Multiple security updates have been released for SUSE Linux, addressing vulnerabilities across various packages. The updates include patches for Kerberos (krb5), Process Control and Communication (pcp), the Linux Kernel with live patches 5 and 9, RabbitMQ Server 3.1.3, and libavif.

SUSE-SU-2025:03227-1: moderate: Security update for krb5
SUSE-SU-2025:03233-1: important: Security update for pcp
SUSE-SU-2025:03226-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)
SUSE-SU-2025:03235-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)
SUSE-SU-2025:03234-1: moderate: Security update for rabbitmq-server313
SUSE-SU-2025:03237-1: important: Security update for libavif
openSUSE-SU-2025:0356-1: moderate: Security update for onefetch

SUSE-SU-2025:03227-1: moderate: Security update for krb5

# Security update for krb5

Announcement ID: SUSE-SU-2025:03227-1
Release Date: 2025-09-15T12:33:26Z
Rating: moderate
References:

* bsc#1241219

Cross-References:

* CVE-2025-3576

CVSS scores:

* CVE-2025-3576 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-3576 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-3576 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2

An update that solves one vulnerability can now be installed.

## Description:

This update for krb5 fixes the following issues:

* CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of
GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219).

Krb5, as a very old protocol, supported quite a number of ciphers that are not
longer up to current cryptographic standards.

To avoid problems with those, SUSE has by default now disabled those alorithms.

The following algorithms have been removed from valid krb5 enctypes:

* des3-cbc-sha1
* arcfour-hmac-md5

To reenable those algorithms, you can use allow options in `krb5.conf`:

[libdefaults]
allow_des3 = true
allow_rc4 = true

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3227=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-3227=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-3227=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-3227=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* krb5-debuginfo-1.19.2-150300.25.1
* krb5-plugin-preauth-spake-1.19.2-150300.25.1
* krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.25.1
* krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.25.1
* krb5-mini-1.19.2-150300.25.1
* krb5-1.19.2-150300.25.1
* krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.25.1
* krb5-server-1.19.2-150300.25.1
* krb5-client-1.19.2-150300.25.1
* krb5-client-debuginfo-1.19.2-150300.25.1
* krb5-devel-1.19.2-150300.25.1
* krb5-mini-devel-1.19.2-150300.25.1
* krb5-plugin-preauth-pkinit-1.19.2-150300.25.1
* krb5-plugin-preauth-otp-1.19.2-150300.25.1
* krb5-mini-debuginfo-1.19.2-150300.25.1
* krb5-debugsource-1.19.2-150300.25.1
* krb5-server-debuginfo-1.19.2-150300.25.1
* krb5-plugin-kdb-ldap-1.19.2-150300.25.1
* krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.25.1
* krb5-mini-debugsource-1.19.2-150300.25.1
* openSUSE Leap 15.3 (x86_64)
* krb5-devel-32bit-1.19.2-150300.25.1
* krb5-32bit-1.19.2-150300.25.1
* krb5-32bit-debuginfo-1.19.2-150300.25.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* krb5-64bit-1.19.2-150300.25.1
* krb5-devel-64bit-1.19.2-150300.25.1
* krb5-64bit-debuginfo-1.19.2-150300.25.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* krb5-debuginfo-1.19.2-150300.25.1
* krb5-1.19.2-150300.25.1
* krb5-debugsource-1.19.2-150300.25.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* krb5-debuginfo-1.19.2-150300.25.1
* krb5-1.19.2-150300.25.1
* krb5-debugsource-1.19.2-150300.25.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* krb5-debuginfo-1.19.2-150300.25.1
* krb5-1.19.2-150300.25.1
* krb5-debugsource-1.19.2-150300.25.1

## References:

* https://www.suse.com/security/cve/CVE-2025-3576.html
* https://bugzilla.suse.com/show_bug.cgi?id=1241219

SUSE-SU-2025:03233-1: important: Security update for pcp

# Security update for pcp

Announcement ID: SUSE-SU-2025:03233-1
Release Date: 2025-09-15T13:16:57Z
Rating: important
References:

* bsc#1222121

Cross-References:

* CVE-2024-3019

CVSS scores:

* CVE-2024-3019 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves one vulnerability can now be installed.

## Description:

This update for pcp fixes the following issues:

* CVE-2024-3019: exposure of the redis server backend allows remote command
execution via pmproxy (bsc#1222121).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3233=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3233=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3233=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3233=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-3233=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* pcp-import-collectl2pcp-5.2.2-150300.3.3.1
* pcp-pmda-apache-5.2.2-150300.3.3.1
* perl-PCP-MMV-5.2.2-150300.3.3.1
* pcp-zeroconf-5.2.2-150300.3.3.1
* pcp-pmda-named-5.2.2-150300.3.3.1
* libpcp_web1-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-memcache-5.2.2-150300.3.3.1
* pcp-export-pcp2json-5.2.2-150300.3.3.1
* python3-pcp-5.2.2-150300.3.3.1
* libpcp_gui2-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-cifs-5.2.2-150300.3.3.1
* pcp-devel-debuginfo-5.2.2-150300.3.3.1
* pcp-export-pcp2graphite-5.2.2-150300.3.3.1
* pcp-export-pcp2spark-5.2.2-150300.3.3.1
* pcp-pmda-gluster-5.2.2-150300.3.3.1
* pcp-pmda-rabbitmq-5.2.2-150300.3.3.1
* pcp-pmda-ds389-5.2.2-150300.3.3.1
* pcp-pmda-bash-5.2.2-150300.3.3.1
* libpcp-devel-5.2.2-150300.3.3.1
* pcp-pmda-zswap-5.2.2-150300.3.3.1
* pcp-pmda-sendmail-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-systemd-5.2.2-150300.3.3.1
* pcp-pmda-smart-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-bonding-5.2.2-150300.3.3.1
* pcp-pmda-nfsclient-5.2.2-150300.3.3.1
* perl-PCP-MMV-debuginfo-5.2.2-150300.3.3.1
* libpcp3-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-mailq-5.2.2-150300.3.3.1
* pcp-system-tools-debuginfo-5.2.2-150300.3.3.1
* perl-PCP-LogImport-debuginfo-5.2.2-150300.3.3.1
* perl-PCP-LogSummary-5.2.2-150300.3.3.1
* pcp-pmda-lustre-5.2.2-150300.3.3.1
* perl-PCP-LogImport-5.2.2-150300.3.3.1
* pcp-pmda-roomtemp-5.2.2-150300.3.3.1
* pcp-pmda-rpm-5.2.2-150300.3.3.1
* pcp-pmda-slurm-5.2.2-150300.3.3.1
* pcp-import-ganglia2pcp-5.2.2-150300.3.3.1
* perl-PCP-PMDA-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-smart-5.2.2-150300.3.3.1
* pcp-pmda-mic-5.2.2-150300.3.3.1
* pcp-pmda-oracle-5.2.2-150300.3.3.1
* pcp-pmda-logger-5.2.2-150300.3.3.1
* pcp-pmda-netcheck-5.2.2-150300.3.3.1
* pcp-import-collectl2pcp-debuginfo-5.2.2-150300.3.3.1
* pcp-testsuite-5.2.2-150300.3.3.1
* pcp-pmda-shping-debuginfo-5.2.2-150300.3.3.1
* libpcp_gui2-5.2.2-150300.3.3.1
* pcp-pmda-openvswitch-5.2.2-150300.3.3.1
* pcp-pmda-elasticsearch-5.2.2-150300.3.3.1
* pcp-pmda-mounts-5.2.2-150300.3.3.1
* pcp-pmda-activemq-5.2.2-150300.3.3.1
* pcp-pmda-pdns-5.2.2-150300.3.3.1
* libpcp3-5.2.2-150300.3.3.1
* pcp-pmda-logger-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-trace-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-netfilter-5.2.2-150300.3.3.1
* pcp-pmda-docker-debuginfo-5.2.2-150300.3.3.1
* pcp-gui-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-docker-5.2.2-150300.3.3.1
* pcp-pmda-unbound-5.2.2-150300.3.3.1
* pcp-pmda-samba-5.2.2-150300.3.3.1
* libpcp_import1-5.2.2-150300.3.3.1
* pcp-pmda-bash-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-postfix-5.2.2-150300.3.3.1
* pcp-pmda-gpfs-5.2.2-150300.3.3.1
* pcp-import-sar2pcp-5.2.2-150300.3.3.1
* pcp-export-pcp2xml-5.2.2-150300.3.3.1
* pcp-pmda-bind2-5.2.2-150300.3.3.1
* libpcp_import1-debuginfo-5.2.2-150300.3.3.1
* pcp-conf-5.2.2-150300.3.3.1
* pcp-pmda-shping-5.2.2-150300.3.3.1
* perl-PCP-PMDA-5.2.2-150300.3.3.1
* pcp-pmda-news-5.2.2-150300.3.3.1
* libpcp_mmv1-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-lustrecomm-debuginfo-5.2.2-150300.3.3.1
* pcp-devel-5.2.2-150300.3.3.1
* pcp-pmda-rpm-debuginfo-5.2.2-150300.3.3.1
* libpcp_web1-5.2.2-150300.3.3.1
* pcp-pmda-gpsd-5.2.2-150300.3.3.1
* pcp-pmda-sendmail-5.2.2-150300.3.3.1
* pcp-pmda-lmsensors-5.2.2-150300.3.3.1
* pcp-pmda-nvidia-gpu-5.2.2-150300.3.3.1
* pcp-pmda-cisco-debuginfo-5.2.2-150300.3.3.1
* pcp-5.2.2-150300.3.3.1
* pcp-pmda-zimbra-5.2.2-150300.3.3.1
* pcp-export-pcp2elasticsearch-5.2.2-150300.3.3.1
* pcp-pmda-dm-5.2.2-150300.3.3.1
* pcp-pmda-mounts-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-cisco-5.2.2-150300.3.3.1
* pcp-pmda-trace-5.2.2-150300.3.3.1
* pcp-pmda-vmware-5.2.2-150300.3.3.1
* pcp-pmda-openmetrics-5.2.2-150300.3.3.1
* pcp-export-pcp2influxdb-5.2.2-150300.3.3.1
* pcp-testsuite-debuginfo-5.2.2-150300.3.3.1
* libpcp_trace2-debuginfo-5.2.2-150300.3.3.1
* pcp-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-cifs-debuginfo-5.2.2-150300.3.3.1
* pcp-debugsource-5.2.2-150300.3.3.1
* python3-pcp-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-gfs2-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-lustrecomm-5.2.2-150300.3.3.1
* pcp-pmda-rsyslog-5.2.2-150300.3.3.1
* libpcp_trace2-5.2.2-150300.3.3.1
* pcp-pmda-nvidia-gpu-debuginfo-5.2.2-150300.3.3.1
* pcp-import-iostat2pcp-5.2.2-150300.3.3.1
* pcp-pmda-redis-5.2.2-150300.3.3.1
* pcp-pmda-ds389log-5.2.2-150300.3.3.1
* pcp-pmda-mailq-debuginfo-5.2.2-150300.3.3.1
* pcp-system-tools-5.2.2-150300.3.3.1
* pcp-pmda-nutcracker-5.2.2-150300.3.3.1
* pcp-pmda-haproxy-5.2.2-150300.3.3.1
* pcp-pmda-dm-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-dbping-5.2.2-150300.3.3.1
* pcp-pmda-nginx-5.2.2-150300.3.3.1
* libpcp_mmv1-5.2.2-150300.3.3.1
* pcp-pmda-gfs2-5.2.2-150300.3.3.1
* pcp-pmda-roomtemp-debuginfo-5.2.2-150300.3.3.1
* pcp-export-pcp2zabbix-5.2.2-150300.3.3.1
* pcp-pmda-mysql-5.2.2-150300.3.3.1
* pcp-pmda-json-5.2.2-150300.3.3.1
* pcp-pmda-weblog-5.2.2-150300.3.3.1
* pcp-pmda-summary-5.2.2-150300.3.3.1
* pcp-import-mrtg2pcp-5.2.2-150300.3.3.1
* pcp-pmda-weblog-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-systemd-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-summary-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-apache-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-snmp-5.2.2-150300.3.3.1
* pcp-gui-5.2.2-150300.3.3.1
* openSUSE Leap 15.3 (noarch)
* pcp-doc-5.2.2-150300.3.3.1
* openSUSE Leap 15.3 (aarch64 ppc64le x86_64 i586)
* pcp-pmda-infiniband-debuginfo-5.2.2-150300.3.3.1
* pcp-pmda-perfevent-5.2.2-150300.3.3.1
* pcp-pmda-infiniband-5.2.2-150300.3.3.1
* pcp-pmda-perfevent-debuginfo-5.2.2-150300.3.3.1
* openSUSE Leap 15.3 (x86_64)
* pcp-pmda-mssql-5.2.2-150300.3.3.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* pcp-debuginfo-5.2.2-150300.3.3.1
* pcp-import-sar2pcp-5.2.2-150300.3.3.1
* perl-PCP-LogImport-5.2.2-150300.3.3.1
* perl-PCP-MMV-5.2.2-150300.3.3.1
* libpcp_import1-debuginfo-5.2.2-150300.3.3.1
* libpcp_web1-debuginfo-5.2.2-150300.3.3.1
* pcp-debugsource-5.2.2-150300.3.3.1
* python3-pcp-debuginfo-5.2.2-150300.3.3.1
* pcp-conf-5.2.2-150300.3.3.1
* perl-PCP-PMDA-5.2.2-150300.3.3.1
* libpcp_trace2-5.2.2-150300.3.3.1
* python3-pcp-5.2.2-150300.3.3.1
* libpcp_gui2-debuginfo-5.2.2-150300.3.3.1
* perl-PCP-PMDA-debuginfo-5.2.2-150300.3.3.1
* pcp-import-iostat2pcp-5.2.2-150300.3.3.1
* libpcp_mmv1-debuginfo-5.2.2-150300.3.3.1
* pcp-devel-debuginfo-5.2.2-150300.3.3.1
* pcp-system-tools-5.2.2-150300.3.3.1
* pcp-devel-5.2.2-150300.3.3.1
* libpcp_gui2-5.2.2-150300.3.3.1
* libpcp_web1-5.2.2-150300.3.3.1
* libpcp-devel-5.2.2-150300.3.3.1
* pcp-5.2.2-150300.3.3.1
* libpcp3-5.2.2-150300.3.3.1
* libpcp_mmv1-5.2.2-150300.3.3.1
* perl-PCP-MMV-debuginfo-5.2.2-150300.3.3.1
* libpcp3-debuginfo-5.2.2-150300.3.3.1
* pcp-system-tools-debuginfo-5.2.2-150300.3.3.1
* perl-PCP-LogImport-debuginfo-5.2.2-150300.3.3.1
* pcp-import-mrtg2pcp-5.2.2-150300.3.3.1
* libpcp_import1-5.2.2-150300.3.3.1
* perl-PCP-LogSummary-5.2.2-150300.3.3.1
* libpcp_trace2-debuginfo-5.2.2-150300.3.3.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* pcp-doc-5.2.2-150300.3.3.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* pcp-debuginfo-5.2.2-150300.3.3.1
* pcp-import-sar2pcp-5.2.2-150300.3.3.1
* perl-PCP-LogImport-5.2.2-150300.3.3.1
* perl-PCP-MMV-5.2.2-150300.3.3.1
* libpcp_import1-debuginfo-5.2.2-150300.3.3.1
* libpcp_web1-debuginfo-5.2.2-150300.3.3.1
* pcp-debugsource-5.2.2-150300.3.3.1
* python3-pcp-debuginfo-5.2.2-150300.3.3.1
* pcp-conf-5.2.2-150300.3.3.1
* perl-PCP-PMDA-5.2.2-150300.3.3.1
* libpcp_trace2-5.2.2-150300.3.3.1
* python3-pcp-5.2.2-150300.3.3.1
* libpcp_gui2-debuginfo-5.2.2-150300.3.3.1
* perl-PCP-PMDA-debuginfo-5.2.2-150300.3.3.1
* pcp-import-iostat2pcp-5.2.2-150300.3.3.1
* libpcp_mmv1-debuginfo-5.2.2-150300.3.3.1
* pcp-devel-debuginfo-5.2.2-150300.3.3.1
* pcp-system-tools-5.2.2-150300.3.3.1
* pcp-devel-5.2.2-150300.3.3.1
* libpcp_gui2-5.2.2-150300.3.3.1
* libpcp_web1-5.2.2-150300.3.3.1
* libpcp-devel-5.2.2-150300.3.3.1
* pcp-5.2.2-150300.3.3.1
* libpcp3-5.2.2-150300.3.3.1
* libpcp_mmv1-5.2.2-150300.3.3.1
* perl-PCP-MMV-debuginfo-5.2.2-150300.3.3.1
* libpcp3-debuginfo-5.2.2-150300.3.3.1
* pcp-system-tools-debuginfo-5.2.2-150300.3.3.1
* perl-PCP-LogImport-debuginfo-5.2.2-150300.3.3.1
* pcp-import-mrtg2pcp-5.2.2-150300.3.3.1
* libpcp_import1-5.2.2-150300.3.3.1
* perl-PCP-LogSummary-5.2.2-150300.3.3.1
* libpcp_trace2-debuginfo-5.2.2-150300.3.3.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* pcp-doc-5.2.2-150300.3.3.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le x86_64)
* pcp-pmda-perfevent-5.2.2-150300.3.3.1
* pcp-pmda-perfevent-debuginfo-5.2.2-150300.3.3.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* pcp-debuginfo-5.2.2-150300.3.3.1
* pcp-import-sar2pcp-5.2.2-150300.3.3.1
* perl-PCP-LogImport-5.2.2-150300.3.3.1
* perl-PCP-MMV-5.2.2-150300.3.3.1
* libpcp_import1-debuginfo-5.2.2-150300.3.3.1
* libpcp_web1-debuginfo-5.2.2-150300.3.3.1
* pcp-debugsource-5.2.2-150300.3.3.1
* python3-pcp-debuginfo-5.2.2-150300.3.3.1
* pcp-conf-5.2.2-150300.3.3.1
* perl-PCP-PMDA-5.2.2-150300.3.3.1
* libpcp_trace2-5.2.2-150300.3.3.1
* python3-pcp-5.2.2-150300.3.3.1
* libpcp_gui2-debuginfo-5.2.2-150300.3.3.1
* perl-PCP-PMDA-debuginfo-5.2.2-150300.3.3.1
* pcp-import-iostat2pcp-5.2.2-150300.3.3.1
* libpcp_mmv1-debuginfo-5.2.2-150300.3.3.1
* pcp-devel-debuginfo-5.2.2-150300.3.3.1
* pcp-system-tools-5.2.2-150300.3.3.1
* pcp-devel-5.2.2-150300.3.3.1
* libpcp_gui2-5.2.2-150300.3.3.1
* libpcp_web1-5.2.2-150300.3.3.1
* libpcp-devel-5.2.2-150300.3.3.1
* pcp-5.2.2-150300.3.3.1
* libpcp3-5.2.2-150300.3.3.1
* libpcp_mmv1-5.2.2-150300.3.3.1
* perl-PCP-MMV-debuginfo-5.2.2-150300.3.3.1
* libpcp3-debuginfo-5.2.2-150300.3.3.1
* pcp-system-tools-debuginfo-5.2.2-150300.3.3.1
* perl-PCP-LogImport-debuginfo-5.2.2-150300.3.3.1
* pcp-import-mrtg2pcp-5.2.2-150300.3.3.1
* libpcp_import1-5.2.2-150300.3.3.1
* perl-PCP-LogSummary-5.2.2-150300.3.3.1
* libpcp_trace2-debuginfo-5.2.2-150300.3.3.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* pcp-doc-5.2.2-150300.3.3.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le)
* pcp-pmda-perfevent-5.2.2-150300.3.3.1
* pcp-pmda-perfevent-debuginfo-5.2.2-150300.3.3.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* pcp-debuginfo-5.2.2-150300.3.3.1
* pcp-import-sar2pcp-5.2.2-150300.3.3.1
* perl-PCP-LogImport-5.2.2-150300.3.3.1
* perl-PCP-MMV-5.2.2-150300.3.3.1
* libpcp_import1-debuginfo-5.2.2-150300.3.3.1
* libpcp_web1-debuginfo-5.2.2-150300.3.3.1
* pcp-debugsource-5.2.2-150300.3.3.1
* python3-pcp-debuginfo-5.2.2-150300.3.3.1
* pcp-conf-5.2.2-150300.3.3.1
* perl-PCP-PMDA-5.2.2-150300.3.3.1
* libpcp_trace2-5.2.2-150300.3.3.1
* python3-pcp-5.2.2-150300.3.3.1
* libpcp_gui2-debuginfo-5.2.2-150300.3.3.1
* perl-PCP-PMDA-debuginfo-5.2.2-150300.3.3.1
* pcp-import-iostat2pcp-5.2.2-150300.3.3.1
* libpcp_mmv1-debuginfo-5.2.2-150300.3.3.1
* pcp-devel-debuginfo-5.2.2-150300.3.3.1
* pcp-system-tools-5.2.2-150300.3.3.1
* pcp-devel-5.2.2-150300.3.3.1
* libpcp_gui2-5.2.2-150300.3.3.1
* libpcp_web1-5.2.2-150300.3.3.1
* libpcp-devel-5.2.2-150300.3.3.1
* pcp-5.2.2-150300.3.3.1
* libpcp3-5.2.2-150300.3.3.1
* libpcp_mmv1-5.2.2-150300.3.3.1
* pcp-pmda-perfevent-debuginfo-5.2.2-150300.3.3.1
* perl-PCP-MMV-debuginfo-5.2.2-150300.3.3.1
* libpcp3-debuginfo-5.2.2-150300.3.3.1
* pcp-system-tools-debuginfo-5.2.2-150300.3.3.1
* perl-PCP-LogImport-debuginfo-5.2.2-150300.3.3.1
* pcp-import-mrtg2pcp-5.2.2-150300.3.3.1
* libpcp_import1-5.2.2-150300.3.3.1
* perl-PCP-LogSummary-5.2.2-150300.3.3.1
* pcp-pmda-perfevent-5.2.2-150300.3.3.1
* libpcp_trace2-debuginfo-5.2.2-150300.3.3.1
* SUSE Enterprise Storage 7.1 (noarch)
* pcp-doc-5.2.2-150300.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2024-3019.html
* https://bugzilla.suse.com/show_bug.cgi?id=1222121

SUSE-SU-2025:03226-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)

# Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:03226-1
Release Date: 2025-09-15T12:06:05Z
Rating: important
References:

* bsc#1231676
* bsc#1231943
* bsc#1232271
* bsc#1236207
* bsc#1242579
* bsc#1244235
* bsc#1245505
* bsc#1245775
* bsc#1245791
* bsc#1245805
* bsc#1246030
* bsc#1248108

Cross-References:

* CVE-2024-47674
* CVE-2024-47706
* CVE-2024-49867
* CVE-2025-21659
* CVE-2025-21701
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38087
* CVE-2025-38212

CVSS scores:

* CVE-2024-47674 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47706 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-49867 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21659 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-21659 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38087 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves 11 vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_25 fixes several issues.

The following security issues were fixed:

* CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier
(bsc#1245504).
* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner
kthread during umount (bsc#1232271).
* CVE-2025-21659: netdev: prevent accessing NAPI instances from another
namespace (bsc#1236207).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case
(bsc#1231676).
* CVE-2025-21701: net: avoid race between device unregistration and ethnl ops
(bsc#1245805).
* CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain
(bsc#1231943).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3226=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3226=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-15-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_5-debugsource-15-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-15-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-15-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_5-debugsource-15-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-15-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-47674.html
* https://www.suse.com/security/cve/CVE-2024-47706.html
* https://www.suse.com/security/cve/CVE-2024-49867.html
* https://www.suse.com/security/cve/CVE-2025-21659.html
* https://www.suse.com/security/cve/CVE-2025-21701.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38087.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231676
* https://bugzilla.suse.com/show_bug.cgi?id=1231943
* https://bugzilla.suse.com/show_bug.cgi?id=1232271
* https://bugzilla.suse.com/show_bug.cgi?id=1236207
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245505
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1245805
* https://bugzilla.suse.com/show_bug.cgi?id=1246030
* https://bugzilla.suse.com/show_bug.cgi?id=1248108

SUSE-SU-2025:03235-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)

# Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:03235-1
Release Date: 2025-09-15T14:06:02Z
Rating: important
References:

* bsc#1236207
* bsc#1242579
* bsc#1244235
* bsc#1245505
* bsc#1245775
* bsc#1245791
* bsc#1245805
* bsc#1246030
* bsc#1248108

Cross-References:

* CVE-2025-21659
* CVE-2025-21701
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38087
* CVE-2025-38212

CVSS scores:

* CVE-2025-21659 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-21659 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38087 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves eight vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_42 fixes several issues.

The following security issues were fixed:

* CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier
(bsc#1245504).
* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-21659: netdev: prevent accessing NAPI instances from another
namespace (bsc#1236207).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2025-21701: net: avoid race between device unregistration and ethnl ops
(bsc#1245805).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3235=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3235=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_9-debugsource-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-6-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_9-debugsource-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-6-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21659.html
* https://www.suse.com/security/cve/CVE-2025-21701.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38087.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236207
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245505
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1245805
* https://bugzilla.suse.com/show_bug.cgi?id=1246030
* https://bugzilla.suse.com/show_bug.cgi?id=1248108

SUSE-SU-2025:03234-1: moderate: Security update for rabbitmq-server313

# Security update for rabbitmq-server313

Announcement ID: SUSE-SU-2025:03234-1
Release Date: 2025-09-15T13:23:42Z
Rating: moderate
References:

* bsc#1245105
* bsc#1246091

Cross-References:

* CVE-2025-50200

CVSS scores:

* CVE-2025-50200 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-50200 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-50200 ( NVD ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-50200 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for rabbitmq-server313 fixes the following issues:

* CVE-2025-50200: Fixed logging of Basic Auth header from an HTTP request
(bsc#1245105)
* Fixed bad logrotate configuration allowing potential escalation from
rabbitmq to root (bsc#1246091)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3234=1 SUSE-2025-3234=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-3234=1

* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-3234=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* rabbitmq-server313-3.13.1-150600.13.11.1
* erlang-rabbitmq-client313-3.13.1-150600.13.11.1
* rabbitmq-server313-plugins-3.13.1-150600.13.11.1
* openSUSE Leap 15.6 (noarch)
* rabbitmq-server313-zsh-completion-3.13.1-150600.13.11.1
* rabbitmq-server313-bash-completion-3.13.1-150600.13.11.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* rabbitmq-server313-3.13.1-150600.13.11.1
* erlang-rabbitmq-client313-3.13.1-150600.13.11.1
* rabbitmq-server313-plugins-3.13.1-150600.13.11.1
* Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* rabbitmq-server313-3.13.1-150600.13.11.1
* erlang-rabbitmq-client313-3.13.1-150600.13.11.1
* rabbitmq-server313-plugins-3.13.1-150600.13.11.1
* Server Applications Module 15-SP7 (noarch)
* rabbitmq-server313-zsh-completion-3.13.1-150600.13.11.1
* rabbitmq-server313-bash-completion-3.13.1-150600.13.11.1

## References:

* https://www.suse.com/security/cve/CVE-2025-50200.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245105
* https://bugzilla.suse.com/show_bug.cgi?id=1246091

SUSE-SU-2025:03237-1: important: Security update for libavif

# Security update for libavif

Announcement ID: SUSE-SU-2025:03237-1
Release Date: 2025-09-16T10:05:03Z
Rating: important
References:

* bsc#1217614
* bsc#1217615
* bsc#1243269
* bsc#1243270
* jsc#PED-13277

Cross-References:

* CVE-2023-6350
* CVE-2023-6351
* CVE-2025-48174
* CVE-2025-48175

CVSS scores:

* CVE-2023-6350 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-6351 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-48174 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-48174 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
* CVE-2025-48174 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-48174 ( NVD ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L
* CVE-2025-48175 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-48175 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
* CVE-2025-48175 ( NVD ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L
* CVE-2025-48175 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Proxy 4.3 LTS
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Retail Branch Server 4.3 LTS
* SUSE Manager Server 4.3
* SUSE Manager Server 4.3 LTS

An update that solves four vulnerabilities and contains one feature can now be
installed.

## Description:

This update for libavif fixes the following issues:

Update to 1.3.0:

* CVE-2025-48175: Fixed an integer overflows in multiplications involving
rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes. (bsc#1243270)
* CVE-2025-48174: Fixed an integer overflow and resultant buffer overflow in
stream->offset+size. (bsc#1243269)
* CVE-2023-6350: Fixed an out of bounds memory to alphaItemIndices.
(bsc#1217614)
* CVE-2023-6351: Fixed a use-after-free in colorProperties. (bsc#1217615)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3237=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3237=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3237=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3237=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3237=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3237=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3237=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3237=1

* SUSE Manager Proxy 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-3237=1

* SUSE Manager Retail Branch Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-LTS-2025-3237=1

* SUSE Manager Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3237=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3237=1

## Package List:

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libavif16-1.3.0-150400.3.6.1
* libavif-debugsource-1.3.0-150400.3.6.1
* libavif16-debuginfo-1.3.0-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libavif16-1.3.0-150400.3.6.1
* libavif-debugsource-1.3.0-150400.3.6.1
* libavif16-debuginfo-1.3.0-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libavif16-1.3.0-150400.3.6.1
* libavif-debugsource-1.3.0-150400.3.6.1
* libavif16-debuginfo-1.3.0-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libavif16-1.3.0-150400.3.6.1
* libavif-debugsource-1.3.0-150400.3.6.1
* libavif16-debuginfo-1.3.0-150400.3.6.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libavif16-1.3.0-150400.3.6.1
* libavif-debugsource-1.3.0-150400.3.6.1
* libavif16-debuginfo-1.3.0-150400.3.6.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libavif16-1.3.0-150400.3.6.1
* libavif-debugsource-1.3.0-150400.3.6.1
* libavif16-debuginfo-1.3.0-150400.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libavif16-1.3.0-150400.3.6.1
* libavif-debugsource-1.3.0-150400.3.6.1
* libavif16-debuginfo-1.3.0-150400.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libavif16-1.3.0-150400.3.6.1
* libavif-debugsource-1.3.0-150400.3.6.1
* libavif16-debuginfo-1.3.0-150400.3.6.1
* SUSE Manager Proxy 4.3 LTS (x86_64)
* libavif16-1.3.0-150400.3.6.1
* libavif-debugsource-1.3.0-150400.3.6.1
* libavif16-debuginfo-1.3.0-150400.3.6.1
* SUSE Manager Retail Branch Server 4.3 LTS (x86_64)
* libavif16-1.3.0-150400.3.6.1
* libavif-debugsource-1.3.0-150400.3.6.1
* libavif16-debuginfo-1.3.0-150400.3.6.1
* SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64)
* libavif16-1.3.0-150400.3.6.1
* libavif-debugsource-1.3.0-150400.3.6.1
* libavif16-debuginfo-1.3.0-150400.3.6.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libavif-devel-1.3.0-150400.3.6.1
* libavif-debugsource-1.3.0-150400.3.6.1
* gdk-pixbuf-loader-libavif-debuginfo-1.3.0-150400.3.6.1
* libavif16-debuginfo-1.3.0-150400.3.6.1
* avif-tools-1.3.0-150400.3.6.1
* gdk-pixbuf-loader-libavif-1.3.0-150400.3.6.1
* avif-tools-debuginfo-1.3.0-150400.3.6.1
* libavif16-1.3.0-150400.3.6.1
* openSUSE Leap 15.4 (x86_64)
* libavif16-32bit-1.3.0-150400.3.6.1
* libavif16-32bit-debuginfo-1.3.0-150400.3.6.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libavif16-64bit-1.3.0-150400.3.6.1
* libavif16-64bit-debuginfo-1.3.0-150400.3.6.1

## References:

* https://www.suse.com/security/cve/CVE-2023-6350.html
* https://www.suse.com/security/cve/CVE-2023-6351.html
* https://www.suse.com/security/cve/CVE-2025-48174.html
* https://www.suse.com/security/cve/CVE-2025-48175.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217614
* https://bugzilla.suse.com/show_bug.cgi?id=1217615
* https://bugzilla.suse.com/show_bug.cgi?id=1243269
* https://bugzilla.suse.com/show_bug.cgi?id=1243270
* https://jira.suse.com/browse/PED-13277

openSUSE-SU-2025:0356-1: moderate: Security update for onefetch

openSUSE Security Update: Security update for onefetch
_______________________________

Announcement ID: openSUSE-SU-2025:0356-1
Rating: moderate
References: #1230085 #1230686
Cross-References: CVE-2024-45405
CVSS scores:
CVE-2024-45405 (SUSE): 5.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for onefetch fixes the following issues:

Update to 0.25.0:

New Features:

* add language support for Text #1579
* support repos "without source code" #1580

Chores:

* improve error handling #1560

Bug Fixes:

* remove extra line break in 886d942

- This updates gix-path to 0.10.11 (boo#1230085)

Update to 0.24.0:

* add language support for Lean #1509
* add language support for Typst #1508
* add language support for Razor #1521
* more idiomatic way to fetch HEAD refs #1515
* more idiomatic way to fetch repository remote URL #1516
* update holyc language logo #1543
* update wiki powershell-snippet #1542

Update to 0.23.1:

* Fix version in man page

Update to 0.23.0:

New Features:

* add language support for OpenSCAD #1502
* add language support for Modelica #1262
* add language support for ATS #523
* add language support for CUDA #940
* add missing nerd fonts icons for some languages #1491

Chores:

* add Italian translation of README #1435
* add Polish translation of README #1444
* add Czech translation of READEME #1439
* update russian README #1478
* add script to preview/validate Nerd Fonts #1492
* add Powershell snippet to run onefetch automatically #1453

Update to 2.22.0:

New Features:

* Add support for nerd font glyphs in languages info #1395
* [onefetch.dev] Add nerdfont iconts to the preview #1411
* Automate publishing crates to crates.io #1364

Bug Fixes:

* Show future commit dates without panicking #1389

Chores:

* Re-generate the man page with --no-info #1376
* Drop unused shebangs from repo test fixture scripts #1375
- boo#1230686 (CVE-2024-45405): Bump git-path to 0.10.11

Update to 2.21.0:

* Add CLI option to force URL format to HTTP instead of SSH #1314
* Add CLI flag to hide token from repository URL #1319
* Make Lua logo more readable on dark terminal #1337
* Fix deadlock in Churn computation #1316
* Exclude bot commits from churn when --no-bots option is used #1335
* [onefetch.dev] switch to dark theme #1297
* RUSTSEC-2024-0320: remove yaml-rust dependency #1309
* Refactor --no-bots CLI option #1340

Update to 2.20.0:

* This version marks the completion of the transition from git2 to
gitoxide
* Add svg language support #1266
* lang: Adding Oz programming language #1280

Update to 2.19.0:

New Features:

* exclude files from churn #1120
* add odin support #1064
* New language: Arduino #1176
* Right align authorship percentages #1207
* Add Agda to languages.yaml #1216

Bug Fixes:

* add a test for negative dates and see how onefetch handles it #1100

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-356=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

onefetch-2.25.0-bp156.2.3.1

References:

https://www.suse.com/security/cve/CVE-2024-45405.html
https://bugzilla.suse.com/1230085
https://bugzilla.suse.com/1230686