Kernel, Python, GDK-Pixbuf, and more updates for SUSE

SUSE 5495 Published by

SUSE Linux has released various security updates, which include live patches for the Linux Kernel, a moderate patch for Python 3.10, and a security update for gdk-pixbuf, among others:

SUSE-SU-2025:02933-1: important: Security update for the Linux Kernel (Live Patch 59 for SLE 15 SP3)
SUSE-SU-2025:02934-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP6)
SUSE-SU-2025:02948-1: moderate: Security update for python310
SUSE-SU-2025:02938-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)
SUSE-SU-2025:02936-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP4)
SUSE-SU-2025:02937-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)
SUSE-SU-2025:02945-1: important: Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)
openSUSE-SU-2025:15470-1: moderate: govulncheck-vulndb-0.0.20250818T190335-1.1 on GA media
openSUSE-SU-2025:15469-1: moderate: gdk-pixbuf-devel-2.42.12-5.1 on GA media
openSUSE-SU-2025:15468-1: moderate: firefox-esr-140.2.0-1.1 on GA media
openSUSE-SU-2025:15471-1: moderate: wicked2nm-1.2.1-1.1 on GA media
SUSE-SU-2025:02954-1: important: Security update for gdk-pixbuf
SUSE-SU-2025:02955-1: important: Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)




SUSE-SU-2025:02933-1: important: Security update for the Linux Kernel (Live Patch 59 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 59 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:02933-1
Release Date: 2025-08-20T20:03:42Z
Rating: important
References:

* bsc#1245218
* bsc#1247350
* bsc#1247351

Cross-References:

* CVE-2025-38079
* CVE-2025-38494
* CVE-2025-38495

CVSS scores:

* CVE-2025-38079 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_211 fixes several issues.

The following security issues were fixed:

* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
* CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept
(bsc#1245218).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2933=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2933=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_59-debugsource-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-default-debuginfo-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-default-3-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_211-preempt-debuginfo-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-preempt-3-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_59-debugsource-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-default-debuginfo-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-default-3-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38079.html
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245218
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351



SUSE-SU-2025:02934-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:02934-1
Release Date: 2025-08-20T21:33:53Z
Rating: important
References:

* bsc#1245218
* bsc#1245350
* bsc#1247350
* bsc#1247351

Cross-References:

* CVE-2025-38079
* CVE-2025-38083
* CVE-2025-38494
* CVE-2025-38495

CVSS scores:

* CVE-2025-38079 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_47 fixes several issues.

The following security issues were fixed:

* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
* CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept
(bsc#1245218).
* CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2934=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2934=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_47-default-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_10-debugsource-4-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_47-default-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_10-debugsource-4-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38079.html
* https://www.suse.com/security/cve/CVE-2025-38083.html
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245218
* https://bugzilla.suse.com/show_bug.cgi?id=1245350
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351



SUSE-SU-2025:02948-1: moderate: Security update for python310


# Security update for python310

Announcement ID: SUSE-SU-2025:02948-1
Release Date: 2025-08-21T11:47:52Z
Rating: moderate
References:

* bsc#1247249

Cross-References:

* CVE-2025-8194

CVSS scores:

* CVE-2025-8194 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-8194 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-8194 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6

An update that solves one vulnerability can now be installed.

## Description:

This update for python310 fixes the following issues:

* CVE-2025-8194: Fixed denial of service caused by tar archives with negative
offsets (bsc#1247249).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2948=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2948=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libpython3_10-1_0-debuginfo-3.10.18-150400.4.88.1
* python310-3.10.18-150400.4.88.1
* python310-debuginfo-3.10.18-150400.4.88.1
* python310-core-debugsource-3.10.18-150400.4.88.1
* python310-dbm-3.10.18-150400.4.88.1
* python310-idle-3.10.18-150400.4.88.1
* python310-curses-3.10.18-150400.4.88.1
* python310-base-3.10.18-150400.4.88.1
* python310-testsuite-debuginfo-3.10.18-150400.4.88.1
* python310-curses-debuginfo-3.10.18-150400.4.88.1
* python310-dbm-debuginfo-3.10.18-150400.4.88.1
* python310-tools-3.10.18-150400.4.88.1
* python310-doc-devhelp-3.10.18-150400.4.88.1
* python310-testsuite-3.10.18-150400.4.88.1
* python310-tk-3.10.18-150400.4.88.1
* python310-tk-debuginfo-3.10.18-150400.4.88.1
* python310-devel-3.10.18-150400.4.88.1
* python310-debugsource-3.10.18-150400.4.88.1
* python310-doc-3.10.18-150400.4.88.1
* libpython3_10-1_0-3.10.18-150400.4.88.1
* python310-base-debuginfo-3.10.18-150400.4.88.1
* openSUSE Leap 15.4 (x86_64)
* libpython3_10-1_0-32bit-3.10.18-150400.4.88.1
* python310-32bit-3.10.18-150400.4.88.1
* python310-32bit-debuginfo-3.10.18-150400.4.88.1
* python310-base-32bit-3.10.18-150400.4.88.1
* libpython3_10-1_0-32bit-debuginfo-3.10.18-150400.4.88.1
* python310-base-32bit-debuginfo-3.10.18-150400.4.88.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* python310-64bit-debuginfo-3.10.18-150400.4.88.1
* python310-64bit-3.10.18-150400.4.88.1
* libpython3_10-1_0-64bit-debuginfo-3.10.18-150400.4.88.1
* python310-base-64bit-3.10.18-150400.4.88.1
* python310-base-64bit-debuginfo-3.10.18-150400.4.88.1
* libpython3_10-1_0-64bit-3.10.18-150400.4.88.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libpython3_10-1_0-debuginfo-3.10.18-150400.4.88.1
* python310-3.10.18-150400.4.88.1
* python310-debuginfo-3.10.18-150400.4.88.1
* python310-core-debugsource-3.10.18-150400.4.88.1
* python310-dbm-3.10.18-150400.4.88.1
* python310-idle-3.10.18-150400.4.88.1
* python310-curses-3.10.18-150400.4.88.1
* libpython3_10-1_0-3.10.18-150400.4.88.1
* python310-base-3.10.18-150400.4.88.1
* python310-testsuite-debuginfo-3.10.18-150400.4.88.1
* python310-curses-debuginfo-3.10.18-150400.4.88.1
* python310-tools-3.10.18-150400.4.88.1
* python310-doc-devhelp-3.10.18-150400.4.88.1
* python310-testsuite-3.10.18-150400.4.88.1
* python310-tk-3.10.18-150400.4.88.1
* python310-tk-debuginfo-3.10.18-150400.4.88.1
* python310-devel-3.10.18-150400.4.88.1
* python310-debugsource-3.10.18-150400.4.88.1
* python310-doc-3.10.18-150400.4.88.1
* python310-dbm-debuginfo-3.10.18-150400.4.88.1
* python310-base-debuginfo-3.10.18-150400.4.88.1
* openSUSE Leap 15.6 (x86_64)
* libpython3_10-1_0-32bit-3.10.18-150400.4.88.1
* python310-32bit-3.10.18-150400.4.88.1
* python310-32bit-debuginfo-3.10.18-150400.4.88.1
* python310-base-32bit-3.10.18-150400.4.88.1
* libpython3_10-1_0-32bit-debuginfo-3.10.18-150400.4.88.1
* python310-base-32bit-debuginfo-3.10.18-150400.4.88.1

## References:

* https://www.suse.com/security/cve/CVE-2025-8194.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247249



SUSE-SU-2025:02938-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:02938-1
Release Date: 2025-08-21T09:04:12Z
Rating: important
References:

* bsc#1245350
* bsc#1247350
* bsc#1247351

Cross-References:

* CVE-2025-38083
* CVE-2025-38494
* CVE-2025-38495

CVSS scores:

* CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_53 fixes several issues.

The following security issues were fixed:

* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
* CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2938=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2938=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_53-default-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-3-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-3-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_53-default-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-3-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-3-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38083.html
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245350
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351



SUSE-SU-2025:02936-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:02936-1
Release Date: 2025-08-21T09:03:55Z
Rating: important
References:

* bsc#1232927
* bsc#1245218
* bsc#1247350
* bsc#1247351

Cross-References:

* CVE-2025-38079
* CVE-2025-38494
* CVE-2025-38495

CVSS scores:

* CVE-2025-38079 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves three vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_170 fixes several issues.

The following security issues were fixed:

* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
* CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept
(bsc#1245218).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-2936=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2936=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-2-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-2-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38079.html
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232927
* https://bugzilla.suse.com/show_bug.cgi?id=1245218
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351



SUSE-SU-2025:02937-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:02937-1
Release Date: 2025-08-21T09:04:04Z
Rating: important
References:

* bsc#1245218
* bsc#1245350
* bsc#1247350
* bsc#1247351

Cross-References:

* CVE-2025-38079
* CVE-2025-38083
* CVE-2025-38494
* CVE-2025-38495

CVSS scores:

* CVE-2025-38079 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_30 fixes several issues.

The following security issues were fixed:

* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
* CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept
(bsc#1245218).
* CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2937=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2937=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-10-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_6-debugsource-10-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-10-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-10-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_6-debugsource-10-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-10-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38079.html
* https://www.suse.com/security/cve/CVE-2025-38083.html
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245218
* https://bugzilla.suse.com/show_bug.cgi?id=1245350
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351



SUSE-SU-2025:02945-1: important: Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:02945-1
Release Date: 2025-08-21T11:33:43Z
Rating: important
References:

* bsc#1244631
* bsc#1245218
* bsc#1245350
* bsc#1247350
* bsc#1247351

Cross-References:

* CVE-2024-36978
* CVE-2025-38079
* CVE-2025-38083
* CVE-2025-38494
* CVE-2025-38495

CVSS scores:

* CVE-2024-36978 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36978 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38079 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_185 fixes several issues.

The following security issues were fixed:

* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
* CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept
(bsc#1245218).
* CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
* CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in
multiq_tune() (bsc#1244631).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2945=1 SUSE-2025-2946=1 SUSE-2025-2947=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2945=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-2946=1 SUSE-SLE-Module-Live-
Patching-15-SP3-2025-2947=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-16-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_50-debugsource-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-default-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-default-debuginfo-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-default-debuginfo-10-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_51-debugsource-10-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_47-debugsource-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-default-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-16-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_185-preempt-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-preempt-debuginfo-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-preempt-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-preempt-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-preempt-debuginfo-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-preempt-debuginfo-16-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-default-10-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_47-debugsource-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-default-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-16-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-36978.html
* https://www.suse.com/security/cve/CVE-2025-38079.html
* https://www.suse.com/security/cve/CVE-2025-38083.html
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244631
* https://bugzilla.suse.com/show_bug.cgi?id=1245218
* https://bugzilla.suse.com/show_bug.cgi?id=1245350
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351



openSUSE-SU-2025:15470-1: moderate: govulncheck-vulndb-0.0.20250818T190335-1.1 on GA media


# govulncheck-vulndb-0.0.20250818T190335-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15470-1
Rating: moderate

Cross-References:

* CVE-2023-26154
* CVE-2025-44001
* CVE-2025-44004
* CVE-2025-48731
* CVE-2025-49221
* CVE-2025-50946
* CVE-2025-52931
* CVE-2025-53514
* CVE-2025-53857
* CVE-2025-53910
* CVE-2025-54458
* CVE-2025-54463
* CVE-2025-54478
* CVE-2025-54525
* CVE-2025-55196
* CVE-2025-55198
* CVE-2025-55199
* CVE-2025-8285
* CVE-2025-9039

CVSS scores:

* CVE-2025-55198 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-55198 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55199 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-55199 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 19 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the govulncheck-vulndb-0.0.20250818T190335-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* govulncheck-vulndb 0.0.20250818T190335-1.1

## References:

* https://www.suse.com/security/cve/CVE-2023-26154.html
* https://www.suse.com/security/cve/CVE-2025-44001.html
* https://www.suse.com/security/cve/CVE-2025-44004.html
* https://www.suse.com/security/cve/CVE-2025-48731.html
* https://www.suse.com/security/cve/CVE-2025-49221.html
* https://www.suse.com/security/cve/CVE-2025-50946.html
* https://www.suse.com/security/cve/CVE-2025-52931.html
* https://www.suse.com/security/cve/CVE-2025-53514.html
* https://www.suse.com/security/cve/CVE-2025-53857.html
* https://www.suse.com/security/cve/CVE-2025-53910.html
* https://www.suse.com/security/cve/CVE-2025-54458.html
* https://www.suse.com/security/cve/CVE-2025-54463.html
* https://www.suse.com/security/cve/CVE-2025-54478.html
* https://www.suse.com/security/cve/CVE-2025-54525.html
* https://www.suse.com/security/cve/CVE-2025-55196.html
* https://www.suse.com/security/cve/CVE-2025-55198.html
* https://www.suse.com/security/cve/CVE-2025-55199.html
* https://www.suse.com/security/cve/CVE-2025-8285.html
* https://www.suse.com/security/cve/CVE-2025-9039.html



openSUSE-SU-2025:15469-1: moderate: gdk-pixbuf-devel-2.42.12-5.1 on GA media


# gdk-pixbuf-devel-2.42.12-5.1 on GA media

Announcement ID: openSUSE-SU-2025:15469-1
Rating: moderate

Cross-References:

* CVE-2025-7345

CVSS scores:

* CVE-2025-7345 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-7345 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the gdk-pixbuf-devel-2.42.12-5.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* gdk-pixbuf-devel 2.42.12-5.1
* gdk-pixbuf-devel-32bit 2.42.12-5.1
* gdk-pixbuf-lang 2.42.12-5.1
* gdk-pixbuf-query-loaders 2.42.12-5.1
* gdk-pixbuf-query-loaders-32bit 2.42.12-5.1
* gdk-pixbuf-thumbnailer 2.42.12-5.1
* libgdk_pixbuf-2_0-0 2.42.12-5.1
* libgdk_pixbuf-2_0-0-32bit 2.42.12-5.1
* typelib-1_0-GdkPixbuf-2_0 2.42.12-5.1
* typelib-1_0-GdkPixdata-2_0 2.42.12-5.1

## References:

* https://www.suse.com/security/cve/CVE-2025-7345.html



openSUSE-SU-2025:15468-1: moderate: firefox-esr-140.2.0-1.1 on GA media


# firefox-esr-140.2.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15468-1
Rating: moderate

Cross-References:

* CVE-2025-9179
* CVE-2025-9180
* CVE-2025-9181
* CVE-2025-9182
* CVE-2025-9183
* CVE-2025-9184
* CVE-2025-9185

CVSS scores:

* CVE-2025-9180 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2025-9181 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
* CVE-2025-9182 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-9183 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2025-9184 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-9185 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 7 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the firefox-esr-140.2.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* firefox-esr 140.2.0-1.1
* firefox-esr-branding-upstream 140.2.0-1.1
* firefox-esr-translations-common 140.2.0-1.1
* firefox-esr-translations-other 140.2.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-9179.html
* https://www.suse.com/security/cve/CVE-2025-9180.html
* https://www.suse.com/security/cve/CVE-2025-9181.html
* https://www.suse.com/security/cve/CVE-2025-9182.html
* https://www.suse.com/security/cve/CVE-2025-9183.html
* https://www.suse.com/security/cve/CVE-2025-9184.html
* https://www.suse.com/security/cve/CVE-2025-9185.html



openSUSE-SU-2025:15471-1: moderate: wicked2nm-1.2.1-1.1 on GA media


# wicked2nm-1.2.1-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15471-1
Rating: moderate

Cross-References:

* CVE-2025-55159

CVSS scores:

* CVE-2025-55159 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2025-55159 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the wicked2nm-1.2.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* wicked2nm 1.2.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-55159.html



SUSE-SU-2025:02954-1: important: Security update for gdk-pixbuf


# Security update for gdk-pixbuf

Announcement ID: SUSE-SU-2025:02954-1
Release Date: 2025-08-21T13:43:04Z
Rating: important
References:

* bsc#1245227
* bsc#1246114

Cross-References:

* CVE-2025-6199
* CVE-2025-7345

CVSS scores:

* CVE-2025-6199 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-6199 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2025-6199 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2025-6199 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2025-7345 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-7345 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-7345 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for gdk-pixbuf fixes the following issues:

* CVE-2025-6199: Fixed uninitialized memory leading to arbitrary memory
contents leak (bsc#1245227)
* CVE-2025-7345: Fixed heap buffer overflow within the
gdk_pixbuf__jpeg_image_load_increment function (bsc#1246114)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2954=1 SUSE-2025-2954=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2954=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2954=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* gdk-pixbuf-devel-2.42.12-150600.3.8.1
* typelib-1_0-GdkPixbuf-2_0-2.42.12-150600.3.8.1
* gdk-pixbuf-debugsource-2.42.12-150600.3.8.1
* libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150600.3.8.1
* gdk-pixbuf-devel-debuginfo-2.42.12-150600.3.8.1
* gdk-pixbuf-query-loaders-2.42.12-150600.3.8.1
* gdk-pixbuf-query-loaders-debuginfo-2.42.12-150600.3.8.1
* gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150600.3.8.1
* gdk-pixbuf-thumbnailer-2.42.12-150600.3.8.1
* typelib-1_0-GdkPixdata-2_0-2.42.12-150600.3.8.1
* libgdk_pixbuf-2_0-0-2.42.12-150600.3.8.1
* openSUSE Leap 15.6 (x86_64)
* libgdk_pixbuf-2_0-0-32bit-2.42.12-150600.3.8.1
* gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150600.3.8.1
* libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150600.3.8.1
* gdk-pixbuf-devel-32bit-debuginfo-2.42.12-150600.3.8.1
* gdk-pixbuf-query-loaders-32bit-2.42.12-150600.3.8.1
* gdk-pixbuf-devel-32bit-2.42.12-150600.3.8.1
* openSUSE Leap 15.6 (noarch)
* gdk-pixbuf-lang-2.42.12-150600.3.8.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libgdk_pixbuf-2_0-0-64bit-2.42.12-150600.3.8.1
* gdk-pixbuf-devel-64bit-debuginfo-2.42.12-150600.3.8.1
* gdk-pixbuf-query-loaders-64bit-2.42.12-150600.3.8.1
* gdk-pixbuf-query-loaders-64bit-debuginfo-2.42.12-150600.3.8.1
* gdk-pixbuf-devel-64bit-2.42.12-150600.3.8.1
* libgdk_pixbuf-2_0-0-64bit-debuginfo-2.42.12-150600.3.8.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* gdk-pixbuf-devel-2.42.12-150600.3.8.1
* typelib-1_0-GdkPixbuf-2_0-2.42.12-150600.3.8.1
* gdk-pixbuf-debugsource-2.42.12-150600.3.8.1
* libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150600.3.8.1
* gdk-pixbuf-devel-debuginfo-2.42.12-150600.3.8.1
* gdk-pixbuf-query-loaders-2.42.12-150600.3.8.1
* gdk-pixbuf-query-loaders-debuginfo-2.42.12-150600.3.8.1
* gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150600.3.8.1
* gdk-pixbuf-thumbnailer-2.42.12-150600.3.8.1
* typelib-1_0-GdkPixdata-2_0-2.42.12-150600.3.8.1
* libgdk_pixbuf-2_0-0-2.42.12-150600.3.8.1
* Basesystem Module 15-SP6 (noarch)
* gdk-pixbuf-lang-2.42.12-150600.3.8.1
* Basesystem Module 15-SP6 (x86_64)
* libgdk_pixbuf-2_0-0-32bit-2.42.12-150600.3.8.1
* gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150600.3.8.1
* gdk-pixbuf-query-loaders-32bit-2.42.12-150600.3.8.1
* libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150600.3.8.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* gdk-pixbuf-devel-2.42.12-150600.3.8.1
* typelib-1_0-GdkPixbuf-2_0-2.42.12-150600.3.8.1
* gdk-pixbuf-debugsource-2.42.12-150600.3.8.1
* libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150600.3.8.1
* gdk-pixbuf-devel-debuginfo-2.42.12-150600.3.8.1
* gdk-pixbuf-query-loaders-2.42.12-150600.3.8.1
* gdk-pixbuf-query-loaders-debuginfo-2.42.12-150600.3.8.1
* gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150600.3.8.1
* gdk-pixbuf-thumbnailer-2.42.12-150600.3.8.1
* typelib-1_0-GdkPixdata-2_0-2.42.12-150600.3.8.1
* libgdk_pixbuf-2_0-0-2.42.12-150600.3.8.1
* Basesystem Module 15-SP7 (noarch)
* gdk-pixbuf-lang-2.42.12-150600.3.8.1
* Basesystem Module 15-SP7 (x86_64)
* libgdk_pixbuf-2_0-0-32bit-2.42.12-150600.3.8.1
* gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150600.3.8.1
* gdk-pixbuf-query-loaders-32bit-2.42.12-150600.3.8.1
* libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150600.3.8.1

## References:

* https://www.suse.com/security/cve/CVE-2025-6199.html
* https://www.suse.com/security/cve/CVE-2025-7345.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245227
* https://bugzilla.suse.com/show_bug.cgi?id=1246114



SUSE-SU-2025:02955-1: important: Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:02955-1
Release Date: 2025-08-21T14:03:52Z
Rating: important
References:

* bsc#1244631
* bsc#1245218
* bsc#1245350
* bsc#1247350
* bsc#1247351

Cross-References:

* CVE-2024-36978
* CVE-2025-38079
* CVE-2025-38083
* CVE-2025-38494
* CVE-2025-38495

CVSS scores:

* CVE-2024-36978 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36978 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38079 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38494 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38495 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_188 fixes several issues.

The following security issues were fixed:

* CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
* CVE-2025-38495: HID: core: ensure the allocated report buffer can contain
the reserved report ID (bsc#1247351).
* CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept
(bsc#1245218).
* CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
* CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in
multiq_tune() (bsc#1244631).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2955=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2955=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_188-default-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-default-debuginfo-9-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_52-debugsource-9-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_188-preempt-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-preempt-debuginfo-9-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_188-default-9-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-36978.html
* https://www.suse.com/security/cve/CVE-2025-38079.html
* https://www.suse.com/security/cve/CVE-2025-38083.html
* https://www.suse.com/security/cve/CVE-2025-38494.html
* https://www.suse.com/security/cve/CVE-2025-38495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244631
* https://bugzilla.suse.com/show_bug.cgi?id=1245218
* https://bugzilla.suse.com/show_bug.cgi?id=1245350
* https://bugzilla.suse.com/show_bug.cgi?id=1247350
* https://bugzilla.suse.com/show_bug.cgi?id=1247351


Tomcat and LibArchive updates for AlmaLinux

Linux kernel, Poppler, Python, WEBrick updates for Ubuntu

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...