2021-21284 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N
* CVE-2021-21284 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
* CVE-2021-21285 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2021-21285 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2021-41089 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2021-41089 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
* CVE-2021-41091 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
* CVE-2021-41091 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
* CVE-2021-41092 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
* CVE-2021-41092 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2021-41103 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2021-41103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-41190 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
* CVE-2021-41190 ( NVD ): 3.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
* CVE-2021-43565 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-43565 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-24769 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2022-24769 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2022-27191 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-27191 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-36109 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2022-36109 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2022-36109 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-28840 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
* CVE-2023-28840 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
* CVE-2023-28841 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-28841 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-28842 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
* CVE-2023-28842 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
* CVE-2024-23651 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23651 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-23652 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-23652 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-23653 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-23653 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-29018 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-29018 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-29018 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-29018 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-41110 ( SUSE ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-22868 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22868 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22869 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22869 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Containers Module 15-SP6
* Containers Module 15-SP7
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves 53 vulnerabilities, contains one feature and has 137
security fixes can now be installed.
## Description:
This update for docker-stable fixes the following issues:
Note this update contains a already fixed references mostly.
* Remove git-core recommends on SLE to avoid pulling it in unnecessary.
(bsc#1250508)
This feature is mostly intended for developers ("docker build git://") so most
users already have the dependency installed, and the error when git is missing
is fairly straightforward (so they can easily figure out what they need to
install).
* Include historical changelog data from before the docker-stable fork. The
initial changelog entry did technically provide all the necessary
information, but our CVE tracking tools do not understand how the package is
forked and so it seems that this package does not include fixes for ~12
years of updates. So, include a copy of the original package's changelog up
until the fork point. bsc#1250596
* Update to docker-buildx v0.25.0. Upstream changelog:
( https://github.com/docker/buildx/releases/tag/v0.25.0)
* Update to Go 1.23 for building now that upstream has switched their 23.0.x
LTSS to use Go 1.23.
* Do not try to inject SUSEConnect secrets when in Rootless Docker mode, as
Docker does not have permission to access the host zypper credentials in
this mode (and unprivileged users cannot disable the feature using
/etc/docker/suse-secrets-enable.) bsc#1240150
* Initial docker-stable fork, forked from Docker 24.0.7-ce release (packaged
on 2024-02-14). The original changelog is included below for historical
reference.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3545=1
* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-3545=1
* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2025-3545=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3545=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3545=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3545=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3545=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3545=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3545=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3545=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3545=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3545=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3545=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3545=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-3545=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* docker-stable-24.0.9_ce-150000.1.25.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.25.1
* openSUSE Leap 15.6 (noarch)
* docker-stable-zsh-completion-24.0.9_ce-150000.1.25.1
* docker-stable-fish-completion-24.0.9_ce-150000.1.25.1
* docker-stable-bash-completion-24.0.9_ce-150000.1.25.1
* docker-stable-rootless-extras-24.0.9_ce-150000.1.25.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* docker-stable-24.0.9_ce-150000.1.25.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.25.1
* Containers Module 15-SP6 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.25.1
* docker-stable-zsh-completion-24.0.9_ce-150000.1.25.1
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* docker-stable-24.0.9_ce-150000.1.25.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.25.1
* Containers Module 15-SP7 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.25.1
* docker-stable-zsh-completion-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* docker-stable-24.0.9_ce-150000.1.25.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* docker-stable-24.0.9_ce-150000.1.25.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* docker-stable-24.0.9_ce-150000.1.25.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* docker-stable-24.0.9_ce-150000.1.25.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* docker-stable-24.0.9_ce-150000.1.25.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* docker-stable-24.0.9_ce-150000.1.25.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* docker-stable-24.0.9_ce-150000.1.25.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* docker-stable-24.0.9_ce-150000.1.25.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* docker-stable-24.0.9_ce-150000.1.25.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* docker-stable-24.0.9_ce-150000.1.25.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* docker-stable-24.0.9_ce-150000.1.25.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.25.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.25.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* docker-stable-24.0.9_ce-150000.1.25.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.25.1
* SUSE Enterprise Storage 7.1 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.25.1
## References:
* https://www.suse.com/security/cve/CVE-2014-3499.html
* https://www.suse.com/security/cve/CVE-2014-5277.html
* https://www.suse.com/security/cve/CVE-2014-6407.html
* https://www.suse.com/security/cve/CVE-2014-6408.html
* https://www.suse.com/security/cve/CVE-2014-8178.html
* https://www.suse.com/security/cve/CVE-2014-8179.html
* https://www.suse.com/security/cve/CVE-2014-9356.html
* https://www.suse.com/security/cve/CVE-2014-9357.html
* https://www.suse.com/security/cve/CVE-2014-9358.html
* https://www.suse.com/security/cve/CVE-2015-3627.html
* https://www.suse.com/security/cve/CVE-2015-3629.html
* https://www.suse.com/security/cve/CVE-2015-3630.html
* https://www.suse.com/security/cve/CVE-2015-3631.html
* https://www.suse.com/security/cve/CVE-2016-3697.html
* https://www.suse.com/security/cve/CVE-2016-8867.html
* https://www.suse.com/security/cve/CVE-2016-9962.html
* https://www.suse.com/security/cve/CVE-2017-14992.html
* https://www.suse.com/security/cve/CVE-2017-16539.html
* https://www.suse.com/security/cve/CVE-2018-10892.html
* https://www.suse.com/security/cve/CVE-2018-15664.html
* https://www.suse.com/security/cve/CVE-2018-16873.html
* https://www.suse.com/security/cve/CVE-2018-16874.html
* https://www.suse.com/security/cve/CVE-2018-16875.html
* https://www.suse.com/security/cve/CVE-2018-20699.html
* https://www.suse.com/security/cve/CVE-2019-13509.html
* https://www.suse.com/security/cve/CVE-2019-14271.html
* https://www.suse.com/security/cve/CVE-2020-12912.html
* https://www.suse.com/security/cve/CVE-2020-13401.html
* https://www.suse.com/security/cve/CVE-2020-15257.html
* https://www.suse.com/security/cve/CVE-2020-8694.html
* https://www.suse.com/security/cve/CVE-2020-8695.html
* https://www.suse.com/security/cve/CVE-2021-21284.html
* https://www.suse.com/security/cve/CVE-2021-21285.html
* https://www.suse.com/security/cve/CVE-2021-41089.html
* https://www.suse.com/security/cve/CVE-2021-41091.html
* https://www.suse.com/security/cve/CVE-2021-41092.html
* https://www.suse.com/security/cve/CVE-2021-41103.html
* https://www.suse.com/security/cve/CVE-2021-41190.html
* https://www.suse.com/security/cve/CVE-2021-43565.html
* https://www.suse.com/security/cve/CVE-2022-24769.html
* https://www.suse.com/security/cve/CVE-2022-27191.html
* https://www.suse.com/security/cve/CVE-2022-36109.html
* https://www.suse.com/security/cve/CVE-2023-28840.html
* https://www.suse.com/security/cve/CVE-2023-28841.html
* https://www.suse.com/security/cve/CVE-2023-28842.html
* https://www.suse.com/security/cve/CVE-2024-2365.html
* https://www.suse.com/security/cve/CVE-2024-23651.html
* https://www.suse.com/security/cve/CVE-2024-23652.html
* https://www.suse.com/security/cve/CVE-2024-23653.html
* https://www.suse.com/security/cve/CVE-2024-29018.html
* https://www.suse.com/security/cve/CVE-2024-41110.html
* https://www.suse.com/security/cve/CVE-2025-22868.html
* https://www.suse.com/security/cve/CVE-2025-22869.html
* https://bugzilla.suse.com/show_bug.cgi?id=1001161
* https://bugzilla.suse.com/show_bug.cgi?id=1004490
* https://bugzilla.suse.com/show_bug.cgi?id=1007249
* https://bugzilla.suse.com/show_bug.cgi?id=1009961
* https://bugzilla.suse.com/show_bug.cgi?id=1012568
* https://bugzilla.suse.com/show_bug.cgi?id=1015661
* https://bugzilla.suse.com/show_bug.cgi?id=1016307
* https://bugzilla.suse.com/show_bug.cgi?id=1016992
* https://bugzilla.suse.com/show_bug.cgi?id=1019251
* https://bugzilla.suse.com/show_bug.cgi?id=1020806
* https://bugzilla.suse.com/show_bug.cgi?id=1021227
* https://bugzilla.suse.com/show_bug.cgi?id=1026827
* https://bugzilla.suse.com/show_bug.cgi?id=1028638
* https://bugzilla.suse.com/show_bug.cgi?id=1028639
* https://bugzilla.suse.com/show_bug.cgi?id=1029320
* https://bugzilla.suse.com/show_bug.cgi?id=1029630
* https://bugzilla.suse.com/show_bug.cgi?id=1030702
* https://bugzilla.suse.com/show_bug.cgi?id=1032287
* https://bugzilla.suse.com/show_bug.cgi?id=1032644
* https://bugzilla.suse.com/show_bug.cgi?id=1034053
* https://bugzilla.suse.com/show_bug.cgi?id=1034063
* https://bugzilla.suse.com/show_bug.cgi?id=1037436
* https://bugzilla.suse.com/show_bug.cgi?id=1037607
* https://bugzilla.suse.com/show_bug.cgi?id=1038476
* https://bugzilla.suse.com/show_bug.cgi?id=1038493
* https://bugzilla.suse.com/show_bug.cgi?id=1045628
* https://bugzilla.suse.com/show_bug.cgi?id=1046024
* https://bugzilla.suse.com/show_bug.cgi?id=1047218
* https://bugzilla.suse.com/show_bug.cgi?id=1048046
* https://bugzilla.suse.com/show_bug.cgi?id=1051429
* https://bugzilla.suse.com/show_bug.cgi?id=1055676
* https://bugzilla.suse.com/show_bug.cgi?id=1057743
* https://bugzilla.suse.com/show_bug.cgi?id=1058173
* https://bugzilla.suse.com/show_bug.cgi?id=1059011
* https://bugzilla.suse.com/show_bug.cgi?id=1064781
* https://bugzilla.suse.com/show_bug.cgi?id=1065609
* https://bugzilla.suse.com/show_bug.cgi?id=1066210
* https://bugzilla.suse.com/show_bug.cgi?id=1066801
* https://bugzilla.suse.com/show_bug.cgi?id=1069468
* https://bugzilla.suse.com/show_bug.cgi?id=1069758
* https://bugzilla.suse.com/show_bug.cgi?id=1072798
* https://bugzilla.suse.com/show_bug.cgi?id=1073877
* https://bugzilla.suse.com/show_bug.cgi?id=1074971
* https://bugzilla.suse.com/show_bug.cgi?id=1080978
* https://bugzilla.suse.com/show_bug.cgi?id=1084533
* https://bugzilla.suse.com/show_bug.cgi?id=1085117
* https://bugzilla.suse.com/show_bug.cgi?id=1085380
* https://bugzilla.suse.com/show_bug.cgi?id=1086185
* https://bugzilla.suse.com/show_bug.cgi?id=1089732
* https://bugzilla.suse.com/show_bug.cgi?id=1095817
* https://bugzilla.suse.com/show_bug.cgi?id=1096726
* https://bugzilla.suse.com/show_bug.cgi?id=1099277
* https://bugzilla.suse.com/show_bug.cgi?id=1100331
* https://bugzilla.suse.com/show_bug.cgi?id=1100727
* https://bugzilla.suse.com/show_bug.cgi?id=1102522
* https://bugzilla.suse.com/show_bug.cgi?id=1104821
* https://bugzilla.suse.com/show_bug.cgi?id=1105000
* https://bugzilla.suse.com/show_bug.cgi?id=1108038
* https://bugzilla.suse.com/show_bug.cgi?id=1112980
* https://bugzilla.suse.com/show_bug.cgi?id=1113313
* https://bugzilla.suse.com/show_bug.cgi?id=1114832
* https://bugzilla.suse.com/show_bug.cgi?id=1115464
* https://bugzilla.suse.com/show_bug.cgi?id=1118897
* https://bugzilla.suse.com/show_bug.cgi?id=1118898
* https://bugzilla.suse.com/show_bug.cgi?id=1118899
* https://bugzilla.suse.com/show_bug.cgi?id=1118990
* https://bugzilla.suse.com/show_bug.cgi?id=1119634
* https://bugzilla.suse.com/show_bug.cgi?id=1121412
* https://bugzilla.suse.com/show_bug.cgi?id=1121768
* https://bugzilla.suse.com/show_bug.cgi?id=1122469
* https://bugzilla.suse.com/show_bug.cgi?id=1124308
* https://bugzilla.suse.com/show_bug.cgi?id=1128376
* https://bugzilla.suse.com/show_bug.cgi?id=1128746
* https://bugzilla.suse.com/show_bug.cgi?id=1134068
* https://bugzilla.suse.com/show_bug.cgi?id=1138920
* https://bugzilla.suse.com/show_bug.cgi?id=1139649
* https://bugzilla.suse.com/show_bug.cgi?id=1142160
* https://bugzilla.suse.com/show_bug.cgi?id=1142413
* https://bugzilla.suse.com/show_bug.cgi?id=1143349
* https://bugzilla.suse.com/show_bug.cgi?id=1150397
* https://bugzilla.suse.com/show_bug.cgi?id=1153367
* https://bugzilla.suse.com/show_bug.cgi?id=1157330
* https://bugzilla.suse.com/show_bug.cgi?id=1158590
* https://bugzilla.suse.com/show_bug.cgi?id=1170415
* https://bugzilla.suse.com/show_bug.cgi?id=1170446
* https://bugzilla.suse.com/show_bug.cgi?id=1172377
* https://bugzilla.suse.com/show_bug.cgi?id=1174075
* https://bugzilla.suse.com/show_bug.cgi?id=1175081
* https://bugzilla.suse.com/show_bug.cgi?id=1176708
* https://bugzilla.suse.com/show_bug.cgi?id=1178760
* https://bugzilla.suse.com/show_bug.cgi?id=1178801
* https://bugzilla.suse.com/show_bug.cgi?id=1180243
* https://bugzilla.suse.com/show_bug.cgi?id=1180401
* https://bugzilla.suse.com/show_bug.cgi?id=1181594
* https://bugzilla.suse.com/show_bug.cgi?id=1181641
* https://bugzilla.suse.com/show_bug.cgi?id=1181677
* https://bugzilla.suse.com/show_bug.cgi?id=1181730
* https://bugzilla.suse.com/show_bug.cgi?id=1181732
* https://bugzilla.suse.com/show_bug.cgi?id=1182168
* https://bugzilla.suse.com/show_bug.cgi?id=1182476
* https://bugzilla.suse.com/show_bug.cgi?id=1182947
* https://bugzilla.suse.com/show_bug.cgi?id=1183855
* https://bugzilla.suse.com/show_bug.cgi?id=1184768
* https://bugzilla.suse.com/show_bug.cgi?id=1188447
* https://bugzilla.suse.com/show_bug.cgi?id=1190670
* https://bugzilla.suse.com/show_bug.cgi?id=1191015
* https://bugzilla.suse.com/show_bug.cgi?id=1191121
* https://bugzilla.suse.com/show_bug.cgi?id=1191334
* https://bugzilla.suse.com/show_bug.cgi?id=1191355
* https://bugzilla.suse.com/show_bug.cgi?id=1191434
* https://bugzilla.suse.com/show_bug.cgi?id=1192814
* https://bugzilla.suse.com/show_bug.cgi?id=1193273
* https://bugzilla.suse.com/show_bug.cgi?id=1193930
* https://bugzilla.suse.com/show_bug.cgi?id=1197284
* https://bugzilla.suse.com/show_bug.cgi?id=1197517
* https://bugzilla.suse.com/show_bug.cgi?id=1200022
* https://bugzilla.suse.com/show_bug.cgi?id=1200145
* https://bugzilla.suse.com/show_bug.cgi?id=1205375
* https://bugzilla.suse.com/show_bug.cgi?id=1206065
* https://bugzilla.suse.com/show_bug.cgi?id=1208074
* https://bugzilla.suse.com/show_bug.cgi?id=1210141
* https://bugzilla.suse.com/show_bug.cgi?id=1210797
* https://bugzilla.suse.com/show_bug.cgi?id=1211578
* https://bugzilla.suse.com/show_bug.cgi?id=1212368
* https://bugzilla.suse.com/show_bug.cgi?id=1213120
* https://bugzilla.suse.com/show_bug.cgi?id=1213229
* https://bugzilla.suse.com/show_bug.cgi?id=1213500
* https://bugzilla.suse.com/show_bug.cgi?id=1214107
* https://bugzilla.suse.com/show_bug.cgi?id=1214108
* https://bugzilla.suse.com/show_bug.cgi?id=1214109
* https://bugzilla.suse.com/show_bug.cgi?id=1215323
* https://bugzilla.suse.com/show_bug.cgi?id=1217513
* https://bugzilla.suse.com/show_bug.cgi?id=1219267
* https://bugzilla.suse.com/show_bug.cgi?id=1219268
* https://bugzilla.suse.com/show_bug.cgi?id=1219438
* https://bugzilla.suse.com/show_bug.cgi?id=1240150
* https://bugzilla.suse.com/show_bug.cgi?id=1247362
* https://bugzilla.suse.com/show_bug.cgi?id=1250508
* https://bugzilla.suse.com/show_bug.cgi?id=1250596
* https://bugzilla.suse.com/show_bug.cgi?id=885209
* https://bugzilla.suse.com/show_bug.cgi?id=907012
* https://bugzilla.suse.com/show_bug.cgi?id=907014
* https://bugzilla.suse.com/show_bug.cgi?id=908033
* https://bugzilla.suse.com/show_bug.cgi?id=909709
* https://bugzilla.suse.com/show_bug.cgi?id=909710
* https://bugzilla.suse.com/show_bug.cgi?id=909712
* https://bugzilla.suse.com/show_bug.cgi?id=913211
* https://bugzilla.suse.com/show_bug.cgi?id=913213
* https://bugzilla.suse.com/show_bug.cgi?id=920645
* https://bugzilla.suse.com/show_bug.cgi?id=930235
* https://bugzilla.suse.com/show_bug.cgi?id=931301
* https://bugzilla.suse.com/show_bug.cgi?id=935570
* https://bugzilla.suse.com/show_bug.cgi?id=938156
* https://bugzilla.suse.com/show_bug.cgi?id=942369
* https://bugzilla.suse.com/show_bug.cgi?id=942370
* https://bugzilla.suse.com/show_bug.cgi?id=946653
* https://bugzilla.suse.com/show_bug.cgi?id=949660
* https://bugzilla.suse.com/show_bug.cgi?id=950931
* https://bugzilla.suse.com/show_bug.cgi?id=953182
* https://bugzilla.suse.com/show_bug.cgi?id=954737
* https://bugzilla.suse.com/show_bug.cgi?id=954797
* https://bugzilla.suse.com/show_bug.cgi?id=954812
* https://bugzilla.suse.com/show_bug.cgi?id=956434
* https://bugzilla.suse.com/show_bug.cgi?id=958255
* https://bugzilla.suse.com/show_bug.cgi?id=959405
* https://bugzilla.suse.com/show_bug.cgi?id=963142
* https://bugzilla.suse.com/show_bug.cgi?id=964468
* https://bugzilla.suse.com/show_bug.cgi?id=964673
* https://bugzilla.suse.com/show_bug.cgi?id=965600
* https://bugzilla.suse.com/show_bug.cgi?id=965918
* https://bugzilla.suse.com/show_bug.cgi?id=968933
* https://bugzilla.suse.com/show_bug.cgi?id=968972
* https://bugzilla.suse.com/show_bug.cgi?id=970637
* https://bugzilla.suse.com/show_bug.cgi?id=974208
* https://bugzilla.suse.com/show_bug.cgi?id=976777
* https://bugzilla.suse.com/show_bug.cgi?id=977394
* https://bugzilla.suse.com/show_bug.cgi?id=978260
* https://bugzilla.suse.com/show_bug.cgi?id=980555
* https://bugzilla.suse.com/show_bug.cgi?id=983015
* https://bugzilla.suse.com/show_bug.cgi?id=984942
* https://bugzilla.suse.com/show_bug.cgi?id=987198
* https://bugzilla.suse.com/show_bug.cgi?id=988408
* https://bugzilla.suse.com/show_bug.cgi?id=988707
* https://bugzilla.suse.com/show_bug.cgi?id=989566
* https://bugzilla.suse.com/show_bug.cgi?id=993847
* https://bugzilla.suse.com/show_bug.cgi?id=995058
* https://bugzilla.suse.com/show_bug.cgi?id=995102
* https://bugzilla.suse.com/show_bug.cgi?id=995620
* https://bugzilla.suse.com/show_bug.cgi?id=996015
* https://bugzilla.suse.com/show_bug.cgi?id=999582
* https://jira.suse.com/browse/SLE-16460
SUSE-SU-2025:03543-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP4)
# Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP4)
Announcement ID: SUSE-SU-2025:03543-1
Release Date: 2025-10-10T23:33:51Z
Rating: important
References:
* bsc#1237048
* bsc#1240744
* bsc#1243650
* bsc#1247315
Cross-References:
* CVE-2024-53168
* CVE-2025-21692
* CVE-2025-21791
* CVE-2025-38477
CVSS scores:
* CVE-2024-53168 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53168 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves four vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150400_24_150 fixes several issues.
The following security issues were fixed:
* CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(bsc#1243650).
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
* CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3543=1 SUSE-2025-3544=1 SUSE-2025-3542=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3543=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-3544=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2025-3542=1
## Package List:
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_36-debugsource-8-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_34-debugsource-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-debuginfo-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-debuginfo-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-13-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_35-debugsource-13-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_36-debugsource-8-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_34-debugsource-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-debuginfo-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-debuginfo-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-13-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_35-debugsource-13-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-53168.html
* https://www.suse.com/security/cve/CVE-2025-21692.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237048
* https://bugzilla.suse.com/show_bug.cgi?id=1240744
* https://bugzilla.suse.com/show_bug.cgi?id=1243650
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03541-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4)
# Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4)
Announcement ID: SUSE-SU-2025:03541-1
Release Date: 2025-10-10T20:33:43Z
Rating: important
References:
* bsc#1240744
* bsc#1243650
* bsc#1247315
Cross-References:
* CVE-2024-53168
* CVE-2025-21791
* CVE-2025-38477
CVSS scores:
* CVE-2024-53168 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53168 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves three vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150400_24_153 fixes several issues.
The following security issues were fixed:
* CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(bsc#1243650).
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3541=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3541=1
## Package List:
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_153-default-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-8-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_37-debugsource-8-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_153-default-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-8-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_37-debugsource-8-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-53168.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1240744
* https://bugzilla.suse.com/show_bug.cgi?id=1243650
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03552-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP4)
# Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP4)
Announcement ID: SUSE-SU-2025:03552-1
Release Date: 2025-10-11T16:04:03Z
Rating: important
References:
* bsc#1247315
Cross-References:
* CVE-2025-38477
CVSS scores:
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves one vulnerability can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150400_24_170 fixes one issue.
The following security issue was fixed:
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3552=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3552=1
## Package List:
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-5-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-5-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03547-1: important: Security update for go1.25
# Security update for go1.25
Announcement ID: SUSE-SU-2025:03547-1
Release Date: 2025-10-11T01:22:57Z
Rating: important
References:
* bsc#1244485
* bsc#1251253
* bsc#1251254
* bsc#1251255
* bsc#1251256
* bsc#1251257
* bsc#1251258
* bsc#1251259
* bsc#1251260
* bsc#1251261
* bsc#1251262
Cross-References:
* CVE-2025-47912
* CVE-2025-58183
* CVE-2025-58185
* CVE-2025-58186
* CVE-2025-58187
* CVE-2025-58188
* CVE-2025-58189
* CVE-2025-61723
* CVE-2025-61724
* CVE-2025-61725
CVSS scores:
* CVE-2025-47912 ( SUSE ): 9.4
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
* CVE-2025-47912 ( SUSE ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2025-58183 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58183 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-58185 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58185 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58186 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58186 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58187 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58187 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58188 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-58188 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-58189 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
* CVE-2025-58189 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
* CVE-2025-61723 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-61723 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-61724 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-61724 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-61725 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61725 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
* Development Tools Module 15-SP6
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves 10 vulnerabilities and has one security fix can now be
installed.
## Description:
This update for go1.25 fixes the following issues:
go1.25.2 (released 2025-10-07) includes security fixes to the archive/tar,
crypto/tls, crypto/x509, encoding/asn1, encoding/pem, net/http, net/mail,
net/textproto, and net/url packages, as well as bug fixes to the compiler, the
runtime, and the context, debug/pe, net/http, os, and sync/atomic packages.
(bsc#1244485)
CVE-2025-58189 CVE-2025-61725 CVE-2025-58188 CVE-2025-58185 CVE-2025-58186
CVE-2025-61723 CVE-2025-58183 CVE-2025-47912 CVE-2025-58187 CVE-2025-61724:
* bsc#1251255 CVE-2025-58189: crypto/tls: ALPN negotiation error contains
attacker controlled information
* bsc#1251253 CVE-2025-61725: net/mail: excessive CPU consumption in
ParseAddress
* bsc#1251260 CVE-2025-58188: crypto/x509: panic when validating certificates
with DSA public keys
* bsc#1251258 CVE-2025-58185: encoding/asn1: pre-allocating memory when
parsing DER payload can cause memory exhaustion
* bsc#1251259 CVE-2025-58186: net/http: lack of limit when parsing cookies can
cause memory exhaustion
* bsc#1251256 CVE-2025-61723: encoding/pem: quadratic complexity when parsing
some invalid inputs
* bsc#1251261 CVE-2025-58183: archive/tar: unbounded allocation when parsing
GNU sparse map
* bsc#1251257 CVE-2025-47912: net/url: insufficient validation of bracketed
IPv6 hostnames
* bsc#1251254 CVE-2025-58187: crypto/x509: quadratic complexity when checking
name constraints
* bsc#1251262 CVE-2025-61724: net/textproto: excessive CPU consumption in
Reader.ReadResponse
* go#75111 os, syscall: volume handles with FILE_FLAG_OVERLAPPED fail when
calling ReadAt
* go#75116 os: Root.MkdirAll can return "file exists" when called concurrently
on the same path
* go#75139 os: Root.OpenRoot sets incorrect name, losing prefix of original
root
* go#75221 debug/pe: pe.Open fails on object files produced by llvm-mingw 21
* go#75255 cmd/compile: export to DWARF types only referenced through
interfaces
* go#75347 testing/synctest: test timeout with no runnable goroutines
* go#75357 net: new test TestIPv4WriteMsgUDPAddrPortTargetAddrIPVersion fails
on plan9
* go#75524 crypto/internal/fips140/rsa: requires a panic if self-tests fail
* go#75537 context: Err can return non-nil before Done channel is closed
* go#75539 net/http: internal error: connCount underflow
* go#75595 cmd/compile: internal compiler error with GOEXPERIMENT=cgocheck2 on
github.com/leodido/go-urn
* go#75610 sync/atomic: comment for Uintptr.Or incorrectly describes return
value
* go#75669 runtime: debug.decoratemappings don't work as expected
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3547=1
* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-3547=1
* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-3547=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3547=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3547=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3547=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3547=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3547=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3547=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3547=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3547=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3547=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3547=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3547=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-3547=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.25-race-1.25.2-150000.1.14.1
* go1.25-1.25.2-150000.1.14.1
* go1.25-doc-1.25.2-150000.1.14.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* go1.25-race-1.25.2-150000.1.14.1
* go1.25-1.25.2-150000.1.14.1
* go1.25-doc-1.25.2-150000.1.14.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* go1.25-race-1.25.2-150000.1.14.1
* go1.25-1.25.2-150000.1.14.1
* go1.25-doc-1.25.2-150000.1.14.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* go1.25-race-1.25.2-150000.1.14.1
* go1.25-1.25.2-150000.1.14.1
* go1.25-doc-1.25.2-150000.1.14.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* go1.25-race-1.25.2-150000.1.14.1
* go1.25-1.25.2-150000.1.14.1
* go1.25-doc-1.25.2-150000.1.14.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* go1.25-race-1.25.2-150000.1.14.1
* go1.25-1.25.2-150000.1.14.1
* go1.25-doc-1.25.2-150000.1.14.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* go1.25-race-1.25.2-150000.1.14.1
* go1.25-1.25.2-150000.1.14.1
* go1.25-doc-1.25.2-150000.1.14.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* go1.25-race-1.25.2-150000.1.14.1
* go1.25-1.25.2-150000.1.14.1
* go1.25-doc-1.25.2-150000.1.14.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* go1.25-race-1.25.2-150000.1.14.1
* go1.25-1.25.2-150000.1.14.1
* go1.25-doc-1.25.2-150000.1.14.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* go1.25-race-1.25.2-150000.1.14.1
* go1.25-1.25.2-150000.1.14.1
* go1.25-doc-1.25.2-150000.1.14.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* go1.25-race-1.25.2-150000.1.14.1
* go1.25-1.25.2-150000.1.14.1
* go1.25-doc-1.25.2-150000.1.14.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* go1.25-race-1.25.2-150000.1.14.1
* go1.25-1.25.2-150000.1.14.1
* go1.25-doc-1.25.2-150000.1.14.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* go1.25-race-1.25.2-150000.1.14.1
* go1.25-1.25.2-150000.1.14.1
* go1.25-doc-1.25.2-150000.1.14.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* go1.25-race-1.25.2-150000.1.14.1
* go1.25-1.25.2-150000.1.14.1
* go1.25-doc-1.25.2-150000.1.14.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* go1.25-race-1.25.2-150000.1.14.1
* go1.25-1.25.2-150000.1.14.1
* go1.25-doc-1.25.2-150000.1.14.1
## References:
* https://www.suse.com/security/cve/CVE-2025-47912.html
* https://www.suse.com/security/cve/CVE-2025-58183.html
* https://www.suse.com/security/cve/CVE-2025-58185.html
* https://www.suse.com/security/cve/CVE-2025-58186.html
* https://www.suse.com/security/cve/CVE-2025-58187.html
* https://www.suse.com/security/cve/CVE-2025-58188.html
* https://www.suse.com/security/cve/CVE-2025-58189.html
* https://www.suse.com/security/cve/CVE-2025-61723.html
* https://www.suse.com/security/cve/CVE-2025-61724.html
* https://www.suse.com/security/cve/CVE-2025-61725.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244485
* https://bugzilla.suse.com/show_bug.cgi?id=1251253
* https://bugzilla.suse.com/show_bug.cgi?id=1251254
* https://bugzilla.suse.com/show_bug.cgi?id=1251255
* https://bugzilla.suse.com/show_bug.cgi?id=1251256
* https://bugzilla.suse.com/show_bug.cgi?id=1251257
* https://bugzilla.suse.com/show_bug.cgi?id=1251258
* https://bugzilla.suse.com/show_bug.cgi?id=1251259
* https://bugzilla.suse.com/show_bug.cgi?id=1251260
* https://bugzilla.suse.com/show_bug.cgi?id=1251261
* https://bugzilla.suse.com/show_bug.cgi?id=1251262
SUSE-SU-2025:03551-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP4)
# Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP4)
Announcement ID: SUSE-SU-2025:03551-1
Release Date: 2025-10-11T16:03:56Z
Rating: important
References:
* bsc#1243650
* bsc#1247315
Cross-References:
* CVE-2024-53168
* CVE-2025-38477
CVSS scores:
* CVE-2024-53168 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53168 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves two vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150400_24_164 fixes several issues.
The following security issues were fixed:
* CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(bsc#1243650).
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3551=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3551=1
## Package List:
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_164-default-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-7-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-7-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_164-default-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-7-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-7-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-53168.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1243650
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03554-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:03554-1
Release Date: 2025-10-11T18:33:41Z
Rating: important
References:
* bsc#1237048
* bsc#1240744
* bsc#1243650
* bsc#1247315
Cross-References:
* CVE-2024-53168
* CVE-2025-21692
* CVE-2025-21791
* CVE-2025-38477
CVSS scores:
* CVE-2024-53168 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53168 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves four vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_91 fixes several issues.
The following security issues were fixed:
* CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(bsc#1243650).
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
* CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3554=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3554=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_91-default-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-12-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_22-debugsource-12-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_91-default-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-12-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_22-debugsource-12-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-53168.html
* https://www.suse.com/security/cve/CVE-2025-21692.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237048
* https://bugzilla.suse.com/show_bug.cgi?id=1240744
* https://bugzilla.suse.com/show_bug.cgi?id=1243650
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03550-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP4)
# Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP4)
Announcement ID: SUSE-SU-2025:03550-1
Release Date: 2025-10-11T07:04:07Z
Rating: important
References:
* bsc#1247315
Cross-References:
* CVE-2025-38477
CVSS scores:
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves one vulnerability can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150400_24_167 fixes one issue.
The following security issue was fixed:
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3550=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3550=1
## Package List:
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_167-default-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-6-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-6-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_167-default-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-6-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-6-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03548-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4)
# Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4)
Announcement ID: SUSE-SU-2025:03548-1
Release Date: 2025-10-11T07:04:00Z
Rating: important
References:
* bsc#1233072
* bsc#1237048
* bsc#1240744
* bsc#1243650
* bsc#1247315
Cross-References:
* CVE-2024-50154
* CVE-2024-53168
* CVE-2025-21692
* CVE-2025-21791
* CVE-2025-38477
CVSS scores:
* CVE-2024-50154 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50154 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50154 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50154 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53168 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves five vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150400_24_136 fixes several issues.
The following security issues were fixed:
* CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(bsc#1243650).
* CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink()
(bsc#1233072).
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
* CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3548=1 SUSE-2025-3549=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3548=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-3549=1
## Package List:
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_133-default-debuginfo-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-16-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_32-debugsource-16-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_31-debugsource-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-16-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_133-default-debuginfo-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-16-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_32-debugsource-16-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_31-debugsource-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-16-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-50154.html
* https://www.suse.com/security/cve/CVE-2024-53168.html
* https://www.suse.com/security/cve/CVE-2025-21692.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233072
* https://bugzilla.suse.com/show_bug.cgi?id=1237048
* https://bugzilla.suse.com/show_bug.cgi?id=1240744
* https://bugzilla.suse.com/show_bug.cgi?id=1243650
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03553-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:03553-1
Release Date: 2025-10-11T18:33:34Z
Rating: important
References:
* bsc#1233072
* bsc#1237048
* bsc#1240744
* bsc#1243650
* bsc#1247315
Cross-References:
* CVE-2024-50154
* CVE-2024-53168
* CVE-2025-21692
* CVE-2025-21791
* CVE-2025-38477
CVSS scores:
* CVE-2024-50154 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50154 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50154 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50154 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53168 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves five vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_80 fixes several issues.
The following security issues were fixed:
* CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(bsc#1243650).
* CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink()
(bsc#1233072).
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
* CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3553=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3553=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_19-debugsource-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-16-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_19-debugsource-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-16-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-50154.html
* https://www.suse.com/security/cve/CVE-2024-53168.html
* https://www.suse.com/security/cve/CVE-2025-21692.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233072
* https://bugzilla.suse.com/show_bug.cgi?id=1237048
* https://bugzilla.suse.com/show_bug.cgi?id=1240744
* https://bugzilla.suse.com/show_bug.cgi?id=1243650
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03555-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:03555-1
Release Date: 2025-10-11T20:33:39Z
Rating: important
References:
* bsc#1237048
* bsc#1240744
* bsc#1243650
* bsc#1247315
Cross-References:
* CVE-2024-53168
* CVE-2025-21692
* CVE-2025-21791
* CVE-2025-38477
CVSS scores:
* CVE-2024-53168 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53168 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves four vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_94 fixes several issues.
The following security issues were fixed:
* CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(bsc#1243650).
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
* CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3556=1 SUSE-2025-3555=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3556=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-3555=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_88-default-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-8-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_21-debugsource-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_94-default-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-12-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_23-debugsource-8-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_88-default-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-8-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_21-debugsource-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_94-default-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-12-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_23-debugsource-8-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-53168.html
* https://www.suse.com/security/cve/CVE-2025-21692.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237048
* https://bugzilla.suse.com/show_bug.cgi?id=1240744
* https://bugzilla.suse.com/show_bug.cgi?id=1243650
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03561-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:03561-1
Release Date: 2025-10-12T03:04:45Z
Rating: important
References:
* bsc#1243650
* bsc#1247315
Cross-References:
* CVE-2024-53168
* CVE-2025-38477
CVSS scores:
* CVE-2024-53168 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53168 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves two vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_103 fixes several issues.
The following security issues were fixed:
* CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(bsc#1243650).
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3561=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3561=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_103-default-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-7-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_103-default-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-7-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-53168.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1243650
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03557-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:03557-1
Release Date: 2025-10-11T22:33:38Z
Rating: important
References:
* bsc#1233072
* bsc#1237048
* bsc#1240744
* bsc#1243650
* bsc#1247315
Cross-References:
* CVE-2024-50154
* CVE-2024-53168
* CVE-2025-21692
* CVE-2025-21791
* CVE-2025-38477
CVSS scores:
* CVE-2024-50154 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50154 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50154 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50154 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53168 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves five vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_83 fixes several issues.
The following security issues were fixed:
* CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(bsc#1243650).
* CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink()
(bsc#1233072).
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
* CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3557=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3557=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-16-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_20-debugsource-16-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-16-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_20-debugsource-16-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-50154.html
* https://www.suse.com/security/cve/CVE-2024-53168.html
* https://www.suse.com/security/cve/CVE-2025-21692.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233072
* https://bugzilla.suse.com/show_bug.cgi?id=1237048
* https://bugzilla.suse.com/show_bug.cgi?id=1240744
* https://bugzilla.suse.com/show_bug.cgi?id=1243650
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03562-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:03562-1
Release Date: 2025-10-12T03:04:53Z
Rating: important
References:
* bsc#1247315
Cross-References:
* CVE-2025-38477
CVSS scores:
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves one vulnerability can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_116 fixes one issue.
The following security issue was fixed:
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3558=1 SUSE-2025-3562=1 SUSE-2025-3560=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3558=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-3562=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2025-3560=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_27-debugsource-6-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_29-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-4-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_27-debugsource-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-4-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x)
* kernel-livepatch-SLE15-SP5_Update_29-debugsource-4-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03566-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:03566-1
Release Date: 2025-10-12T07:04:09Z
Rating: important
References:
* bsc#1233072
* bsc#1237048
* bsc#1240744
* bsc#1243650
* bsc#1245509
* bsc#1247315
Cross-References:
* CVE-2024-50154
* CVE-2024-53168
* CVE-2025-21692
* CVE-2025-21791
* CVE-2025-38089
* CVE-2025-38477
CVSS scores:
* CVE-2024-50154 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50154 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50154 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50154 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53168 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38089 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38089 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves six vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_25 fixes several issues.
The following security issues were fixed:
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
* CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(bsc#1243650).
* CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink()
(bsc#1233072).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
* CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as
auth error (bsc#1245509).
* CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3566=1 SUSE-2025-3565=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3566=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-3565=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_5-debugsource-17-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_4-debugsource-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-17-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-17-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_5-debugsource-17-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_4-debugsource-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-17-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-17-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-50154.html
* https://www.suse.com/security/cve/CVE-2024-53168.html
* https://www.suse.com/security/cve/CVE-2025-21692.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-38089.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233072
* https://bugzilla.suse.com/show_bug.cgi?id=1237048
* https://bugzilla.suse.com/show_bug.cgi?id=1240744
* https://bugzilla.suse.com/show_bug.cgi?id=1243650
* https://bugzilla.suse.com/show_bug.cgi?id=1245509
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03567-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:03567-1
Release Date: 2025-10-12T08:04:03Z
Rating: important
References:
* bsc#1245509
* bsc#1247315
Cross-References:
* CVE-2025-38089
* CVE-2025-38477
CVSS scores:
* CVE-2025-38089 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38089 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves two vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_53 fixes several issues.
The following security issues were fixed:
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
* CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as
auth error (bsc#1245509).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3567=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3567=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-6-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-6-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38089.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245509
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03559-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:03559-1
Release Date: 2025-10-12T05:03:48Z
Rating: important
References:
* bsc#1240744
* bsc#1243650
* bsc#1247315
Cross-References:
* CVE-2024-53168
* CVE-2025-21791
* CVE-2025-38477
CVSS scores:
* CVE-2024-53168 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53168 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves three vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_100 fixes several issues.
The following security issues were fixed:
* CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(bsc#1243650).
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3559=1 SUSE-2025-3564=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3559=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-3564=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_100-default-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_24-debugsource-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_25-debugsource-7-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_100-default-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_24-debugsource-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_25-debugsource-7-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-53168.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1240744
* https://bugzilla.suse.com/show_bug.cgi?id=1243650
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03563-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:03563-1
Release Date: 2025-10-12T04:33:29Z
Rating: important
References:
* bsc#1240744
* bsc#1245509
* bsc#1247315
Cross-References:
* CVE-2025-21791
* CVE-2025-38089
* CVE-2025-38477
CVSS scores:
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38089 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38089 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves three vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_42 fixes several issues.
The following security issues were fixed:
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
* CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as
auth error (bsc#1245509).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3563=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3563=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-8-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_9-debugsource-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-8-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-8-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_9-debugsource-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-8-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-38089.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1240744
* https://bugzilla.suse.com/show_bug.cgi?id=1245509
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03569-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:03569-1
Release Date: 2025-10-12T10:04:13Z
Rating: important
References:
* bsc#1237048
* bsc#1240744
* bsc#1245509
* bsc#1247315
Cross-References:
* CVE-2025-21692
* CVE-2025-21791
* CVE-2025-38089
* CVE-2025-38477
CVSS scores:
* CVE-2025-21692 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38089 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38089 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves four vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_38 fixes several issues.
The following security issues were fixed:
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
* CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as
auth error (bsc#1245509).
* CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3569=1 SUSE-2025-3570=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3569=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-3570=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_7-debugsource-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_38-default-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_38-default-debuginfo-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-13-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_8-debugsource-8-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_7-debugsource-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_38-default-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_38-default-debuginfo-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-13-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_8-debugsource-8-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-21692.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-38089.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237048
* https://bugzilla.suse.com/show_bug.cgi?id=1240744
* https://bugzilla.suse.com/show_bug.cgi?id=1245509
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03568-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:03568-1
Release Date: 2025-10-12T08:33:33Z
Rating: important
References:
* bsc#1247315
Cross-References:
* CVE-2025-38477
CVSS scores:
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_60 fixes one issue.
The following security issue was fixed:
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3568=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3568=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_13-debugsource-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-5-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_13-debugsource-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-5-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03572-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP7)
# Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP7)
Announcement ID: SUSE-SU-2025:03572-1
Release Date: 2025-10-12T13:33:30Z
Rating: important
References:
* bsc#1245509
* bsc#1247315
Cross-References:
* CVE-2025-38089
* CVE-2025-38477
CVSS scores:
* CVE-2025-38089 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38089 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves two vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150700_53_3 fixes several issues.
The following security issues were fixed:
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
* CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as
auth error (bsc#1245509).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3572=1 SUSE-2025-3573=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3572=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-3573=1
* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2025-3574=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-7-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-6-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_10-debugsource-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_50-default-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-7-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-7-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-6-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_10-debugsource-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_50-default-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-7-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150700_53_3-default-debuginfo-5-150700.2.1
* kernel-livepatch-SLE15-SP7_Update_1-debugsource-5-150700.2.1
* kernel-livepatch-6_4_0-150700_53_3-default-5-150700.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38089.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245509
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03571-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:03571-1
Release Date: 2025-10-12T11:33:33Z
Rating: important
References:
* bsc#1237048
* bsc#1240744
* bsc#1243650
* bsc#1245509
* bsc#1247315
Cross-References:
* CVE-2024-53168
* CVE-2025-21692
* CVE-2025-21791
* CVE-2025-38089
* CVE-2025-38477
CVSS scores:
* CVE-2024-53168 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53168 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38089 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38089 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves five vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_30 fixes several issues.
The following security issues were fixed:
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
* CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(bsc#1243650).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
* CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as
auth error (bsc#1245509).
* CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3571=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3571=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_30-default-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-13-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_6-debugsource-13-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_30-default-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-13-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_6-debugsource-13-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-53168.html
* https://www.suse.com/security/cve/CVE-2025-21692.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-38089.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237048
* https://bugzilla.suse.com/show_bug.cgi?id=1240744
* https://bugzilla.suse.com/show_bug.cgi?id=1243650
* https://bugzilla.suse.com/show_bug.cgi?id=1245509
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03584-1: important: Security update for podman
# Security update for podman
Announcement ID: SUSE-SU-2025:03584-1
Release Date: 2025-10-13T06:59:34Z
Rating: important
References:
* bsc#1249154
Cross-References:
* CVE-2025-9566
CVSS scores:
* CVE-2025-9566 ( SUSE ): 7.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-9566 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-9566 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves one vulnerability can now be installed.
## Description:
This update for podman fixes the following issues:
* CVE-2025-9566: fixed an issue in kube play command that could cause
overwriting host files (bsc#1249154)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3584=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-3584=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-3584=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-3584=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-3584=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3584=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3584=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3584=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3584=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* podman-remote-debuginfo-4.9.5-150400.4.53.1
* podman-debuginfo-4.9.5-150400.4.53.1
* podmansh-4.9.5-150400.4.53.1
* podman-remote-4.9.5-150400.4.53.1
* podman-4.9.5-150400.4.53.1
* openSUSE Leap 15.4 (noarch)
* podman-docker-4.9.5-150400.4.53.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* podman-debuginfo-4.9.5-150400.4.53.1
* podman-remote-debuginfo-4.9.5-150400.4.53.1
* podman-remote-4.9.5-150400.4.53.1
* podman-4.9.5-150400.4.53.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* podman-debuginfo-4.9.5-150400.4.53.1
* podman-remote-debuginfo-4.9.5-150400.4.53.1
* podman-remote-4.9.5-150400.4.53.1
* podman-4.9.5-150400.4.53.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* podman-debuginfo-4.9.5-150400.4.53.1
* podman-remote-debuginfo-4.9.5-150400.4.53.1
* podman-remote-4.9.5-150400.4.53.1
* podman-4.9.5-150400.4.53.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* podman-debuginfo-4.9.5-150400.4.53.1
* podman-remote-debuginfo-4.9.5-150400.4.53.1
* podman-remote-4.9.5-150400.4.53.1
* podman-4.9.5-150400.4.53.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* podman-debuginfo-4.9.5-150400.4.53.1
* podman-remote-debuginfo-4.9.5-150400.4.53.1
* podman-remote-4.9.5-150400.4.53.1
* podman-4.9.5-150400.4.53.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.53.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* podman-debuginfo-4.9.5-150400.4.53.1
* podman-remote-debuginfo-4.9.5-150400.4.53.1
* podman-remote-4.9.5-150400.4.53.1
* podman-4.9.5-150400.4.53.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.53.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* podman-debuginfo-4.9.5-150400.4.53.1
* podman-remote-debuginfo-4.9.5-150400.4.53.1
* podman-remote-4.9.5-150400.4.53.1
* podman-4.9.5-150400.4.53.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* podman-docker-4.9.5-150400.4.53.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* podman-debuginfo-4.9.5-150400.4.53.1
* podman-remote-debuginfo-4.9.5-150400.4.53.1
* podman-remote-4.9.5-150400.4.53.1
* podman-4.9.5-150400.4.53.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.53.1
## References:
* https://www.suse.com/security/cve/CVE-2025-9566.html
* https://bugzilla.suse.com/show_bug.cgi?id=1249154
SUSE-SU-2025:03586-1: important: Security update for openssl-3-livepatches
# Security update for openssl-3-livepatches
Announcement ID: SUSE-SU-2025:03586-1
Release Date: 2025-10-13T07:02:35Z
Rating: important
References:
* bsc#1250410
Cross-References:
* CVE-2025-9230
CVSS scores:
* CVE-2025-9230 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-9230 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-9230 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for openssl-3-livepatches fixes the following issues:
* CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read
and write in RFC 3211 KEK unwrap (bsc#1250410).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3586=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3586=1
* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2025-3586=1
## Package List:
* openSUSE Leap 15.6 (x86_64)
* openssl-3-livepatches-debuginfo-0.2-150600.13.8.1
* openssl-3-livepatches-debugsource-0.2-150600.13.8.1
* openssl-3-livepatches-0.2-150600.13.8.1
* SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
* openssl-3-livepatches-debuginfo-0.2-150600.13.8.1
* openssl-3-livepatches-debugsource-0.2-150600.13.8.1
* openssl-3-livepatches-0.2-150600.13.8.1
* SUSE Linux Enterprise Live Patching 15-SP7 (x86_64)
* openssl-3-livepatches-debuginfo-0.2-150600.13.8.1
* openssl-3-livepatches-debugsource-0.2-150600.13.8.1
* openssl-3-livepatches-0.2-150600.13.8.1
## References:
* https://www.suse.com/security/cve/CVE-2025-9230.html
* https://bugzilla.suse.com/show_bug.cgi?id=1250410
SUSE-SU-2025:03587-1: moderate: Security update for haproxy
# Security update for haproxy
Announcement ID: SUSE-SU-2025:03587-1
Release Date: 2025-10-13T07:04:02Z
Rating: moderate
References:
* bsc#1250983
Cross-References:
* CVE-2025-11230
CVSS scores:
* CVE-2025-11230 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-11230 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Availability Extension 15 SP6
* SUSE Linux Enterprise High Availability Extension 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for haproxy fixes the following issues:
* CVE-2025-11230: Fixed issue in the mjson JSON decoder, that could have let
to excessive resource consumption when processing numbers with large
exponents (bsc#1250983).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3587=1 openSUSE-SLE-15.6-2025-3587=1
* SUSE Linux Enterprise High Availability Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2025-3587=1
* SUSE Linux Enterprise High Availability Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2025-3587=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* haproxy-2.8.11+git0.01c1056a4-150600.3.9.1
* haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.9.1
* haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.9.1
* SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le
s390x x86_64)
* haproxy-2.8.11+git0.01c1056a4-150600.3.9.1
* haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.9.1
* haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.9.1
* SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64 ppc64le
s390x x86_64)
* haproxy-2.8.11+git0.01c1056a4-150600.3.9.1
* haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.9.1
* haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.9.1
## References:
* https://www.suse.com/security/cve/CVE-2025-11230.html
* https://bugzilla.suse.com/show_bug.cgi?id=1250983
SUSE-SU-2025:03583-1: important: Security update for the Linux Kernel (Live Patch 60 for SLE 15 SP3)
# Security update for the Linux Kernel (Live Patch 60 for SLE 15 SP3)
Announcement ID: SUSE-SU-2025:03583-1
Release Date: 2025-10-13T06:04:04Z
Rating: important
References:
* bsc#1247315
Cross-References:
* CVE-2025-38477
CVSS scores:
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves one vulnerability can now be installed.
## Description:
This update for the Linux Kernel 5.3.18-150300_59_215 fixes one issue.
The following security issue was fixed:
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3583=1 SUSE-2025-3581=1 SUSE-2025-3579=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3583=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-3581=1 SUSE-SLE-Module-Live-
Patching-15-SP3-2025-3579=1
## Package List:
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_215-default-debuginfo-3-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_60-debugsource-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-default-debuginfo-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-default-6-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_59-debugsource-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-default-debuginfo-6-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_58-debugsource-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-default-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_215-default-3-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_207-preempt-debuginfo-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_215-preempt-debuginfo-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_215-preempt-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-preempt-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-preempt-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-preempt-debuginfo-6-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_215-default-debuginfo-3-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_60-debugsource-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-default-debuginfo-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-default-6-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_59-debugsource-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-default-debuginfo-6-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_58-debugsource-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-default-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_215-default-3-150300.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03580-1: important: Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)
# Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)
Announcement ID: SUSE-SU-2025:03580-1
Release Date: 2025-10-13T03:33:38Z
Rating: important
References:
* bsc#1233072
* bsc#1237048
* bsc#1240744
* bsc#1243650
* bsc#1247315
Cross-References:
* CVE-2024-50154
* CVE-2024-53168
* CVE-2025-21692
* CVE-2025-21791
* CVE-2025-38477
CVSS scores:
* CVE-2024-50154 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50154 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50154 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50154 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53168 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves five vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.3.18-150300_59_179 fixes several issues.
The following security issues were fixed:
* CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(bsc#1243650).
* CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink()
(bsc#1233072).
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
* CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3580=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3580=1
## Package List:
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_49-debugsource-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-17-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_179-preempt-debuginfo-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-preempt-17-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_49-debugsource-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-17-150300.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-50154.html
* https://www.suse.com/security/cve/CVE-2024-53168.html
* https://www.suse.com/security/cve/CVE-2025-21692.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233072
* https://bugzilla.suse.com/show_bug.cgi?id=1237048
* https://bugzilla.suse.com/show_bug.cgi?id=1240744
* https://bugzilla.suse.com/show_bug.cgi?id=1243650
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
SUSE-SU-2025:03589-1: moderate: Security update for haproxy
# Security update for haproxy
Announcement ID: SUSE-SU-2025:03589-1
Release Date: 2025-10-13T07:04:42Z
Rating: moderate
References:
* bsc#1250983
Cross-References:
* CVE-2025-11230
CVSS scores:
* CVE-2025-11230 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-11230 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Availability Extension 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for haproxy fixes the following issues:
* CVE-2025-11230: Fixed issue in the mjson JSON decoder, that could have let
to excessive resource consumption when processing numbers with large
exponents (bsc#1250983).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3589=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-3589=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-3589=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-3589=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-3589=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-3589=1
* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2025-3589=1
* SUSE Linux Enterprise High Availability Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2025-3589=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.25.1
* haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.25.1
* haproxy-2.4.22+git0.f8e3218e2-150400.3.25.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.25.1
* haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.25.1
* haproxy-2.4.22+git0.f8e3218e2-150400.3.25.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.25.1
* haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.25.1
* haproxy-2.4.22+git0.f8e3218e2-150400.3.25.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.25.1
* haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.25.1
* haproxy-2.4.22+git0.f8e3218e2-150400.3.25.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.25.1
* haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.25.1
* haproxy-2.4.22+git0.f8e3218e2-150400.3.25.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.25.1
* haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.25.1
* haproxy-2.4.22+git0.f8e3218e2-150400.3.25.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.25.1
* haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.25.1
* haproxy-2.4.22+git0.f8e3218e2-150400.3.25.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le
s390x x86_64)
* haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.25.1
* haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.25.1
* haproxy-2.4.22+git0.f8e3218e2-150400.3.25.1
## References:
* https://www.suse.com/security/cve/CVE-2025-11230.html
* https://bugzilla.suse.com/show_bug.cgi?id=1250983
SUSE-SU-2025:03578-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP4)
# Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP4)
Announcement ID: SUSE-SU-2025:03578-1
Release Date: 2025-10-13T07:04:11Z
Rating: important
References:
* bsc#1240744
* bsc#1243650
* bsc#1247315
Cross-References:
* CVE-2024-53168
* CVE-2025-21791
* CVE-2025-38477
CVSS scores:
* CVE-2024-53168 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53168 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38477 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves three vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150400_24_161 fixes several issues.
The following security issues were fixed:
* CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(bsc#1243650).
* CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
(bsc#1247315).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3588=1 SUSE-2025-3578=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3588=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-3578=1
## Package List:
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_38-debugsource-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-7-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_39-debugsource-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-7-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_38-debugsource-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-7-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_39-debugsource-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-7-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-53168.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-38477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1240744
* https://bugzilla.suse.com/show_bug.cgi?id=1243650
* https://bugzilla.suse.com/show_bug.cgi?id=1247315
