Linux Kernel, Kubernetes, Thunderbird, Openidc, Python, Java updates for SUSE

SUSE 5363 Published by

SUSE Linux has announced the release of multiple security updates, which include Linux Kernel Live Patches, moderate updates for Kubernetes, Mozilla Thunderbird, Apache2-Mod_Auth_Openidc, Python-Django, and Java:

SUSE-SU-2025:01932-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)
SUSE-SU-2025:01941-1: moderate: Security update for kubernetes1.24
SUSE-SU-2025:01940-1: moderate: Security update for kubernetes1.23
SUSE-SU-2025:01935-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)
SUSE-SU-2025:01945-1: moderate: Security update for kubernetes-old
SUSE-SU-2025:01944-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)
SUSE-SU-2025:01946-1: important: Security update for MozillaThunderbird
SUSE-SU-2025:01948-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)
SUSE-SU-2025:01953-1: important: Security update for apache2-mod_auth_openidc
SUSE-SU-2025:01952-1: moderate: Security update for python-Django
SUSE-SU-2025:01954-1: important: Security update for java-1_8_0-openj9
SUSE-SU-2025:01950-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP4)
SUSE-SU-2025:01949-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)
SUSE-SU-2025:01956-1: important: Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)
SUSE-SU-2025:01957-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)
SUSE-SU-2025:01958-1: important: Security update for the Linux Kernel (Live Patch 55 for SLE 15 SP3)



SUSE-SU-2025:01932-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:01932-1
Release Date: 2025-06-13T03:33:55Z
Rating: important
References:

* bsc#1232900
* bsc#1236701
* bsc#1239077
* bsc#1239096

Cross-References:

* CVE-2024-49855
* CVE-2024-57996
* CVE-2024-58013
* CVE-2025-21680

CVSS scores:

* CVE-2024-49855 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-49855 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-49855 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57996 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57996 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-58013 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2024-58013 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-58013 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21680 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21680 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21680 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_25 fixes several issues.

The following security issues were fixed:

* CVE-2024-49855: nbd: fix race between timeout and normal completion
(bsc#1232900).
* CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries
(bsc#1236701).
* CVE-2024-58013: Bluetooth: MGMT: Fix slab-use-after-free Read in
mgmt_remove_adv_monitor_sync (bsc#1239096).
* CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit
(bsc#1239077).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1934=1 SUSE-2025-1932=1 SUSE-2025-1933=1
SUSE-2025-1937=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-1937=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-1934=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2025-1932=1 SUSE-SLE-Module-Live-Patching-15-SP6-2025-1933=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_2-debugsource-15-150600.2.2
* kernel-livepatch-6_4_0-150600_23_7-default-debuginfo-15-150600.2.2
* kernel-livepatch-6_4_0-150600_21-default-debuginfo-17-150600.4.43.2
* kernel-livepatch-6_4_0-150600_23_7-default-15-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_5-debugsource-10-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_0-debugsource-17-150600.4.43.2
* kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-10-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_1-debugsource-15-150600.2.2
* kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-15-150600.2.2
* kernel-livepatch-6_4_0-150600_23_25-default-10-150600.2.2
* kernel-livepatch-6_4_0-150600_23_14-default-15-150600.2.2
* kernel-livepatch-6_4_0-150600_21-default-17-150600.4.43.2
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_2-debugsource-15-150600.2.2
* kernel-livepatch-6_4_0-150600_23_7-default-debuginfo-15-150600.2.2
* kernel-livepatch-6_4_0-150600_21-default-debuginfo-17-150600.4.43.2
* kernel-livepatch-6_4_0-150600_23_7-default-15-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_5-debugsource-10-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_0-debugsource-17-150600.4.43.2
* kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-10-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_1-debugsource-15-150600.2.2
* kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-15-150600.2.2
* kernel-livepatch-6_4_0-150600_23_25-default-10-150600.2.2
* kernel-livepatch-6_4_0-150600_23_14-default-15-150600.2.2
* kernel-livepatch-6_4_0-150600_21-default-17-150600.4.43.2

## References:

* https://www.suse.com/security/cve/CVE-2024-49855.html
* https://www.suse.com/security/cve/CVE-2024-57996.html
* https://www.suse.com/security/cve/CVE-2024-58013.html
* https://www.suse.com/security/cve/CVE-2025-21680.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232900
* https://bugzilla.suse.com/show_bug.cgi?id=1236701
* https://bugzilla.suse.com/show_bug.cgi?id=1239077
* https://bugzilla.suse.com/show_bug.cgi?id=1239096



SUSE-SU-2025:01941-1: moderate: Security update for kubernetes1.24


# Security update for kubernetes1.24

Announcement ID: SUSE-SU-2025:01941-1
Release Date: 2025-06-13T07:20:59Z
Rating: moderate
References:

* bsc#1241865

Cross-References:

* CVE-2025-22872

CVSS scores:

* CVE-2025-22872 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
* CVE-2025-22872 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
* CVE-2025-22872 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Affected Products:

* openSUSE Leap 15.5
* openSUSE Leap 15.6

An update that solves one vulnerability can now be installed.

## Description:

This update for kubernetes1.24 fixes the following issues:

* CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value
in foreign content (bsc#1241865).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-1941=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1941=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kubernetes1.24-kubeadm-1.24.17-150500.3.28.1
* kubernetes1.24-client-1.24.17-150500.3.28.1
* kubernetes1.24-controller-manager-1.24.17-150500.3.28.1
* kubernetes1.24-kubelet-1.24.17-150500.3.28.1
* kubernetes1.24-scheduler-1.24.17-150500.3.28.1
* kubernetes1.24-proxy-1.24.17-150500.3.28.1
* kubernetes1.24-apiserver-1.24.17-150500.3.28.1
* kubernetes1.24-client-common-1.24.17-150500.3.28.1
* kubernetes1.24-kubelet-common-1.24.17-150500.3.28.1
* openSUSE Leap 15.5 (noarch)
* kubernetes1.24-client-bash-completion-1.24.17-150500.3.28.1
* kubernetes1.24-client-fish-completion-1.24.17-150500.3.28.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* kubernetes1.24-kubeadm-1.24.17-150500.3.28.1
* kubernetes1.24-client-1.24.17-150500.3.28.1
* kubernetes1.24-controller-manager-1.24.17-150500.3.28.1
* kubernetes1.24-kubelet-1.24.17-150500.3.28.1
* kubernetes1.24-scheduler-1.24.17-150500.3.28.1
* kubernetes1.24-proxy-1.24.17-150500.3.28.1
* kubernetes1.24-apiserver-1.24.17-150500.3.28.1
* kubernetes1.24-client-common-1.24.17-150500.3.28.1
* kubernetes1.24-kubelet-common-1.24.17-150500.3.28.1
* openSUSE Leap 15.6 (noarch)
* kubernetes1.24-client-bash-completion-1.24.17-150500.3.28.1
* kubernetes1.24-client-fish-completion-1.24.17-150500.3.28.1

## References:

* https://www.suse.com/security/cve/CVE-2025-22872.html
* https://bugzilla.suse.com/show_bug.cgi?id=1241865



SUSE-SU-2025:01940-1: moderate: Security update for kubernetes1.23


# Security update for kubernetes1.23

Announcement ID: SUSE-SU-2025:01940-1
Release Date: 2025-06-13T07:20:49Z
Rating: moderate
References:

* bsc#1241865

Cross-References:

* CVE-2025-22872

CVSS scores:

* CVE-2025-22872 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
* CVE-2025-22872 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
* CVE-2025-22872 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Affected Products:

* openSUSE Leap 15.5
* openSUSE Leap 15.6

An update that solves one vulnerability can now be installed.

## Description:

This update for kubernetes1.23 fixes the following issues:

* CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value
in foreign content (bsc#1241865).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1940=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-1940=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* kubernetes1.23-apiserver-1.23.17-150500.3.21.1
* kubernetes1.23-client-1.23.17-150500.3.21.1
* kubernetes1.23-client-common-1.23.17-150500.3.21.1
* kubernetes1.23-kubeadm-1.23.17-150500.3.21.1
* kubernetes1.23-kubelet-common-1.23.17-150500.3.21.1
* kubernetes1.23-scheduler-1.23.17-150500.3.21.1
* kubernetes1.23-kubelet-1.23.17-150500.3.21.1
* kubernetes1.23-proxy-1.23.17-150500.3.21.1
* kubernetes1.23-controller-manager-1.23.17-150500.3.21.1
* openSUSE Leap 15.6 (noarch)
* kubernetes1.23-client-bash-completion-1.23.17-150500.3.21.1
* kubernetes1.23-client-fish-completion-1.23.17-150500.3.21.1
* openSUSE Leap 15.6 (ppc64le)
* kubernetes1.23-kubelet-debuginfo-1.23.17-150500.3.21.1
* kubernetes1.23-client-debuginfo-1.23.17-150500.3.21.1
* kubernetes1.23-proxy-debuginfo-1.23.17-150500.3.21.1
* kubernetes1.23-scheduler-debuginfo-1.23.17-150500.3.21.1
* kubernetes1.23-apiserver-debuginfo-1.23.17-150500.3.21.1
* kubernetes1.23-controller-manager-debuginfo-1.23.17-150500.3.21.1
* kubernetes1.23-kubeadm-debuginfo-1.23.17-150500.3.21.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kubernetes1.23-apiserver-1.23.17-150500.3.21.1
* kubernetes1.23-client-1.23.17-150500.3.21.1
* kubernetes1.23-client-common-1.23.17-150500.3.21.1
* kubernetes1.23-kubeadm-1.23.17-150500.3.21.1
* kubernetes1.23-kubelet-common-1.23.17-150500.3.21.1
* kubernetes1.23-scheduler-1.23.17-150500.3.21.1
* kubernetes1.23-kubelet-1.23.17-150500.3.21.1
* kubernetes1.23-proxy-1.23.17-150500.3.21.1
* kubernetes1.23-controller-manager-1.23.17-150500.3.21.1
* openSUSE Leap 15.5 (noarch)
* kubernetes1.23-client-bash-completion-1.23.17-150500.3.21.1
* kubernetes1.23-client-fish-completion-1.23.17-150500.3.21.1
* openSUSE Leap 15.5 (ppc64le)
* kubernetes1.23-kubelet-debuginfo-1.23.17-150500.3.21.1
* kubernetes1.23-client-debuginfo-1.23.17-150500.3.21.1
* kubernetes1.23-proxy-debuginfo-1.23.17-150500.3.21.1
* kubernetes1.23-scheduler-debuginfo-1.23.17-150500.3.21.1
* kubernetes1.23-apiserver-debuginfo-1.23.17-150500.3.21.1
* kubernetes1.23-controller-manager-debuginfo-1.23.17-150500.3.21.1
* kubernetes1.23-kubeadm-debuginfo-1.23.17-150500.3.21.1

## References:

* https://www.suse.com/security/cve/CVE-2025-22872.html
* https://bugzilla.suse.com/show_bug.cgi?id=1241865



SUSE-SU-2025:01935-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:01935-1
Release Date: 2025-06-12T23:00:05Z
Rating: important
References:

* bsc#1238324
* bsc#1239077

Cross-References:

* CVE-2022-49080
* CVE-2024-57996

CVSS scores:

* CVE-2022-49080 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49080 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57996 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57996 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_141 fixes several issues.

The following security issues were fixed:

* CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace
(bsc#1238324).
* CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit
(bsc#1239077).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1935=1 SUSE-2025-1936=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-1935=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-1936=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-8-150400.2.2
* kernel-livepatch-5_14_21-150400_24_122-default-16-150400.2.2
* kernel-livepatch-5_14_21-150400_24_141-default-8-150400.2.2
* kernel-livepatch-SLE15-SP4_Update_33-debugsource-8-150400.2.2
* kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-16-150400.2.2
* kernel-livepatch-SLE15-SP4_Update_27-debugsource-16-150400.2.2
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-8-150400.2.2
* kernel-livepatch-5_14_21-150400_24_122-default-16-150400.2.2
* kernel-livepatch-5_14_21-150400_24_141-default-8-150400.2.2
* kernel-livepatch-SLE15-SP4_Update_33-debugsource-8-150400.2.2
* kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-16-150400.2.2
* kernel-livepatch-SLE15-SP4_Update_27-debugsource-16-150400.2.2

## References:

* https://www.suse.com/security/cve/CVE-2022-49080.html
* https://www.suse.com/security/cve/CVE-2024-57996.html
* https://bugzilla.suse.com/show_bug.cgi?id=1238324
* https://bugzilla.suse.com/show_bug.cgi?id=1239077



SUSE-SU-2025:01945-1: moderate: Security update for kubernetes-old


# Security update for kubernetes-old

Announcement ID: SUSE-SU-2025:01945-1
Release Date: 2025-06-13T10:16:42Z
Rating: moderate
References:

* bsc#1241781
* jsc#PED-11105

Cross-References:

* CVE-2025-22872

CVSS scores:

* CVE-2025-22872 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
* CVE-2025-22872 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
* CVE-2025-22872 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Affected Products:

* Containers Module 15-SP6
* Containers Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability and contains one feature can now be
installed.

## Description:

This update for kubernetes-old fixes the following issues:

* CVE-2025-22872: Fixed golang.org/x/net/html: incorrectly interpreted tags
can cause content to be placed wrong scope during DOM construction
(bsc#1241781)

This update to version 1.31.9 (jsc#PED-11105)

* Find full changelog
https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v1319

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1945=1 openSUSE-SLE-15.6-2025-1945=1

* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-1945=1

* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2025-1945=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* kubernetes1.31-scheduler-1.31.9-150600.13.10.1
* kubernetes1.31-kubelet-common-1.31.9-150600.13.10.1
* kubernetes1.31-controller-manager-1.31.9-150600.13.10.1
* kubernetes1.31-apiserver-1.31.9-150600.13.10.1
* kubernetes1.31-proxy-1.31.9-150600.13.10.1
* kubernetes1.31-client-1.31.9-150600.13.10.1
* kubernetes1.31-kubeadm-1.31.9-150600.13.10.1
* kubernetes1.31-client-common-1.31.9-150600.13.10.1
* kubernetes1.31-kubelet-1.31.9-150600.13.10.1
* openSUSE Leap 15.6 (noarch)
* kubernetes1.31-client-fish-completion-1.31.9-150600.13.10.1
* kubernetes1.31-client-bash-completion-1.31.9-150600.13.10.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* kubernetes1.31-client-common-1.31.9-150600.13.10.1
* kubernetes1.31-client-1.31.9-150600.13.10.1
* Containers Module 15-SP6 (noarch)
* kubernetes1.31-client-bash-completion-1.31.9-150600.13.10.1
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* kubernetes1.31-client-common-1.31.9-150600.13.10.1
* kubernetes1.31-client-1.31.9-150600.13.10.1
* Containers Module 15-SP7 (noarch)
* kubernetes1.31-client-bash-completion-1.31.9-150600.13.10.1

## References:

* https://www.suse.com/security/cve/CVE-2025-22872.html
* https://bugzilla.suse.com/show_bug.cgi?id=1241781
* https://jira.suse.com/browse/PED-11105



SUSE-SU-2025:01944-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:01944-1
Release Date: 2025-06-13T10:04:02Z
Rating: important
References:

* bsc#1236701
* bsc#1239077
* bsc#1239096

Cross-References:

* CVE-2024-57996
* CVE-2024-58013
* CVE-2025-21680

CVSS scores:

* CVE-2024-57996 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57996 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-58013 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2024-58013 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-58013 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21680 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21680 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21680 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_30 fixes several issues.

The following security issues were fixed:

* CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries
(bsc#1236701).
* CVE-2024-58013: Bluetooth: MGMT: Fix slab-use-after-free Read in
mgmt_remove_adv_monitor_sync (bsc#1239096).
* CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit
(bsc#1239077).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1944=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-1944=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-6-150600.2.2
* kernel-livepatch-6_4_0-150600_23_30-default-6-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_6-debugsource-6-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-6-150600.2.2
* kernel-livepatch-6_4_0-150600_23_30-default-6-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_6-debugsource-6-150600.2.2

## References:

* https://www.suse.com/security/cve/CVE-2024-57996.html
* https://www.suse.com/security/cve/CVE-2024-58013.html
* https://www.suse.com/security/cve/CVE-2025-21680.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236701
* https://bugzilla.suse.com/show_bug.cgi?id=1239077
* https://bugzilla.suse.com/show_bug.cgi?id=1239096



SUSE-SU-2025:01946-1: important: Security update for MozillaThunderbird


# Security update for MozillaThunderbird

Announcement ID: SUSE-SU-2025:01946-1
Release Date: 2025-06-13T10:17:13Z
Rating: important
References:

* bsc#1243353

Cross-References:

* CVE-2025-5262
* CVE-2025-5263
* CVE-2025-5264
* CVE-2025-5265
* CVE-2025-5266
* CVE-2025-5267
* CVE-2025-5268
* CVE-2025-5269

CVSS scores:

* CVE-2025-5262 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-5263 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2025-5263 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2025-5264 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-5264 ( NVD ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-5265 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-5265 ( NVD ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-5266 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-5266 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-5267 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2025-5267 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2025-5268 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-5268 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-5269 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-5269 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Linux Enterprise Workstation Extension 15 SP6
* SUSE Linux Enterprise Workstation Extension 15 SP7
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for MozillaThunderbird fixes the following issues:

Update to Mozilla Thunderbird 128.11 (MFSA 2025-46, bsc#1243353):

* CVE-2025-5262: Double-free in libvpx encoder (bmo#1962421)
* CVE-2025-5263: Error handling for script execution was incorrectly isolated
from web content (bmo#1960745)
* CVE-2025-5264: Potential local code execution in "Copy as cURL" command
(bmo#1950001)
* CVE-2025-5265: Potential local code execution in "Copy as cURL" command
(bmo#1962301)
* CVE-2025-5266: Script element events leaked cross-origin resource status
(bmo#1965628)
* CVE-2025-5267: Clickjacking vulnerability could have led to leaking saved
payment card details (bmo#1954137)
* CVE-2025-5268: Memory safety bugs fixed in Firefox 139, Thunderbird 139,
Firefox ESR 128.11, and Thunderbird 128.11 (bmo#1950136, bmo#1958121,
bmo#1960499, bmo#1962634)
* CVE-2025-5269: Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird
128.11 (bmo#1924108)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-1946=1

* SUSE Linux Enterprise Workstation Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-1946=1

* SUSE Linux Enterprise Workstation Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2025-1946=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1946=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1946=1

## Package List:

* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x)
* MozillaThunderbird-translations-common-128.11.0-150200.8.221.1
* MozillaThunderbird-translations-other-128.11.0-150200.8.221.1
* MozillaThunderbird-debugsource-128.11.0-150200.8.221.1
* MozillaThunderbird-128.11.0-150200.8.221.1
* MozillaThunderbird-debuginfo-128.11.0-150200.8.221.1
* SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
* MozillaThunderbird-translations-common-128.11.0-150200.8.221.1
* MozillaThunderbird-translations-other-128.11.0-150200.8.221.1
* MozillaThunderbird-debugsource-128.11.0-150200.8.221.1
* MozillaThunderbird-128.11.0-150200.8.221.1
* MozillaThunderbird-debuginfo-128.11.0-150200.8.221.1
* SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64)
* MozillaThunderbird-translations-common-128.11.0-150200.8.221.1
* MozillaThunderbird-translations-other-128.11.0-150200.8.221.1
* MozillaThunderbird-debugsource-128.11.0-150200.8.221.1
* MozillaThunderbird-128.11.0-150200.8.221.1
* MozillaThunderbird-debuginfo-128.11.0-150200.8.221.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* MozillaThunderbird-translations-common-128.11.0-150200.8.221.1
* MozillaThunderbird-translations-other-128.11.0-150200.8.221.1
* MozillaThunderbird-debugsource-128.11.0-150200.8.221.1
* MozillaThunderbird-128.11.0-150200.8.221.1
* MozillaThunderbird-debuginfo-128.11.0-150200.8.221.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x)
* MozillaThunderbird-translations-common-128.11.0-150200.8.221.1
* MozillaThunderbird-translations-other-128.11.0-150200.8.221.1
* MozillaThunderbird-debugsource-128.11.0-150200.8.221.1
* MozillaThunderbird-128.11.0-150200.8.221.1
* MozillaThunderbird-debuginfo-128.11.0-150200.8.221.1

## References:

* https://www.suse.com/security/cve/CVE-2025-5262.html
* https://www.suse.com/security/cve/CVE-2025-5263.html
* https://www.suse.com/security/cve/CVE-2025-5264.html
* https://www.suse.com/security/cve/CVE-2025-5265.html
* https://www.suse.com/security/cve/CVE-2025-5266.html
* https://www.suse.com/security/cve/CVE-2025-5267.html
* https://www.suse.com/security/cve/CVE-2025-5268.html
* https://www.suse.com/security/cve/CVE-2025-5269.html
* https://bugzilla.suse.com/show_bug.cgi?id=1243353



SUSE-SU-2025:01948-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:01948-1
Release Date: 2025-06-13T12:03:49Z
Rating: important
References:

* bsc#1236701
* bsc#1239077
* bsc#1239096

Cross-References:

* CVE-2024-57996
* CVE-2024-58013
* CVE-2025-21680

CVSS scores:

* CVE-2024-57996 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57996 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-58013 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2024-58013 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-58013 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21680 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21680 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21680 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_38 fixes several issues.

The following security issues were fixed:

* CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries
(bsc#1236701).
* CVE-2024-58013: Bluetooth: MGMT: Fix slab-use-after-free Read in
mgmt_remove_adv_monitor_sync (bsc#1239096).
* CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit
(bsc#1239077).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1948=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-1948=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_38-default-debuginfo-2-150600.2.2
* kernel-livepatch-6_4_0-150600_23_38-default-2-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_8-debugsource-2-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_38-default-debuginfo-2-150600.2.2
* kernel-livepatch-6_4_0-150600_23_38-default-2-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_8-debugsource-2-150600.2.2

## References:

* https://www.suse.com/security/cve/CVE-2024-57996.html
* https://www.suse.com/security/cve/CVE-2024-58013.html
* https://www.suse.com/security/cve/CVE-2025-21680.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236701
* https://bugzilla.suse.com/show_bug.cgi?id=1239077
* https://bugzilla.suse.com/show_bug.cgi?id=1239096



SUSE-SU-2025:01953-1: important: Security update for apache2-mod_auth_openidc


# Security update for apache2-mod_auth_openidc

Announcement ID: SUSE-SU-2025:01953-1
Release Date: 2025-06-13T13:55:39Z
Rating: important
References:

* bsc#1242015

Cross-References:

* CVE-2025-3891

CVSS scores:

* CVE-2025-3891 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-3891 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-3891 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-3891 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for apache2-mod_auth_openidc fixes the following issues:

* CVE-2025-3891: Fixed denial of service via an empty POST request when
OIDCPreservePost is enabled (bsc#1242015).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-1953=1

* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-1953=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1953=1 openSUSE-SLE-15.6-2025-1953=1

## Package List:

* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* apache2-mod_auth_openidc-2.3.8-150600.16.11.1
* apache2-mod_auth_openidc-debugsource-2.3.8-150600.16.11.1
* apache2-mod_auth_openidc-debuginfo-2.3.8-150600.16.11.1
* Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* apache2-mod_auth_openidc-2.3.8-150600.16.11.1
* apache2-mod_auth_openidc-debugsource-2.3.8-150600.16.11.1
* apache2-mod_auth_openidc-debuginfo-2.3.8-150600.16.11.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* apache2-mod_auth_openidc-2.3.8-150600.16.11.1
* apache2-mod_auth_openidc-debugsource-2.3.8-150600.16.11.1
* apache2-mod_auth_openidc-debuginfo-2.3.8-150600.16.11.1

## References:

* https://www.suse.com/security/cve/CVE-2025-3891.html
* https://bugzilla.suse.com/show_bug.cgi?id=1242015



SUSE-SU-2025:01952-1: moderate: Security update for python-Django


# Security update for python-Django

Announcement ID: SUSE-SU-2025:01952-1
Release Date: 2025-06-13T13:55:13Z
Rating: moderate
References:

* bsc#1244095

Cross-References:

* CVE-2025-48432

CVSS scores:

* CVE-2025-48432 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N
* CVE-2025-48432 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
* CVE-2025-48432 ( NVD ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for python-Django fixes the following issues:

* CVE-2025-48432: log injection or forgery due to unescaped control characters
being added into logs (bsc#1244095).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1952=1 openSUSE-SLE-15.6-2025-1952=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1952=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-1952=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* python311-Django-4.2.11-150600.3.24.1
* SUSE Package Hub 15 15-SP6 (noarch)
* python311-Django-4.2.11-150600.3.24.1
* SUSE Package Hub 15 15-SP7 (noarch)
* python311-Django-4.2.11-150600.3.24.1

## References:

* https://www.suse.com/security/cve/CVE-2025-48432.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244095



SUSE-SU-2025:01954-1: important: Security update for java-1_8_0-openj9


# Security update for java-1_8_0-openj9

Announcement ID: SUSE-SU-2025:01954-1
Release Date: 2025-06-13T13:56:14Z
Rating: important
References:

* bsc#1235844
* bsc#1241274
* bsc#1241275
* bsc#1241276
* bsc#1243429

Cross-References:

* CVE-2025-21587
* CVE-2025-30691
* CVE-2025-30698
* CVE-2025-4447

CVSS scores:

* CVE-2025-21587 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-21587 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-21587 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-30691 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-30691 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-30691 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-30698 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-30698 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-30698 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-4447 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-4447 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-4447 ( NVD ): 7.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves four vulnerabilities and has one security fix can now be
installed.

## Description:

This update for java-1_8_0-openj9 fixes the following issues:

* CVE-2025-4447: Fixed buffer overflow in Eclipse OpenJ9 (bsc#1243429).
* CVE-2025-30698: Fixed 2D unauthorized data access and DoS (bsc#1241276).
* CVE-2025-30691: Fixed Compiler Unauthorized Data Access (bsc#1241275).
* CVE-2025-21587: Fixed unauthorized access, deletion or modification of
critical data (bsc#1241274).

Other bugfixes:

* Fixed wrong execstack flag in libj9jit (bsc#1235844)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1954=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1954=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-1954=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openj9-devel-debuginfo-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-debugsource-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-devel-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-debuginfo-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-demo-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-src-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-accessibility-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-headless-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-demo-debuginfo-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-headless-debuginfo-1.8.0.452-150200.3.54.2
* openSUSE Leap 15.6 (noarch)
* java-1_8_0-openj9-javadoc-1.8.0.452-150200.3.54.2
* SUSE Package Hub 15 15-SP6 (ppc64le s390x)
* java-1_8_0-openj9-devel-debuginfo-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-debugsource-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-devel-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-debuginfo-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-demo-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-src-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-accessibility-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-headless-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-demo-debuginfo-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-headless-debuginfo-1.8.0.452-150200.3.54.2
* SUSE Package Hub 15 15-SP7 (ppc64le s390x)
* java-1_8_0-openj9-devel-debuginfo-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-debugsource-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-devel-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-debuginfo-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-demo-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-src-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-accessibility-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-headless-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-demo-debuginfo-1.8.0.452-150200.3.54.2
* java-1_8_0-openj9-headless-debuginfo-1.8.0.452-150200.3.54.2

## References:

* https://www.suse.com/security/cve/CVE-2025-21587.html
* https://www.suse.com/security/cve/CVE-2025-30691.html
* https://www.suse.com/security/cve/CVE-2025-30698.html
* https://www.suse.com/security/cve/CVE-2025-4447.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235844
* https://bugzilla.suse.com/show_bug.cgi?id=1241274
* https://bugzilla.suse.com/show_bug.cgi?id=1241275
* https://bugzilla.suse.com/show_bug.cgi?id=1241276
* https://bugzilla.suse.com/show_bug.cgi?id=1243429



SUSE-SU-2025:01950-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:01950-1
Release Date: 2025-06-13T12:33:33Z
Rating: important
References:

* bsc#1238324
* bsc#1239077

Cross-References:

* CVE-2022-49080
* CVE-2024-57996

CVSS scores:

* CVE-2022-49080 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49080 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57996 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57996 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_128 fixes several issues.

The following security issues were fixed:

* CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace
(bsc#1238324).
* CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit
(bsc#1239077).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1950=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-1950=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_29-debugsource-11-150400.2.2
* kernel-livepatch-5_14_21-150400_24_128-default-debuginfo-11-150400.2.2
* kernel-livepatch-5_14_21-150400_24_128-default-11-150400.2.2
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_29-debugsource-11-150400.2.2
* kernel-livepatch-5_14_21-150400_24_128-default-debuginfo-11-150400.2.2
* kernel-livepatch-5_14_21-150400_24_128-default-11-150400.2.2

## References:

* https://www.suse.com/security/cve/CVE-2022-49080.html
* https://www.suse.com/security/cve/CVE-2024-57996.html
* https://bugzilla.suse.com/show_bug.cgi?id=1238324
* https://bugzilla.suse.com/show_bug.cgi?id=1239077



SUSE-SU-2025:01949-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:01949-1
Release Date: 2025-06-13T12:03:58Z
Rating: important
References:

* bsc#1239077

Cross-References:

* CVE-2024-57996

CVSS scores:

* CVE-2024-57996 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57996 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_42 fixes one issue.

The following security issue was fixed:

* CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit
(bsc#1239077).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1949=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-1949=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_42-default-2-150600.2.2
* kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-2-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_9-debugsource-2-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_42-default-2-150600.2.2
* kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-2-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_9-debugsource-2-150600.2.2

## References:

* https://www.suse.com/security/cve/CVE-2024-57996.html
* https://bugzilla.suse.com/show_bug.cgi?id=1239077



SUSE-SU-2025:01956-1: important: Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:01956-1
Release Date: 2025-06-13T16:04:12Z
Rating: important
References:

* bsc#1238324
* bsc#1238788
* bsc#1238790
* bsc#1239077

Cross-References:

* CVE-2022-49080
* CVE-2022-49563
* CVE-2022-49564
* CVE-2024-57996

CVSS scores:

* CVE-2022-49080 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49080 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49563 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49563 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49563 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49564 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49564 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49564 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-57996 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57996 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_195 fixes several issues.

The following security issues were fixed:

* CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace
(bsc#1238324).
* CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit
(bsc#1239077).
* CVE-2022-49563: crypto: qat - add param check for RSA (bsc#1238788).
* CVE-2022-49564: crypto: qat - add param check for DH (bsc#1238790).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-1956=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1956=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_195-default-debuginfo-2-150300.2.2
* kernel-livepatch-SLE15-SP3_Update_54-debugsource-2-150300.2.2
* kernel-livepatch-5_3_18-150300_59_195-default-2-150300.2.2
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_195-preempt-debuginfo-2-150300.2.2
* kernel-livepatch-5_3_18-150300_59_195-preempt-2-150300.2.2
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_195-default-2-150300.2.2

## References:

* https://www.suse.com/security/cve/CVE-2022-49080.html
* https://www.suse.com/security/cve/CVE-2022-49563.html
* https://www.suse.com/security/cve/CVE-2022-49564.html
* https://www.suse.com/security/cve/CVE-2024-57996.html
* https://bugzilla.suse.com/show_bug.cgi?id=1238324
* https://bugzilla.suse.com/show_bug.cgi?id=1238788
* https://bugzilla.suse.com/show_bug.cgi?id=1238790
* https://bugzilla.suse.com/show_bug.cgi?id=1239077



SUSE-SU-2025:01957-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:01957-1
Release Date: 2025-06-13T18:33:39Z
Rating: important
References:

* bsc#1236701
* bsc#1239077
* bsc#1239096

Cross-References:

* CVE-2024-57996
* CVE-2024-58013
* CVE-2025-21680

CVSS scores:

* CVE-2024-57996 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57996 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-58013 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2024-58013 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-58013 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21680 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21680 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21680 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_33 fixes several issues.

The following security issues were fixed:

* CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries
(bsc#1236701).
* CVE-2024-58013: Bluetooth: MGMT: Fix slab-use-after-free Read in
mgmt_remove_adv_monitor_sync (bsc#1239096).
* CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit
(bsc#1239077).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1957=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-1957=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_33-default-6-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_7-debugsource-6-150600.2.2
* kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-6-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_33-default-6-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_7-debugsource-6-150600.2.2
* kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-6-150600.2.2

## References:

* https://www.suse.com/security/cve/CVE-2024-57996.html
* https://www.suse.com/security/cve/CVE-2024-58013.html
* https://www.suse.com/security/cve/CVE-2025-21680.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236701
* https://bugzilla.suse.com/show_bug.cgi?id=1239077
* https://bugzilla.suse.com/show_bug.cgi?id=1239096



SUSE-SU-2025:01958-1: important: Security update for the Linux Kernel (Live Patch 55 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 55 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:01958-1
Release Date: 2025-06-13T19:33:40Z
Rating: important
References:

* bsc#1238788
* bsc#1238790
* bsc#1239077

Cross-References:

* CVE-2022-49563
* CVE-2022-49564
* CVE-2024-57996

CVSS scores:

* CVE-2022-49563 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49563 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49563 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49564 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49564 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49564 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-57996 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57996 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_198 fixes several issues.

The following security issues were fixed:

* CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit
(bsc#1239077).
* CVE-2022-49563: crypto: qat - add param check for RSA (bsc#1238788).
* CVE-2022-49564: crypto: qat - add param check for DH (bsc#1238790).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-1958=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1958=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_198-default-debuginfo-2-150300.2.2
* kernel-livepatch-5_3_18-150300_59_198-default-2-150300.2.2
* kernel-livepatch-SLE15-SP3_Update_55-debugsource-2-150300.2.2
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_198-preempt-2-150300.2.2
* kernel-livepatch-5_3_18-150300_59_198-preempt-debuginfo-2-150300.2.2
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_198-default-2-150300.2.2

## References:

* https://www.suse.com/security/cve/CVE-2022-49563.html
* https://www.suse.com/security/cve/CVE-2022-49564.html
* https://www.suse.com/security/cve/CVE-2024-57996.html
* https://bugzilla.suse.com/show_bug.cgi?id=1238788
* https://bugzilla.suse.com/show_bug.cgi?id=1238790
* https://bugzilla.suse.com/show_bug.cgi?id=1239077


Kernel, ModSecurity, Grafana, and more updates for Oracle Linux

Linux kernel (NVIDIA Tegra IGX) update for Ubuntu 22.04

Windows

Linux

macOS

Community

  • Artsyl
    ONTARIO, CANADA – April 23, 2025 – Artsyl Technologies, ...
  • Artsyl
    π˜–π˜―π˜΅π˜’π˜³π˜ͺ𝘰, 𝘊𝘒𝘯𝘒π˜₯𝘒 β€” π˜‘π˜Άπ˜―π˜¦ 18, 2025 β€” π—”π—Ώπ˜π˜€π˜†π—Ή π—§π—²π—°π—΅π—»π—Όπ—Ήπ—Όπ—΄π—Άπ—²π˜€, I ...
  • Artsyl
    May 28, 2025 – Ontario, Canada β€” Artsyl Technologies, a ...