Kernel, Samba, Go updates for SUSE

SUSE 5495 Published by

Several new updates have been released for SUSE Linux, including security patches for the Linux kernel and other packages. The updates include Live Patch 48 to 60 for SLE 15 SP3 and Live Patch 31, 37, and 51 for SLE 15 SP4. Additionally, there are security updates available for Samba, go1.25, and go1.24.

SUSE-SU-2025:03663-1: important: Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)
SUSE-SU-2025:03664-1: important: Security update for the Linux Kernel (Live Patch 58 for SLE 15 SP3)
SUSE-SU-2025:03666-1: important: Security update for the Linux Kernel (Live Patch 60 for SLE 15 SP3)
SUSE-SU-2025:03672-1: important: Security update for the Linux Kernel (Live Patch 59 for SLE 15 SP3)
SUSE-SU-2025:03671-1: important: Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)
SUSE-SU-2025:3677-1: critical: Security update for samba
SUSE-SU-2025:3675-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP4)
SUSE-SU-2025:3679-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4)
SUSE-SU-2025:3683-1: important: Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)
SUSE-SU-2025:3681-1: important: Security update for go1.25
SUSE-SU-2025:3682-1: important: Security update for go1.24




SUSE-SU-2025:03663-1: important: Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:03663-1
Release Date: 2025-10-19T11:04:03Z
Rating: important
References:

* bsc#1232384
* bsc#1245794
* bsc#1246075
* bsc#1248673
* bsc#1248749

Cross-References:

* CVE-2024-49974
* CVE-2025-21971
* CVE-2025-38206
* CVE-2025-38499
* CVE-2025-38644

CVSS scores:

* CVE-2024-49974 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-49974 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-49974 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21971 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21971 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38206 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38206 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38499 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H
* CVE-2025-38499 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
* CVE-2025-38644 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38644 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_174 fixes several issues.

The following security issues were fixed:

* CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN
in the right userns (bsc#1248673).
* CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous
(bsc#1232384).
* CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT
(bsc#1245794).
* CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not
associated (bsc#1248749).
* CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3663=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3663=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_174-default-19-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_48-debugsource-19-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-default-debuginfo-19-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_174-preempt-debuginfo-19-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-preempt-19-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_174-default-19-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-49974.html
* https://www.suse.com/security/cve/CVE-2025-21971.html
* https://www.suse.com/security/cve/CVE-2025-38206.html
* https://www.suse.com/security/cve/CVE-2025-38499.html
* https://www.suse.com/security/cve/CVE-2025-38644.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232384
* https://bugzilla.suse.com/show_bug.cgi?id=1245794
* https://bugzilla.suse.com/show_bug.cgi?id=1246075
* https://bugzilla.suse.com/show_bug.cgi?id=1248673
* https://bugzilla.suse.com/show_bug.cgi?id=1248749



SUSE-SU-2025:03664-1: important: Security update for the Linux Kernel (Live Patch 58 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 58 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:03664-1
Release Date: 2025-10-19T15:33:37Z
Rating: important
References:

* bsc#1245794
* bsc#1246075
* bsc#1248673
* bsc#1248749

Cross-References:

* CVE-2025-21971
* CVE-2025-38206
* CVE-2025-38499
* CVE-2025-38644

CVSS scores:

* CVE-2025-21971 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21971 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38206 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38206 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38499 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H
* CVE-2025-38499 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
* CVE-2025-38644 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38644 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_207 fixes several issues.

The following security issues were fixed:

* CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN
in the right userns (bsc#1248673).
* CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT
(bsc#1245794).
* CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not
associated (bsc#1248749).
* CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3664=1 SUSE-2025-3665=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3664=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-3665=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_56-debugsource-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-debuginfo-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-default-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-8-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_58-debugsource-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-default-debuginfo-7-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_201-preempt-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-preempt-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-preempt-debuginfo-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-preempt-debuginfo-8-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_56-debugsource-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-debuginfo-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-default-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-8-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_58-debugsource-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-default-debuginfo-7-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21971.html
* https://www.suse.com/security/cve/CVE-2025-38206.html
* https://www.suse.com/security/cve/CVE-2025-38499.html
* https://www.suse.com/security/cve/CVE-2025-38644.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245794
* https://bugzilla.suse.com/show_bug.cgi?id=1246075
* https://bugzilla.suse.com/show_bug.cgi?id=1248673
* https://bugzilla.suse.com/show_bug.cgi?id=1248749



SUSE-SU-2025:03666-1: important: Security update for the Linux Kernel (Live Patch 60 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 60 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:03666-1
Release Date: 2025-10-19T19:33:36Z
Rating: important
References:

* bsc#1245794
* bsc#1246075
* bsc#1248673
* bsc#1248749

Cross-References:

* CVE-2025-21971
* CVE-2025-38206
* CVE-2025-38499
* CVE-2025-38644

CVSS scores:

* CVE-2025-21971 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21971 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38206 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38206 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38499 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H
* CVE-2025-38499 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
* CVE-2025-38644 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38644 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_215 fixes several issues.

The following security issues were fixed:

* CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN
in the right userns (bsc#1248673).
* CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT
(bsc#1245794).
* CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not
associated (bsc#1248749).
* CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3667=1 SUSE-2025-3666=1 SUSE-2025-3668=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3667=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-3666=1 SUSE-SLE-Module-Live-
Patching-15-SP3-2025-3668=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_204-default-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_215-default-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-default-debuginfo-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_215-default-debuginfo-4-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_60-debugsource-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-default-16-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_57-debugsource-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_204-default-debuginfo-8-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_50-debugsource-16-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_215-preempt-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_215-preempt-debuginfo-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_204-preempt-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-preempt-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-preempt-debuginfo-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_204-preempt-debuginfo-8-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_204-default-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_215-default-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_215-default-debuginfo-4-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_60-debugsource-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-default-16-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_57-debugsource-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_204-default-debuginfo-8-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21971.html
* https://www.suse.com/security/cve/CVE-2025-38206.html
* https://www.suse.com/security/cve/CVE-2025-38499.html
* https://www.suse.com/security/cve/CVE-2025-38644.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245794
* https://bugzilla.suse.com/show_bug.cgi?id=1246075
* https://bugzilla.suse.com/show_bug.cgi?id=1248673
* https://bugzilla.suse.com/show_bug.cgi?id=1248749



SUSE-SU-2025:03672-1: important: Security update for the Linux Kernel (Live Patch 59 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 59 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:03672-1
Release Date: 2025-10-20T07:04:20Z
Rating: important
References:

* bsc#1245794
* bsc#1246075
* bsc#1248673
* bsc#1248749

Cross-References:

* CVE-2025-21971
* CVE-2025-38206
* CVE-2025-38499
* CVE-2025-38644

CVSS scores:

* CVE-2025-21971 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21971 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38206 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38206 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38499 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H
* CVE-2025-38499 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
* CVE-2025-38644 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38644 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_211 fixes several issues.

The following security issues were fixed:

* CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN
in the right userns (bsc#1248673).
* CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT
(bsc#1245794).
* CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not
associated (bsc#1248749).
* CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3670=1 SUSE-2025-3672=1 SUSE-2025-3673=1
SUSE-2025-3669=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3670=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-3672=1 SUSE-SLE-Module-Live-
Patching-15-SP3-2025-3673=1 SUSE-SLE-Module-Live-Patching-15-SP3-2025-3669=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_211-default-debuginfo-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-default-7-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_59-debugsource-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-default-debuginfo-13-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_54-debugsource-10-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_52-debugsource-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-default-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-default-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-default-debuginfo-10-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_55-debugsource-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-default-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-default-debuginfo-10-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_198-preempt-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-preempt-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-preempt-debuginfo-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-preempt-debuginfo-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-preempt-debuginfo-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-preempt-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-preempt-debuginfo-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-preempt-13-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_211-default-debuginfo-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-default-7-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_59-debugsource-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-default-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-default-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-default-13-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21971.html
* https://www.suse.com/security/cve/CVE-2025-38206.html
* https://www.suse.com/security/cve/CVE-2025-38499.html
* https://www.suse.com/security/cve/CVE-2025-38644.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245794
* https://bugzilla.suse.com/show_bug.cgi?id=1246075
* https://bugzilla.suse.com/show_bug.cgi?id=1248673
* https://bugzilla.suse.com/show_bug.cgi?id=1248749



SUSE-SU-2025:03671-1: important: Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:03671-1
Release Date: 2025-10-20T05:33:36Z
Rating: important
References:

* bsc#1232384
* bsc#1245794
* bsc#1246075
* bsc#1248673
* bsc#1248749

Cross-References:

* CVE-2024-49974
* CVE-2025-21971
* CVE-2025-38206
* CVE-2025-38499
* CVE-2025-38644

CVSS scores:

* CVE-2024-49974 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-49974 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-49974 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21971 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21971 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38206 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38206 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38499 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H
* CVE-2025-38499 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
* CVE-2025-38644 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38644 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_179 fixes several issues.

The following security issues were fixed:

* CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN
in the right userns (bsc#1248673).
* CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous
(bsc#1232384).
* CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT
(bsc#1245794).
* CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not
associated (bsc#1248749).
* CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3671=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3671=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_49-debugsource-18-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-18-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-18-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_179-preempt-18-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-preempt-debuginfo-18-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_49-debugsource-18-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-18-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-18-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-49974.html
* https://www.suse.com/security/cve/CVE-2025-21971.html
* https://www.suse.com/security/cve/CVE-2025-38206.html
* https://www.suse.com/security/cve/CVE-2025-38499.html
* https://www.suse.com/security/cve/CVE-2025-38644.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232384
* https://bugzilla.suse.com/show_bug.cgi?id=1245794
* https://bugzilla.suse.com/show_bug.cgi?id=1246075
* https://bugzilla.suse.com/show_bug.cgi?id=1248673
* https://bugzilla.suse.com/show_bug.cgi?id=1248749



SUSE-SU-2025:3677-1: critical: Security update for samba


# Security update for samba

Announcement ID: SUSE-SU-2025:3677-1
Release Date: 2025-10-20T08:37:56Z
Rating: critical
References:

* bsc#1251279
* bsc#1251280

Cross-References:

* CVE-2025-10230
* CVE-2025-9640

CVSS scores:

* CVE-2025-10230 ( SUSE ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-9640 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-9640 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Availability Extension 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 Business Critical Linux
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Manager Proxy 4.2
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Server 4.2

An update that solves two vulnerabilities can now be installed.

## Description:

This update for samba fixes the following issues:

* CVE-2025-9640: Fixed vfs_streams_xattr uninitialized memory write
(bsc#1251279).
* CVE-2025-10230: Fixed command Injection in WINS Server Hook Script
(bsc#1251280).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3677=1

* SUSE Linux Enterprise High Availability Extension 15 SP3
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2025-3677=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3677=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3677=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3677=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-3677=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-3677=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-3677=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* samba-python3-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-test-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-dsdb-modules-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ldb-ldap-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* ctdb-pcp-pmda-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy-devel-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy0-python3-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-tool-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-test-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy0-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* ctdb-pcp-pmda-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-dsdb-modules-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-devel-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* ctdb-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-python3-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy-python3-devel-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-gpupdate-4.15.13+git.736.b791be993ba-150300.3.96.1
* ctdb-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ldb-ldap-4.15.13+git.736.b791be993ba-150300.3.96.1
* openSUSE Leap 15.3 (x86_64)
* samba-winbind-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy0-python3-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-devel-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-python3-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-python3-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy0-python3-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* openSUSE Leap 15.3 (noarch)
* samba-doc-4.15.13+git.736.b791be993ba-150300.3.96.1
* openSUSE Leap 15.3 (aarch64 x86_64)
* samba-ceph-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ceph-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* samba-client-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-libs-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy0-python3-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-libs-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-devel-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-python3-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy0-python3-64bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-python3-64bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le
s390x x86_64)
* samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1
* ctdb-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* ctdb-4.15.13+git.736.b791be993ba-150300.3.96.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* samba-python3-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-dsdb-modules-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ldb-ldap-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy-devel-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy0-python3-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-tool-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy0-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ceph-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ceph-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-dsdb-modules-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-devel-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy-python3-devel-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-gpupdate-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-python3-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ldb-ldap-4.15.13+git.736.b791be993ba-150300.3.96.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64)
* samba-winbind-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-devel-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* samba-python3-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-dsdb-modules-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ldb-ldap-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy-devel-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy0-python3-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-tool-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy0-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-dsdb-modules-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-devel-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy-python3-devel-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-gpupdate-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-python3-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ldb-ldap-4.15.13+git.736.b791be993ba-150300.3.96.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 x86_64)
* samba-ceph-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ceph-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (x86_64)
* samba-winbind-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-devel-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* samba-python3-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-dsdb-modules-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ldb-ldap-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy-devel-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy0-python3-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-tool-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy0-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-dsdb-modules-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-devel-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy-python3-devel-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-gpupdate-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-python3-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ldb-ldap-4.15.13+git.736.b791be993ba-150300.3.96.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* samba-winbind-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-devel-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ceph-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ceph-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* samba-python3-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-dsdb-modules-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ldb-ldap-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy-devel-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy0-python3-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-tool-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy0-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ceph-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ceph-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-dsdb-modules-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-devel-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-python3-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* ctdb-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* libsamba-policy-python3-devel-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-gpupdate-4.15.13+git.736.b791be993ba-150300.3.96.1
* ctdb-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-python3-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ldb-ldap-4.15.13+git.736.b791be993ba-150300.3.96.1
* SUSE Enterprise Storage 7.1 (x86_64)
* samba-winbind-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-devel-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-winbind-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-libs-32bit-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-32bit-4.15.13+git.736.b791be993ba-150300.3.96.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* samba-client-libs-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-debuginfo-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-client-libs-4.15.13+git.736.b791be993ba-150300.3.96.1
* samba-debugsource-4.15.13+git.736.b791be993ba-150300.3.96.1

## References:

* https://www.suse.com/security/cve/CVE-2025-10230.html
* https://www.suse.com/security/cve/CVE-2025-9640.html
* https://bugzilla.suse.com/show_bug.cgi?id=1251279
* https://bugzilla.suse.com/show_bug.cgi?id=1251280



SUSE-SU-2025:3675-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:3675-1
Release Date: 2025-10-20T08:07:00Z
Rating: important
References:

* bsc#1232384
* bsc#1245794
* bsc#1246075
* bsc#1248673
* bsc#1248749
* bsc#1249534

Cross-References:

* CVE-2024-49974
* CVE-2025-21971
* CVE-2025-38206
* CVE-2025-38499
* CVE-2025-38644
* CVE-2025-38678

CVSS scores:

* CVE-2024-49974 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-49974 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-49974 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21971 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21971 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38206 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38206 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38499 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H
* CVE-2025-38499 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
* CVE-2025-38644 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38644 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38678 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_133 fixes several issues.

The following security issues were fixed:

* CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates
(bsc#1249534).
* CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN
in the right userns (bsc#1248673).
* CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous
(bsc#1232384).
* CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT
(bsc#1245794).
* CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not
associated (bsc#1248749).
* CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3675=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3675=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_133-default-debuginfo-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-17-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_31-debugsource-17-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_133-default-debuginfo-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-17-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_31-debugsource-17-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-49974.html
* https://www.suse.com/security/cve/CVE-2025-21971.html
* https://www.suse.com/security/cve/CVE-2025-38206.html
* https://www.suse.com/security/cve/CVE-2025-38499.html
* https://www.suse.com/security/cve/CVE-2025-38644.html
* https://www.suse.com/security/cve/CVE-2025-38678.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232384
* https://bugzilla.suse.com/show_bug.cgi?id=1245794
* https://bugzilla.suse.com/show_bug.cgi?id=1246075
* https://bugzilla.suse.com/show_bug.cgi?id=1248673
* https://bugzilla.suse.com/show_bug.cgi?id=1248749
* https://bugzilla.suse.com/show_bug.cgi?id=1249534



SUSE-SU-2025:3679-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:3679-1
Release Date: 2025-10-20T10:33:58Z
Rating: important
References:

* bsc#1245794
* bsc#1246075
* bsc#1248673
* bsc#1248749
* bsc#1249534

Cross-References:

* CVE-2025-21971
* CVE-2025-38206
* CVE-2025-38499
* CVE-2025-38644
* CVE-2025-38678

CVSS scores:

* CVE-2025-21971 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21971 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38206 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38206 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38499 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H
* CVE-2025-38499 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
* CVE-2025-38644 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38644 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38678 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_153 fixes several issues.

The following security issues were fixed:

* CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates
(bsc#1249534).
* CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN
in the right userns (bsc#1248673).
* CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT
(bsc#1245794).
* CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not
associated (bsc#1248749).
* CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3679=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-3680=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3680=1 SUSE-2025-3679=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-9-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_34-debugsource-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-15-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_37-debugsource-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-9-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-9-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_34-debugsource-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-15-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_37-debugsource-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-9-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21971.html
* https://www.suse.com/security/cve/CVE-2025-38206.html
* https://www.suse.com/security/cve/CVE-2025-38499.html
* https://www.suse.com/security/cve/CVE-2025-38644.html
* https://www.suse.com/security/cve/CVE-2025-38678.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245794
* https://bugzilla.suse.com/show_bug.cgi?id=1246075
* https://bugzilla.suse.com/show_bug.cgi?id=1248673
* https://bugzilla.suse.com/show_bug.cgi?id=1248749
* https://bugzilla.suse.com/show_bug.cgi?id=1249534



SUSE-SU-2025:3683-1: important: Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:3683-1
Release Date: 2025-10-20T17:05:07Z
Rating: important
References:

* bsc#1245794
* bsc#1246075
* bsc#1248673
* bsc#1248749

Cross-References:

* CVE-2025-21971
* CVE-2025-38206
* CVE-2025-38499
* CVE-2025-38644

CVSS scores:

* CVE-2025-21971 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21971 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38206 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38206 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38499 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H
* CVE-2025-38499 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
* CVE-2025-38644 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38644 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_185 fixes several issues.

The following security issues were fixed:

* CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN
in the right userns (bsc#1248673).
* CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT
(bsc#1245794).
* CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not
associated (bsc#1248749).
* CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3683=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3683=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_51-debugsource-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-default-debuginfo-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-default-14-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_185-preempt-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-preempt-debuginfo-14-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_185-default-14-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21971.html
* https://www.suse.com/security/cve/CVE-2025-38206.html
* https://www.suse.com/security/cve/CVE-2025-38499.html
* https://www.suse.com/security/cve/CVE-2025-38644.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245794
* https://bugzilla.suse.com/show_bug.cgi?id=1246075
* https://bugzilla.suse.com/show_bug.cgi?id=1248673
* https://bugzilla.suse.com/show_bug.cgi?id=1248749



SUSE-SU-2025:3681-1: important: Security update for go1.25


# Security update for go1.25

Announcement ID: SUSE-SU-2025:3681-1
Release Date: 2025-10-20T12:46:30Z
Rating: important
References:

* bsc#1244485

Affected Products:

* Development Tools Module 15-SP6
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that has one security fix can now be installed.

## Description:

This update for go1.25 fixes the following issues:

go1.25.3 (released 2025-10-13) includes fixes to the crypto/x509 package.
(bsc#1244485)

* go#75861 crypto/x509: TLS validation fails for FQDNs with trailing dot
* go#75777 spec: Go1.25 spec should be dated closer to actual release date

* Further fixups to the fix for net/url allowing IP literals with IPv4 mapped
IPv6 addresses.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3681=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-3681=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-3681=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3681=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3681=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3681=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3681=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3681=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3681=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3681=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3681=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3681=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3681=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3681=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-3681=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.25-race-1.25.3-150000.1.19.1
* go1.25-doc-1.25.3-150000.1.19.1
* go1.25-1.25.3-150000.1.19.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* go1.25-race-1.25.3-150000.1.19.1
* go1.25-doc-1.25.3-150000.1.19.1
* go1.25-1.25.3-150000.1.19.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* go1.25-race-1.25.3-150000.1.19.1
* go1.25-doc-1.25.3-150000.1.19.1
* go1.25-1.25.3-150000.1.19.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* go1.25-race-1.25.3-150000.1.19.1
* go1.25-doc-1.25.3-150000.1.19.1
* go1.25-1.25.3-150000.1.19.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* go1.25-race-1.25.3-150000.1.19.1
* go1.25-doc-1.25.3-150000.1.19.1
* go1.25-1.25.3-150000.1.19.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* go1.25-race-1.25.3-150000.1.19.1
* go1.25-doc-1.25.3-150000.1.19.1
* go1.25-1.25.3-150000.1.19.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* go1.25-race-1.25.3-150000.1.19.1
* go1.25-doc-1.25.3-150000.1.19.1
* go1.25-1.25.3-150000.1.19.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* go1.25-race-1.25.3-150000.1.19.1
* go1.25-doc-1.25.3-150000.1.19.1
* go1.25-1.25.3-150000.1.19.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* go1.25-race-1.25.3-150000.1.19.1
* go1.25-doc-1.25.3-150000.1.19.1
* go1.25-1.25.3-150000.1.19.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* go1.25-race-1.25.3-150000.1.19.1
* go1.25-doc-1.25.3-150000.1.19.1
* go1.25-1.25.3-150000.1.19.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* go1.25-race-1.25.3-150000.1.19.1
* go1.25-doc-1.25.3-150000.1.19.1
* go1.25-1.25.3-150000.1.19.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* go1.25-race-1.25.3-150000.1.19.1
* go1.25-doc-1.25.3-150000.1.19.1
* go1.25-1.25.3-150000.1.19.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* go1.25-race-1.25.3-150000.1.19.1
* go1.25-doc-1.25.3-150000.1.19.1
* go1.25-1.25.3-150000.1.19.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* go1.25-race-1.25.3-150000.1.19.1
* go1.25-doc-1.25.3-150000.1.19.1
* go1.25-1.25.3-150000.1.19.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* go1.25-race-1.25.3-150000.1.19.1
* go1.25-doc-1.25.3-150000.1.19.1
* go1.25-1.25.3-150000.1.19.1

## References:

* https://bugzilla.suse.com/show_bug.cgi?id=1244485



SUSE-SU-2025:3682-1: important: Security update for go1.24


# Security update for go1.24

Announcement ID: SUSE-SU-2025:3682-1
Release Date: 2025-10-20T13:12:46Z
Rating: important
References:

* bsc#1236217
* bsc#1251253
* bsc#1251254
* bsc#1251255
* bsc#1251256
* bsc#1251257
* bsc#1251258
* bsc#1251259
* bsc#1251260
* bsc#1251261
* bsc#1251262

Cross-References:

* CVE-2025-47912
* CVE-2025-58183
* CVE-2025-58185
* CVE-2025-58186
* CVE-2025-58187
* CVE-2025-58188
* CVE-2025-58189
* CVE-2025-61723
* CVE-2025-61724
* CVE-2025-61725

CVSS scores:

* CVE-2025-47912 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-47912 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-58183 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58183 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-58185 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58185 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58186 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58186 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58187 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58187 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58188 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-58188 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-58189 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
* CVE-2025-58189 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
* CVE-2025-61723 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-61723 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-61724 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-61724 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-61725 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61725 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* Development Tools Module 15-SP6
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves 10 vulnerabilities and has one security fix can now be
installed.

## Description:

This update for go1.24 fixes the following issues:

go1.24.9 (released 2025-10-13) includes fixes to the crypto/x509 package.
(bsc#1236217)

* crypto/x509: TLS validation fails for FQDNs with trailing dot

go1.24.8 (released 2025-10-07) includes security fixes to the archive/tar,
crypto/tls, crypto/x509, encoding/asn1, encoding/pem, net/http, net/mail,
net/textproto, and net/url packages, as well as bug fixes to the compiler, the
linker, and the debug/pe, net/http, os, and sync/atomic packages. (bsc#1236217)

CVE-2025-58189 CVE-2025-61725 CVE-2025-58188 CVE-2025-58185 CVE-2025-58186
CVE-2025-61723 CVE-2025-58183 CVE-2025-47912 CVE-2025-58187 CVE-2025-61724:

* bsc#1251255 CVE-2025-58189: crypto/tls: ALPN negotiation error contains
attacker controlled information
* bsc#1251253 CVE-2025-61725: net/mail: excessive CPU consumption in
ParseAddress
* bsc#1251260 CVE-2025-58188: crypto/x509: panic when validating certificates
with DSA public keys
* bsc#1251258 CVE-2025-58185: encoding/asn1: pre-allocating memory when
parsing DER payload can cause memory exhaustion
* bsc#1251259 CVE-2025-58186: net/http: lack of limit when parsing cookies can
cause memory exhaustion
* bsc#1251256 CVE-2025-61723: encoding/pem: quadratic complexity when parsing
some invalid inputs
* bsc#1251261 CVE-2025-58183: archive/tar: unbounded allocation when parsing
GNU sparse map
* bsc#1251257 CVE-2025-47912: net/url: insufficient validation of bracketed
IPv6 hostnames
* bsc#1251254 CVE-2025-58187: crypto/x509: quadratic complexity when checking
name constraints
* bsc#1251262 CVE-2025-61724: net/textproto: excessive CPU consumption in
Reader.ReadResponse
* os: Root.OpenRoot sets incorrect name, losing prefix of original root
* debug/pe: pe.Open fails on object files produced by llvm-mingw 21
* cmd/link: panic on riscv64 with CGO enabled due to empty container symbol
* net: new test TestIPv4WriteMsgUDPAddrPortTargetAddrIPVersion fails on plan9
* os: new test TestOpenFileCreateExclDanglingSymlink fails on Plan 9
* crypto/internal/fips140/rsa: requires a panic if self-tests fail
* net/http: internal error: connCount underflow
* cmd/compile: internal compiler error with GOEXPERIMENT=cgocheck2 on
github.com/leodido/go-urn
* sync/atomic: comment for Uintptr.Or incorrectly describes return value

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-3682=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3682=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-3682=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-3682=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3682=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3682=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3682=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3682=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3682=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3682=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3682=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3682=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3682=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3682=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3682=1

## Package List:

* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* go1.24-1.24.9-150000.1.42.1
* go1.24-race-1.24.9-150000.1.42.1
* go1.24-doc-1.24.9-150000.1.42.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.24-1.24.9-150000.1.42.1
* go1.24-race-1.24.9-150000.1.42.1
* go1.24-doc-1.24.9-150000.1.42.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* go1.24-1.24.9-150000.1.42.1
* go1.24-race-1.24.9-150000.1.42.1
* go1.24-doc-1.24.9-150000.1.42.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* go1.24-1.24.9-150000.1.42.1
* go1.24-race-1.24.9-150000.1.42.1
* go1.24-doc-1.24.9-150000.1.42.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* go1.24-1.24.9-150000.1.42.1
* go1.24-race-1.24.9-150000.1.42.1
* go1.24-doc-1.24.9-150000.1.42.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* go1.24-1.24.9-150000.1.42.1
* go1.24-race-1.24.9-150000.1.42.1
* go1.24-doc-1.24.9-150000.1.42.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* go1.24-1.24.9-150000.1.42.1
* go1.24-race-1.24.9-150000.1.42.1
* go1.24-doc-1.24.9-150000.1.42.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* go1.24-1.24.9-150000.1.42.1
* go1.24-race-1.24.9-150000.1.42.1
* go1.24-doc-1.24.9-150000.1.42.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* go1.24-1.24.9-150000.1.42.1
* go1.24-race-1.24.9-150000.1.42.1
* go1.24-doc-1.24.9-150000.1.42.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* go1.24-1.24.9-150000.1.42.1
* go1.24-race-1.24.9-150000.1.42.1
* go1.24-doc-1.24.9-150000.1.42.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* go1.24-1.24.9-150000.1.42.1
* go1.24-race-1.24.9-150000.1.42.1
* go1.24-doc-1.24.9-150000.1.42.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* go1.24-1.24.9-150000.1.42.1
* go1.24-race-1.24.9-150000.1.42.1
* go1.24-doc-1.24.9-150000.1.42.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* go1.24-1.24.9-150000.1.42.1
* go1.24-race-1.24.9-150000.1.42.1
* go1.24-doc-1.24.9-150000.1.42.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* go1.24-1.24.9-150000.1.42.1
* go1.24-race-1.24.9-150000.1.42.1
* go1.24-doc-1.24.9-150000.1.42.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* go1.24-1.24.9-150000.1.42.1
* go1.24-race-1.24.9-150000.1.42.1
* go1.24-doc-1.24.9-150000.1.42.1

## References:

* https://www.suse.com/security/cve/CVE-2025-47912.html
* https://www.suse.com/security/cve/CVE-2025-58183.html
* https://www.suse.com/security/cve/CVE-2025-58185.html
* https://www.suse.com/security/cve/CVE-2025-58186.html
* https://www.suse.com/security/cve/CVE-2025-58187.html
* https://www.suse.com/security/cve/CVE-2025-58188.html
* https://www.suse.com/security/cve/CVE-2025-58189.html
* https://www.suse.com/security/cve/CVE-2025-61723.html
* https://www.suse.com/security/cve/CVE-2025-61724.html
* https://www.suse.com/security/cve/CVE-2025-61725.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236217
* https://bugzilla.suse.com/show_bug.cgi?id=1251253
* https://bugzilla.suse.com/show_bug.cgi?id=1251254
* https://bugzilla.suse.com/show_bug.cgi?id=1251255
* https://bugzilla.suse.com/show_bug.cgi?id=1251256
* https://bugzilla.suse.com/show_bug.cgi?id=1251257
* https://bugzilla.suse.com/show_bug.cgi?id=1251258
* https://bugzilla.suse.com/show_bug.cgi?id=1251259
* https://bugzilla.suse.com/show_bug.cgi?id=1251260
* https://bugzilla.suse.com/show_bug.cgi?id=1251261
* https://bugzilla.suse.com/show_bug.cgi?id=1251262


Kernel, Firefox, .NET, and more updates for AlmaLinux

Samba, Kernel, GStreamer, Python LDAP updates for Ubuntu

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...