SUSE-SU-2025:3770-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP7)
SUSE-SU-2025:3769-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP7)
SUSE-SU-2025:3768-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)
SUSE-SU-2025:3775-1: important: Security update for MozillaFirefox
SUSE-SU-2025:3776-1: moderate: Security update for ruby2.5
SUSE-SU-2025:3780-1: moderate: Security update for python-python-socketio
SUSE-SU-2025:3779-1: important: Security update for poppler
SUSE-SU-2025:3782-1: important: Security update for podman
SUSE-SU-2025:3788-1: moderate: Security update for libssh
SUSE-SU-2025:3791-1: moderate: Security update for p7zip
SUSE-SU-2025:3794-1: moderate: Security update for chrony
openSUSE-SU-2025:15662-1: moderate: micropython-1.26.0-2.1 on GA media
openSUSE-SU-2025:15663-1: moderate: openbao-2.4.3-1.1 on GA media
openSUSE-SU-2025:15660-1: moderate: java-11-openjdk-11.0.29.0-1.1 on GA media
openSUSE-SU-2025:15659-1: moderate: bind-9.20.15-1.1 on GA media
openSUSE-SU-2025:15661-1: moderate: java-17-openjdk-17.0.17.0-1.1 on GA media
SUSE-SU-2025:3770-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP7)
# Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP7)
Announcement ID: SUSE-SU-2025:3770-1
Release Date: 2025-10-24T06:06:29Z
Rating: important
References:
* bsc#1248108
* bsc#1248376
* bsc#1248673
* bsc#1249534
Cross-References:
* CVE-2025-38499
* CVE-2025-38566
* CVE-2025-38678
CVSS scores:
* CVE-2025-38499 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H
* CVE-2025-38499 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
* CVE-2025-38566 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38566 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38678 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves three vulnerabilities and has one security fix can now be
installed.
## Description:
This update for the Linux Kernel 6.4.0-150700_53_11 fixes several issues.
The following security issues were fixed:
* CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates
(bsc#1249534).
* CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN
in the right userns (bsc#1248673).
* CVE-2025-38566: sunrpc: fix handling of server side tls alerts
(bsc#1248376).
* kernel-livepatch.spec: Replace kernel-syms with
kernel-<flavor>-specific dependencies (bsc#1248108) The commit
ead79afe7cbfae ("kernel-livepatch.spec: Update build dependencies for non-
default flavors") broke build of livepatches which were built with kernel-
syms-rt. The problem is that livepatch packages for already released kernels
are built in exactly the same build environment as the initial livepatch.
The BS (Build Service) installs the build environment using the given
_buildinfo-*.xml and ignores BuildRequires. But the BuildRequires are later
checked by rpmbuild tool. It would complain when new dependencies were
added. Unfortunately, kernel-syms-rt does not exist on SLE16. This was the
main motivation for the above mentioned commit. But the package kernel-syms
is empty. Its only purpose is to add other dependencies. Replace it by
opencoding the dependencies. Note that the kernel devel files are
historically split into various packages, kernel-<flavor>-devel,
kernel-devel-<flavor>, and even kernel-devel. But it is enough to
require kernel-<flavor>-devel because it requires the other devel
files on its own. This seems to be true back to SLE15-SP4 at minimum.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3770=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3770=1
* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2025-3766=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_65-default-2-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-2-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_65-default-2-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-2-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP7_Update_3-debugsource-2-150700.2.1
* kernel-livepatch-6_4_0-150700_53_11-default-debuginfo-2-150700.2.1
* kernel-livepatch-6_4_0-150700_53_11-default-2-150700.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38499.html
* https://www.suse.com/security/cve/CVE-2025-38566.html
* https://www.suse.com/security/cve/CVE-2025-38678.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248108
* https://bugzilla.suse.com/show_bug.cgi?id=1248376
* https://bugzilla.suse.com/show_bug.cgi?id=1248673
* https://bugzilla.suse.com/show_bug.cgi?id=1249534
SUSE-SU-2025:3769-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP7)
# Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP7)
Announcement ID: SUSE-SU-2025:3769-1
Release Date: 2025-10-24T06:35:29Z
Rating: important
References:
* bsc#1249534
Cross-References:
* CVE-2025-38678
CVSS scores:
* CVE-2025-38678 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150700_53_16 fixes one issue.
The following security issue was fixed:
* CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates
(bsc#1249534).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3769=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3769=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3774=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3774=1
* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2025-3767=1
## Package List:
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_176-default-2-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_44-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-2-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_176-default-2-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_44-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-2-150400.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_15-debugsource-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-2-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_15-debugsource-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-2-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150700_53_16-default-debuginfo-2-150700.2.1
* kernel-livepatch-SLE15-SP7_Update_4-debugsource-2-150700.2.1
* kernel-livepatch-6_4_0-150700_53_16-default-2-150700.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38678.html
* https://bugzilla.suse.com/show_bug.cgi?id=1249534
SUSE-SU-2025:3768-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:3768-1
Release Date: 2025-10-24T05:37:08Z
Rating: important
References:
* bsc#1245794
* bsc#1246075
* bsc#1247158
* bsc#1247452
* bsc#1248376
* bsc#1248673
* bsc#1248749
* bsc#1249458
* bsc#1249534
Cross-References:
* CVE-2025-21971
* CVE-2025-38110
* CVE-2025-38206
* CVE-2025-38396
* CVE-2025-38471
* CVE-2025-38499
* CVE-2025-38566
* CVE-2025-38644
* CVE-2025-38678
CVSS scores:
* CVE-2025-21971 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21971 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38110 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38110 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38206 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38206 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38396 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38396 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38471 ( SUSE ): 8.4
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38471 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2025-38499 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H
* CVE-2025-38499 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
* CVE-2025-38566 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38566 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38644 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38644 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38678 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves nine vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_42 fixes several issues.
The following security issues were fixed:
* CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates
(bsc#1249534).
* CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN
in the right userns (bsc#1248673).
* CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem
LSM bypass (bsc#1247158).
* CVE-2025-38566: sunrpc: fix handling of server side tls alerts
(bsc#1248376).
* CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT
(bsc#1245794).
* CVE-2025-38110: net/mdiobus: Fix potential out-of-bounds clause 45
read/write access (bsc#1249458).
* CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not
associated (bsc#1248749).
* CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).
* CVE-2025-38471: tls: always refresh the queue when reading sock
(bsc#1247452).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3768=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3768=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-9-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_9-debugsource-9-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-9-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_9-debugsource-9-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-21971.html
* https://www.suse.com/security/cve/CVE-2025-38110.html
* https://www.suse.com/security/cve/CVE-2025-38206.html
* https://www.suse.com/security/cve/CVE-2025-38396.html
* https://www.suse.com/security/cve/CVE-2025-38471.html
* https://www.suse.com/security/cve/CVE-2025-38499.html
* https://www.suse.com/security/cve/CVE-2025-38566.html
* https://www.suse.com/security/cve/CVE-2025-38644.html
* https://www.suse.com/security/cve/CVE-2025-38678.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245794
* https://bugzilla.suse.com/show_bug.cgi?id=1246075
* https://bugzilla.suse.com/show_bug.cgi?id=1247158
* https://bugzilla.suse.com/show_bug.cgi?id=1247452
* https://bugzilla.suse.com/show_bug.cgi?id=1248376
* https://bugzilla.suse.com/show_bug.cgi?id=1248673
* https://bugzilla.suse.com/show_bug.cgi?id=1248749
* https://bugzilla.suse.com/show_bug.cgi?id=1249458
* https://bugzilla.suse.com/show_bug.cgi?id=1249534
SUSE-SU-2025:3775-1: important: Security update for MozillaFirefox
# Security update for MozillaFirefox
Announcement ID: SUSE-SU-2025:3775-1
Release Date: 2025-10-24T12:28:34Z
Rating: important
References:
* bsc#1251263
Affected Products:
* Desktop Applications Module 15-SP6
* Desktop Applications Module 15-SP7
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that has one security fix can now be installed.
## Description:
This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 140.4.0 ESR (bsc#1251263).
* CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance()
* CVE-2025-11709: Out of bounds read/write in a privileged process triggered
by WebGL textures
* CVE-2025-11710: Cross-process information leaked due to malicious IPC
messages
* CVE-2025-11711: Some non-writable Object properties could be modified
* CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on
web resources without a content-type
* CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL”
command
* CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR
140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
* CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird
ESR 140.4, Firefox 144 and Thunderbird 144
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3775=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3775=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3775=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3775=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3775=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-3775=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3775=1
* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-3775=1
* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-3775=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3775=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3775=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3775=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3775=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3775=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3775=1
## Package List:
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-140.4.0-150200.152.207.1
* MozillaFirefox-translations-other-140.4.0-150200.152.207.1
* MozillaFirefox-translations-common-140.4.0-150200.152.207.1
* MozillaFirefox-debugsource-140.4.0-150200.152.207.1
* MozillaFirefox-debuginfo-140.4.0-150200.152.207.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* MozillaFirefox-devel-140.4.0-150200.152.207.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-140.4.0-150200.152.207.1
* MozillaFirefox-translations-other-140.4.0-150200.152.207.1
* MozillaFirefox-translations-common-140.4.0-150200.152.207.1
* MozillaFirefox-debugsource-140.4.0-150200.152.207.1
* MozillaFirefox-debuginfo-140.4.0-150200.152.207.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* MozillaFirefox-devel-140.4.0-150200.152.207.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* MozillaFirefox-140.4.0-150200.152.207.1
* MozillaFirefox-translations-other-140.4.0-150200.152.207.1
* MozillaFirefox-translations-common-140.4.0-150200.152.207.1
* MozillaFirefox-debugsource-140.4.0-150200.152.207.1
* MozillaFirefox-debuginfo-140.4.0-150200.152.207.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* MozillaFirefox-devel-140.4.0-150200.152.207.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* MozillaFirefox-140.4.0-150200.152.207.1
* MozillaFirefox-translations-other-140.4.0-150200.152.207.1
* MozillaFirefox-translations-common-140.4.0-150200.152.207.1
* MozillaFirefox-debugsource-140.4.0-150200.152.207.1
* MozillaFirefox-debuginfo-140.4.0-150200.152.207.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* MozillaFirefox-devel-140.4.0-150200.152.207.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* MozillaFirefox-140.4.0-150200.152.207.1
* MozillaFirefox-translations-other-140.4.0-150200.152.207.1
* MozillaFirefox-translations-common-140.4.0-150200.152.207.1
* MozillaFirefox-debugsource-140.4.0-150200.152.207.1
* MozillaFirefox-debuginfo-140.4.0-150200.152.207.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* MozillaFirefox-devel-140.4.0-150200.152.207.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* MozillaFirefox-140.4.0-150200.152.207.1
* MozillaFirefox-translations-other-140.4.0-150200.152.207.1
* MozillaFirefox-translations-common-140.4.0-150200.152.207.1
* MozillaFirefox-debugsource-140.4.0-150200.152.207.1
* MozillaFirefox-debuginfo-140.4.0-150200.152.207.1
* SUSE Enterprise Storage 7.1 (noarch)
* MozillaFirefox-devel-140.4.0-150200.152.207.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-140.4.0-150200.152.207.1
* MozillaFirefox-translations-other-140.4.0-150200.152.207.1
* MozillaFirefox-translations-common-140.4.0-150200.152.207.1
* MozillaFirefox-debugsource-140.4.0-150200.152.207.1
* MozillaFirefox-branding-upstream-140.4.0-150200.152.207.1
* MozillaFirefox-debuginfo-140.4.0-150200.152.207.1
* openSUSE Leap 15.6 (noarch)
* MozillaFirefox-devel-140.4.0-150200.152.207.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-140.4.0-150200.152.207.1
* MozillaFirefox-translations-other-140.4.0-150200.152.207.1
* MozillaFirefox-translations-common-140.4.0-150200.152.207.1
* MozillaFirefox-debugsource-140.4.0-150200.152.207.1
* MozillaFirefox-debuginfo-140.4.0-150200.152.207.1
* Desktop Applications Module 15-SP6 (noarch)
* MozillaFirefox-devel-140.4.0-150200.152.207.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-140.4.0-150200.152.207.1
* MozillaFirefox-translations-other-140.4.0-150200.152.207.1
* MozillaFirefox-translations-common-140.4.0-150200.152.207.1
* MozillaFirefox-debugsource-140.4.0-150200.152.207.1
* MozillaFirefox-debuginfo-140.4.0-150200.152.207.1
* Desktop Applications Module 15-SP7 (noarch)
* MozillaFirefox-devel-140.4.0-150200.152.207.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* MozillaFirefox-140.4.0-150200.152.207.1
* MozillaFirefox-translations-other-140.4.0-150200.152.207.1
* MozillaFirefox-translations-common-140.4.0-150200.152.207.1
* MozillaFirefox-debugsource-140.4.0-150200.152.207.1
* MozillaFirefox-debuginfo-140.4.0-150200.152.207.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* MozillaFirefox-devel-140.4.0-150200.152.207.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* MozillaFirefox-140.4.0-150200.152.207.1
* MozillaFirefox-translations-other-140.4.0-150200.152.207.1
* MozillaFirefox-translations-common-140.4.0-150200.152.207.1
* MozillaFirefox-debugsource-140.4.0-150200.152.207.1
* MozillaFirefox-debuginfo-140.4.0-150200.152.207.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* MozillaFirefox-devel-140.4.0-150200.152.207.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* MozillaFirefox-140.4.0-150200.152.207.1
* MozillaFirefox-translations-other-140.4.0-150200.152.207.1
* MozillaFirefox-translations-common-140.4.0-150200.152.207.1
* MozillaFirefox-debugsource-140.4.0-150200.152.207.1
* MozillaFirefox-debuginfo-140.4.0-150200.152.207.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* MozillaFirefox-devel-140.4.0-150200.152.207.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* MozillaFirefox-140.4.0-150200.152.207.1
* MozillaFirefox-translations-other-140.4.0-150200.152.207.1
* MozillaFirefox-translations-common-140.4.0-150200.152.207.1
* MozillaFirefox-debugsource-140.4.0-150200.152.207.1
* MozillaFirefox-debuginfo-140.4.0-150200.152.207.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* MozillaFirefox-devel-140.4.0-150200.152.207.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* MozillaFirefox-140.4.0-150200.152.207.1
* MozillaFirefox-translations-other-140.4.0-150200.152.207.1
* MozillaFirefox-translations-common-140.4.0-150200.152.207.1
* MozillaFirefox-debugsource-140.4.0-150200.152.207.1
* MozillaFirefox-debuginfo-140.4.0-150200.152.207.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* MozillaFirefox-devel-140.4.0-150200.152.207.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-140.4.0-150200.152.207.1
* MozillaFirefox-translations-other-140.4.0-150200.152.207.1
* MozillaFirefox-translations-common-140.4.0-150200.152.207.1
* MozillaFirefox-debugsource-140.4.0-150200.152.207.1
* MozillaFirefox-debuginfo-140.4.0-150200.152.207.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* MozillaFirefox-devel-140.4.0-150200.152.207.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1251263
SUSE-SU-2025:3776-1: moderate: Security update for ruby2.5
# Security update for ruby2.5
Announcement ID: SUSE-SU-2025:3776-1
Release Date: 2025-10-24T13:25:50Z
Rating: moderate
References:
* bsc#1246430
Cross-References:
* CVE-2025-24294
CVSS scores:
* CVE-2025-24294 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-24294 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-24294 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability can now be installed.
## Description:
This update for ruby2.5 fixes the following issues:
* CVE-2025-24294: resolv: insufficient checks on the length of a decompressed
domain name when processing a DNS packet can lead to a denial of service due
to excessive resource consumption (bsc#1246430).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3776=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3776=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* ruby2.5-2.5.9-150000.4.54.1
* ruby2.5-devel-extra-2.5.9-150000.4.54.1
* ruby2.5-doc-2.5.9-150000.4.54.1
* ruby2.5-stdlib-2.5.9-150000.4.54.1
* ruby2.5-debugsource-2.5.9-150000.4.54.1
* ruby2.5-stdlib-debuginfo-2.5.9-150000.4.54.1
* ruby2.5-devel-2.5.9-150000.4.54.1
* ruby2.5-debuginfo-2.5.9-150000.4.54.1
* libruby2_5-2_5-2.5.9-150000.4.54.1
* libruby2_5-2_5-debuginfo-2.5.9-150000.4.54.1
* openSUSE Leap 15.6 (noarch)
* ruby2.5-doc-ri-2.5.9-150000.4.54.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* ruby2.5-2.5.9-150000.4.54.1
* ruby2.5-devel-extra-2.5.9-150000.4.54.1
* ruby2.5-stdlib-2.5.9-150000.4.54.1
* ruby2.5-debugsource-2.5.9-150000.4.54.1
* ruby2.5-stdlib-debuginfo-2.5.9-150000.4.54.1
* ruby2.5-devel-2.5.9-150000.4.54.1
* ruby2.5-debuginfo-2.5.9-150000.4.54.1
* libruby2_5-2_5-2.5.9-150000.4.54.1
* libruby2_5-2_5-debuginfo-2.5.9-150000.4.54.1
## References:
* https://www.suse.com/security/cve/CVE-2025-24294.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246430
SUSE-SU-2025:3780-1: moderate: Security update for python-python-socketio
# Security update for python-python-socketio
Announcement ID: SUSE-SU-2025:3780-1
Release Date: 2025-10-24T13:27:01Z
Rating: moderate
References:
* bsc#1251193
Cross-References:
* CVE-2025-61765
CVSS scores:
* CVE-2025-61765 ( SUSE ): 6.4 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
* CVE-2025-61765 ( NVD ): 6.4 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
Affected Products:
* openSUSE Leap 15.6
* Python 3 Module 15-SP6
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for python-python-socketio fixes the following issues:
* CVE-2025-61765: fixed by using json, rather than pickle for serialization
(bsc#1251193)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3780=1 openSUSE-SLE-15.6-2025-3780=1
* Python 3 Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-3780=1
* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2025-3780=1
## Package List:
* openSUSE Leap 15.6 (noarch)
* python311-python-socketio-5.7.2-150600.3.3.1
* Python 3 Module 15-SP6 (noarch)
* python311-python-socketio-5.7.2-150600.3.3.1
* Python 3 Module 15-SP7 (noarch)
* python311-python-socketio-5.7.2-150600.3.3.1
## References:
* https://www.suse.com/security/cve/CVE-2025-61765.html
* https://bugzilla.suse.com/show_bug.cgi?id=1251193
SUSE-SU-2025:3779-1: important: Security update for poppler
# Security update for poppler
Announcement ID: SUSE-SU-2025:3779-1
Release Date: 2025-10-24T13:26:48Z
Rating: important
References:
* bsc#1250908
* bsc#1251940
Cross-References:
* CVE-2025-43718
* CVE-2025-52885
CVSS scores:
* CVE-2025-43718 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-43718 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
* CVE-2025-43718 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-43718 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-52885 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-52885 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-52885 ( NVD ): 6.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products:
* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7
An update that solves two vulnerabilities can now be installed.
## Description:
This update for poppler fixes the following issues:
* CVE-2025-43718: fixed uncontrolled recursion in the regex-based metadata
parser when processing specially crafted PDF files (bsc#1250908)
* CVE-2025-52885: improved pointer handling that could have led to dangling
pointers when the vector is resized (bsc#1251940)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3779=1 openSUSE-SLE-15.6-2025-3779=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3779=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3779=1
* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3779=1
* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3779=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libpoppler-qt5-1-debuginfo-24.03.0-150600.3.24.1
* libpoppler-devel-24.03.0-150600.3.24.1
* libpoppler135-24.03.0-150600.3.24.1
* poppler-tools-24.03.0-150600.3.24.1
* libpoppler-qt5-devel-24.03.0-150600.3.24.1
* poppler-qt6-debugsource-24.03.0-150600.3.24.1
* poppler-qt5-debugsource-24.03.0-150600.3.24.1
* libpoppler-glib8-24.03.0-150600.3.24.1
* poppler-debugsource-24.03.0-150600.3.24.1
* libpoppler135-debuginfo-24.03.0-150600.3.24.1
* libpoppler-qt6-3-24.03.0-150600.3.24.1
* libpoppler-cpp0-24.03.0-150600.3.24.1
* libpoppler-glib-devel-24.03.0-150600.3.24.1
* libpoppler-qt6-3-debuginfo-24.03.0-150600.3.24.1
* libpoppler-qt5-1-24.03.0-150600.3.24.1
* libpoppler-cpp0-debuginfo-24.03.0-150600.3.24.1
* libpoppler-qt6-devel-24.03.0-150600.3.24.1
* libpoppler-glib8-debuginfo-24.03.0-150600.3.24.1
* typelib-1_0-Poppler-0_18-24.03.0-150600.3.24.1
* poppler-tools-debuginfo-24.03.0-150600.3.24.1
* openSUSE Leap 15.6 (x86_64)
* libpoppler-qt5-1-32bit-debuginfo-24.03.0-150600.3.24.1
* libpoppler135-32bit-24.03.0-150600.3.24.1
* libpoppler-qt5-1-32bit-24.03.0-150600.3.24.1
* libpoppler-glib8-32bit-debuginfo-24.03.0-150600.3.24.1
* libpoppler135-32bit-debuginfo-24.03.0-150600.3.24.1
* libpoppler-cpp0-32bit-24.03.0-150600.3.24.1
* libpoppler-cpp0-32bit-debuginfo-24.03.0-150600.3.24.1
* libpoppler-glib8-32bit-24.03.0-150600.3.24.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libpoppler-glib8-64bit-24.03.0-150600.3.24.1
* libpoppler-cpp0-64bit-debuginfo-24.03.0-150600.3.24.1
* libpoppler-qt5-1-64bit-debuginfo-24.03.0-150600.3.24.1
* libpoppler135-64bit-debuginfo-24.03.0-150600.3.24.1
* libpoppler-qt5-1-64bit-24.03.0-150600.3.24.1
* libpoppler135-64bit-24.03.0-150600.3.24.1
* libpoppler-glib8-64bit-debuginfo-24.03.0-150600.3.24.1
* libpoppler-cpp0-64bit-24.03.0-150600.3.24.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libpoppler-devel-24.03.0-150600.3.24.1
* libpoppler135-24.03.0-150600.3.24.1
* poppler-tools-24.03.0-150600.3.24.1
* libpoppler-glib8-24.03.0-150600.3.24.1
* poppler-debugsource-24.03.0-150600.3.24.1
* libpoppler135-debuginfo-24.03.0-150600.3.24.1
* libpoppler-cpp0-24.03.0-150600.3.24.1
* libpoppler-glib-devel-24.03.0-150600.3.24.1
* libpoppler-cpp0-debuginfo-24.03.0-150600.3.24.1
* libpoppler-glib8-debuginfo-24.03.0-150600.3.24.1
* typelib-1_0-Poppler-0_18-24.03.0-150600.3.24.1
* poppler-tools-debuginfo-24.03.0-150600.3.24.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libpoppler-devel-24.03.0-150600.3.24.1
* libpoppler135-24.03.0-150600.3.24.1
* poppler-tools-24.03.0-150600.3.24.1
* libpoppler-glib8-24.03.0-150600.3.24.1
* poppler-debugsource-24.03.0-150600.3.24.1
* libpoppler135-debuginfo-24.03.0-150600.3.24.1
* libpoppler-cpp0-24.03.0-150600.3.24.1
* libpoppler-glib-devel-24.03.0-150600.3.24.1
* libpoppler-cpp0-debuginfo-24.03.0-150600.3.24.1
* libpoppler-glib8-debuginfo-24.03.0-150600.3.24.1
* typelib-1_0-Poppler-0_18-24.03.0-150600.3.24.1
* poppler-tools-debuginfo-24.03.0-150600.3.24.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* libpoppler-qt5-1-debuginfo-24.03.0-150600.3.24.1
* libpoppler-devel-24.03.0-150600.3.24.1
* poppler-qt6-debugsource-24.03.0-150600.3.24.1
* libpoppler-qt5-devel-24.03.0-150600.3.24.1
* poppler-qt5-debugsource-24.03.0-150600.3.24.1
* poppler-debugsource-24.03.0-150600.3.24.1
* libpoppler-qt6-devel-24.03.0-150600.3.24.1
* libpoppler-qt6-3-24.03.0-150600.3.24.1
* libpoppler-cpp0-24.03.0-150600.3.24.1
* libpoppler-qt5-1-24.03.0-150600.3.24.1
* libpoppler-cpp0-debuginfo-24.03.0-150600.3.24.1
* libpoppler-qt6-3-debuginfo-24.03.0-150600.3.24.1
* SUSE Package Hub 15 15-SP6 (x86_64)
* libpoppler-glib8-32bit-24.03.0-150600.3.24.1
* libpoppler135-32bit-debuginfo-24.03.0-150600.3.24.1
* libpoppler-glib8-32bit-debuginfo-24.03.0-150600.3.24.1
* libpoppler135-32bit-24.03.0-150600.3.24.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* libpoppler-qt5-1-debuginfo-24.03.0-150600.3.24.1
* libpoppler-devel-24.03.0-150600.3.24.1
* poppler-qt6-debugsource-24.03.0-150600.3.24.1
* libpoppler-qt5-devel-24.03.0-150600.3.24.1
* poppler-qt5-debugsource-24.03.0-150600.3.24.1
* poppler-debugsource-24.03.0-150600.3.24.1
* libpoppler-qt6-devel-24.03.0-150600.3.24.1
* libpoppler-qt6-3-24.03.0-150600.3.24.1
* libpoppler-cpp0-24.03.0-150600.3.24.1
* libpoppler-qt5-1-24.03.0-150600.3.24.1
* libpoppler-cpp0-debuginfo-24.03.0-150600.3.24.1
* libpoppler-qt6-3-debuginfo-24.03.0-150600.3.24.1
* SUSE Package Hub 15 15-SP7 (x86_64)
* libpoppler-glib8-32bit-24.03.0-150600.3.24.1
* libpoppler135-32bit-debuginfo-24.03.0-150600.3.24.1
* libpoppler-glib8-32bit-debuginfo-24.03.0-150600.3.24.1
* libpoppler135-32bit-24.03.0-150600.3.24.1
## References:
* https://www.suse.com/security/cve/CVE-2025-43718.html
* https://www.suse.com/security/cve/CVE-2025-52885.html
* https://bugzilla.suse.com/show_bug.cgi?id=1250908
* https://bugzilla.suse.com/show_bug.cgi?id=1251940
SUSE-SU-2025:3782-1: important: Security update for podman
# Security update for podman
Announcement ID: SUSE-SU-2025:3782-1
Release Date: 2025-10-24T13:28:07Z
Rating: important
References:
* bsc#1249154
Cross-References:
* CVE-2025-9566
CVSS scores:
* CVE-2025-9566 ( SUSE ): 7.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-9566 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-9566 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Affected Products:
* Containers Module 15-SP6
* Containers Module 15-SP7
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Multi-Linux Manager Proxy 5.1 Extension for SLE
* SUSE Multi-Linux Manager Retail Branch Server 5.1 Extension for SLE
* SUSE Multi-Linux Manager Server 5.1 Extension for SLE
An update that solves one vulnerability can now be installed.
## Description:
This update for podman fixes the following issues:
* CVE-2025-9566: fixed a case when kube play command could overwrite host
files (bsc#1249154).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3782=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3782=1
* SUSE Multi-Linux Manager Proxy 5.1 Extension for SLE
zypper in -t patch SUSE-Multi-Linux-Manager-Proxy-SLE-5.1-2025-3782=1
* SUSE Multi-Linux Manager Retail Branch Server 5.1 Extension for SLE
zypper in -t patch SUSE-Multi-Linux-Manager-Retail-Branch-Server-
SLE-5.1-2025-3782=1
* SUSE Multi-Linux Manager Server 5.1 Extension for SLE
zypper in -t patch SUSE-Multi-Linux-Manager-Server-SLE-5.1-2025-3782=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3782=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-3782=1
* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-3782=1
* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2025-3782=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3782=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3782=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3782=1
## Package List:
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* podman-debuginfo-4.9.5-150500.3.49.1
* podmansh-4.9.5-150500.3.49.1
* podman-remote-4.9.5-150500.3.49.1
* podman-remote-debuginfo-4.9.5-150500.3.49.1
* podman-4.9.5-150500.3.49.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* podman-docker-4.9.5-150500.3.49.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* podman-debuginfo-4.9.5-150500.3.49.1
* podmansh-4.9.5-150500.3.49.1
* podman-remote-4.9.5-150500.3.49.1
* podman-remote-debuginfo-4.9.5-150500.3.49.1
* podman-4.9.5-150500.3.49.1
* openSUSE Leap 15.5 (noarch)
* podman-docker-4.9.5-150500.3.49.1
* SUSE Multi-Linux Manager Proxy 5.1 Extension for SLE (aarch64 ppc64le s390x
x86_64)
* podman-debuginfo-4.9.5-150500.3.49.1
* podman-4.9.5-150500.3.49.1
* SUSE Multi-Linux Manager Retail Branch Server 5.1 Extension for SLE (aarch64
ppc64le s390x x86_64)
* podman-debuginfo-4.9.5-150500.3.49.1
* podman-4.9.5-150500.3.49.1
* SUSE Multi-Linux Manager Server 5.1 Extension for SLE (aarch64 ppc64le s390x
x86_64)
* podman-debuginfo-4.9.5-150500.3.49.1
* podman-4.9.5-150500.3.49.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* podman-debuginfo-4.9.5-150500.3.49.1
* podmansh-4.9.5-150500.3.49.1
* podman-remote-4.9.5-150500.3.49.1
* podman-remote-debuginfo-4.9.5-150500.3.49.1
* podman-4.9.5-150500.3.49.1
* openSUSE Leap 15.6 (noarch)
* podman-docker-4.9.5-150500.3.49.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* podman-debuginfo-4.9.5-150500.3.49.1
* podmansh-4.9.5-150500.3.49.1
* podman-remote-4.9.5-150500.3.49.1
* podman-remote-debuginfo-4.9.5-150500.3.49.1
* podman-4.9.5-150500.3.49.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* podman-docker-4.9.5-150500.3.49.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* podman-debuginfo-4.9.5-150500.3.49.1
* podmansh-4.9.5-150500.3.49.1
* podman-remote-4.9.5-150500.3.49.1
* podman-remote-debuginfo-4.9.5-150500.3.49.1
* podman-4.9.5-150500.3.49.1
* Containers Module 15-SP6 (noarch)
* podman-docker-4.9.5-150500.3.49.1
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* podman-debuginfo-4.9.5-150500.3.49.1
* podmansh-4.9.5-150500.3.49.1
* podman-remote-4.9.5-150500.3.49.1
* podman-remote-debuginfo-4.9.5-150500.3.49.1
* podman-4.9.5-150500.3.49.1
* Containers Module 15-SP7 (noarch)
* podman-docker-4.9.5-150500.3.49.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* podman-debuginfo-4.9.5-150500.3.49.1
* podmansh-4.9.5-150500.3.49.1
* podman-remote-4.9.5-150500.3.49.1
* podman-remote-debuginfo-4.9.5-150500.3.49.1
* podman-4.9.5-150500.3.49.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* podman-docker-4.9.5-150500.3.49.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* podman-debuginfo-4.9.5-150500.3.49.1
* podmansh-4.9.5-150500.3.49.1
* podman-remote-4.9.5-150500.3.49.1
* podman-remote-debuginfo-4.9.5-150500.3.49.1
* podman-4.9.5-150500.3.49.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* podman-docker-4.9.5-150500.3.49.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* podman-debuginfo-4.9.5-150500.3.49.1
* podmansh-4.9.5-150500.3.49.1
* podman-remote-4.9.5-150500.3.49.1
* podman-remote-debuginfo-4.9.5-150500.3.49.1
* podman-4.9.5-150500.3.49.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* podman-docker-4.9.5-150500.3.49.1
## References:
* https://www.suse.com/security/cve/CVE-2025-9566.html
* https://bugzilla.suse.com/show_bug.cgi?id=1249154
SUSE-SU-2025:3788-1: moderate: Security update for libssh
# Security update for libssh
Announcement ID: SUSE-SU-2025:3788-1
Release Date: 2025-10-24T13:28:59Z
Rating: moderate
References:
* bsc#1246974
* bsc#1249375
Cross-References:
* CVE-2025-8114
* CVE-2025-8277
CVSS scores:
* CVE-2025-8114 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-8114 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-8114 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-8114 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-8277 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-8277 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
An update that solves two vulnerabilities can now be installed.
## Description:
This update for libssh fixes the following issues:
* CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper
memory management when KEX process is repeated with incorrect guesses
(bsc#1249375).
* CVE-2025-8114: NULL pointer dereference when an allocation error happens
during the calculation of the KEX session ID (bsc#1246974).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-3788=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-3788=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-3788=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-3788=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-3788=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3788=1
## Package List:
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libssh-config-0.9.8-150400.3.12.1
* libssh4-0.9.8-150400.3.12.1
* libssh4-debuginfo-0.9.8-150400.3.12.1
* libssh-debugsource-0.9.8-150400.3.12.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libssh-config-0.9.8-150400.3.12.1
* libssh4-0.9.8-150400.3.12.1
* libssh4-debuginfo-0.9.8-150400.3.12.1
* libssh-debugsource-0.9.8-150400.3.12.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libssh-config-0.9.8-150400.3.12.1
* libssh4-0.9.8-150400.3.12.1
* libssh4-debuginfo-0.9.8-150400.3.12.1
* libssh-debugsource-0.9.8-150400.3.12.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libssh-config-0.9.8-150400.3.12.1
* libssh4-0.9.8-150400.3.12.1
* libssh4-debuginfo-0.9.8-150400.3.12.1
* libssh-debugsource-0.9.8-150400.3.12.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libssh-config-0.9.8-150400.3.12.1
* libssh4-0.9.8-150400.3.12.1
* libssh4-debuginfo-0.9.8-150400.3.12.1
* libssh-debugsource-0.9.8-150400.3.12.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libssh-debugsource-0.9.8-150400.3.12.1
* libssh4-debuginfo-0.9.8-150400.3.12.1
* libssh4-0.9.8-150400.3.12.1
* libssh-devel-0.9.8-150400.3.12.1
* libssh-config-0.9.8-150400.3.12.1
* openSUSE Leap 15.4 (x86_64)
* libssh4-32bit-0.9.8-150400.3.12.1
* libssh4-32bit-debuginfo-0.9.8-150400.3.12.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libssh4-64bit-0.9.8-150400.3.12.1
* libssh4-64bit-debuginfo-0.9.8-150400.3.12.1
## References:
* https://www.suse.com/security/cve/CVE-2025-8114.html
* https://www.suse.com/security/cve/CVE-2025-8277.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246974
* https://bugzilla.suse.com/show_bug.cgi?id=1249375
SUSE-SU-2025:3791-1: moderate: Security update for p7zip
# Security update for p7zip
Announcement ID: SUSE-SU-2025:3791-1
Release Date: 2025-10-24T14:56:51Z
Rating: moderate
References:
* bsc#1209648
* bsc#1246707
Cross-References:
* CVE-2022-47069
* CVE-2023-1576
* CVE-2025-53817
CVSS scores:
* CVE-2022-47069 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2022-47069 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-1576 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-53817 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-53817 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-53817 ( NVD ): 5.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-53817 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves three vulnerabilities can now be installed.
## Description:
This update for p7zip fixes the following issues:
* CVE-2022-47069: heap buffer overflow in `ZipIn.cpp` file (bsc#1209648).
* CVE-2025-53817: null pointer dereference may lead to denial of service
(bsc#1246707).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3791=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3791=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3791=1
## Package List:
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* p7zip-16.02-150200.14.15.1
* p7zip-full-debuginfo-16.02-150200.14.15.1
* p7zip-full-16.02-150200.14.15.1
* p7zip-debugsource-16.02-150200.14.15.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* p7zip-16.02-150200.14.15.1
* p7zip-full-debuginfo-16.02-150200.14.15.1
* p7zip-full-16.02-150200.14.15.1
* p7zip-debugsource-16.02-150200.14.15.1
* openSUSE Leap 15.6 (noarch)
* p7zip-doc-16.02-150200.14.15.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* p7zip-16.02-150200.14.15.1
* p7zip-full-debuginfo-16.02-150200.14.15.1
* p7zip-full-16.02-150200.14.15.1
* p7zip-debugsource-16.02-150200.14.15.1
## References:
* https://www.suse.com/security/cve/CVE-2022-47069.html
* https://www.suse.com/security/cve/CVE-2023-1576.html
* https://www.suse.com/security/cve/CVE-2025-53817.html
* https://bugzilla.suse.com/show_bug.cgi?id=1209648
* https://bugzilla.suse.com/show_bug.cgi?id=1246707
SUSE-SU-2025:3794-1: moderate: Security update for chrony
# Security update for chrony
Announcement ID: SUSE-SU-2025:3794-1
Release Date: 2025-10-24T15:36:52Z
Rating: moderate
References:
* bsc#1246544
* jsc#SMO-587
Affected Products:
* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that contains one feature and has one security fix can now be
installed.
## Description:
This update for chrony fixes the following issues:
* Race condition during socket creation by chronyc allows privilege escalation
from user chrony to root (bsc#1246544).
This update also ships chrony-pool-empty to SLE Micro 5.x (jsc#SMO-587)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3794=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3794=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3794=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-3794=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-3794=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-3794=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-3794=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-3794=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3794=1
## Package List:
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* chrony-debuginfo-4.1-150400.21.8.1
* chrony-4.1-150400.21.8.1
* chrony-debugsource-4.1-150400.21.8.1
* Basesystem Module 15-SP7 (noarch)
* chrony-pool-empty-4.1-150400.21.8.1
* chrony-pool-suse-4.1-150400.21.8.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* chrony-debuginfo-4.1-150400.21.8.1
* chrony-4.1-150400.21.8.1
* chrony-debugsource-4.1-150400.21.8.1
* openSUSE Leap 15.4 (noarch)
* chrony-pool-openSUSE-4.1-150400.21.8.1
* chrony-pool-empty-4.1-150400.21.8.1
* chrony-pool-suse-4.1-150400.21.8.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* chrony-debuginfo-4.1-150400.21.8.1
* chrony-4.1-150400.21.8.1
* chrony-debugsource-4.1-150400.21.8.1
* openSUSE Leap 15.6 (noarch)
* chrony-pool-openSUSE-4.1-150400.21.8.1
* chrony-pool-empty-4.1-150400.21.8.1
* chrony-pool-suse-4.1-150400.21.8.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* chrony-debuginfo-4.1-150400.21.8.1
* chrony-4.1-150400.21.8.1
* chrony-debugsource-4.1-150400.21.8.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
* chrony-pool-empty-4.1-150400.21.8.1
* chrony-pool-suse-4.1-150400.21.8.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* chrony-debuginfo-4.1-150400.21.8.1
* chrony-4.1-150400.21.8.1
* chrony-debugsource-4.1-150400.21.8.1
* SUSE Linux Enterprise Micro 5.3 (noarch)
* chrony-pool-empty-4.1-150400.21.8.1
* chrony-pool-suse-4.1-150400.21.8.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* chrony-debuginfo-4.1-150400.21.8.1
* chrony-4.1-150400.21.8.1
* chrony-debugsource-4.1-150400.21.8.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
* chrony-pool-empty-4.1-150400.21.8.1
* chrony-pool-suse-4.1-150400.21.8.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* chrony-debuginfo-4.1-150400.21.8.1
* chrony-4.1-150400.21.8.1
* chrony-debugsource-4.1-150400.21.8.1
* SUSE Linux Enterprise Micro 5.4 (noarch)
* chrony-pool-empty-4.1-150400.21.8.1
* chrony-pool-suse-4.1-150400.21.8.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* chrony-debuginfo-4.1-150400.21.8.1
* chrony-4.1-150400.21.8.1
* chrony-debugsource-4.1-150400.21.8.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* chrony-pool-empty-4.1-150400.21.8.1
* chrony-pool-suse-4.1-150400.21.8.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* chrony-debuginfo-4.1-150400.21.8.1
* chrony-4.1-150400.21.8.1
* chrony-debugsource-4.1-150400.21.8.1
* Basesystem Module 15-SP6 (noarch)
* chrony-pool-empty-4.1-150400.21.8.1
* chrony-pool-suse-4.1-150400.21.8.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1246544
* https://jira.suse.com/browse/SMO-587
openSUSE-SU-2025:15662-1: moderate: micropython-1.26.0-2.1 on GA media
# micropython-1.26.0-2.1 on GA media
Announcement ID: openSUSE-SU-2025:15662-1
Rating: moderate
Cross-References:
* CVE-2025-59438
CVSS scores:
* CVE-2025-59438 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-59438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the micropython-1.26.0-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* micropython 1.26.0-2.1
* mpremote 1.26.0-2.1
* mpy-tools 1.26.0-2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-59438.html
openSUSE-SU-2025:15663-1: moderate: openbao-2.4.3-1.1 on GA media
# openbao-2.4.3-1.1 on GA media
Announcement ID: openSUSE-SU-2025:15663-1
Rating: moderate
Cross-References:
* CVE-2025-62513
* CVE-2025-62705
Affected Products:
* openSUSE Tumbleweed
An update that solves 2 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the openbao-2.4.3-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* openbao 2.4.3-1.1
* openbao-agent 2.4.3-1.1
* openbao-cassandra-database-plugin 2.4.3-1.1
* openbao-influxdb-database-plugin 2.4.3-1.1
* openbao-mysql-database-plugin 2.4.3-1.1
* openbao-mysql-legacy-database-plugin 2.4.3-1.1
* openbao-postgresql-database-plugin 2.4.3-1.1
* openbao-server 2.4.3-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-62513.html
* https://www.suse.com/security/cve/CVE-2025-62705.html
openSUSE-SU-2025:15660-1: moderate: java-11-openjdk-11.0.29.0-1.1 on GA media
# java-11-openjdk-11.0.29.0-1.1 on GA media
Announcement ID: openSUSE-SU-2025:15660-1
Rating: moderate
Cross-References:
* CVE-2025-53057
* CVE-2025-53066
CVSS scores:
* CVE-2025-53057 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-53057 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-53066 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-53066 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 2 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the java-11-openjdk-11.0.29.0-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* java-11-openjdk 11.0.29.0-1.1
* java-11-openjdk-demo 11.0.29.0-1.1
* java-11-openjdk-devel 11.0.29.0-1.1
* java-11-openjdk-headless 11.0.29.0-1.1
* java-11-openjdk-javadoc 11.0.29.0-1.1
* java-11-openjdk-jmods 11.0.29.0-1.1
* java-11-openjdk-src 11.0.29.0-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-53057.html
* https://www.suse.com/security/cve/CVE-2025-53066.html
openSUSE-SU-2025:15659-1: moderate: bind-9.20.15-1.1 on GA media
# bind-9.20.15-1.1 on GA media
Announcement ID: openSUSE-SU-2025:15659-1
Rating: moderate
Cross-References:
* CVE-2025-40778
* CVE-2025-40780
* CVE-2025-8677
CVSS scores:
* CVE-2025-40778 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
* CVE-2025-40778 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N
* CVE-2025-40780 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
* CVE-2025-40780 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N
* CVE-2025-8677 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-8677 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 3 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the bind-9.20.15-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* bind 9.20.15-1.1
* bind-doc 9.20.15-1.1
* bind-modules-bdbhpt 9.20.15-1.1
* bind-modules-generic 9.20.15-1.1
* bind-modules-ldap 9.20.15-1.1
* bind-modules-mysql 9.20.15-1.1
* bind-modules-perl 9.20.15-1.1
* bind-modules-sqlite3 9.20.15-1.1
* bind-utils 9.20.15-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-40778.html
* https://www.suse.com/security/cve/CVE-2025-40780.html
* https://www.suse.com/security/cve/CVE-2025-8677.html
openSUSE-SU-2025:15661-1: moderate: java-17-openjdk-17.0.17.0-1.1 on GA media
# java-17-openjdk-17.0.17.0-1.1 on GA media
Announcement ID: openSUSE-SU-2025:15661-1
Rating: moderate
Cross-References:
* CVE-2025-53057
* CVE-2025-53066
CVSS scores:
* CVE-2025-53057 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-53057 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-53066 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-53066 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 2 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the java-17-openjdk-17.0.17.0-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* java-17-openjdk 17.0.17.0-1.1
* java-17-openjdk-demo 17.0.17.0-1.1
* java-17-openjdk-devel 17.0.17.0-1.1
* java-17-openjdk-headless 17.0.17.0-1.1
* java-17-openjdk-javadoc 17.0.17.0-1.1
* java-17-openjdk-jmods 17.0.17.0-1.1
* java-17-openjdk-src 17.0.17.0-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-53057.html
* https://www.suse.com/security/cve/CVE-2025-53066.html
