Kernel, MySQL-Connector-Java, Buildah, and more updates for SUSE Linux

SUSE 5500 Published by

Several security updates have been released for SUSE Linux, addressing various vulnerabilities and issues. These updates include patches for the Linux Kernel, as well as updates for software such as mysql-connector-java, rubygem-rack, buildah, and gitea-tea. The updates are categorized as either "important" or "moderate," with several affecting the Linux kernel through live patching. Specific package versions and SUSE release levels (such as SP4, SP5, and SP6) are also mentioned in the list of security updates.

SUSE-SU-2025:4281-1: important: Security update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise 15 SP4)
openSUSE-SU-2025-20091-1: important: Security update for the Linux Kernel
openSUSE-SU-2025-20089-1: important: Security update for mysql-connector-java
SUSE-SU-2025:4269-1: important: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2025:4273-1: important: Security update for rubygem-rack
SUSE-SU-2025:4274-1: important: Security update for buildah
SUSE-SU-2025:4275-1: important: Security update for the Linux Kernel (Live Patch 15 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2025:4282-1: important: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2025:4283-1: important: Security update for the Linux Kernel (Live Patch 26 for SUSE Linux Enterprise 15 SP5)
openSUSE-SU-2025:0443-1: moderate: Security update for gitea-tea
openSUSE-SU-2025:15771-1: moderate: git-bug-0.10.1-3.1 on GA media




SUSE-SU-2025:4281-1: important: Security update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2025:4281-1
Release Date: 2025-11-27T15:04:07Z
Rating: important
References:

* bsc#1251983

Cross-References:

* CVE-2023-53673

CVSS scores:

* CVE-2023-53673 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53673 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves one vulnerability can now be installed.

## Description:

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.173 fixes one
security issue

The following security issue was fixed:

* CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before
deleting conn (bsc#1251983).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4281=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-4281=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_43-debugsource-5-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_43-debugsource-5-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-53673.html
* https://bugzilla.suse.com/show_bug.cgi?id=1251983



openSUSE-SU-2025-20091-1: important: Security update for the Linux Kernel


openSUSE security update: security update for the linux kernel
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20091-1
Rating: important
References:

* bsc#1218644
* bsc#1238472
* bsc#1239206
* bsc#1241166
* bsc#1241637
* bsc#1247222
* bsc#1248630
* bsc#1249161
* bsc#1249226
* bsc#1249302
* bsc#1249317
* bsc#1249397
* bsc#1249398
* bsc#1249495
* bsc#1249512
* bsc#1249608
* bsc#1249735
* bsc#1250202
* bsc#1250379
* bsc#1250400
* bsc#1250455
* bsc#1250491
* bsc#1250704
* bsc#1250721
* bsc#1250749
* bsc#1250946
* bsc#1251176
* bsc#1251177
* bsc#1251232
* bsc#1251233
* bsc#1251804
* bsc#1251809
* bsc#1251819
* bsc#1251930
* bsc#1251967
* bsc#1252033
* bsc#1252035
* bsc#1252039
* bsc#1252044
* bsc#1252047
* bsc#1252051
* bsc#1252052
* bsc#1252056
* bsc#1252060
* bsc#1252062
* bsc#1252064
* bsc#1252065
* bsc#1252067
* bsc#1252069
* bsc#1252070
* bsc#1252072
* bsc#1252074
* bsc#1252075
* bsc#1252076
* bsc#1252078
* bsc#1252079
* bsc#1252081
* bsc#1252082
* bsc#1252083
* bsc#1252253
* bsc#1252265
* bsc#1252267
* bsc#1252270
* bsc#1252330
* bsc#1252333
* bsc#1252336
* bsc#1252346
* bsc#1252348
* bsc#1252349
* bsc#1252678
* bsc#1252679
* bsc#1252688
* bsc#1252725
* bsc#1252734
* bsc#1252772
* bsc#1252774
* bsc#1252780
* bsc#1252785
* bsc#1252787
* bsc#1252789
* bsc#1252797
* bsc#1252819
* bsc#1252822
* bsc#1252826
* bsc#1252841
* bsc#1252848
* bsc#1252849
* bsc#1252850
* bsc#1252851
* bsc#1252854
* bsc#1252858
* bsc#1252862
* bsc#1252865
* bsc#1252866
* bsc#1252873
* bsc#1252902
* bsc#1252909
* bsc#1252915
* bsc#1252918
* bsc#1252921
* bsc#1252939

Cross-References:

* CVE-2025-21816
* CVE-2025-38653
* CVE-2025-38718
* CVE-2025-39676
* CVE-2025-39702
* CVE-2025-39756
* CVE-2025-39779
* CVE-2025-39797
* CVE-2025-39812
* CVE-2025-39866
* CVE-2025-39876
* CVE-2025-39881
* CVE-2025-39895
* CVE-2025-39903
* CVE-2025-39911
* CVE-2025-39947
* CVE-2025-39948
* CVE-2025-39949
* CVE-2025-39950
* CVE-2025-39955
* CVE-2025-39956
* CVE-2025-39963
* CVE-2025-39965
* CVE-2025-39967
* CVE-2025-39968
* CVE-2025-39969
* CVE-2025-39970
* CVE-2025-39971
* CVE-2025-39972
* CVE-2025-39973
* CVE-2025-39978
* CVE-2025-39979
* CVE-2025-39981
* CVE-2025-39982
* CVE-2025-39984
* CVE-2025-39985
* CVE-2025-39986
* CVE-2025-39987
* CVE-2025-39988
* CVE-2025-39991
* CVE-2025-39992
* CVE-2025-39993
* CVE-2025-39994
* CVE-2025-39995
* CVE-2025-39996
* CVE-2025-39997
* CVE-2025-40000
* CVE-2025-40005
* CVE-2025-40009
* CVE-2025-40011
* CVE-2025-40012
* CVE-2025-40013
* CVE-2025-40016
* CVE-2025-40018
* CVE-2025-40019
* CVE-2025-40020
* CVE-2025-40029
* CVE-2025-40032
* CVE-2025-40035
* CVE-2025-40036
* CVE-2025-40037
* CVE-2025-40040
* CVE-2025-40043
* CVE-2025-40044
* CVE-2025-40048
* CVE-2025-40049
* CVE-2025-40051
* CVE-2025-40052
* CVE-2025-40056
* CVE-2025-40058
* CVE-2025-40060
* CVE-2025-40061
* CVE-2025-40062
* CVE-2025-40071
* CVE-2025-40078
* CVE-2025-40080
* CVE-2025-40085
* CVE-2025-40087
* CVE-2025-40091
* CVE-2025-40096
* CVE-2025-40100
* CVE-2025-40104
* CVE-2025-40364

CVSS scores:

* CVE-2025-21816 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38653 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-38653 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38718 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39676 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39702 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39756 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39779 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39797 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39797 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39812 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-39812 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-39866 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39866 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39876 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39881 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39895 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39895 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39903 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39903 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39911 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39947 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39947 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39948 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-39948 ( SUSE ): 5.3 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-39949 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-39949 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39950 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39950 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39955 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-39955 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39956 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-39956 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39963 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39963 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39965 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-39965 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39967 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-39967 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39968 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-39968 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-39969 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2025-39969 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-39970 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-39970 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39971 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-39971 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39972 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-39972 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39973 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39978 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39978 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39979 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39979 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39981 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39981 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39984 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39985 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39986 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39987 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39988 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39991 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39992 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39993 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39994 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39995 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39996 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39997 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40000 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40005 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-40005 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40009 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40009 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40011 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40011 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40012 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40012 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40013 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40016 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-40016 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-40018 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40019 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40019 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40020 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40020 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40029 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40029 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40032 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40032 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40035 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40036 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40037 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40037 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40040 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40040 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40043 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-40043 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40044 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-40044 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40048 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40049 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-40049 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40051 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40052 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40056 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40056 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40058 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40060 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40061 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40062 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40071 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40078 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40080 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40085 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40085 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40087 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40091 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-40091 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40096 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-40096 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40100 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40100 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40104 ( SUSE ): 0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N
* CVE-2025-40104 ( SUSE ): 0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-40364 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40364 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 83 vulnerabilities and has 101 bug fixes can now be installed.

Description:

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2025-21816: hrtimers: Force migrate away hrtimers queued after (bsc#1238472).
- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).
- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
- CVE-2025-39779: btrfs: subpage: keep TOWRITE tag until folio is cleaned (bsc#1249495).
- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).
- CVE-2025-39903: of_numa: fix uninitialized memory nodes causing kernel panic (bsc#1250749).
- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
- CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
- CVE-2025-39950: net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR (bsc#1251176).
- CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
- CVE-2025-39956: igc: don't fail igc_probe() on LED setup error (bsc#1251809).
- CVE-2025-39963: io_uring: fix incorrect io_kiocb reference in io_link_skb (bsc#1251819).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-39979: net/mlx5: fs, add API for sharing HWS action by refcount (bsc#1252067).
- CVE-2025-39984: net: tun: Update napi->skb after XDP process (bsc#1252081).
- CVE-2025-39992: mm: swap: check for stable address space before operating on the VMA (bsc#1252076).
- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
- CVE-2025-40012: net/smc: fix warning in smc_rx_splice() when calling get_page() (bsc#1252330).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).
- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).

The following non security issues were fixed:

- add bug reference to existing hv_netvsc change (bsc#1252265)
- amd-pstate-ut: Reset amd-pstate driver mode after running selftests (bsc#1249226).
- cgroup/cpuset: Remove remote_partition_check() & make update_cpumasks_hier() handle remote partition (bsc#1241166).
- cpuset: Use new excpus for nocpu error check when enabling root partition (bsc#1241166).
- cpuset: fix failure to enable isolated partition when containing isolcpus (bsc#1241166).
- doc/README.SUSE: Correct the character used for TAINT_NO_SUPPORT
The character was previously 'N', but upstream used it for TAINT_TEST,
which prompted the change of TAINT_NO_SUPPORT to 'n'.
- dpll: zl3073x: Add firmware loading functionality (bsc#1252253).
- dpll: zl3073x: Add functions to access hardware registers (bsc#1252253).
- dpll: zl3073x: Add low-level flash functions (bsc#1252253).
- dpll: zl3073x: Add support to get fractional frequency offset (bsc#1252253).
- dpll: zl3073x: Add support to get phase offset on connected input pin (bsc#1252253).
- dpll: zl3073x: Add support to get/set esync on pins (bsc#1252253).
- dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (bsc#1252253).
- dpll: zl3073x: Handle missing or corrupted flash configuration (bsc#1252253).
- dpll: zl3073x: Implement devlink flash callback (bsc#1252253).
- dpll: zl3073x: Increase maximum size of flash utility (bsc#1252253).
- dpll: zl3073x: Refactor DPLL initialization (bsc#1252253).
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).
- drm/xe/guc: Prepare GuC register list and update ADS size for error capture (stable-fixes).
- ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd (bsc#1247222).
- ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation (bsc#1247222).
- ixgbevf: fix getting link speed data for E610 devices (bsc#1247222).
- ixgbevf: fix mailbox API compatibility by negotiating supported features (bsc#1247222).
- kbuild/modfinal: Link livepatches with module-common.o (bsc#1218644, bsc#1252270).
- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).
- nvme-auth: update sc_c in host response (git-fixes bsc#1249397).
- perf hwmon_pmu: Fix uninitialized variable warning (perf-sle16-v6.13-userspace-update, git-fixes).
- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
- powerpc/fadump: skip parameter area allocation when fadump is disabled (jsc#PED-9891 git-fixes).
- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
- proc: fix type confusion in pde_set_flags() (bsc#1248630)
- rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946)
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
- x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1252725).
- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (bsc#1252734).
- x86/resctrl: Refactor resctrl_arch_rmid_read() (bsc#1252734).
- x86/virt/tdx: Mark memory cache state incoherent when making SEAMCALL (jsc#PED-348).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-58=1

Package List:

- openSUSE Leap 16.0:

cluster-md-kmp-64kb-6.12.0-160000.7.1
cluster-md-kmp-default-6.12.0-160000.7.1
cluster-md-kmp-rt-6.12.0-160000.7.1
dlm-kmp-64kb-6.12.0-160000.7.1
dlm-kmp-default-6.12.0-160000.7.1
dlm-kmp-rt-6.12.0-160000.7.1
dtb-allwinner-6.12.0-160000.7.1
dtb-altera-6.12.0-160000.7.1
dtb-amazon-6.12.0-160000.7.1
dtb-amd-6.12.0-160000.7.1
dtb-amlogic-6.12.0-160000.7.1
dtb-apm-6.12.0-160000.7.1
dtb-apple-6.12.0-160000.7.1
dtb-arm-6.12.0-160000.7.1
dtb-broadcom-6.12.0-160000.7.1
dtb-cavium-6.12.0-160000.7.1
dtb-exynos-6.12.0-160000.7.1
dtb-freescale-6.12.0-160000.7.1
dtb-hisilicon-6.12.0-160000.7.1
dtb-lg-6.12.0-160000.7.1
dtb-marvell-6.12.0-160000.7.1
dtb-mediatek-6.12.0-160000.7.1
dtb-nvidia-6.12.0-160000.7.1
dtb-qcom-6.12.0-160000.7.1
dtb-renesas-6.12.0-160000.7.1
dtb-rockchip-6.12.0-160000.7.1
dtb-socionext-6.12.0-160000.7.1
dtb-sprd-6.12.0-160000.7.1
dtb-xilinx-6.12.0-160000.7.1
gfs2-kmp-64kb-6.12.0-160000.7.1
gfs2-kmp-default-6.12.0-160000.7.1
gfs2-kmp-rt-6.12.0-160000.7.1
kernel-64kb-6.12.0-160000.7.1
kernel-64kb-devel-6.12.0-160000.7.1
kernel-64kb-extra-6.12.0-160000.7.1
kernel-64kb-optional-6.12.0-160000.7.1
kernel-default-6.12.0-160000.7.1
kernel-default-base-6.12.0-160000.6.1.160000.2.4
kernel-default-devel-6.12.0-160000.7.1
kernel-default-extra-6.12.0-160000.7.1
kernel-default-optional-6.12.0-160000.7.1
kernel-default-vdso-6.12.0-160000.7.1
kernel-devel-6.12.0-160000.7.1
kernel-docs-6.12.0-160000.7.1
kernel-docs-html-6.12.0-160000.7.1
kernel-kvmsmall-6.12.0-160000.7.1
kernel-kvmsmall-devel-6.12.0-160000.7.1
kernel-kvmsmall-vdso-6.12.0-160000.7.1
kernel-macros-6.12.0-160000.7.1
kernel-obs-build-6.12.0-160000.7.1
kernel-obs-qa-6.12.0-160000.7.1
kernel-rt-6.12.0-160000.7.1
kernel-rt-devel-6.12.0-160000.7.1
kernel-rt-extra-6.12.0-160000.7.1
kernel-rt-optional-6.12.0-160000.7.1
kernel-rt-vdso-6.12.0-160000.7.1
kernel-source-6.12.0-160000.7.1
kernel-source-vanilla-6.12.0-160000.7.1
kernel-syms-6.12.0-160000.7.1
kernel-zfcpdump-6.12.0-160000.7.1
kselftests-kmp-64kb-6.12.0-160000.7.1
kselftests-kmp-default-6.12.0-160000.7.1
kselftests-kmp-rt-6.12.0-160000.7.1
ocfs2-kmp-64kb-6.12.0-160000.7.1
ocfs2-kmp-default-6.12.0-160000.7.1
ocfs2-kmp-rt-6.12.0-160000.7.1

References:

* https://www.suse.com/security/cve/CVE-2025-21816.html
* https://www.suse.com/security/cve/CVE-2025-38653.html
* https://www.suse.com/security/cve/CVE-2025-38718.html
* https://www.suse.com/security/cve/CVE-2025-39676.html
* https://www.suse.com/security/cve/CVE-2025-39702.html
* https://www.suse.com/security/cve/CVE-2025-39756.html
* https://www.suse.com/security/cve/CVE-2025-39779.html
* https://www.suse.com/security/cve/CVE-2025-39797.html
* https://www.suse.com/security/cve/CVE-2025-39812.html
* https://www.suse.com/security/cve/CVE-2025-39866.html
* https://www.suse.com/security/cve/CVE-2025-39876.html
* https://www.suse.com/security/cve/CVE-2025-39881.html
* https://www.suse.com/security/cve/CVE-2025-39895.html
* https://www.suse.com/security/cve/CVE-2025-39903.html
* https://www.suse.com/security/cve/CVE-2025-39911.html
* https://www.suse.com/security/cve/CVE-2025-39947.html
* https://www.suse.com/security/cve/CVE-2025-39948.html
* https://www.suse.com/security/cve/CVE-2025-39949.html
* https://www.suse.com/security/cve/CVE-2025-39950.html
* https://www.suse.com/security/cve/CVE-2025-39955.html
* https://www.suse.com/security/cve/CVE-2025-39956.html
* https://www.suse.com/security/cve/CVE-2025-39963.html
* https://www.suse.com/security/cve/CVE-2025-39965.html
* https://www.suse.com/security/cve/CVE-2025-39967.html
* https://www.suse.com/security/cve/CVE-2025-39968.html
* https://www.suse.com/security/cve/CVE-2025-39969.html
* https://www.suse.com/security/cve/CVE-2025-39970.html
* https://www.suse.com/security/cve/CVE-2025-39971.html
* https://www.suse.com/security/cve/CVE-2025-39972.html
* https://www.suse.com/security/cve/CVE-2025-39973.html
* https://www.suse.com/security/cve/CVE-2025-39978.html
* https://www.suse.com/security/cve/CVE-2025-39979.html
* https://www.suse.com/security/cve/CVE-2025-39981.html
* https://www.suse.com/security/cve/CVE-2025-39982.html
* https://www.suse.com/security/cve/CVE-2025-39984.html
* https://www.suse.com/security/cve/CVE-2025-39985.html
* https://www.suse.com/security/cve/CVE-2025-39986.html
* https://www.suse.com/security/cve/CVE-2025-39987.html
* https://www.suse.com/security/cve/CVE-2025-39988.html
* https://www.suse.com/security/cve/CVE-2025-39991.html
* https://www.suse.com/security/cve/CVE-2025-39992.html
* https://www.suse.com/security/cve/CVE-2025-39993.html
* https://www.suse.com/security/cve/CVE-2025-39994.html
* https://www.suse.com/security/cve/CVE-2025-39995.html
* https://www.suse.com/security/cve/CVE-2025-39996.html
* https://www.suse.com/security/cve/CVE-2025-39997.html
* https://www.suse.com/security/cve/CVE-2025-40000.html
* https://www.suse.com/security/cve/CVE-2025-40005.html
* https://www.suse.com/security/cve/CVE-2025-40009.html
* https://www.suse.com/security/cve/CVE-2025-40011.html
* https://www.suse.com/security/cve/CVE-2025-40012.html
* https://www.suse.com/security/cve/CVE-2025-40013.html
* https://www.suse.com/security/cve/CVE-2025-40016.html
* https://www.suse.com/security/cve/CVE-2025-40018.html
* https://www.suse.com/security/cve/CVE-2025-40019.html
* https://www.suse.com/security/cve/CVE-2025-40020.html
* https://www.suse.com/security/cve/CVE-2025-40029.html
* https://www.suse.com/security/cve/CVE-2025-40032.html
* https://www.suse.com/security/cve/CVE-2025-40035.html
* https://www.suse.com/security/cve/CVE-2025-40036.html
* https://www.suse.com/security/cve/CVE-2025-40037.html
* https://www.suse.com/security/cve/CVE-2025-40040.html
* https://www.suse.com/security/cve/CVE-2025-40043.html
* https://www.suse.com/security/cve/CVE-2025-40044.html
* https://www.suse.com/security/cve/CVE-2025-40048.html
* https://www.suse.com/security/cve/CVE-2025-40049.html
* https://www.suse.com/security/cve/CVE-2025-40051.html
* https://www.suse.com/security/cve/CVE-2025-40052.html
* https://www.suse.com/security/cve/CVE-2025-40056.html
* https://www.suse.com/security/cve/CVE-2025-40058.html
* https://www.suse.com/security/cve/CVE-2025-40060.html
* https://www.suse.com/security/cve/CVE-2025-40061.html
* https://www.suse.com/security/cve/CVE-2025-40062.html
* https://www.suse.com/security/cve/CVE-2025-40071.html
* https://www.suse.com/security/cve/CVE-2025-40078.html
* https://www.suse.com/security/cve/CVE-2025-40080.html
* https://www.suse.com/security/cve/CVE-2025-40085.html
* https://www.suse.com/security/cve/CVE-2025-40087.html
* https://www.suse.com/security/cve/CVE-2025-40091.html
* https://www.suse.com/security/cve/CVE-2025-40096.html
* https://www.suse.com/security/cve/CVE-2025-40100.html
* https://www.suse.com/security/cve/CVE-2025-40104.html
* https://www.suse.com/security/cve/CVE-2025-40364.html



openSUSE-SU-2025-20089-1: important: Security update for mysql-connector-java


openSUSE security update: security update for mysql-connector-java
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20089-1
Rating: important
References:

* bsc#1241693

Cross-References:

* CVE-2025-30706

CVSS scores:

* CVE-2025-30706 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-30706 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for mysql-connector-java fixes the following issues:

- Upgrade to Version 9.3.0
- CVE-2025-30706: Fixed Connector/J vulnerability (bsc#1241693)
- Updatable ResultSet fails with 'Parameter index out of range'.
- Fixed Resultset UPDATE methods not checking validity of ResultSet.
- DatabaseMetaData clean up.
- Fixed implement missing methods in DatabaseMetaDataUsingInfoSchema.
- Fixed procedure execution failing when the parameter name contains escape character.
- Fixed allow only Krb5LoginModule in Kerberos authentication.
- Fixed EXECUTE on CallableStatement resulting in ArrayIndexOutOfBoundsException.
- Mysql connector use an uneffective way to match numericValue.
- Fixed parameter index validation not proper in CallableStatement

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-56=1

Package List:

- openSUSE Leap 16.0:

mysql-connector-java-9.3.0-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-30706.html



SUSE-SU-2025:4269-1: important: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2025:4269-1
Release Date: 2025-11-26T21:37:22Z
Rating: important
References:

* bsc#1248672
* bsc#1249537

Cross-References:

* CVE-2025-38500
* CVE-2025-38616

CVSS scores:

* CVE-2025-38500 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38500 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38616 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-38616 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.65 fixes
various security issues

The following security issues were fixed:

* CVE-2025-38500: xfrm: interface: fix use-after-free after changing
collect_md xfrm interface (bsc#1248672).
* CVE-2025-38616: tls: handle data disappearing from under the TLS ULP
(bsc#1249537).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-4269=1 SUSE-2025-4270=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-4269=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-4270=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-9-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-4-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-9-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-4-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38500.html
* https://www.suse.com/security/cve/CVE-2025-38616.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248672
* https://bugzilla.suse.com/show_bug.cgi?id=1249537



SUSE-SU-2025:4273-1: important: Security update for rubygem-rack


# Security update for rubygem-rack

Announcement ID: SUSE-SU-2025:4273-1
Release Date: 2025-11-27T08:12:41Z
Rating: important
References:

* bsc#1251936
* bsc#1253951

Cross-References:

* CVE-2025-61780
* CVE-2025-61919

CVSS scores:

* CVE-2025-61780 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
* CVE-2025-61780 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
* CVE-2025-61780 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-61780 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
* CVE-2025-61919 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61919 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61919 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise High Availability Extension 15 SP3
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Availability Extension 15 SP5
* SUSE Linux Enterprise High Availability Extension 15 SP6
* SUSE Linux Enterprise High Availability Extension 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 Business Critical Linux
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.2
* SUSE Manager Server 4.3

An update that solves two vulnerabilities can now be installed.

## Description:

This update for rubygem-rack fixes the following issues:

* Update to version 2.2.20 (bsc#1251936)
* CVE-2025-61919: Fixed application/x-www-form-urlencoded`,
calling`rack.input.read(nil)` without enforcing a length or cap
(bsc#1251936)
* CVE-2025-61780: Fixed improper handling of headers in `Rack::Sendfile`
allows for bypass of proxy-level access restrictions (bsc#1253951)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4273=1

* SUSE Linux Enterprise High Availability Extension 15 SP3
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2025-4273=1

* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2025-4273=1

* SUSE Linux Enterprise High Availability Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2025-4273=1

* SUSE Linux Enterprise High Availability Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2025-4273=1

* SUSE Linux Enterprise High Availability Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2025-4273=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* ruby2.5-rubygem-rack-2.2.20-150000.3.34.1
* ruby2.5-rubygem-rack-doc-2.2.20-150000.3.34.1
* SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le
s390x x86_64)
* ruby2.5-rubygem-rack-2.2.20-150000.3.34.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* ruby2.5-rubygem-rack-2.2.20-150000.3.34.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le
s390x x86_64)
* ruby2.5-rubygem-rack-2.2.20-150000.3.34.1
* SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le
s390x x86_64)
* ruby2.5-rubygem-rack-2.2.20-150000.3.34.1
* SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64 ppc64le
s390x x86_64)
* ruby2.5-rubygem-rack-2.2.20-150000.3.34.1

## References:

* https://www.suse.com/security/cve/CVE-2025-61780.html
* https://www.suse.com/security/cve/CVE-2025-61919.html
* https://bugzilla.suse.com/show_bug.cgi?id=1251936
* https://bugzilla.suse.com/show_bug.cgi?id=1253951



SUSE-SU-2025:4274-1: important: Security update for buildah


# Security update for buildah

Announcement ID: SUSE-SU-2025:4274-1
Release Date: 2025-11-27T08:13:05Z
Rating: important
References:

* bsc#1253598

Cross-References:

* CVE-2025-47913

CVSS scores:

* CVE-2025-47913 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves one vulnerability can now be installed.

## Description:

This update for buildah fixes the following issues:

* CVE-2025-47913: Fixed a bug in the client process termination when receiving
an unexpected message type in response to a key listing or signing request.
(bsc#1253598)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4274=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4274=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4274=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4274=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4274=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* buildah-1.35.5-150400.3.56.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* buildah-1.35.5-150400.3.56.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* buildah-1.35.5-150400.3.56.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* buildah-1.35.5-150400.3.56.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150400.3.56.1

## References:

* https://www.suse.com/security/cve/CVE-2025-47913.html
* https://bugzilla.suse.com/show_bug.cgi?id=1253598



SUSE-SU-2025:4275-1: important: Security update for the Linux Kernel (Live Patch 15 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 15 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2025:4275-1
Release Date: 2025-11-27T10:04:14Z
Rating: important
References:

* bsc#1249537

Cross-References:

* CVE-2025-38616

CVSS scores:

* CVE-2025-38616 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-38616 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.70 fixes one
security issue

The following security issue was fixed:

* CVE-2025-38616: tls: handle data disappearing from under the TLS ULP
(bsc#1249537).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-4275=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-4275=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_15-debugsource-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-4-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_15-debugsource-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-4-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38616.html
* https://bugzilla.suse.com/show_bug.cgi?id=1249537



SUSE-SU-2025:4282-1: important: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2025:4282-1
Release Date: 2025-11-27T16:34:16Z
Rating: important
References:

* bsc#1248672
* bsc#1249537

Cross-References:

* CVE-2025-38500
* CVE-2025-38616

CVSS scores:

* CVE-2025-38500 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38500 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38616 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-38616 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.50 fixes
various security issues

The following security issues were fixed:

* CVE-2025-38500: xfrm: interface: fix use-after-free after changing
collect_md xfrm interface (bsc#1248672).
* CVE-2025-38616: tls: handle data disappearing from under the TLS ULP
(bsc#1249537).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-4282=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-4282=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-9-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_50-default-9-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-9-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_50-default-9-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38500.html
* https://www.suse.com/security/cve/CVE-2025-38616.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248672
* https://bugzilla.suse.com/show_bug.cgi?id=1249537



SUSE-SU-2025:4283-1: important: Security update for the Linux Kernel (Live Patch 26 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 26 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2025:4283-1
Release Date: 2025-11-27T19:33:47Z
Rating: important
References:

* bsc#1242882
* bsc#1245778

Cross-References:

* CVE-2024-53141
* CVE-2025-23145

CVSS scores:

* CVE-2024-53141 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53141 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53141 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-23145 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-23145 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-23145 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.103 fixes
various security issues

The following security issues were fixed:

* CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt
(bsc#1245778).
* CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow
(bsc#1242882).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-4283=1 SUSE-2025-4284=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-4283=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-4284=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-10-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-10-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-15-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_21-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-10-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-10-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-10-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-15-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_21-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-10-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-53141.html
* https://www.suse.com/security/cve/CVE-2025-23145.html
* https://bugzilla.suse.com/show_bug.cgi?id=1242882
* https://bugzilla.suse.com/show_bug.cgi?id=1245778



openSUSE-SU-2025:0443-1: moderate: Security update for gitea-tea


openSUSE Security Update: Security update for gitea-tea
_______________________________

Announcement ID: openSUSE-SU-2025:0443-1
Rating: moderate
References: #1251471 #1251663
Cross-References: CVE-2025-47911 CVE-2025-58190
CVSS scores:
CVE-2025-47911 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVE-2025-58190 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for gitea-tea fixes the following issues:

- update to 0.11.1:
* 61d4e57 Fix Pr Create crash (#823)
* 4f33146 add test for matching logins (#820)
* 08b8398 Update README.md (#819)

- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by
`html.ParseFragment` when processing specially crafted input
(boo#1251663)
- CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic
complexity when parsing HTML documents (boo#1251471)

- update to 0.11.0:
* Fix yaml output single quote (#814)
* generate man page (#811)
* feat: add validation for object-format flag in repo create command
(#741)
* Fix release version (#815)
* update gitea sdk to v0.22 (#813)
* don't fallback login directly (#806)
* Check duplicated login name in interact mode when creating new login
(#803)
* Fix bug when output json with special chars (#801)
* add debug mode and update readme (#805)
* update go.mod to retract the wrong tag v1.3.3 (#802)
* revert completion scripts removal (#808)
* Remove pagination from context (#807)
* Continue auth when failed to open browser (#794)
* Fix bug (#793)
* Fix tea login add with ssh public key bug (#789)
* Add temporary authentication via environment variables (#639)
* Fix attachment size (#787)
* deploy image when tagging (#792)
* Add Zip URL for release list (#788)
* Use bubbletea instead of survey for interacting with TUI (#786)
* capitalize a few items
* rm out of date comparison file
* README: Document logging in to gitea (#790)
* remove autocomplete command (#782)
* chore(deps): update ghcr.io/devcontainers/features/git-lfs docker tag
to v1.2.5 (#773)
* replace arch package url (#783)
* fix: Reenable -p and --limit switches (#778)

- Update to 0.10.1+git.1757695903.cc20b52:
- feat: add validation for object-format flag in repo create command
(see gh#openSUSE/openSUSE-git#60)
- Fix release version
- update gitea sdk to v0.22
- don't fallback login directly
- Check duplicated login name in interact mode when creating new login
- Fix bug when output json with special chars
- add debug mode and update readme
- update go.mod to retract the wrong tag v1.3.3
- revert completion scripts removal
- Remove pagination from context
- Continue auth when failed to open browser
- Fix bug
- Fix tea login add with ssh public key bug
- Add temporary authentication via environment variables
- Fix attachment size
- deploy image when tagging
- Add Zip URL for release list
- Use bubbletea instead of survey for interacting with TUI
- capitalize a few items
- rm out of date comparison file
- README: Document logging in to gitea
- remove autocomplete command
- chore(deps): update ghcr.io/devcontainers/features/git-lfs docker tag
to v1.2.5
- replace arch package url
- fix: Reenable `-p` and `--limit` switches

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-443=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

gitea-tea-0.11.1-bp156.14.1

- openSUSE Backports SLE-15-SP6 (noarch):

gitea-tea-bash-completion-0.11.1-bp156.14.1
gitea-tea-zsh-completion-0.11.1-bp156.14.1

References:

https://www.suse.com/security/cve/CVE-2025-47911.html
https://www.suse.com/security/cve/CVE-2025-58190.html
https://bugzilla.suse.com/1251471
https://bugzilla.suse.com/1251663



openSUSE-SU-2025:15771-1: moderate: git-bug-0.10.1-3.1 on GA media


# git-bug-0.10.1-3.1 on GA media

Announcement ID: openSUSE-SU-2025:15771-1
Rating: moderate

Cross-References:

* CVE-2025-47913
* CVE-2025-47914
* CVE-2025-58181

CVSS scores:

* CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-47914 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58181 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58181 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the git-bug-0.10.1-3.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* git-bug 0.10.1-3.1
* git-bug-bash-completion 0.10.1-3.1
* git-bug-fish-completion 0.10.1-3.1
* git-bug-zsh-completion 0.10.1-3.1

## References:

* https://www.suse.com/security/cve/CVE-2025-47913.html
* https://www.suse.com/security/cve/CVE-2025-47914.html
* https://www.suse.com/security/cve/CVE-2025-58181.html


CUPS update for Slackware

CUPS, FFmpeg. OpenVPN, LibXML2, WebKitGTK updates for Ubuntu

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...