SUSE Linux has been updated with several security updates, among them moderate updates for libjxl, stb, libQt5Bluetooth5-32bit, python311-ipython, owasp-modsecurity-crs, dovecot24, apptainer, and python-pydantic:

openSUSE-SU-2025:0041-1: moderate: Security update for libjxl
openSUSE-SU-2025:0039-1: important: Security update for stb
openSUSE-SU-2025:14716-1: moderate: libQt5Bluetooth5-32bit-5.15.16+kde2-1.1 on GA media
openSUSE-SU-2025:14718-1: moderate: python311-ipython-8.31.0-1.1 on GA media
openSUSE-SU-2025:14717-1: moderate: owasp-modsecurity-crs-4.10.0-1.1 on GA media
openSUSE-SU-2025:14715-1: moderate: dovecot24-2.4.0-1.1 on GA media
openSUSE-SU-2025:14714-1: moderate: apptainer-1.3.6-4.1 on GA media
SUSE-SU-2025:0313-1: moderate: Security update for apptainer
SUSE-SU-2025:0310-1: moderate: Security update for python-pydantic

openSUSE-SU-2025:0041-1: moderate: Security update for libjxl

openSUSE Security Update: Security update for libjxl
_______________________________

Announcement ID: openSUSE-SU-2025:0041-1
Rating: moderate
References: #1233785
Cross-References: CVE-2024-11498
CVSS scores:
CVE-2024-11498 (SUSE): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Affected Products:
openSUSE Backports SLE-15-SP5
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for libjxl fixes the following issues:

- CVE-2024-11498: Fixed denial of service by checking height limit in
modular trees (boo#1233785).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2025-41=1

Package List:

- openSUSE Backports SLE-15-SP5 (aarch64 s390x x86_64):

libjxl-devel-0.8.2-bp155.2.6.1
libjxl-tools-0.8.2-bp155.2.6.1
libjxl0_8-0.8.2-bp155.2.6.1

- openSUSE Backports SLE-15-SP5 (aarch64_ilp32):

libjxl0_8-64bit-0.8.2-bp155.2.6.1

References:

https://www.suse.com/security/cve/CVE-2024-11498.html
https://bugzilla.suse.com/1233785

openSUSE-SU-2025:0039-1: important: Security update for stb

openSUSE Security Update: Security update for stb
_______________________________

Announcement ID: openSUSE-SU-2025:0039-1
Rating: important
References: #1216478
Cross-References: CVE-2019-13217 CVE-2019-13218 CVE-2019-13219
CVE-2019-13220 CVE-2019-13221 CVE-2019-13222
CVE-2019-13223
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes 7 vulnerabilities is now available.

Description:

This update for stb fixes the following issues:

Addressing the follow security issues (boo#1216478):

* CVE-2019-13217: heap buffer overflow in start_decoder()
* CVE-2019-13218: stack buffer overflow in compute_codewords()
* CVE-2019-13219: uninitialized memory in vorbis_decode_packet_rest()
* CVE-2019-13220: out-of-range read in draw_line()
* CVE-2019-13221: issue with large 1D codebooks in lookup1_values()
* CVE-2019-13222: unchecked NULL returned by get_window()
* CVE-2019-13223: division by zero in predict_point()

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-39=1

Package List:

- openSUSE Backports SLE-15-SP6 (noarch):

stb-devel-20240910-bp156.2.3.1

References:

https://www.suse.com/security/cve/CVE-2019-13217.html
https://www.suse.com/security/cve/CVE-2019-13218.html
https://www.suse.com/security/cve/CVE-2019-13219.html
https://www.suse.com/security/cve/CVE-2019-13220.html
https://www.suse.com/security/cve/CVE-2019-13221.html
https://www.suse.com/security/cve/CVE-2019-13222.html
https://www.suse.com/security/cve/CVE-2019-13223.html
https://bugzilla.suse.com/1216478

openSUSE-SU-2025:14716-1: moderate: libQt5Bluetooth5-32bit-5.15.16+kde2-1.1 on GA media

# libQt5Bluetooth5-32bit-5.15.16+kde2-1.1 on GA media

Announcement ID: openSUSE-SU-2025:14716-1
Rating: moderate

Cross-References:

* CVE-2025-23050

CVSS scores:

* CVE-2025-23050 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-23050 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libQt5Bluetooth5-32bit-5.15.16+kde2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libQt5Bluetooth5 5.15.16+kde2-1.1
* libQt5Bluetooth5-32bit 5.15.16+kde2-1.1
* libQt5Bluetooth5-imports 5.15.16+kde2-1.1
* libQt5Nfc5 5.15.16+kde2-1.1
* libQt5Nfc5-32bit 5.15.16+kde2-1.1
* libQt5Nfc5-imports 5.15.16+kde2-1.1
* libqt5-qtconnectivity-devel 5.15.16+kde2-1.1
* libqt5-qtconnectivity-devel-32bit 5.15.16+kde2-1.1
* libqt5-qtconnectivity-examples 5.15.16+kde2-1.1
* libqt5-qtconnectivity-private-headers-devel 5.15.16+kde2-1.1
* libqt5-qtconnectivity-tools 5.15.16+kde2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-23050.html

openSUSE-SU-2025:14718-1: moderate: python311-ipython-8.31.0-1.1 on GA media

# python311-ipython-8.31.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:14718-1
Rating: moderate

Cross-References:

* CVE-2022-21699

CVSS scores:

* CVE-2022-21699 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-ipython-8.31.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-ipython 8.31.0-1.1
* python312-ipython 8.31.0-1.1
* python313-ipython 8.31.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2022-21699.html

openSUSE-SU-2025:14717-1: moderate: owasp-modsecurity-crs-4.10.0-1.1 on GA media

# owasp-modsecurity-crs-4.10.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:14717-1
Rating: moderate

Cross-References:

* CVE-2023-5003

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the owasp-modsecurity-crs-4.10.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* owasp-modsecurity-crs 4.10.0-1.1
* owasp-modsecurity-crs-apache2 4.10.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2023-5003.html

openSUSE-SU-2025:14715-1: moderate: dovecot24-2.4.0-1.1 on GA media

# dovecot24-2.4.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:14715-1
Rating: moderate

Cross-References:

* CVE-2017-14461
* CVE-2017-15130
* CVE-2017-15132
* CVE-2019-10691
* CVE-2019-11494
* CVE-2019-11499
* CVE-2019-11500
* CVE-2019-19722
* CVE-2019-3814
* CVE-2019-7524
* CVE-2020-10957
* CVE-2020-10958
* CVE-2020-10967
* CVE-2020-12100
* CVE-2020-12673
* CVE-2020-12674
* CVE-2020-24386
* CVE-2020-28200
* CVE-2020-7046
* CVE-2020-7957
* CVE-2021-29157
* CVE-2021-33515
* CVE-2024-23184
* CVE-2024-23185

CVSS scores:

* CVE-2017-14461 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2017-15130 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2017-15132 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2019-10691 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2019-11500 ( SUSE ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2019-3814 ( SUSE ): 8.2 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2019-7524 ( SUSE ): 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2020-10957 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2020-10958 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2020-10967 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2020-12100 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2020-12673 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2020-12674 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2020-24386 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2020-28200 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2021-29157 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2021-33515 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-23184 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
* CVE-2024-23184 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
* CVE-2024-23185 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-23185 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 24 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the dovecot24-2.4.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* dovecot24 2.4.0-1.1
* dovecot24-backend-mysql 2.4.0-1.1
* dovecot24-backend-pgsql 2.4.0-1.1
* dovecot24-backend-sqlite 2.4.0-1.1
* dovecot24-devel 2.4.0-1.1
* dovecot24-fts 2.4.0-1.1
* dovecot24-fts-flatcurve 2.4.0-1.1
* dovecot24-fts-solr 2.4.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2017-14461.html
* https://www.suse.com/security/cve/CVE-2017-15130.html
* https://www.suse.com/security/cve/CVE-2017-15132.html
* https://www.suse.com/security/cve/CVE-2019-10691.html
* https://www.suse.com/security/cve/CVE-2019-11494.html
* https://www.suse.com/security/cve/CVE-2019-11499.html
* https://www.suse.com/security/cve/CVE-2019-11500.html
* https://www.suse.com/security/cve/CVE-2019-19722.html
* https://www.suse.com/security/cve/CVE-2019-3814.html
* https://www.suse.com/security/cve/CVE-2019-7524.html
* https://www.suse.com/security/cve/CVE-2020-10957.html
* https://www.suse.com/security/cve/CVE-2020-10958.html
* https://www.suse.com/security/cve/CVE-2020-10967.html
* https://www.suse.com/security/cve/CVE-2020-12100.html
* https://www.suse.com/security/cve/CVE-2020-12673.html
* https://www.suse.com/security/cve/CVE-2020-12674.html
* https://www.suse.com/security/cve/CVE-2020-24386.html
* https://www.suse.com/security/cve/CVE-2020-28200.html
* https://www.suse.com/security/cve/CVE-2020-7046.html
* https://www.suse.com/security/cve/CVE-2020-7957.html
* https://www.suse.com/security/cve/CVE-2021-29157.html
* https://www.suse.com/security/cve/CVE-2021-33515.html
* https://www.suse.com/security/cve/CVE-2024-23184.html
* https://www.suse.com/security/cve/CVE-2024-23185.html

openSUSE-SU-2025:14714-1: moderate: apptainer-1.3.6-4.1 on GA media

# apptainer-1.3.6-4.1 on GA media

Announcement ID: openSUSE-SU-2025:14714-1
Rating: moderate

Cross-References:

* CVE-2023-45288

CVSS scores:

* CVE-2023-45288 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-45288 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the apptainer-1.3.6-4.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* apptainer 1.3.6-4.1
* apptainer-leap 1.3.6-4.1
* apptainer-sle15_5 1.3.6-4.1
* apptainer-sle15_6 1.3.6-4.1
* apptainer-sle15_7 1.3.6-4.1

## References:

* https://www.suse.com/security/cve/CVE-2023-45288.html

SUSE-SU-2025:0313-1: moderate: Security update for apptainer

# Security update for apptainer

Announcement ID: SUSE-SU-2025:0313-1
Release Date: 2025-01-31T15:03:56Z
Rating: moderate
References:

* bsc#1236528

Cross-References:

* CVE-2023-45288
* CVE-2024-3727

CVSS scores:

* CVE-2023-45288 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2023-45288 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-3727 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2024-3727 ( NVD ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products:

* HPC Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for apptainer fixes the following issues:

* CVE-2023-45288: Fixed unclosed connections when receiving too many headers
in golang.org/x/net/http2 (bsc#1236528)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-313=1 openSUSE-SLE-15.6-2025-313=1

* HPC Module 15-SP6
zypper in -t patch SUSE-SLE-Module-HPC-15-SP6-2025-313=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* apptainer-sle15_7-1.3.6-150600.4.6.1
* apptainer-sle15_5-1.3.6-150600.4.6.1
* apptainer-leap-1.3.6-150600.4.6.1
* apptainer-sle15_6-1.3.6-150600.4.6.1
* openSUSE Leap 15.6 (aarch64 x86_64)
* apptainer-1.3.6-150600.4.6.1
* apptainer-debuginfo-1.3.6-150600.4.6.1
* HPC Module 15-SP6 (aarch64 x86_64)
* apptainer-1.3.6-150600.4.6.1
* apptainer-debuginfo-1.3.6-150600.4.6.1
* HPC Module 15-SP6 (noarch)
* apptainer-sle15_6-1.3.6-150600.4.6.1

## References:

* https://www.suse.com/security/cve/CVE-2023-45288.html
* https://www.suse.com/security/cve/CVE-2024-3727.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236528

SUSE-SU-2025:0310-1: moderate: Security update for python-pydantic

# Security update for python-pydantic

Announcement ID: SUSE-SU-2025:0310-1
Release Date: 2025-01-31T12:42:14Z
Rating: moderate
References:

* bsc#1222806

Cross-References:

* CVE-2024-3772

CVSS scores:

* CVE-2024-3772 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6
* Public Cloud Module 15-SP4
* Python 3 Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for python-pydantic fixes the following issues:

* CVE-2024-3772: Fixed Regular expression DoS (bsc#1222806)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-310=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-310=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2025-310=1

* Python 3 Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-310=1

## Package List:

* openSUSE Leap 15.4 (noarch)
* python311-pydantic-1.10.8-150400.9.10.1
* openSUSE Leap 15.6 (noarch)
* python311-pydantic-1.10.8-150400.9.10.1
* Public Cloud Module 15-SP4 (noarch)
* python311-pydantic-1.10.8-150400.9.10.1
* Python 3 Module 15-SP6 (noarch)
* python311-pydantic-1.10.8-150400.9.10.1

## References:

* https://www.suse.com/security/cve/CVE-2024-3772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1222806