Kernel, Go, CURL, Python, LibSSH, Orthanc updates for SUSE

SUSE 5495 Published by

SUSE Linux has released several important security updates for its kernel, including Live Patch 32 for SLE 15 SP4 and multiple patches for SLE 15 SP5. Additionally, there are security updates available for third-party packages such as curl and go1.25. Moderate security updates have also been released for python-eventlet, libssh-config-0.11.3-1.1 on openSUSE GA media, and orthanc-gdcm-1.7-1.1 on openSUSE GA media.

SUSE-SU-2025:03181-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4)
SUSE-SU-2025:03185-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP5)
SUSE-SU-2025:03184-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP4)
SUSE-SU-2025:03186-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP5)
SUSE-SU-2025:03183-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP4)
SUSE-SU-2025:03188-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5)
SUSE-SU-2025:03190-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP5)
SUSE-SU-2025:03191-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)
SUSE-SU-2025:03194-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP5)
SUSE-SU-2025:03195-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP5)
SUSE-SU-2025:03200-1: moderate: Security update for go1.25
SUSE-SU-2025:03198-1: important: Security update for curl
SUSE-SU-2025:03202-1: moderate: Security update for python-eventlet
openSUSE-SU-2025:15545-1: moderate: libssh-config-0.11.3-1.1 on GA media
openSUSE-SU-2025:15546-1: moderate: orthanc-gdcm-1.7-1.1 on GA media




SUSE-SU-2025:03181-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:03181-1
Release Date: 2025-09-11T20:11:21Z
Rating: important
References:

* bsc#1231676
* bsc#1231943
* bsc#1232271
* bsc#1237930
* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1246030

Cross-References:

* CVE-2022-49053
* CVE-2024-47674
* CVE-2024-47706
* CVE-2024-49867
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2022-49053 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47674 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47706 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-49867 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves nine vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_136 fixes several issues.

The following security issues were fixed:

* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner
kthread during umount (bsc#1232271).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case
(bsc#1231676).
* CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain
(bsc#1231943).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3181=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3181=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_32-debugsource-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-14-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_32-debugsource-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-14-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49053.html
* https://www.suse.com/security/cve/CVE-2024-47674.html
* https://www.suse.com/security/cve/CVE-2024-47706.html
* https://www.suse.com/security/cve/CVE-2024-49867.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231676
* https://bugzilla.suse.com/show_bug.cgi?id=1231943
* https://bugzilla.suse.com/show_bug.cgi?id=1232271
* https://bugzilla.suse.com/show_bug.cgi?id=1237930
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



SUSE-SU-2025:03185-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP5)


# Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:03185-1
Release Date: 2025-09-12T06:03:55Z
Rating: important
References:

* bsc#1237930
* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1245805
* bsc#1246030

Cross-References:

* CVE-2022-49053
* CVE-2025-21701
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2022-49053 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_91 fixes several issues.

The following security issues were fixed:

* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2025-21701: net: avoid race between device unregistration and ethnl ops
(bsc#1245805).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3185=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-3187=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3187=1 SUSE-2025-3185=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-10-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_22-debugsource-10-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-10-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-10-150500.2.1
* kernel-livepatch-5_14_21-150500_55_91-default-10-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_21-debugsource-10-150500.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-10-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_22-debugsource-10-150500.2.1
* kernel-livepatch-5_14_21-150500_55_91-default-10-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-10-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-10-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_21-debugsource-10-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49053.html
* https://www.suse.com/security/cve/CVE-2025-21701.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237930
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1245805
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



SUSE-SU-2025:03184-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:03184-1
Release Date: 2025-09-11T23:33:50Z
Rating: important
References:

* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1246030

Cross-References:

* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_164 fixes several issues.

The following security issues were fixed:

* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3184=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3184=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-5-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-5-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



SUSE-SU-2025:03186-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP5)


# Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:03186-1
Release Date: 2025-09-12T02:04:17Z
Rating: important
References:

* bsc#1231676
* bsc#1231943
* bsc#1232271
* bsc#1237930
* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1245805
* bsc#1246030

Cross-References:

* CVE-2022-49053
* CVE-2024-47674
* CVE-2024-47706
* CVE-2024-49867
* CVE-2025-21701
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2022-49053 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47674 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47706 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-49867 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves 10 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_80 fixes several issues.

The following security issues were fixed:

* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner
kthread during umount (bsc#1232271).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case
(bsc#1231676).
* CVE-2025-21701: net: avoid race between device unregistration and ethnl ops
(bsc#1245805).
* CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain
(bsc#1231943).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3186=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3186=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_80-default-14-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-14-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_19-debugsource-14-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_80-default-14-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-14-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_19-debugsource-14-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49053.html
* https://www.suse.com/security/cve/CVE-2024-47674.html
* https://www.suse.com/security/cve/CVE-2024-47706.html
* https://www.suse.com/security/cve/CVE-2024-49867.html
* https://www.suse.com/security/cve/CVE-2025-21701.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231676
* https://bugzilla.suse.com/show_bug.cgi?id=1231943
* https://bugzilla.suse.com/show_bug.cgi?id=1232271
* https://bugzilla.suse.com/show_bug.cgi?id=1237930
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1245805
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



SUSE-SU-2025:03183-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:03183-1
Release Date: 2025-09-11T22:04:29Z
Rating: important
References:

* bsc#1246030

Cross-References:

* CVE-2025-38212

CVSS scores:

* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves one vulnerability can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_170 fixes one issue.

The following security issue was fixed:

* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3183=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3183=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-3-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-3-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



SUSE-SU-2025:03188-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5)


# Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:03188-1
Release Date: 2025-09-12T06:33:50Z
Rating: important
References:

* bsc#1245805
* bsc#1246030

Cross-References:

* CVE-2025-21701
* CVE-2025-38212

CVSS scores:

* CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_113 fixes several issues.

The following security issues were fixed:

* CVE-2025-21701: net: avoid race between device unregistration and ethnl ops
(bsc#1245805).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3188=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3188=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-4-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-4-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21701.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245805
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



SUSE-SU-2025:03190-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP5)


# Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:03190-1
Release Date: 2025-09-12T08:09:51Z
Rating: important
References:

* bsc#1231676
* bsc#1231943
* bsc#1232271
* bsc#1237930
* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1246030

Cross-References:

* CVE-2022-49053
* CVE-2024-47674
* CVE-2024-47706
* CVE-2024-49867
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2022-49053 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47674 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47706 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-49867 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves nine vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_73 fixes several issues.

The following security issues were fixed:

* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner
kthread during umount (bsc#1232271).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case
(bsc#1231676).
* CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain
(bsc#1231943).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3190=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3190=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_17-debugsource-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_73-default-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_73-default-debuginfo-16-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_73-default-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_73-default-debuginfo-16-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le x86_64)
* kernel-livepatch-SLE15-SP5_Update_17-debugsource-16-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49053.html
* https://www.suse.com/security/cve/CVE-2024-47674.html
* https://www.suse.com/security/cve/CVE-2024-47706.html
* https://www.suse.com/security/cve/CVE-2024-49867.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231676
* https://bugzilla.suse.com/show_bug.cgi?id=1231943
* https://bugzilla.suse.com/show_bug.cgi?id=1232271
* https://bugzilla.suse.com/show_bug.cgi?id=1237930
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



SUSE-SU-2025:03191-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)


# Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:03191-1
Release Date: 2025-09-12T08:34:21Z
Rating: important
References:

* bsc#1231676
* bsc#1231943
* bsc#1232271
* bsc#1237930
* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1245805
* bsc#1246030

Cross-References:

* CVE-2022-49053
* CVE-2024-47674
* CVE-2024-47706
* CVE-2024-49867
* CVE-2025-21701
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2022-49053 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47674 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47706 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-49867 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves 10 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_83 fixes several issues.

The following security issues were fixed:

* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner
kthread during umount (bsc#1232271).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case
(bsc#1231676).
* CVE-2025-21701: net: avoid race between device unregistration and ethnl ops
(bsc#1245805).
* CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain
(bsc#1231943).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3191=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3191=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_83-default-14-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_20-debugsource-14-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-14-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_83-default-14-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_20-debugsource-14-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-14-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49053.html
* https://www.suse.com/security/cve/CVE-2024-47674.html
* https://www.suse.com/security/cve/CVE-2024-47706.html
* https://www.suse.com/security/cve/CVE-2024-49867.html
* https://www.suse.com/security/cve/CVE-2025-21701.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231676
* https://bugzilla.suse.com/show_bug.cgi?id=1231943
* https://bugzilla.suse.com/show_bug.cgi?id=1232271
* https://bugzilla.suse.com/show_bug.cgi?id=1237930
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1245805
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



SUSE-SU-2025:03194-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP5)


# Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:03194-1
Release Date: 2025-09-12T10:33:51Z
Rating: important
References:

* bsc#1237930
* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1245805
* bsc#1246030

Cross-References:

* CVE-2022-49053
* CVE-2025-21701
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2022-49053 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_97 fixes several issues.

The following security issues were fixed:

* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2025-21701: net: avoid race between device unregistration and ethnl ops
(bsc#1245805).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3194=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3194=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_24-debugsource-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-6-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_24-debugsource-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-6-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49053.html
* https://www.suse.com/security/cve/CVE-2025-21701.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237930
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1245805
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



SUSE-SU-2025:03195-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP5)


# Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:03195-1
Release Date: 2025-09-12T11:33:46Z
Rating: important
References:

* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1245805
* bsc#1246030

Cross-References:

* CVE-2025-21701
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_110 fixes several issues.

The following security issues were fixed:

* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2025-21701: net: avoid race between device unregistration and ethnl ops
(bsc#1245805).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3195=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3195=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_27-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-4-150500.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_27-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-4-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21701.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1245805
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



SUSE-SU-2025:03200-1: moderate: Security update for go1.25


# Security update for go1.25

Announcement ID: SUSE-SU-2025:03200-1
Release Date: 2025-09-12T12:22:43Z
Rating: moderate
References:

* bsc#1244485
* bsc#1247816
* bsc#1248082
* bsc#1249141

Cross-References:

* CVE-2025-47910

CVSS scores:

* CVE-2025-47910 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products:

* Development Tools Module 15-SP6
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability and has three security fixes can now be
installed.

## Description:

This update for go1.25 fixes the following issues:

Update to go1.25.1, released 2025-09-03 (bsc#1244485).

Security issues fixed:

* CVE-2025-47910: net/http: `CrossOriginProtection` insecure bypass patterns
not limited to exact matches (bsc#1249141).

Other issues fixed:

* go#74822 cmd/go: "get toolchain@latest" should ignore release candidates.
* go#74999 net: WriteMsgUDPAddrPort should accept IPv4-mapped IPv6 destination
addresses on IPv4 UDP sockets.
* go#75008 os/exec: TestLookPath fails on plan9 after CL 685755.
* go#75021 testing/synctest: bubble not terminating.
* go#75083 os: File.Seek doesn't set the correct offset with Windows
overlapped handles.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3200=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-3200=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-3200=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3200=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3200=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3200=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3200=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3200=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3200=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3200=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3200=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3200=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3200=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3200=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-3200=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.25-doc-1.25.1-150000.1.8.1
* go1.25-race-1.25.1-150000.1.8.1
* go1.25-1.25.1-150000.1.8.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* go1.25-doc-1.25.1-150000.1.8.1
* go1.25-race-1.25.1-150000.1.8.1
* go1.25-1.25.1-150000.1.8.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* go1.25-doc-1.25.1-150000.1.8.1
* go1.25-race-1.25.1-150000.1.8.1
* go1.25-1.25.1-150000.1.8.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* go1.25-doc-1.25.1-150000.1.8.1
* go1.25-race-1.25.1-150000.1.8.1
* go1.25-1.25.1-150000.1.8.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* go1.25-doc-1.25.1-150000.1.8.1
* go1.25-race-1.25.1-150000.1.8.1
* go1.25-1.25.1-150000.1.8.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* go1.25-doc-1.25.1-150000.1.8.1
* go1.25-race-1.25.1-150000.1.8.1
* go1.25-1.25.1-150000.1.8.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* go1.25-doc-1.25.1-150000.1.8.1
* go1.25-race-1.25.1-150000.1.8.1
* go1.25-1.25.1-150000.1.8.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* go1.25-doc-1.25.1-150000.1.8.1
* go1.25-race-1.25.1-150000.1.8.1
* go1.25-1.25.1-150000.1.8.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* go1.25-doc-1.25.1-150000.1.8.1
* go1.25-race-1.25.1-150000.1.8.1
* go1.25-1.25.1-150000.1.8.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* go1.25-doc-1.25.1-150000.1.8.1
* go1.25-race-1.25.1-150000.1.8.1
* go1.25-1.25.1-150000.1.8.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* go1.25-doc-1.25.1-150000.1.8.1
* go1.25-race-1.25.1-150000.1.8.1
* go1.25-1.25.1-150000.1.8.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* go1.25-doc-1.25.1-150000.1.8.1
* go1.25-race-1.25.1-150000.1.8.1
* go1.25-1.25.1-150000.1.8.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* go1.25-doc-1.25.1-150000.1.8.1
* go1.25-race-1.25.1-150000.1.8.1
* go1.25-1.25.1-150000.1.8.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* go1.25-doc-1.25.1-150000.1.8.1
* go1.25-race-1.25.1-150000.1.8.1
* go1.25-1.25.1-150000.1.8.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* go1.25-doc-1.25.1-150000.1.8.1
* go1.25-race-1.25.1-150000.1.8.1
* go1.25-1.25.1-150000.1.8.1

## References:

* https://www.suse.com/security/cve/CVE-2025-47910.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244485
* https://bugzilla.suse.com/show_bug.cgi?id=1247816
* https://bugzilla.suse.com/show_bug.cgi?id=1248082
* https://bugzilla.suse.com/show_bug.cgi?id=1249141



SUSE-SU-2025:03198-1: important: Security update for curl


# Security update for curl

Announcement ID: SUSE-SU-2025:03198-1
Release Date: 2025-09-12T12:15:18Z
Rating: important
References:

* bsc#1228260
* bsc#1236589
* bsc#1243397
* bsc#1243706
* bsc#1243933
* bsc#1246197
* bsc#1249191
* bsc#1249348
* bsc#1249367
* jsc#PED-13055
* jsc#PED-13056

Cross-References:

* CVE-2024-6874
* CVE-2025-0665
* CVE-2025-10148
* CVE-2025-4947
* CVE-2025-5025
* CVE-2025-5399
* CVE-2025-9086

CVSS scores:

* CVE-2024-6874 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-6874 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-6874 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-0665 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-0665 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2025-0665 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-4947 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-4947 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
* CVE-2025-4947 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-5025 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-5025 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
* CVE-2025-5025 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-5399 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-5399 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-5399 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-9086 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves seven vulnerabilities, contains two features and has two
security fixes can now be installed.

## Description:

This update for curl fixes the following issues:

Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).

Security issues fixed:

* CVE-2025-0665: eventfd double close can cause libcurl to act unreliably
(bsc#1236589).
* CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for
MITM attacks (bsc#1243397).
* CVE-2025-5025: no QUIC certificate pinning with wolfSSL can lead to
connections to impostor servers that are not easily noticed (bsc#1243706).
* CVE-2025-5399: bug in websocket code can cause libcurl to get trapped in an
endless busy-loop when processing specially crafted packets (bsc#1243933).
* CVE-2024-6874: punycode conversions to/from IDN can leak stack content when
libcurl is built to use the macidn IDN backend (bsc#1228260).
* CVE-2025-9086: bug in patch comparison logic when processing cookies can
lead to out-of-bounds read in heap buffer (bsc#1249191).
* CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning
by malicious server (bsc#1249348).

Other issues fixed:

* Fix wrong return code when --retry is used (bsc#1249367).
* tool_operate: fix return code when --retry is used but not triggered
[b42776b]

* Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).

* tool_getparam: fix --ftp-pasv [5f805ee]

* Fixed with version 8.14.1:

* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.

Please see https://curl.se/ch/ for full changelogs.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3198=1 openSUSE-SLE-15.6-2025-3198=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3198=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3198=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libcurl-mini4-8.14.1-150600.4.28.1
* libcurl4-debuginfo-8.14.1-150600.4.28.1
* libcurl-devel-8.14.1-150600.4.28.1
* libcurl-mini4-debuginfo-8.14.1-150600.4.28.1
* libcurl4-8.14.1-150600.4.28.1
* curl-mini-debugsource-8.14.1-150600.4.28.1
* curl-8.14.1-150600.4.28.1
* curl-debuginfo-8.14.1-150600.4.28.1
* curl-debugsource-8.14.1-150600.4.28.1
* openSUSE Leap 15.6 (noarch)
* curl-zsh-completion-8.14.1-150600.4.28.1
* libcurl-devel-doc-8.14.1-150600.4.28.1
* curl-fish-completion-8.14.1-150600.4.28.1
* openSUSE Leap 15.6 (x86_64)
* libcurl4-32bit-debuginfo-8.14.1-150600.4.28.1
* libcurl-devel-32bit-8.14.1-150600.4.28.1
* libcurl4-32bit-8.14.1-150600.4.28.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libcurl4-64bit-debuginfo-8.14.1-150600.4.28.1
* libcurl-devel-64bit-8.14.1-150600.4.28.1
* libcurl4-64bit-8.14.1-150600.4.28.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libcurl4-debuginfo-8.14.1-150600.4.28.1
* libcurl-devel-8.14.1-150600.4.28.1
* libcurl4-8.14.1-150600.4.28.1
* curl-8.14.1-150600.4.28.1
* curl-debuginfo-8.14.1-150600.4.28.1
* curl-debugsource-8.14.1-150600.4.28.1
* Basesystem Module 15-SP6 (x86_64)
* libcurl4-32bit-debuginfo-8.14.1-150600.4.28.1
* libcurl4-32bit-8.14.1-150600.4.28.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libcurl4-debuginfo-8.14.1-150600.4.28.1
* libcurl-devel-8.14.1-150600.4.28.1
* libcurl4-8.14.1-150600.4.28.1
* curl-8.14.1-150600.4.28.1
* curl-debuginfo-8.14.1-150600.4.28.1
* curl-debugsource-8.14.1-150600.4.28.1
* Basesystem Module 15-SP7 (x86_64)
* libcurl4-32bit-debuginfo-8.14.1-150600.4.28.1
* libcurl4-32bit-8.14.1-150600.4.28.1

## References:

* https://www.suse.com/security/cve/CVE-2024-6874.html
* https://www.suse.com/security/cve/CVE-2025-0665.html
* https://www.suse.com/security/cve/CVE-2025-10148.html
* https://www.suse.com/security/cve/CVE-2025-4947.html
* https://www.suse.com/security/cve/CVE-2025-5025.html
* https://www.suse.com/security/cve/CVE-2025-5399.html
* https://www.suse.com/security/cve/CVE-2025-9086.html
* https://bugzilla.suse.com/show_bug.cgi?id=1228260
* https://bugzilla.suse.com/show_bug.cgi?id=1236589
* https://bugzilla.suse.com/show_bug.cgi?id=1243397
* https://bugzilla.suse.com/show_bug.cgi?id=1243706
* https://bugzilla.suse.com/show_bug.cgi?id=1243933
* https://bugzilla.suse.com/show_bug.cgi?id=1246197
* https://bugzilla.suse.com/show_bug.cgi?id=1249191
* https://bugzilla.suse.com/show_bug.cgi?id=1249348
* https://bugzilla.suse.com/show_bug.cgi?id=1249367
* https://jira.suse.com/browse/PED-13055
* https://jira.suse.com/browse/PED-13056



SUSE-SU-2025:03202-1: moderate: Security update for python-eventlet


# Security update for python-eventlet

Announcement ID: SUSE-SU-2025:03202-1
Release Date: 2025-09-12T12:27:38Z
Rating: moderate
References:

* bsc#1248994

Cross-References:

* CVE-2025-58068

CVSS scores:

* CVE-2025-58068 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-58068 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-58068 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6
* Python 3 Module 15-SP6
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for python-eventlet fixes the following issues:

* CVE-2025-58068: improper handling of HTTP trailer sections in WSGI parser
leads to HTTP request smuggling (bsc#1248994).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2025-3202=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3202=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3202=1

* Python 3 Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-3202=1

## Package List:

* Python 3 Module 15-SP7 (noarch)
* python311-eventlet-0.33.3-150400.5.6.1
* openSUSE Leap 15.4 (noarch)
* python311-eventlet-0.33.3-150400.5.6.1
* openSUSE Leap 15.6 (noarch)
* python311-eventlet-0.33.3-150400.5.6.1
* Python 3 Module 15-SP6 (noarch)
* python311-eventlet-0.33.3-150400.5.6.1

## References:

* https://www.suse.com/security/cve/CVE-2025-58068.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248994



openSUSE-SU-2025:15545-1: moderate: libssh-config-0.11.3-1.1 on GA media


# libssh-config-0.11.3-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15545-1
Rating: moderate

Cross-References:

* CVE-2025-8114
* CVE-2025-8277

CVSS scores:

* CVE-2025-8114 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-8114 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-8277 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the libssh-config-0.11.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libssh-config 0.11.3-1.1
* libssh-devel 0.11.3-1.1
* libssh4 0.11.3-1.1
* libssh4-32bit 0.11.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-8114.html
* https://www.suse.com/security/cve/CVE-2025-8277.html



openSUSE-SU-2025:15546-1: moderate: orthanc-gdcm-1.7-1.1 on GA media


# orthanc-gdcm-1.7-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15546-1
Rating: moderate

Cross-References:

* CVE-2024-22373
* CVE-2024-22391
* CVE-2024-25569

CVSS scores:

* CVE-2024-22373 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-22391 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
* CVE-2024-25569 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the orthanc-gdcm-1.7-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* orthanc-gdcm 1.7-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-22373.html
* https://www.suse.com/security/cve/CVE-2024-22391.html
* https://www.suse.com/security/cve/CVE-2024-25569.html


Kernel and CUPS updates for Slackware

OpenCV update for Debian 10 ELTS

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...