SUSE-SU-2025:03207-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP5)
SUSE-SU-2025:03212-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP6)
SUSE-SU-2025:03210-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)
SUSE-SU-2025:03208-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP5)
SUSE-SU-2025:03214-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6)
SUSE-SU-2025:03209-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)
SUSE-SU-2025:03213-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)
openSUSE-SU-2025:0353-1: important: Security update for java-17-openj9
openSUSE-SU-2025:0351-1: important: Security update for java-11-openj9
openSUSE-SU-2025:0354-1: important: Security update for java-17-openj9
SUSE-SU-2025:03224-1: important: Security update for java-1_8_0-openjdk
SUSE-SU-2025:03217-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)
SUSE-SU-2025:03222-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP7)
SUSE-SU-2025:03223-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)
SUSE-SU-2025:03225-1: important: Security update for cups-filters
openSUSE-SU-2025:15552-1: moderate: cargo-packaging-1.3.0+0-2.1 on GA media
openSUSE-SU-2025:15551-1: moderate: cargo-c-0.10.3~git0.ee7d7ef-4.1 on GA media
openSUSE-SU-2025:15553-1: moderate: kernel-devel-6.16.7-1.1 on GA media
openSUSE-SU-2025:15550-1: moderate: cargo-audit-0.21.2~git0.18e58c2-2.1 on GA media
SUSE-SU-2025:03207-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:03207-1
Release Date: 2025-09-12T22:33:40Z
Rating: important
References:
* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1245805
* bsc#1246030
Cross-References:
* CVE-2025-21701
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212
CVSS scores:
* CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves six vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_103 fixes several issues.
The following security issues were fixed:
* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2025-21701: net: avoid race between device unregistration and ethnl ops
(bsc#1245805).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3207=1 SUSE-2025-3206=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3207=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-3206=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_100-default-5-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_25-debugsource-5-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-5-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_100-default-5-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_25-debugsource-5-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-5-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-21701.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1245805
* https://bugzilla.suse.com/show_bug.cgi?id=1246030
SUSE-SU-2025:03212-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:03212-1
Release Date: 2025-09-13T12:10:45Z
Rating: important
References:
* bsc#1242579
* bsc#1244235
* bsc#1245505
* bsc#1245775
* bsc#1245791
* bsc#1246030
* bsc#1248108
Cross-References:
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38087
* CVE-2025-38212
CVSS scores:
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38087 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves six vulnerabilities and has one security fix can now be
installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_47 fixes several issues.
The following security issues were fixed:
* CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier
(bsc#1245504).
* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3212=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3212=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_47-default-5-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_10-debugsource-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-5-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_47-default-5-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_10-debugsource-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-5-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38087.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245505
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1246030
* https://bugzilla.suse.com/show_bug.cgi?id=1248108
SUSE-SU-2025:03210-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:03210-1
Release Date: 2025-09-13T11:09:04Z
Rating: important
References:
* bsc#1236207
* bsc#1242579
* bsc#1244235
* bsc#1245505
* bsc#1245775
* bsc#1245791
* bsc#1245805
* bsc#1246030
* bsc#1248108
Cross-References:
* CVE-2025-21659
* CVE-2025-21701
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38087
* CVE-2025-38212
CVSS scores:
* CVE-2025-21659 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-21659 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38087 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves eight vulnerabilities and has one security fix can now be
installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_38 fixes several issues.
The following security issues were fixed:
* CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier
(bsc#1245504).
* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-21659: netdev: prevent accessing NAPI instances from another
namespace (bsc#1236207).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2025-21701: net: avoid race between device unregistration and ethnl ops
(bsc#1245805).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3210=1 SUSE-2025-3211=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3210=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-3211=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_33-default-11-150600.2.1
* kernel-livepatch-6_4_0-150600_23_38-default-debuginfo-6-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_7-debugsource-11-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-11-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_8-debugsource-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_38-default-6-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_33-default-11-150600.2.1
* kernel-livepatch-6_4_0-150600_23_38-default-debuginfo-6-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_7-debugsource-11-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-11-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_8-debugsource-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_38-default-6-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-21659.html
* https://www.suse.com/security/cve/CVE-2025-21701.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38087.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236207
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245505
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1245805
* https://bugzilla.suse.com/show_bug.cgi?id=1246030
* https://bugzilla.suse.com/show_bug.cgi?id=1248108
SUSE-SU-2025:03208-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:03208-1
Release Date: 2025-09-13T00:04:01Z
Rating: important
References:
* bsc#1237930
* bsc#1242579
* bsc#1244235
* bsc#1245775
* bsc#1245791
* bsc#1245805
* bsc#1246030
Cross-References:
* CVE-2022-49053
* CVE-2025-21701
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38212
CVSS scores:
* CVE-2022-49053 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49053 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves seven vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_94 fixes several issues.
The following security issues were fixed:
* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2025-21701: net: avoid race between device unregistration and ethnl ops
(bsc#1245805).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3208=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3208=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_94-default-6-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_23-debugsource-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-6-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_94-default-6-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_23-debugsource-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-6-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2022-49053.html
* https://www.suse.com/security/cve/CVE-2025-21701.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237930
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1245805
* https://bugzilla.suse.com/show_bug.cgi?id=1246030
SUSE-SU-2025:03214-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:03214-1
Release Date: 2025-09-13T21:09:03Z
Rating: important
References:
* bsc#1246030
* bsc#1248108
Cross-References:
* CVE-2025-38212
CVSS scores:
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability and has one security fix can now be
installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_60 fixes several issues.
The following security issue was fixed:
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3214=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3214=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_13-debugsource-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-3-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_13-debugsource-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-3-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246030
* https://bugzilla.suse.com/show_bug.cgi?id=1248108
SUSE-SU-2025:03209-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:03209-1
Release Date: 2025-09-13T08:40:00Z
Rating: important
References:
* bsc#1231676
* bsc#1231943
* bsc#1232271
* bsc#1236207
* bsc#1242579
* bsc#1244235
* bsc#1245505
* bsc#1245775
* bsc#1245791
* bsc#1245805
* bsc#1246030
* bsc#1248108
Cross-References:
* CVE-2024-47674
* CVE-2024-47706
* CVE-2024-49867
* CVE-2025-21659
* CVE-2025-21701
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38087
* CVE-2025-38212
CVSS scores:
* CVE-2024-47674 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47706 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-49867 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21659 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-21659 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38087 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves 11 vulnerabilities and has one security fix can now be
installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_22 fixes several issues.
The following security issues were fixed:
* CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier
(bsc#1245504).
* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner
kthread during umount (bsc#1232271).
* CVE-2025-21659: netdev: prevent accessing NAPI instances from another
namespace (bsc#1236207).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case
(bsc#1231676).
* CVE-2025-21701: net: avoid race between device unregistration and ethnl ops
(bsc#1245805).
* CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain
(bsc#1231943).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3209=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3209=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_4-debugsource-16-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-16-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-16-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_4-debugsource-16-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-16-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-16-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-47674.html
* https://www.suse.com/security/cve/CVE-2024-47706.html
* https://www.suse.com/security/cve/CVE-2024-49867.html
* https://www.suse.com/security/cve/CVE-2025-21659.html
* https://www.suse.com/security/cve/CVE-2025-21701.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38087.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231676
* https://bugzilla.suse.com/show_bug.cgi?id=1231943
* https://bugzilla.suse.com/show_bug.cgi?id=1232271
* https://bugzilla.suse.com/show_bug.cgi?id=1236207
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245505
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1245805
* https://bugzilla.suse.com/show_bug.cgi?id=1246030
* https://bugzilla.suse.com/show_bug.cgi?id=1248108
SUSE-SU-2025:03213-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:03213-1
Release Date: 2025-09-13T17:38:25Z
Rating: important
References:
* bsc#1244235
* bsc#1245505
* bsc#1245775
* bsc#1246030
* bsc#1248108
Cross-References:
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38087
* CVE-2025-38212
CVSS scores:
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38087 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves four vulnerabilities and has one security fix can now be
installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_53 fixes several issues.
The following security issues were fixed:
* CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier
(bsc#1245504).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3213=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3213=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-4-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-4-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38087.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245505
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1246030
* https://bugzilla.suse.com/show_bug.cgi?id=1248108
openSUSE-SU-2025:0353-1: important: Security update for java-17-openj9
openSUSE Security Update: Security update for java-17-openj9
_______________________________
Announcement ID: openSUSE-SU-2025:0353-1
Rating: important
References: #1235844 #1241274 #1241275 #1241276 #1246575
#1246584 #1246595 #1246598 #1246806
Cross-References: CVE-2025-21587 CVE-2025-30691 CVE-2025-30698
CVE-2025-30749 CVE-2025-30754 CVE-2025-50059
CVE-2025-50106
CVSS scores:
CVE-2025-21587 (SUSE): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2025-30691 (SUSE): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
CVE-2025-30698 (SUSE): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
CVE-2025-30749 (SUSE): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
CVE-2025-30754 (SUSE): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
CVE-2025-50059 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CVE-2025-50106 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________
An update that solves 7 vulnerabilities and has two fixes
is now available.
Description:
This update for java-17-openj9 fixes the following issues:
Update to OpenJDK 17.0.16 with OpenJ9 0.53.0 virtual machine Including
Oracle July 2025 CPU changes
* CVE-2025-30749 (boo#1246595), CVE-2025-30754 (boo#1246598),
CVE-2025-50059 (boo#1246575), CVE-2025-50106 (boo#1246584)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.53/
Update to OpenJDK 17.0.15 with OpenJ9 0.51.0 virtual machine Including
Oracle April 2025 CPU changes
* CVE-2025-21587 (boo#1241274), CVE-2025-30691 (boo#1241275),
CVE-2025-30698 (boo#1241276)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.51/
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2025-353=1
Package List:
- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64):
java-17-openj9-17.0.16.0-bp156.3.6.1
java-17-openj9-demo-17.0.16.0-bp156.3.6.1
java-17-openj9-devel-17.0.16.0-bp156.3.6.1
java-17-openj9-headless-17.0.16.0-bp156.3.6.1
java-17-openj9-jmods-17.0.16.0-bp156.3.6.1
java-17-openj9-src-17.0.16.0-bp156.3.6.1
- openSUSE Backports SLE-15-SP6 (noarch):
java-17-openj9-javadoc-17.0.16.0-bp156.3.6.1
References:
https://www.suse.com/security/cve/CVE-2025-21587.html
https://www.suse.com/security/cve/CVE-2025-30691.html
https://www.suse.com/security/cve/CVE-2025-30698.html
https://www.suse.com/security/cve/CVE-2025-30749.html
https://www.suse.com/security/cve/CVE-2025-30754.html
https://www.suse.com/security/cve/CVE-2025-50059.html
https://www.suse.com/security/cve/CVE-2025-50106.html
https://bugzilla.suse.com/1235844
https://bugzilla.suse.com/1241274
https://bugzilla.suse.com/1241275
https://bugzilla.suse.com/1241276
https://bugzilla.suse.com/1246575
https://bugzilla.suse.com/1246584
https://bugzilla.suse.com/1246595
https://bugzilla.suse.com/1246598
https://bugzilla.suse.com/1246806
openSUSE-SU-2025:0351-1: important: Security update for java-11-openj9
openSUSE Security Update: Security update for java-11-openj9
_______________________________
Announcement ID: openSUSE-SU-2025:0351-1
Rating: important
References: #1235844 #1241274 #1241275 #1241276 #1246575
#1246580 #1246584 #1246595 #1246598 #1246806
Cross-References: CVE-2025-21587 CVE-2025-30691 CVE-2025-30698
CVE-2025-30749 CVE-2025-30754 CVE-2025-30761
CVE-2025-50059 CVE-2025-50106
CVSS scores:
CVE-2025-21587 (SUSE): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2025-30691 (SUSE): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
CVE-2025-30698 (SUSE): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
CVE-2025-30749 (SUSE): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
CVE-2025-30754 (SUSE): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
CVE-2025-30761 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2025-50059 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CVE-2025-50106 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________
An update that solves 8 vulnerabilities and has two fixes
is now available.
Description:
This update for java-11-openj9 fixes the following issues:
Update to OpenJDK 11.0.28 with OpenJ9 0.53.0 virtual machine
Including Oracle July 2025 CPU changes
* CVE-2025-30749 (boo#1246595), CVE-2025-30754 (boo#1246598),
CVE-2025-30761 (boo#1246580), CVE-2025-50059 (boo#1246575),
CVE-2025-50106 (boo#1246584)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.53/
Update to OpenJDK 11.0.27 with OpenJ9 0.51.0 virtual machine
Including Oracle April 2025 CPU changes
* CVE-2025-21587 (boo#1241274), CVE-2025-30691 (boo#1241275),
CVE-2025-30698 (boo#1241276)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.51/
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2025-351=1
Package List:
- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64):
java-11-openj9-11.0.28.0-bp156.4.6.1
java-11-openj9-demo-11.0.28.0-bp156.4.6.1
java-11-openj9-devel-11.0.28.0-bp156.4.6.1
java-11-openj9-headless-11.0.28.0-bp156.4.6.1
java-11-openj9-jmods-11.0.28.0-bp156.4.6.1
java-11-openj9-src-11.0.28.0-bp156.4.6.1
- openSUSE Backports SLE-15-SP6 (noarch):
java-11-openj9-javadoc-11.0.28.0-bp156.4.6.1
References:
https://www.suse.com/security/cve/CVE-2025-21587.html
https://www.suse.com/security/cve/CVE-2025-30691.html
https://www.suse.com/security/cve/CVE-2025-30698.html
https://www.suse.com/security/cve/CVE-2025-30749.html
https://www.suse.com/security/cve/CVE-2025-30754.html
https://www.suse.com/security/cve/CVE-2025-30761.html
https://www.suse.com/security/cve/CVE-2025-50059.html
https://www.suse.com/security/cve/CVE-2025-50106.html
https://bugzilla.suse.com/1235844
https://bugzilla.suse.com/1241274
https://bugzilla.suse.com/1241275
https://bugzilla.suse.com/1241276
https://bugzilla.suse.com/1246575
https://bugzilla.suse.com/1246580
https://bugzilla.suse.com/1246584
https://bugzilla.suse.com/1246595
https://bugzilla.suse.com/1246598
https://bugzilla.suse.com/1246806
openSUSE-SU-2025:0354-1: important: Security update for java-17-openj9
openSUSE Security Update: Security update for java-17-openj9
_______________________________
Announcement ID: openSUSE-SU-2025:0354-1
Rating: important
References: #1235844 #1241274 #1241275 #1241276 #1246575
#1246584 #1246595 #1246598 #1246806
Cross-References: CVE-2025-21587 CVE-2025-30691 CVE-2025-30698
CVE-2025-30749 CVE-2025-30754 CVE-2025-50059
CVE-2025-50106
CVSS scores:
CVE-2025-21587 (SUSE): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2025-30691 (SUSE): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
CVE-2025-30698 (SUSE): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
CVE-2025-30749 (SUSE): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
CVE-2025-30754 (SUSE): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
CVE-2025-50059 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CVE-2025-50106 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that solves 7 vulnerabilities and has two fixes
is now available.
Description:
This update for java-17-openj9 fixes the following issues:
Update to OpenJDK 17.0.16 with OpenJ9 0.53.0 virtual machine Including
Oracle July 2025 CPU changes
* CVE-2025-30749 (boo#1246595), CVE-2025-30754 (boo#1246598),
CVE-2025-50059 (boo#1246575), CVE-2025-50106 (boo#1246584)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.53/
Update to OpenJDK 17.0.15 with OpenJ9 0.51.0 virtual machine
Including Oracle April 2025 CPU changes
* CVE-2025-21587 (boo#1241274), CVE-2025-30691 (boo#1241275),
CVE-2025-30698 (boo#1241276)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.51/
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2025-354=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):
java-17-openj9-17.0.16.0-bp157.2.3.1
java-17-openj9-demo-17.0.16.0-bp157.2.3.1
java-17-openj9-devel-17.0.16.0-bp157.2.3.1
java-17-openj9-headless-17.0.16.0-bp157.2.3.1
java-17-openj9-jmods-17.0.16.0-bp157.2.3.1
java-17-openj9-src-17.0.16.0-bp157.2.3.1
- openSUSE Backports SLE-15-SP7 (noarch):
java-17-openj9-javadoc-17.0.16.0-bp157.2.3.1
References:
https://www.suse.com/security/cve/CVE-2025-21587.html
https://www.suse.com/security/cve/CVE-2025-30691.html
https://www.suse.com/security/cve/CVE-2025-30698.html
https://www.suse.com/security/cve/CVE-2025-30749.html
https://www.suse.com/security/cve/CVE-2025-30754.html
https://www.suse.com/security/cve/CVE-2025-50059.html
https://www.suse.com/security/cve/CVE-2025-50106.html
https://bugzilla.suse.com/1235844
https://bugzilla.suse.com/1241274
https://bugzilla.suse.com/1241275
https://bugzilla.suse.com/1241276
https://bugzilla.suse.com/1246575
https://bugzilla.suse.com/1246584
https://bugzilla.suse.com/1246595
https://bugzilla.suse.com/1246598
https://bugzilla.suse.com/1246806
SUSE-SU-2025:03224-1: important: Security update for java-1_8_0-openjdk
# Security update for java-1_8_0-openjdk
Announcement ID: SUSE-SU-2025:03224-1
Release Date: 2025-09-15T11:38:07Z
Rating: important
References:
* bsc#1246580
* bsc#1246584
* bsc#1246595
* bsc#1246598
* bsc#1246806
Cross-References:
* CVE-2025-30749
* CVE-2025-30754
* CVE-2025-30761
* CVE-2025-50106
CVSS scores:
* CVE-2025-30749 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-30749 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-30749 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-30754 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-30754 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-30754 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-30761 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-30761 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-50106 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-50106 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Legacy Module 15-SP6
* Legacy Module 15-SP7
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves four vulnerabilities and has one security fix can now be
installed.
## Description:
This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u462 (icedtea-3.36.0).
Security issues fixed:
* CVE-2025-30749: heap corruption allows unauthenticated attacker with network
access to compromise and takeover Java applications that load and run
untrusted code (bsc#1246595).
* CVE-2025-30754: incomplete handshake allows unauthenticated attacker with
network access via TLS to gain unauthorized update, insert, delete and read
access to sensitive data (bsc#1246598).
* CVE-2025-30761: issue in Scripting component allows unauthenticated attacker
with network access to gain unauthorized creation, deletion or modification
access to critical data (bsc#1246580).
* CVE-2025-50106: Glyph out-of-memory access allows unauthenticated attacker
with network access to compromise and takeover Java applications that load
and run untrusted code (bsc#1246584).
Other issues fixed:
* Import of OpenJDK 8 u462 build 08
* JDK-8026976: ECParameters, Point does not match field size.
* JDK-8071996: split_if accesses NULL region of ConstraintCast.
* JDK-8186143: keytool -ext option doesn't accept wildcards for DNS subject
alternative names.
* JDK-8186787: clang-4.0 SIGSEGV in Unsafe_PutByte.
* JDK-8248001: javadoc generates invalid HTML pages whose ftp:// links are
broken.
* JDK-8278472: Invalid value set to CANDIDATEFORM structure.
* JDK-8293107: GHA: Bump to Ubuntu 22.04.
* JDK-8303770: Remove Baltimore root certificate expiring in May 2025.
* JDK-8309841: Jarsigner should print a warning if an entry is removed.
* JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close
resources and use ZipFile during extract.
* JDK-8345625: Better HTTP connections.
* JDK-8346887: DrawFocusRect() may cause an assertion failure.
* JDK-8349111: Enhance Swing supports.
* JDK-8350498: Remove two Camerfirma root CA certificates.
* JDK-8352716: (tz) Update Timezone Data to 2025b.
* JDK-8353433: XCG currency code not recognized in JDK 8u.
* JDK-8356096: ISO 4217 Amendment 179 Update.
* JDK-8359170: Add 2 TLS and 2 CS Sectigo roots.
* Backports
* JDK-8358538: Update GHA Windows runner to 2025.
* JDK-8354941: Build failure with glibc 2.42 due to uabs() name collision.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3224=1
* Legacy Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-3224=1
* Legacy Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2025-3224=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3224=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3224=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3224=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3224=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3224=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3224=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3224=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3224=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3224=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-3224=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-accessibility-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-src-1.8.0.462-150000.3.109.1
* openSUSE Leap 15.6 (noarch)
* java-1_8_0-openjdk-javadoc-1.8.0.462-150000.3.109.1
* Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1
* Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-demo-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debugsource-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-1.8.0.462-150000.3.109.1
* java-1_8_0-openjdk-debuginfo-1.8.0.462-150000.3.109.1
## References:
* https://www.suse.com/security/cve/CVE-2025-30749.html
* https://www.suse.com/security/cve/CVE-2025-30754.html
* https://www.suse.com/security/cve/CVE-2025-30761.html
* https://www.suse.com/security/cve/CVE-2025-50106.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246580
* https://bugzilla.suse.com/show_bug.cgi?id=1246584
* https://bugzilla.suse.com/show_bug.cgi?id=1246595
* https://bugzilla.suse.com/show_bug.cgi?id=1246598
* https://bugzilla.suse.com/show_bug.cgi?id=1246806
SUSE-SU-2025:03217-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:03217-1
Release Date: 2025-09-15T08:34:21Z
Rating: important
References:
* bsc#1236207
* bsc#1242579
* bsc#1244235
* bsc#1245505
* bsc#1245775
* bsc#1245791
* bsc#1245805
* bsc#1246030
* bsc#1248108
Cross-References:
* CVE-2025-21659
* CVE-2025-21701
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38087
* CVE-2025-38212
CVSS scores:
* CVE-2025-21659 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-21659 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38087 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves eight vulnerabilities and has one security fix can now be
installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_30 fixes several issues.
The following security issues were fixed:
* CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier
(bsc#1245504).
* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-21659: netdev: prevent accessing NAPI instances from another
namespace (bsc#1236207).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2025-21701: net: avoid race between device unregistration and ethnl ops
(bsc#1245805).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3217=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3217=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_30-default-11-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-11-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_6-debugsource-11-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_30-default-11-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-11-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_6-debugsource-11-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-21659.html
* https://www.suse.com/security/cve/CVE-2025-21701.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38087.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236207
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245505
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1245805
* https://bugzilla.suse.com/show_bug.cgi?id=1246030
* https://bugzilla.suse.com/show_bug.cgi?id=1248108
SUSE-SU-2025:03222-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP7)
# Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP7)
Announcement ID: SUSE-SU-2025:03222-1
Release Date: 2025-09-15T10:34:35Z
Rating: important
References:
* bsc#1244235
* bsc#1245505
* bsc#1245775
* bsc#1246030
* bsc#1248108
Cross-References:
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38087
* CVE-2025-38212
CVSS scores:
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38087 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves four vulnerabilities and has one security fix can now be
installed.
## Description:
This update for the Linux Kernel 6.4.0-150700_53_3 fixes several issues.
The following security issues were fixed:
* CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier
(bsc#1245504).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3222=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3222=1
* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2025-3220=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_50-default-4-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_50-default-4-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150700_53_3-default-debuginfo-3-150700.2.1
* kernel-livepatch-6_4_0-150700_53_3-default-3-150700.2.1
* kernel-livepatch-SLE15-SP7_Update_1-debugsource-3-150700.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38087.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245505
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1246030
* https://bugzilla.suse.com/show_bug.cgi?id=1248108
SUSE-SU-2025:03223-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:03223-1
Release Date: 2025-09-15T11:36:38Z
Rating: important
References:
* bsc#1231676
* bsc#1231943
* bsc#1232271
* bsc#1236207
* bsc#1242579
* bsc#1244235
* bsc#1245505
* bsc#1245775
* bsc#1245791
* bsc#1245805
* bsc#1246030
* bsc#1248108
Cross-References:
* CVE-2024-47674
* CVE-2024-47706
* CVE-2024-49867
* CVE-2025-21659
* CVE-2025-21701
* CVE-2025-21999
* CVE-2025-37890
* CVE-2025-38000
* CVE-2025-38001
* CVE-2025-38087
* CVE-2025-38212
CVSS scores:
* CVE-2024-47674 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47706 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-49867 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21659 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-21659 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38001 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38087 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves 11 vulnerabilities and has one security fix can now be
installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_17 fixes several issues.
The following security issues were fixed:
* CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier
(bsc#1245504).
* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
* CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (bsc#1244235).
* CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner
kthread during umount (bsc#1232271).
* CVE-2025-21659: netdev: prevent accessing NAPI instances from another
namespace (bsc#1236207).
* CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (bsc#1245775).
* CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (bsc#1245791).
* CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case
(bsc#1231676).
* CVE-2025-21701: net: avoid race between device unregistration and ethnl ops
(bsc#1245805).
* CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain
(bsc#1231943).
* CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3223=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3223=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_3-debugsource-20-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-20-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-20-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_3-debugsource-20-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-20-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-20-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-47674.html
* https://www.suse.com/security/cve/CVE-2024-47706.html
* https://www.suse.com/security/cve/CVE-2024-49867.html
* https://www.suse.com/security/cve/CVE-2025-21659.html
* https://www.suse.com/security/cve/CVE-2025-21701.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-37890.html
* https://www.suse.com/security/cve/CVE-2025-38000.html
* https://www.suse.com/security/cve/CVE-2025-38001.html
* https://www.suse.com/security/cve/CVE-2025-38087.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231676
* https://bugzilla.suse.com/show_bug.cgi?id=1231943
* https://bugzilla.suse.com/show_bug.cgi?id=1232271
* https://bugzilla.suse.com/show_bug.cgi?id=1236207
* https://bugzilla.suse.com/show_bug.cgi?id=1242579
* https://bugzilla.suse.com/show_bug.cgi?id=1244235
* https://bugzilla.suse.com/show_bug.cgi?id=1245505
* https://bugzilla.suse.com/show_bug.cgi?id=1245775
* https://bugzilla.suse.com/show_bug.cgi?id=1245791
* https://bugzilla.suse.com/show_bug.cgi?id=1245805
* https://bugzilla.suse.com/show_bug.cgi?id=1246030
* https://bugzilla.suse.com/show_bug.cgi?id=1248108
SUSE-SU-2025:03225-1: important: Security update for cups-filters
# Security update for cups-filters
Announcement ID: SUSE-SU-2025:03225-1
Release Date: 2025-09-15T11:39:34Z
Rating: important
References:
* bsc#1230932
* bsc#1246533
Cross-References:
* CVE-2024-47175
CVSS scores:
* CVE-2024-47175 ( SUSE ): 9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H
* CVE-2024-47175 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47175 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Affected Products:
* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Proxy 4.3
* SUSE Manager Proxy 4.3 LTS
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Retail Branch Server 4.3 LTS
* SUSE Manager Server 4.3
* SUSE Manager Server 4.3 LTS
An update that solves one vulnerability and has one security fix can now be
installed.
## Description:
This update for cups-filters fixes the following issues:
* CVE-2024-47175: no validation of IPP attributes in `ppdCreatePPDFromIPP2`
when writing to a temporary PPD file allows for the injection of attacker-
controlled data to the resulting PPD (bsc#1230932).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3225=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3225=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3225=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3225=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3225=1
* SUSE Manager Proxy 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-3225=1
* SUSE Manager Retail Branch Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-LTS-2025-3225=1
* SUSE Manager Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3225=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-3225=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3225=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3225=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3225=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3225=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3225=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3225=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3225=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3225=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3225=1
## Package List:
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* cups-filters-debugsource-1.25.0-150200.3.22.1
* cups-filters-1.25.0-150200.3.22.1
* cups-filters-devel-1.25.0-150200.3.22.1
* cups-filters-debuginfo-1.25.0-150200.3.22.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* cups-filters-debugsource-1.25.0-150200.3.22.1
* cups-filters-1.25.0-150200.3.22.1
* cups-filters-devel-1.25.0-150200.3.22.1
* cups-filters-debuginfo-1.25.0-150200.3.22.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* cups-filters-debugsource-1.25.0-150200.3.22.1
* cups-filters-1.25.0-150200.3.22.1
* cups-filters-devel-1.25.0-150200.3.22.1
* cups-filters-debuginfo-1.25.0-150200.3.22.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* cups-filters-debugsource-1.25.0-150200.3.22.1
* cups-filters-1.25.0-150200.3.22.1
* cups-filters-devel-1.25.0-150200.3.22.1
* cups-filters-debuginfo-1.25.0-150200.3.22.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* cups-filters-debugsource-1.25.0-150200.3.22.1
* cups-filters-1.25.0-150200.3.22.1
* cups-filters-devel-1.25.0-150200.3.22.1
* cups-filters-debuginfo-1.25.0-150200.3.22.1
* SUSE Manager Proxy 4.3 LTS (x86_64)
* cups-filters-debugsource-1.25.0-150200.3.22.1
* cups-filters-1.25.0-150200.3.22.1
* cups-filters-devel-1.25.0-150200.3.22.1
* cups-filters-debuginfo-1.25.0-150200.3.22.1
* SUSE Manager Retail Branch Server 4.3 LTS (x86_64)
* cups-filters-debugsource-1.25.0-150200.3.22.1
* cups-filters-1.25.0-150200.3.22.1
* cups-filters-devel-1.25.0-150200.3.22.1
* cups-filters-debuginfo-1.25.0-150200.3.22.1
* SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64)
* cups-filters-debugsource-1.25.0-150200.3.22.1
* cups-filters-1.25.0-150200.3.22.1
* cups-filters-devel-1.25.0-150200.3.22.1
* cups-filters-debuginfo-1.25.0-150200.3.22.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* cups-filters-debugsource-1.25.0-150200.3.22.1
* cups-filters-1.25.0-150200.3.22.1
* cups-filters-devel-1.25.0-150200.3.22.1
* cups-filters-debuginfo-1.25.0-150200.3.22.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* cups-filters-debugsource-1.25.0-150200.3.22.1
* cups-filters-1.25.0-150200.3.22.1
* cups-filters-devel-1.25.0-150200.3.22.1
* cups-filters-debuginfo-1.25.0-150200.3.22.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* cups-filters-debugsource-1.25.0-150200.3.22.1
* cups-filters-1.25.0-150200.3.22.1
* cups-filters-devel-1.25.0-150200.3.22.1
* cups-filters-debuginfo-1.25.0-150200.3.22.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* cups-filters-debugsource-1.25.0-150200.3.22.1
* cups-filters-1.25.0-150200.3.22.1
* cups-filters-devel-1.25.0-150200.3.22.1
* cups-filters-debuginfo-1.25.0-150200.3.22.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* cups-filters-debugsource-1.25.0-150200.3.22.1
* cups-filters-1.25.0-150200.3.22.1
* cups-filters-devel-1.25.0-150200.3.22.1
* cups-filters-debuginfo-1.25.0-150200.3.22.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* cups-filters-debugsource-1.25.0-150200.3.22.1
* cups-filters-1.25.0-150200.3.22.1
* cups-filters-devel-1.25.0-150200.3.22.1
* cups-filters-debuginfo-1.25.0-150200.3.22.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* cups-filters-debugsource-1.25.0-150200.3.22.1
* cups-filters-1.25.0-150200.3.22.1
* cups-filters-devel-1.25.0-150200.3.22.1
* cups-filters-debuginfo-1.25.0-150200.3.22.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* cups-filters-debugsource-1.25.0-150200.3.22.1
* cups-filters-1.25.0-150200.3.22.1
* cups-filters-devel-1.25.0-150200.3.22.1
* cups-filters-debuginfo-1.25.0-150200.3.22.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* cups-filters-debugsource-1.25.0-150200.3.22.1
* cups-filters-1.25.0-150200.3.22.1
* cups-filters-devel-1.25.0-150200.3.22.1
* cups-filters-debuginfo-1.25.0-150200.3.22.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* cups-filters-debugsource-1.25.0-150200.3.22.1
* cups-filters-1.25.0-150200.3.22.1
* cups-filters-devel-1.25.0-150200.3.22.1
* cups-filters-debuginfo-1.25.0-150200.3.22.1
## References:
* https://www.suse.com/security/cve/CVE-2024-47175.html
* https://bugzilla.suse.com/show_bug.cgi?id=1230932
* https://bugzilla.suse.com/show_bug.cgi?id=1246533
openSUSE-SU-2025:15552-1: moderate: cargo-packaging-1.3.0+0-2.1 on GA media
# cargo-packaging-1.3.0+0-2.1 on GA media
Announcement ID: openSUSE-SU-2025:15552-1
Rating: moderate
Cross-References:
* CVE-2025-58160
CVSS scores:
* CVE-2025-58160 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2025-58160 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the cargo-packaging-1.3.0+0-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* cargo-packaging 1.3.0+0-2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-58160.html
openSUSE-SU-2025:15551-1: moderate: cargo-c-0.10.3~git0.ee7d7ef-4.1 on GA media
# cargo-c-0.10.3~git0.ee7d7ef-4.1 on GA media
Announcement ID: openSUSE-SU-2025:15551-1
Rating: moderate
Cross-References:
* CVE-2024-12224
* CVE-2025-4574
* CVE-2025-58160
CVSS scores:
* CVE-2024-12224 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2024-12224 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-4574 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-4574 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58160 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2025-58160 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 3 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the cargo-c-0.10.3~git0.ee7d7ef-4.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* cargo-c 0.10.3~git0.ee7d7ef-4.1
## References:
* https://www.suse.com/security/cve/CVE-2024-12224.html
* https://www.suse.com/security/cve/CVE-2025-4574.html
* https://www.suse.com/security/cve/CVE-2025-58160.html
openSUSE-SU-2025:15553-1: moderate: kernel-devel-6.16.7-1.1 on GA media
# kernel-devel-6.16.7-1.1 on GA media
Announcement ID: openSUSE-SU-2025:15553-1
Rating: moderate
Cross-References:
* CVE-2025-40300
CVSS scores:
* CVE-2025-40300 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-40300 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the kernel-devel-6.16.7-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* kernel-devel 6.16.7-1.1
* kernel-macros 6.16.7-1.1
* kernel-source 6.16.7-1.1
* kernel-source-vanilla 6.16.7-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-40300.html
openSUSE-SU-2025:15550-1: moderate: cargo-audit-0.21.2~git0.18e58c2-2.1 on GA media
# cargo-audit-0.21.2~git0.18e58c2-2.1 on GA media
Announcement ID: openSUSE-SU-2025:15550-1
Rating: moderate
Cross-References:
* CVE-2024-12224
* CVE-2025-4574
* CVE-2025-58160
CVSS scores:
* CVE-2024-12224 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2024-12224 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-4574 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-4574 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58160 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2025-58160 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 3 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the cargo-audit-0.21.2~git0.18e58c2-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* cargo-audit 0.21.2~git0.18e58c2-2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-12224.html
* https://www.suse.com/security/cve/CVE-2025-4574.html
* https://www.suse.com/security/cve/CVE-2025-58160.html
