Kernel, Python-Deepdiff, Warewulf, perl-JSON-XL, Opera updates for SUSE

SUSE 5495 Published by

Several security updates have been released for SUSE Linux, including updates for the Linux Kernel and other packages such as python-deepdiff and ImageMagick. Additionally, some openSUSE updates were also released, including moderate-level fixes for warewulf4, perl-JSON-XS, and python311-deepdiff.

SUSE-SU-2025:03126-1: important: Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)
SUSE-SU-2025:03127-1: critical: Security update for python-deepdiff
SUSE-SU-2025:03130-1: important: Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)
SUSE-SU-2025:03129-1: important: Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)
openSUSE-SU-2025:15537-1: moderate: warewulf4-4.6.4-1.1 on GA media
openSUSE-SU-2025:15535-1: moderate: perl-JSON-XS-4.40.0-1.1 on GA media
openSUSE-SU-2025:15536-1: moderate: python311-deepdiff-8.6.1-1.1 on GA media
SUSE-SU-2025:03133-1: important: Security update for the Linux Kernel (Live Patch 55 for SLE 15 SP3)
SUSE-SU-2025:03148-1: important: Security update for the Linux Kernel (Live Patch 57 for SLE 15 SP3)
openSUSE-SU-2025:0341-1: important: Security update for opera
SUSE-SU-2025:03149-1: important: Security update for the Linux Kernel (Live Patch 59 for SLE 15 SP3)
SUSE-SU-2025:03153-1: important: Security update for the Linux Kernel (Live Patch 56 for SLE 15 SP3)
SUSE-SU-2025:03154-1: important: Security update for the Linux Kernel (Live Patch 58 for SLE 15 SP3)
SUSE-SU-2025:03152-1: important: Security update for ImageMagick




SUSE-SU-2025:03126-1: important: Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:03126-1
Release Date: 2025-09-09T22:43:42Z
Rating: important
References:

* bsc#1237930
* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1246030

Cross-References:

* CVE-2022-49053
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2022-49053 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_188 fixes several issues.

The following security issues were fixed:

* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3126=1 SUSE-2025-3125=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3126=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-3125=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_52-debugsource-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-default-debuginfo-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-default-debuginfo-11-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-default-11-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-default-10-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_51-debugsource-11-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_185-preempt-debuginfo-11-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-preempt-debuginfo-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-preempt-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-preempt-11-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_185-default-11-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-default-10-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49053.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237930
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



SUSE-SU-2025:03127-1: critical: Security update for python-deepdiff


# Security update for python-deepdiff

Announcement ID: SUSE-SU-2025:03127-1
Release Date: 2025-09-10T08:49:39Z
Rating: critical
References:

* bsc#1249347

Cross-References:

* CVE-2025-58367

CVSS scores:

* CVE-2025-58367 ( SUSE ): 10.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-58367 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-58367 ( NVD ): 10.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.6

An update that solves one vulnerability can now be installed.

## Description:

This update for python-deepdiff fixes the following issues:

* CVE-2025-58367: class pollution via the `Delta` class constructor can lead
to denial-of-service and remote code execution (bsc#1249347).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3127=1 openSUSE-SLE-15.6-2025-3127=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* python311-deepdiff-6.3.0-150600.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2025-58367.html
* https://bugzilla.suse.com/show_bug.cgi?id=1249347



SUSE-SU-2025:03130-1: important: Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:03130-1
Release Date: 2025-09-10T11:33:55Z
Rating: important
References:

* bsc#1231676
* bsc#1231943
* bsc#1232271
* bsc#1237930
* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1246030

Cross-References:

* CVE-2022-49053
* CVE-2024-47674
* CVE-2024-47706
* CVE-2024-49867
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2022-49053 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47674 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47706 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-49867 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves nine vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_174 fixes several issues.

The following security issues were fixed:

* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner
kthread during umount (bsc#1232271).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case
(bsc#1231676).
* CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain
(bsc#1231943).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3130=1 SUSE-2025-3128=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3130=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-3128=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_174-default-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-17-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_47-debugsource-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-default-debuginfo-16-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_48-debugsource-16-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_170-preempt-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-preempt-debuginfo-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-preempt-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-preempt-debuginfo-17-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_174-default-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-17-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_47-debugsource-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-17-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49053.html
* https://www.suse.com/security/cve/CVE-2024-47674.html
* https://www.suse.com/security/cve/CVE-2024-47706.html
* https://www.suse.com/security/cve/CVE-2024-49867.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231676
* https://bugzilla.suse.com/show_bug.cgi?id=1231943
* https://bugzilla.suse.com/show_bug.cgi?id=1232271
* https://bugzilla.suse.com/show_bug.cgi?id=1237930
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



SUSE-SU-2025:03129-1: important: Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:03129-1
Release Date: 2025-09-10T10:04:29Z
Rating: important
References:

* bsc#1237930
* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1246030

Cross-References:

* CVE-2022-49053
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2022-49053 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_195 fixes several issues.

The following security issues were fixed:

* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3129=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3129=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_195-default-debuginfo-7-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_54-debugsource-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-default-7-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_195-preempt-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-preempt-debuginfo-7-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_195-default-7-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49053.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237930
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



openSUSE-SU-2025:15537-1: moderate: warewulf4-4.6.4-1.1 on GA media


# warewulf4-4.6.4-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15537-1
Rating: moderate

Cross-References:

* CVE-2025-58058

CVSS scores:

* CVE-2025-58058 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58058 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the warewulf4-4.6.4-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* warewulf4 4.6.4-1.1
* warewulf4-dracut 4.6.4-1.1
* warewulf4-man 4.6.4-1.1
* warewulf4-overlay 4.6.4-1.1
* warewulf4-overlay-rke2 4.6.4-1.1
* warewulf4-overlay-slurm 4.6.4-1.1
* warewulf4-reference-doc 4.6.4-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-58058.html



openSUSE-SU-2025:15535-1: moderate: perl-JSON-XS-4.40.0-1.1 on GA media


# perl-JSON-XS-4.40.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15535-1
Rating: moderate

Cross-References:

* CVE-2025-40928

CVSS scores:

* CVE-2025-40928 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40928 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the perl-JSON-XS-4.40.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* perl-JSON-XS 4.40.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-40928.html



openSUSE-SU-2025:15536-1: moderate: python311-deepdiff-8.6.1-1.1 on GA media


# python311-deepdiff-8.6.1-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15536-1
Rating: moderate

Cross-References:

* CVE-2025-58367

CVSS scores:

* CVE-2025-58367 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-58367 ( SUSE ): 10 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-deepdiff-8.6.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-deepdiff 8.6.1-1.1
* python312-deepdiff 8.6.1-1.1
* python313-deepdiff 8.6.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-58367.html



SUSE-SU-2025:03133-1: important: Security update for the Linux Kernel (Live Patch 55 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 55 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:03133-1
Release Date: 2025-09-10T13:33:57Z
Rating: important
References:

* bsc#1237930
* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1246030

Cross-References:

* CVE-2022-49053
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2022-49053 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_198 fixes several issues.

The following security issues were fixed:

* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3133=1 SUSE-2025-3147=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3133=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-3147=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_182-default-debuginfo-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-default-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-default-debuginfo-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-default-13-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_50-debugsource-13-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_55-debugsource-7-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_182-preempt-debuginfo-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-preempt-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-preempt-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-preempt-debuginfo-7-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_198-default-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-default-13-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49053.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237930
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



SUSE-SU-2025:03148-1: important: Security update for the Linux Kernel (Live Patch 57 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 57 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:03148-1
Release Date: 2025-09-10T15:33:54Z
Rating: important
References:

* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1246030

Cross-References:

* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_204 fixes several issues.

The following security issues were fixed:

* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3148=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3148=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_57-debugsource-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_204-default-debuginfo-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_204-default-5-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_204-preempt-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_204-preempt-debuginfo-5-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_57-debugsource-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_204-default-debuginfo-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_204-default-5-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



openSUSE-SU-2025:0341-1: important: Security update for opera


openSUSE Security Update: Security update for opera
_______________________________

Announcement ID: openSUSE-SU-2025:0341-1
Rating: important
References:
Cross-References: CVE-2025-5419
Affected Products:
openSUSE Leap 15.6:NonFree
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for opera fixes the following issues:

- Update to 121.0.5600.50
* DNA-123566 [Security] Backport fix for Chrome issue 440454442 to all
branches
* RNA-246 URL remains visible after tab is closed or new tab is opened
on Speed Dial page

- Update to 121.0.5600.38
* CHR-10080 Update Chromium on desktop-stable-137-5600 to 137.0.7151.122
* DNA-112270 "Delete suggestion" (x) button stays focused after
suggestion is deleted
* DNA-115865 [Google MEET] The detached window disappears after dragging
the tab to another window or move to another workspace
* DNA-116619 After exit the youtube fullscreen mode, a black side bar
appears on the left side of the screen
* DNA-118890 Crash at opera::RegisterPathProvider
* DNA-119134 Crash at views::ViewAXPlatformNodeDelegate:: FireNativeEvent
* DNA-119230 Timeout in
VideoPictureInPictureWindowControllerBrowserTest.VolumeSlider
* DNA-120162 Crash at opera::MainMenu::FillOMenuHeader
* DNA-120459 [Split screen] Page content flickering when the width of
the elements changes.
* DNA-120753 Crash at opera::BrowserWindowCocoa::GetBounds
* DNA-121103 [Tab Island Split Screen] Not possible to create tab island
with already existing split screen
* DNA-121264 [Light theme] Text and icons in popups hardly visible on
hover
* DNA-121406 [Intro] Update Messenger icon to new version
* DNA-121824 [Dark Mode] Inactive toggles are not clearly visible in
default color
* DNA-121859 [Easy Files] Missing icons next to options in the menu
* DNA-121884 Add missing video popout test
* DNA-121970 Low WebRTC video quality with software Media Foundation
encoder
* DNA-122014 [VPN Pro] Add VPN Pro section to chrome://opera-diagnostics
* DNA-122203 Bookmark folders are no longer visible in "O" menu
* DNA-122218 [Split screen toolbar] Not all available icons are visible
on hover until address bar is clicked
* DNA-122222 [Split screen] Active tab refreshes instead of current tab
* DNA-122251 [Easy Files] Transparent glitch appears with some file
types in popup
* DNA-122283 Fields to fill in are not visible in light modes in
opera://settings/
* DNA-122330 Missing shadow effect on Sidebar Setup panel
* DNA-122331 Sidebar Setup does not start from the top after reopening
* DNA-122347 Background music resumes after toggling mic/camera in
Google Meet
* DNA-122348 [Tab Island Split Screen] After dragging split screen into
collapsed tab island, icon that shows that there are more tabs in
island disapears
* DNA-122360 VideoPictureInPictureWindowControllerBrowserTest.
ControlsVisibility fails on Linux
* DNA-122361 Shader has crashed
* DNA-122444 Add accessibility title for password manager popup
* DNA-122488 Crash at opera::component_based::ComponentTabView
::OnMouseDragged
* DNA-122493 [WebRTC] Software H.264 encoder initialization failure with
odd frame dimensions
* DNA-122499 [Password Management] Save-password popup displays dark
mode image in light mode
* DNA-122500 [Password Management] Save-password popup image lacks shadow
* DNA-122501 [Password Management] Incorrect styling for Password
Manager link
* DNA-122502 Use named export for React styles
* DNA-122506 Update component pages manifests to version 3
* DNA-122512 [Password Management] Password is shown as a clear text by
system accessibility
* DNA-122513 [Password Management] Font size in password-manager page is
bigger than in settings
* DNA-122531 Bump major version to 121
* DNA-122540 Translations for Opera 120
* DNA-122555 [Password Management] Password update prompt is shown as
sliding toolbar (old style)
* DNA-122558 "+" button shifts position after cancelled split screen
* DNA-122561 [Password Management] Manage Passwords icon is not shown in
address bar when in split screen mode
* DNA-122562 [Password Management] Save password popup is incorrectly
anchored in split screen mode
* DNA-122569 Gmail video popup disappears and Meet disconnects when
switching tabs or clicking redirect button
* DNA-122576 Live background loaded on GPU process crash even if not
visible
* DNA-122587 Auto-PiP not working due to inability to check URL for
safety
* DNA-122588 Change search box size and categories position
on scroll
* DNA-122589 Change structure of components and make sidebar sticky
* DNA-122603 Private mode badge color should be inverted
* DNA-122607 Make labels in themes localizable
* DNA-122608 Test AutoPictureInPictureWithVideoPlaybackBrowser
Test.DoesAutopip_TopFrameAndSubframeDomainsAllowed of type browser
test failed on goth with status fail
* DNA-122621 After closing PiP, player in the tab stops playing
* DNA-122628 [O120] Crash at performance_manager::mechanism::
PageDiscarder::DiscardPageNodes
* DNA-122629 Block auto-PiP if user closes PiP window
* DNA-122632 Crash at opera::ThemesService::ThemeDataProvider::
GetResourceId
* DNA-122635 Backport 0-day fix for CVE-2025-5419 and chromium issue
420637585
* DNA-122641 The "Make Opera default browser" button doesn't
automatically change in Easy Setup after make browser as a default
* DNA-122659 startpage opening animation is not disabled
* DNA-122665 Tab island tooltip has incorrect design
* DNA-122673 'Save' button doesn't work in
opera://settings/syncSetup to save created passphrase
* DNA-122675 Opera unpins from taskbar after update
* DNA-122688 Dragging tab island with split screen outside of tab strip
crashes
* DNA-122695 VPN section not available in opera settings on first run
* DNA-122714 Crash at TabStripModel::SetSelectionFromModel
* DNA-122715 Crash at media::ATAudioFormatReader::ChooseFormat
* DNA-122723 'Accounts saved for this website' popup has a chrome design
* DNA-122730 Password popup design do not match the mockup
* DNA-122734 Replace background of 'banner' on the VPN badge popup UI
* DNA-122745 The tooltip of the password manager icon has an incorrect
label when hovering over it
* DNA-122749 Crash in AddressBarControllerImpl:: OnActiveTabChanged() on
non-developer channels
* DNA-122764 [Split screen] Popup arrow is pinned to easy setup button
instead of the password manager
* DNA-122765 Can't close the popup by clicking the password manager icon
in the address bar
* DNA-122772 Crash at ManagePasswordsUIController::
GetManagePasswordsButtonView
* DNA-122773 Crash at translate::ContentTranslateDriver::
~ContentTranslateDriver
* DNA-122774 Tab Island tabs dropdown not visible when "Show tabs from
the same domain in tab tooltip" is disabled
* DNA-122778 Enable #password-management-popup on all streams
* DNA-122780 [password-management-popup=off] Passwords badge not shown
until user clicks in the address bar
* DNA-122786 Allow manual re-sending of discarded crashes in
opera://crashes/ page
* DNA-122791 The button corners are not rounded enough
* DNA-122795 Password popup header does not match the mockup
* DNA-122797 Crash at TabStripModel::SetSelectionFromModel
* DNA-122826 Crash loop when trying to launch Opera
???with-feature:pinboard=off
* DNA-122829 [Linux] Crash at settings::DefaultBrowserHandler::
HandleDefaultBrowserChange
* DNA-122843 O-Menu becomes unresponsive when sidebar is set to
auto-hide and then disabled
* DNA-122848 Tests that WaitForBrowserToClose() time out
* DNA-122849 The popup windows for 'Accounts saved for this website' and
the credentials view are too wide
* DNA-122850 Missing tooltip over buttons on the 'web page credentials'
popup
* DNA-122851 Missing hover effect
* DNA-122852 On the 'Accounts saved for this website' popup, the whole
row should be clickable not only an arrow
* DNA-122853 Support multiple static wallpapers in a single theme
* DNA-122854 Investigate backwards compatibility for multiple wallpaper
themes
* DNA-122862 Crash at opera::popup_protection::
PopupProtectionServiceImpl::CloseActivePopups
* DNA-122864 "Copy password" button should not be visible in save
password popup
* DNA-122883 [SD] Tile names are not visible in folder when a custom
wallpaper is used
* DNA-122920 Checkboxes are invisible in Sidebar Setup
* DNA-122928 Hide universal skip button when video is finished
* DNA-122940 Installer crashes while trying to enter the options screen
twice before feature overrides are downloaded
* DNA-122955 Active emoji is not selected in tab tooltip
* DNA-122957 [MediaRecorder] Software H.264 encoder initialization
failure with odd frame dimensions
* DNA-122959 Refactor tab automuting
* DNA-122962 SessionRestoreTest.RestoredTabsHaveDelegate fails in GX
* DNA-122967 Improper navigation button enabled status on split screen
creation (non-start page case)
* DNA-122968 Crash at PasswordBubbleViewBase::ShowBubble
* DNA-122984 Enable #translator on all streams for Opera One
* DNA-122991 Add rate me button on opera://bookmarks page
* DNA-123026 Crash when clicking manage passwords button in address bar
when "Sign in" credentials API popup is displayed
* DNA-123029 [Color themes] When an animated color theme is selected, a
start page wallpaper can be chosen in Easy Setup
* DNA-123031 [Opera Translate] Opera Translate popup does not
open in split screen tabs
* DNA-123038 Crash at -[OperaCrApplication validateMenuItem:]
* DNA-123057 USB netinstaller is not starting
* DNA-123063 Crash on closing the 1st tab from tooltip of a collapsed
island
* DNA-123064 Crash at opera::BrowserWindowSkin::
GetColorProviderForWebContents
* DNA-123075 Hover effect for address bar icons should match address bar
hover style
* DNA-123083 Theme Preview UI bug ??? multiple static wallpapers in a
single theme
* DNA-123086 Crash at BrowserLiveTabContext:: GetSplitScreenIdForTab
* DNA-123088 Crash at chrome::BrowserCommandController::
LoadingStateChanged
* DNA-123089 [Opera Translate] "How does it work?" link leads to
incorrect page
* DNA-123100 Translate popup is shown each time page is being
autotranslated
* DNA-123111 Chromium on Windows fails to compile
* DNA-123119 Sidebar messanger carousel not working
* DNA-123123 Crash when trying to save file using
window.showSaveFilePicker
* DNA-123124 Not possible to open feedback dialog on sidebar panels
* DNA-123150 Crash at media:: MediaFoundationSoftwareVideoEncoder::
CopyInputSampleBufferFromGpu
* DNA-123161 [Tab Tooltip] Improve mouse detection over Tab Island Handle
* DNA-123175 'Show tab emoji' setting not visible in
opera:settings
* DNA-123176 Span next to 'Learn more' link not visible
* DNA-123178 Transient "zoom in" effect with software H.264 encoding
* DNA-123188 [Tab Tooltip] Hovering over collapsed Tab Island shows Tab
Tooltip for a tab instead of Tab Island
* DNA-123190 [Tab Island] Clicking on a collapsed Tab Island activates
tab from Tab Island
* DNA-123208 Crash at PasswordBubbleViewBase::ShowBubble
* DNA-123246 DCHECK on start when tutorials sidebar item is enabled
* DNA-123266 Password popup not appearing in popup window
* DNA-123274 The page at http://console.cloud.google.com/ crashes
regardless of whether the user interacts with it or leaves it idle
* DNA-123300 Installer fails to install for both current user and all
users
* DNA-123303 Promote 121 to beta
* DNA-123308 Crash at views::DesktopWindowTreeHostWin:: PreHandleMSG
* DNA-123316 Failing TestSearchInRecentlyClosed.testRecentlyClosed
* DNA-123339 Linux ARM fails to compile
* DNA-123418 Investigate GPU process memory usage
* DNA-123424 Crash at opera::SidebarItemContentViewDockerView::
GetContentInsets
* DNA-123440 RTCVideoEncoder tries to use SharedImage-backed frames with
software encoder
* DNA-123485 Add missing attribute to translation files for "ca,ta,te"
* DNA-123496 Plural form translation fix
* RNA-195 Crash at opera::VideoPopoutDetachController::
OnTabStripModelChanged
* RNA-204 Button visibility broken in Lucid Mode
* RNA-225 Tabs don't change their positions correctly and the browser
window doesn't refresh after minimizing and maximizing it
* RNA-226 Player text and pics are dragable and highlightable
* RNA-257 Blacklisted extension notification is not fully shown
* RNA-332 Split screen group in tab island is destroyed after moving
island to new window
* RNA-360 Tab tooltip blocks address bar input after opening new tab
* RNA-374 Crash at opera::ComponentTabBar:: CreateSplitScreenGroup
* RNA-380 Crash at opera::PinboardControllerImpl::ShouldShow
* RNA-481 Crash at opera::ComponentTabBar:: ReloadTabViewsForCurrentModel
* RNA-503 Failure to close Opera via the 'X' button
* DNA-123534 Promote 121 to stable
- Complete Opera 121 changelog at:
https://blogs.opera.com/desktop/changelog-for-121

- Update to 120.0.5543.201
* RNA-195 Crash at opera::VideoPopoutDetachController::
OnTabStripModelChanged
* RNA-226 Player text and pics are dragable and highlightable
* RNA-374 Crash at opera::ComponentTabBar:: CreateSplitScreenGroup
* RNA-481 Crash at opera::ComponentTabBar:: ReloadTabViewsForCurrentModel

- Update to 120.0.5543.161
* DNA-122773 Crash at translate::ContentTranslateDriver::
~ContentTranslateDriver
* DNA-123418 Investigate GPU process memory usage

- Update to 120.0.5543.128
* DNA-123083 Theme Preview UI bug ??? multiple static wallpapers in a
single theme
* DNA-123208 Crash at PasswordBubbleViewBase::ShowBubble
* DNA-123266 Password popup not appearing in popup window
* DNA-123274 The page at http://console.cloud.google.com/ crashes
regardless of whether the user interacts with it
or leaves it idle

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.6:NonFree:

zypper in -t patch openSUSE-2025-341=1

Package List:

- openSUSE Leap 15.6:NonFree (x86_64):

opera-121.0.5600.50-lp156.2.44.1

References:

https://www.suse.com/security/cve/CVE-2025-5419.html



SUSE-SU-2025:03149-1: important: Security update for the Linux Kernel (Live Patch 59 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 59 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:03149-1
Release Date: 2025-09-10T16:34:03Z
Rating: important
References:

* bsc#1246030

Cross-References:

* CVE-2025-38212

CVSS scores:

* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves one vulnerability can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_211 fixes one issue.

The following security issue was fixed:

* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3149=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3149=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_59-debugsource-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-default-debuginfo-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-default-4-150300.2.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_59-debugsource-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-default-debuginfo-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-default-4-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_211-preempt-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-preempt-debuginfo-4-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



SUSE-SU-2025:03153-1: important: Security update for the Linux Kernel (Live Patch 56 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 56 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:03153-1
Release Date: 2025-09-10T18:34:45Z
Rating: important
References:

* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1246030

Cross-References:

* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_201 fixes several issues.

The following security issues were fixed:

* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3153=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3153=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_56-debugsource-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-debuginfo-5-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_201-preempt-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-preempt-debuginfo-5-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_56-debugsource-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-debuginfo-5-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



SUSE-SU-2025:03154-1: important: Security update for the Linux Kernel (Live Patch 58 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 58 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:03154-1
Release Date: 2025-09-10T18:34:57Z
Rating: important
References:

* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1246030

Cross-References:

* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212

CVSS scores:

* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_207 fixes several issues.

The following security issues were fixed:

* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3154=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3154=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_207-default-debuginfo-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-default-4-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_58-debugsource-4-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_207-preempt-debuginfo-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-preempt-4-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_207-default-debuginfo-4-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_58-debugsource-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-default-4-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1246030



SUSE-SU-2025:03152-1: important: Security update for ImageMagick


# Security update for ImageMagick

Announcement ID: SUSE-SU-2025:03152-1
Release Date: 2025-09-10T18:04:39Z
Rating: important
References:

* bsc#1247475
* bsc#1248076
* bsc#1248077
* bsc#1248078
* bsc#1248079
* bsc#1248767
* bsc#1248780
* bsc#1248784

Cross-References:

* CVE-2025-55004
* CVE-2025-55005
* CVE-2025-55154
* CVE-2025-55160
* CVE-2025-55212
* CVE-2025-55298
* CVE-2025-57803

CVSS scores:

* CVE-2025-55004 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55004 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2025-55004 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
* CVE-2025-55004 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2025-55005 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55005 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-55005 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-55154 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55154 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-55154 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-55154 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-55160 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55160 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2025-55160 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-55160 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
* CVE-2025-55212 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55212 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-55212 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-55298 ( SUSE ): 9.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-55298 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-55298 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-57803 ( SUSE ): 9.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-57803 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-57803 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Desktop Applications Module 15-SP6
* Desktop Applications Module 15-SP7
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves seven vulnerabilities and has one security fix can now be
installed.

## Description:

This update for ImageMagick fixes the following issues:

* CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when
processing images with separate alpha channels (bsc#1248076).
* CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to
sRGB colorspaces (bsc#1248077).
* CVE-2025-55154: Fixed integer overflow when performing magnified size
calculations in ReadOneMNGIMage (bsc#1248078).
* CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in
CloneSplayTree (bsc#1248079).
* CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a
geometry string containing only a colon to `montage -geometry`
(bsc#1248767).
* CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability
(bsc#1248780).
* CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer
overflow (bsc#1248784).

Other fixes:

* Fixed output file placeholders (bsc#1247475).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3152=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-3152=1

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-3152=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3152=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3152=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3152=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3152=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3152=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3152=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3152=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3152=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* ImageMagick-debugsource-7.1.0.9-150400.6.40.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.40.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.40.1
* perl-PerlMagick-7.1.0.9-150400.6.40.1
* ImageMagick-extra-7.1.0.9-150400.6.40.1
* libMagick++-devel-7.1.0.9-150400.6.40.1
* ImageMagick-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.40.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.40.1
* ImageMagick-devel-7.1.0.9-150400.6.40.1
* ImageMagick-extra-debuginfo-7.1.0.9-150400.6.40.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1
* openSUSE Leap 15.4 (x86_64)
* libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.40.1
* ImageMagick-devel-32bit-7.1.0.9-150400.6.40.1
* libMagick++-devel-32bit-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.40.1
* openSUSE Leap 15.4 (noarch)
* ImageMagick-doc-7.1.0.9-150400.6.40.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libMagickCore-7_Q16HDRI10-64bit-7.1.0.9-150400.6.40.1
* libMagick++-devel-64bit-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-64bit-7.1.0.9-150400.6.40.1
* ImageMagick-devel-64bit-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-64bit-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.40.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* ImageMagick-debugsource-7.1.0.9-150400.6.40.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.40.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* ImageMagick-debugsource-7.1.0.9-150400.6.40.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.40.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* ImageMagick-debugsource-7.1.0.9-150400.6.40.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.40.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.40.1
* perl-PerlMagick-7.1.0.9-150400.6.40.1
* libMagick++-devel-7.1.0.9-150400.6.40.1
* ImageMagick-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.40.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.40.1
* ImageMagick-devel-7.1.0.9-150400.6.40.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* ImageMagick-debugsource-7.1.0.9-150400.6.40.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.40.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.40.1
* perl-PerlMagick-7.1.0.9-150400.6.40.1
* libMagick++-devel-7.1.0.9-150400.6.40.1
* ImageMagick-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.40.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.40.1
* ImageMagick-devel-7.1.0.9-150400.6.40.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* ImageMagick-debugsource-7.1.0.9-150400.6.40.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.40.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.40.1
* perl-PerlMagick-7.1.0.9-150400.6.40.1
* libMagick++-devel-7.1.0.9-150400.6.40.1
* ImageMagick-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.40.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.40.1
* ImageMagick-devel-7.1.0.9-150400.6.40.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* ImageMagick-debugsource-7.1.0.9-150400.6.40.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.40.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.40.1
* perl-PerlMagick-7.1.0.9-150400.6.40.1
* libMagick++-devel-7.1.0.9-150400.6.40.1
* ImageMagick-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.40.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.40.1
* ImageMagick-devel-7.1.0.9-150400.6.40.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* ImageMagick-debugsource-7.1.0.9-150400.6.40.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.40.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.40.1
* perl-PerlMagick-7.1.0.9-150400.6.40.1
* libMagick++-devel-7.1.0.9-150400.6.40.1
* ImageMagick-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.40.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.40.1
* ImageMagick-devel-7.1.0.9-150400.6.40.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* ImageMagick-debugsource-7.1.0.9-150400.6.40.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.40.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.40.1
* perl-PerlMagick-7.1.0.9-150400.6.40.1
* libMagick++-devel-7.1.0.9-150400.6.40.1
* ImageMagick-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.40.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.40.1
* ImageMagick-devel-7.1.0.9-150400.6.40.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* ImageMagick-debugsource-7.1.0.9-150400.6.40.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.40.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.40.1
* perl-PerlMagick-7.1.0.9-150400.6.40.1
* libMagick++-devel-7.1.0.9-150400.6.40.1
* ImageMagick-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.40.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.40.1
* ImageMagick-devel-7.1.0.9-150400.6.40.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* ImageMagick-debugsource-7.1.0.9-150400.6.40.1
* ImageMagick-config-7-SUSE-7.1.0.9-150400.6.40.1
* perl-PerlMagick-debuginfo-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.40.1
* perl-PerlMagick-7.1.0.9-150400.6.40.1
* libMagick++-devel-7.1.0.9-150400.6.40.1
* ImageMagick-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.40.1
* libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.40.1
* libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.40.1
* libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.40.1
* ImageMagick-debuginfo-7.1.0.9-150400.6.40.1
* ImageMagick-devel-7.1.0.9-150400.6.40.1
* ImageMagick-config-7-upstream-7.1.0.9-150400.6.40.1

## References:

* https://www.suse.com/security/cve/CVE-2025-55004.html
* https://www.suse.com/security/cve/CVE-2025-55005.html
* https://www.suse.com/security/cve/CVE-2025-55154.html
* https://www.suse.com/security/cve/CVE-2025-55160.html
* https://www.suse.com/security/cve/CVE-2025-55212.html
* https://www.suse.com/security/cve/CVE-2025-55298.html
* https://www.suse.com/security/cve/CVE-2025-57803.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247475
* https://bugzilla.suse.com/show_bug.cgi?id=1248076
* https://bugzilla.suse.com/show_bug.cgi?id=1248077
* https://bugzilla.suse.com/show_bug.cgi?id=1248078
* https://bugzilla.suse.com/show_bug.cgi?id=1248079
* https://bugzilla.suse.com/show_bug.cgi?id=1248767
* https://bugzilla.suse.com/show_bug.cgi?id=1248780
* https://bugzilla.suse.com/show_bug.cgi?id=1248784


NSS, Kernel, NSPR updates for Oracle Linux

GnuTLS, LibXML2, BIND updates for Ubuntu

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...