Micropython, OpenSSH, Buildah, and more updates for SUSE

SUSE 5502 Published by

Several security updates have been released for SUSE Linux. These updates include patches for the Linux Kernel, such as Live Patch 14 for SLE 15 SP6 and Live Patch 22 for SUSE Linux Enterprise 15 SP5. Additionally, vulnerabilities in various software packages like micropython, openssh, buildah, lasso, runc, binutils, python311-pdfminer.six, podman, and tomcat11 have been addressed through security updates. The severity of these updates ranges from moderate to critical, with the Linux Kernel updates being classified as important.

SUSE-SU-2025:4063-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP6)
SUSE-SU-2025:4064-1: important: Security update for the Linux Kernel (Live Patch 60 for SUSE Linux Enterprise 15 SP3)
SUSE-SU-2025-20035-1: moderate: Security update for micropython
SUSE-SU-2025:4067-1: moderate: Security update for openssh
SUSE-SU-2025:4076-1: important: Security update for buildah
SUSE-SU-2025:4074-1: important: Security update for buildah
SUSE-SU-2025:4075-1: important: Security update for buildah
SUSE-SU-2025:4068-1: critical: Security update for lasso
SUSE-SU-2025:4073-1: important: Security update for runc
SUSE-SU-2025:4078-1: important: Security update for the Linux Kernel (Live Patch 22 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2025:15725-1: moderate: binutils-2.45-2.1 on GA media
SUSE-SU-2025:15727-1: moderate: python311-pdfminer.six-20251107-1.1 on GA media
SUSE-SU-2025:4079-1: important: Security update for podman
SUSE-SU-2025:4080-1: important: Security update for podman
SUSE-SU-2025:4081-1: important: Security update for podman
SUSE-SU-2025:4086-1: important: Security update for tomcat11
SUSE-SU-2025:4087-1: moderate: Security update for netty, netty-tcnative




SUSE-SU-2025:4063-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:4063-1
Release Date: 2025-11-12T02:34:57Z
Rating: important
References:

* bsc#1248631
* bsc#1249207

Cross-References:

* CVE-2025-38618
* CVE-2025-38664

CVSS scores:

* CVE-2025-38618 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38618 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_65 fixes several issues.

The following security issues were fixed:

* CVE-2025-38664: ice: Fix a null pointer dereference in
ice_copy_and_init_pkg() (bsc#1248631).
* CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY
(bsc#1249207).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-4063=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-4063=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-3-150600.4.1
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-3-150600.4.1
* kernel-livepatch-6_4_0-150600_23_65-default-3-150600.4.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-3-150600.4.1
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-3-150600.4.1
* kernel-livepatch-6_4_0-150600_23_65-default-3-150600.4.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38618.html
* https://www.suse.com/security/cve/CVE-2025-38664.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248631
* https://bugzilla.suse.com/show_bug.cgi?id=1249207



SUSE-SU-2025:4064-1: important: Security update for the Linux Kernel (Live Patch 60 for SUSE Linux Enterprise 15 SP3)


# Security update for the Linux Kernel (Live Patch 60 for SUSE Linux Enterprise
15 SP3)

Announcement ID: SUSE-SU-2025:4064-1
Release Date: 2025-11-12T02:35:07Z
Rating: important
References:

* bsc#1248631
* bsc#1249207
* bsc#1249208
* bsc#1249841
* bsc#1249847
* bsc#1252946

Cross-References:

* CVE-2022-50248
* CVE-2022-50252
* CVE-2025-38617
* CVE-2025-38618
* CVE-2025-38664

CVSS scores:

* CVE-2022-50248 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50248 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-50252 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50252 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38617 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38617 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38618 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38618 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves five vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the SUSE Linux Enterprise kernel 5.3.18-150300.59.215 fixes
various security issues

The following security issues were fixed:

* CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path
(bsc#1249841).
* CVE-2022-50252: igb: Do not free q_vector unless new one was allocated
(bsc#1249847).
* CVE-2025-38617: net/packet: fix a race in packet_set_ring() and
packet_notifier() (bsc#1249208).
* CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY
(bsc#1249207).
* CVE-2025-38664: ice: Fix a null pointer dereference in
ice_copy_and_init_pkg() (bsc#1248631).

The following non security issue was fixed:

* bsc#1249208: fix livepatching target module name (bsc#1252946)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-4064=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-4064=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_60-debugsource-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_215-default-debuginfo-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_215-default-5-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_215-preempt-debuginfo-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_215-preempt-5-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_60-debugsource-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_215-default-debuginfo-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_215-default-5-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-50248.html
* https://www.suse.com/security/cve/CVE-2022-50252.html
* https://www.suse.com/security/cve/CVE-2025-38617.html
* https://www.suse.com/security/cve/CVE-2025-38618.html
* https://www.suse.com/security/cve/CVE-2025-38664.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248631
* https://bugzilla.suse.com/show_bug.cgi?id=1249207
* https://bugzilla.suse.com/show_bug.cgi?id=1249208
* https://bugzilla.suse.com/show_bug.cgi?id=1249841
* https://bugzilla.suse.com/show_bug.cgi?id=1249847
* https://bugzilla.suse.com/show_bug.cgi?id=1252946



openSUSE-SU-2025-20035-1: moderate: Security update for micropython


openSUSE security update: security update for micropython
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2025-20035-1
Rating: moderate

Cross-References:

* CVE-2025-59438

CVSS scores:

* CVE-2025-59438 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-59438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability can now be installed.

Description:

This update for micropython fixes the following issues:

Changes in micropython:

- Build with mbedtls-3.6.5 instead of bundled 3.6.2 to fix CVE-2025-59438

Version 1.26.0:

* Added machine.I2CTarget for creating I2C target devices on multiple ports.
* New MCU support: STM32N6xx (800 MHz, ML accel) & ESP32-C2 (WiFi + BLE).
* Major float accuracy boost (~28% ??? ~98%), constant folding in compiler.
* Optimized native/Viper emitters; reduced heap use for slices.
* Time functions standardized (1970???2099); new boards across ESP32, SAMD, STM32, Zephyr.
* ESP32: ESP-IDF 5.4.2, flash auto-detect, PCNT class, LAN8670 PHY.
* RP2: compressed errors, better lightsleep, hard IRQ timers.
* Zephyr v4.0.0: PWM, SoftI2C/SPI, BLE runtime services, boot.py/main.py support.
* mpremote adds fs tree, improved df, portable config paths.
* Updated lwIP, LittleFS, libhydrogen, stm32lib; expanded hardware/CI tests.

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-17=1

Package List:

- openSUSE Leap 16.0:

micropython-1.26.0-bp160.1.1
mpremote-1.26.0-bp160.1.1
mpy-tools-1.26.0-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-59438.html



SUSE-SU-2025:4067-1: moderate: Security update for openssh


# Security update for openssh

Announcement ID: SUSE-SU-2025:4067-1
Release Date: 2025-11-12T08:03:50Z
Rating: moderate
References:

* bsc#1251198
* bsc#1251199

Cross-References:

* CVE-2025-61984
* CVE-2025-61985

CVSS scores:

* CVE-2025-61984 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-61984 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-61984 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-61985 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-61985 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-61985 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* Desktop Applications Module 15-SP6
* Desktop Applications Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for openssh fixes the following issues:

* CVE-2025-61984: Fixed code execution via control characters in usernames
when a ProxyCommand is used (bsc#1251198)
* CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a
ProxyCommand is used (bsc#1251199)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-4067=1 openSUSE-SLE-15.6-2025-4067=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4067=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4067=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-4067=1

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-4067=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* openssh-common-9.6p1-150600.6.34.1
* openssh-askpass-gnome-debugsource-9.6p1-150600.6.34.1
* openssh-server-debuginfo-9.6p1-150600.6.34.1
* openssh-debugsource-9.6p1-150600.6.34.1
* openssh-cavs-debuginfo-9.6p1-150600.6.34.1
* openssh-clients-debuginfo-9.6p1-150600.6.34.1
* openssh-server-9.6p1-150600.6.34.1
* openssh-common-debuginfo-9.6p1-150600.6.34.1
* openssh-debuginfo-9.6p1-150600.6.34.1
* openssh-9.6p1-150600.6.34.1
* openssh-askpass-gnome-debuginfo-9.6p1-150600.6.34.1
* openssh-helpers-debuginfo-9.6p1-150600.6.34.1
* openssh-clients-9.6p1-150600.6.34.1
* openssh-cavs-9.6p1-150600.6.34.1
* openssh-askpass-gnome-9.6p1-150600.6.34.1
* openssh-server-config-disallow-rootlogin-9.6p1-150600.6.34.1
* openssh-helpers-9.6p1-150600.6.34.1
* openssh-fips-9.6p1-150600.6.34.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* openssh-common-9.6p1-150600.6.34.1
* openssh-server-debuginfo-9.6p1-150600.6.34.1
* openssh-debugsource-9.6p1-150600.6.34.1
* openssh-clients-debuginfo-9.6p1-150600.6.34.1
* openssh-server-9.6p1-150600.6.34.1
* openssh-common-debuginfo-9.6p1-150600.6.34.1
* openssh-debuginfo-9.6p1-150600.6.34.1
* openssh-9.6p1-150600.6.34.1
* openssh-helpers-debuginfo-9.6p1-150600.6.34.1
* openssh-clients-9.6p1-150600.6.34.1
* openssh-server-config-disallow-rootlogin-9.6p1-150600.6.34.1
* openssh-helpers-9.6p1-150600.6.34.1
* openssh-fips-9.6p1-150600.6.34.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* openssh-common-9.6p1-150600.6.34.1
* openssh-server-debuginfo-9.6p1-150600.6.34.1
* openssh-debugsource-9.6p1-150600.6.34.1
* openssh-clients-debuginfo-9.6p1-150600.6.34.1
* openssh-server-9.6p1-150600.6.34.1
* openssh-common-debuginfo-9.6p1-150600.6.34.1
* openssh-debuginfo-9.6p1-150600.6.34.1
* openssh-9.6p1-150600.6.34.1
* openssh-helpers-debuginfo-9.6p1-150600.6.34.1
* openssh-clients-9.6p1-150600.6.34.1
* openssh-server-config-disallow-rootlogin-9.6p1-150600.6.34.1
* openssh-helpers-9.6p1-150600.6.34.1
* openssh-fips-9.6p1-150600.6.34.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* openssh-askpass-gnome-debuginfo-9.6p1-150600.6.34.1
* openssh-askpass-gnome-debugsource-9.6p1-150600.6.34.1
* openssh-askpass-gnome-9.6p1-150600.6.34.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* openssh-askpass-gnome-debuginfo-9.6p1-150600.6.34.1
* openssh-askpass-gnome-debugsource-9.6p1-150600.6.34.1
* openssh-askpass-gnome-9.6p1-150600.6.34.1

## References:

* https://www.suse.com/security/cve/CVE-2025-61984.html
* https://www.suse.com/security/cve/CVE-2025-61985.html
* https://bugzilla.suse.com/show_bug.cgi?id=1251198
* https://bugzilla.suse.com/show_bug.cgi?id=1251199



SUSE-SU-2025:4076-1: important: Security update for buildah


# Security update for buildah

Announcement ID: SUSE-SU-2025:4076-1
Release Date: 2025-11-12T10:36:00Z
Rating: important
References:

* bsc#1253096

Cross-References:

* CVE-2025-52881

CVSS scores:

* CVE-2025-52881 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-52881 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52881 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* Containers Module 15-SP6
* Containers Module 15-SP7
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for buildah fixes the following issues:

* CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions
for writing to arbitrary /proc files (bsc#1253096)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-4076=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4076=1

* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-4076=1

* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2025-4076=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4076=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4076=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4076=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4076=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* buildah-1.35.5-150500.3.45.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.45.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.45.1
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.45.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* buildah-1.35.5-150500.3.45.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* buildah-1.35.5-150500.3.45.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.45.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* buildah-1.35.5-150500.3.45.1

## References:

* https://www.suse.com/security/cve/CVE-2025-52881.html
* https://bugzilla.suse.com/show_bug.cgi?id=1253096



SUSE-SU-2025:4074-1: important: Security update for buildah


# Security update for buildah

Announcement ID: SUSE-SU-2025:4074-1
Release Date: 2025-11-12T10:35:10Z
Rating: important
References:

* bsc#1252543
* bsc#1253096

Cross-References:

* CVE-2025-52881

CVSS scores:

* CVE-2025-52881 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-52881 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52881 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for buildah fixes the following issues:

* CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions
for writing to arbitrary /proc files (bsc#1253096)

Other fixes:

* podman and buildah with runc 1.3.2 fail with lots of warnings as rootless
(bsc#1252543)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4074=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4074=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4074=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4074=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4074=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* buildah-1.35.5-150400.3.53.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* buildah-1.35.5-150400.3.53.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* buildah-1.35.5-150400.3.53.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150400.3.53.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* buildah-1.35.5-150400.3.53.1

## References:

* https://www.suse.com/security/cve/CVE-2025-52881.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252543
* https://bugzilla.suse.com/show_bug.cgi?id=1253096



SUSE-SU-2025:4075-1: important: Security update for buildah


# Security update for buildah

Announcement ID: SUSE-SU-2025:4075-1
Release Date: 2025-11-12T10:35:26Z
Rating: important
References:

* bsc#1252543
* bsc#1253096

Cross-References:

* CVE-2025-52881

CVSS scores:

* CVE-2025-52881 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-52881 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52881 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for buildah fixes the following issues:

* CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions
for writing to arbitrary /proc files (bsc#1253096)

Other fixes:

* podman and buildah with runc 1.3.2 fail with lots of warnings as rootless
(bsc#1252543)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-4075=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4075=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4075=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4075=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-4075=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* buildah-1.35.5-150300.8.46.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* buildah-1.35.5-150300.8.46.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150300.8.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* buildah-1.35.5-150300.8.46.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* buildah-1.35.5-150300.8.46.1

## References:

* https://www.suse.com/security/cve/CVE-2025-52881.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252543
* https://bugzilla.suse.com/show_bug.cgi?id=1253096



SUSE-SU-2025:4068-1: critical: Security update for lasso


# Security update for lasso

Announcement ID: SUSE-SU-2025:4068-1
Release Date: 2025-11-12T08:04:40Z
Rating: critical
References:

* bsc#1253092
* bsc#1253093
* bsc#1253095

Cross-References:

* CVE-2025-46404
* CVE-2025-46705
* CVE-2025-47151

CVSS scores:

* CVE-2025-46404 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-46404 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-46404 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-46705 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-46705 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-46705 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-47151 ( SUSE ): 9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-47151 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-47151 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves three vulnerabilities can now be installed.

## Description:

This update for lasso fixes the following issues:

* CVE-2025-46404: Fixed denial of service in Entr'ouvert Lasso (bsc#1253092)
* CVE-2025-46705: Fixed denial of service in Entr'ouvert Lasso (bsc#1253093)
* CVE-2025-47151: Fixed type confusion vulnerability in the
lasso_node_impl_init_from_xml functionality (bsc#1253095)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-4068=1 openSUSE-SLE-15.6-2025-4068=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-4068=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4068=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-4068=1

* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-4068=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* lasso-debuginfo-2.8.2-150600.3.5.1
* python3-lasso-debuginfo-2.8.2-150600.3.5.1
* liblasso-devel-2.8.2-150600.3.5.1
* liblasso3-2.8.2-150600.3.5.1
* python3-lasso-2.8.2-150600.3.5.1
* lasso-debugsource-2.8.2-150600.3.5.1
* liblasso3-debuginfo-2.8.2-150600.3.5.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* lasso-debuginfo-2.8.2-150600.3.5.1
* python3-lasso-debuginfo-2.8.2-150600.3.5.1
* liblasso-devel-2.8.2-150600.3.5.1
* python3-lasso-2.8.2-150600.3.5.1
* lasso-debugsource-2.8.2-150600.3.5.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* lasso-debuginfo-2.8.2-150600.3.5.1
* python3-lasso-debuginfo-2.8.2-150600.3.5.1
* liblasso-devel-2.8.2-150600.3.5.1
* python3-lasso-2.8.2-150600.3.5.1
* lasso-debugsource-2.8.2-150600.3.5.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* liblasso3-2.8.2-150600.3.5.1
* lasso-debuginfo-2.8.2-150600.3.5.1
* lasso-debugsource-2.8.2-150600.3.5.1
* liblasso3-debuginfo-2.8.2-150600.3.5.1
* Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* liblasso3-2.8.2-150600.3.5.1
* lasso-debuginfo-2.8.2-150600.3.5.1
* lasso-debugsource-2.8.2-150600.3.5.1
* liblasso3-debuginfo-2.8.2-150600.3.5.1

## References:

* https://www.suse.com/security/cve/CVE-2025-46404.html
* https://www.suse.com/security/cve/CVE-2025-46705.html
* https://www.suse.com/security/cve/CVE-2025-47151.html
* https://bugzilla.suse.com/show_bug.cgi?id=1253092
* https://bugzilla.suse.com/show_bug.cgi?id=1253093
* https://bugzilla.suse.com/show_bug.cgi?id=1253095



SUSE-SU-2025:4073-1: important: Security update for runc


# Security update for runc

Announcement ID: SUSE-SU-2025:4073-1
Release Date: 2025-11-12T10:34:50Z
Rating: important
References:

* bsc#1252110
* bsc#1252232

Cross-References:

* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881

CVSS scores:

* CVE-2025-31133 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-31133 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-31133 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-52565 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-52565 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52565 ( NVD ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-52881 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-52881 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52881 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* Basesystem Module 15-SP7
* Containers Module 15-SP6
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves three vulnerabilities can now be installed.

## Description:

This update for runc fixes the following issues:

Update to runc v1.3.3. Upstream changelog is available from

( https://github.com/opencontainers/runc/releases/tag/v1.3.3) . bsc#1252232

* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881

Update to runc v1.3.2. Upstream changelog is available from

( https://github.com/opencontainers/runc/releases/tag/v1.3.2) bsc#1252110

* Includes an important fix for the CPUSet translation for cgroupv2.

Update to runc v1.3.1. Upstream changelog is available from

( https://github.com/opencontainers/runc/releases/tag/v1.3.1)

Update to runc v1.3.0. Upstream changelog is available from

( https://github.com/opencontainers/runc/releases/tag/v1.3.0)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4073=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-4073=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-4073=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-4073=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-4073=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-4073=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4073=1

* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-4073=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-4073=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-4073=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-4073=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* runc-1.3.3-150000.85.1
* runc-debuginfo-1.3.3-150000.85.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* runc-1.3.3-150000.85.1
* runc-debuginfo-1.3.3-150000.85.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* runc-1.3.3-150000.85.1
* runc-debuginfo-1.3.3-150000.85.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* runc-1.3.3-150000.85.1
* runc-debuginfo-1.3.3-150000.85.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* runc-1.3.3-150000.85.1
* runc-debuginfo-1.3.3-150000.85.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* runc-1.3.3-150000.85.1
* runc-debuginfo-1.3.3-150000.85.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* runc-1.3.3-150000.85.1
* runc-debuginfo-1.3.3-150000.85.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* runc-1.3.3-150000.85.1
* runc-debuginfo-1.3.3-150000.85.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* runc-1.3.3-150000.85.1
* runc-debuginfo-1.3.3-150000.85.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* runc-1.3.3-150000.85.1
* runc-debuginfo-1.3.3-150000.85.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* runc-1.3.3-150000.85.1
* runc-debuginfo-1.3.3-150000.85.1

## References:

* https://www.suse.com/security/cve/CVE-2025-31133.html
* https://www.suse.com/security/cve/CVE-2025-52565.html
* https://www.suse.com/security/cve/CVE-2025-52881.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252110
* https://bugzilla.suse.com/show_bug.cgi?id=1252232



SUSE-SU-2025:4078-1: important: Security update for the Linux Kernel (Live Patch 22 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 22 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2025:4078-1
Release Date: 2025-11-12T11:09:53Z
Rating: important
References:

* bsc#1246019
* bsc#1248631
* bsc#1249207
* bsc#1249208
* bsc#1249847
* bsc#1252946

Cross-References:

* CVE-2022-50252
* CVE-2024-53164
* CVE-2025-38617
* CVE-2025-38618
* CVE-2025-38664

CVSS scores:

* CVE-2022-50252 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50252 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53164 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53164 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53164 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38617 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38617 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38618 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38618 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves five vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.91 fixes
various security issues

The following security issues were fixed:

* CVE-2022-50252: igb: Do not free q_vector unless new one was allocated
(bsc#1249847).
* CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1246019).
* CVE-2025-38617: net/packet: fix a race in packet_set_ring() and
packet_notifier() (bsc#1249208).
* CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY
(bsc#1249207).
* CVE-2025-38664: ice: Fix a null pointer dereference in
ice_copy_and_init_pkg() (bsc#1248631).

The following non security issue was fixed:

* bsc#1249208: fix livepatching target module name (bsc#1252946)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-4078=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-4078=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_91-default-14-150500.4.1
* kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-14-150500.4.1
* kernel-livepatch-SLE15-SP5_Update_22-debugsource-14-150500.4.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_91-default-14-150500.4.1
* kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-14-150500.4.1
* kernel-livepatch-SLE15-SP5_Update_22-debugsource-14-150500.4.1

## References:

* https://www.suse.com/security/cve/CVE-2022-50252.html
* https://www.suse.com/security/cve/CVE-2024-53164.html
* https://www.suse.com/security/cve/CVE-2025-38617.html
* https://www.suse.com/security/cve/CVE-2025-38618.html
* https://www.suse.com/security/cve/CVE-2025-38664.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246019
* https://bugzilla.suse.com/show_bug.cgi?id=1248631
* https://bugzilla.suse.com/show_bug.cgi?id=1249207
* https://bugzilla.suse.com/show_bug.cgi?id=1249208
* https://bugzilla.suse.com/show_bug.cgi?id=1249847
* https://bugzilla.suse.com/show_bug.cgi?id=1252946



openSUSE-SU-2025:15725-1: moderate: binutils-2.45-2.1 on GA media


# binutils-2.45-2.1 on GA media

Announcement ID: openSUSE-SU-2025:15725-1
Rating: moderate

Cross-References:

* CVE-2025-0840

CVSS scores:

* CVE-2025-0840 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-0840 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the binutils-2.45-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* binutils 2.45-2.1
* binutils-devel 2.45-2.1
* binutils-devel-32bit 2.45-2.1
* gprofng 2.45-2.1
* libctf-nobfd0 2.45-2.1
* libctf0 2.45-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-0840.html



openSUSE-SU-2025:15727-1: moderate: python311-pdfminer.six-20251107-1.1 on GA media


# python311-pdfminer.six-20251107-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15727-1
Rating: moderate

Cross-References:

* CVE-2025-64512

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-pdfminer.six-20251107-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-pdfminer.six 20251107-1.1
* python312-pdfminer.six 20251107-1.1
* python313-pdfminer.six 20251107-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-64512.html



SUSE-SU-2025:4079-1: important: Security update for podman


# Security update for podman

Announcement ID: SUSE-SU-2025:4079-1
Release Date: 2025-11-12T12:48:52Z
Rating: important
References:

* bsc#1252376
* bsc#1252543

Cross-References:

* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881

CVSS scores:

* CVE-2025-31133 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-31133 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-31133 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-52565 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-52565 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52565 ( NVD ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-52881 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-52881 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52881 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves three vulnerabilities can now be installed.

## Description:

This update for podman fixes the following issues:

* CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount
race conditions (bsc#1252376)
* CVE-2025-52565: Fixed container escape with malicious config due to
/dev/console mount and related races (bsc#1252376)
* CVE-2025-52881: Fixed container escape and denial of service due to
arbitrary write gadgets and procfs write redirects (bsc#1252376)

Other fixes: \- podman and buildah with runc 1.3.2 fail with lots of warnings as
rootless (bsc#1252543)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4079=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-4079=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-4079=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-4079=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-4079=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4079=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4079=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4079=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4079=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* podman-debuginfo-4.9.5-150400.4.59.2
* podman-remote-4.9.5-150400.4.59.2
* podman-4.9.5-150400.4.59.2
* podmansh-4.9.5-150400.4.59.2
* podman-remote-debuginfo-4.9.5-150400.4.59.2
* openSUSE Leap 15.4 (noarch)
* podman-docker-4.9.5-150400.4.59.2
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* podman-4.9.5-150400.4.59.2
* podman-debuginfo-4.9.5-150400.4.59.2
* podman-remote-debuginfo-4.9.5-150400.4.59.2
* podman-remote-4.9.5-150400.4.59.2
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* podman-4.9.5-150400.4.59.2
* podman-debuginfo-4.9.5-150400.4.59.2
* podman-remote-debuginfo-4.9.5-150400.4.59.2
* podman-remote-4.9.5-150400.4.59.2
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* podman-4.9.5-150400.4.59.2
* podman-debuginfo-4.9.5-150400.4.59.2
* podman-remote-debuginfo-4.9.5-150400.4.59.2
* podman-remote-4.9.5-150400.4.59.2
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* podman-4.9.5-150400.4.59.2
* podman-debuginfo-4.9.5-150400.4.59.2
* podman-remote-debuginfo-4.9.5-150400.4.59.2
* podman-remote-4.9.5-150400.4.59.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* podman-4.9.5-150400.4.59.2
* podman-debuginfo-4.9.5-150400.4.59.2
* podman-remote-debuginfo-4.9.5-150400.4.59.2
* podman-remote-4.9.5-150400.4.59.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.59.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* podman-4.9.5-150400.4.59.2
* podman-debuginfo-4.9.5-150400.4.59.2
* podman-remote-debuginfo-4.9.5-150400.4.59.2
* podman-remote-4.9.5-150400.4.59.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.59.2
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* podman-4.9.5-150400.4.59.2
* podman-debuginfo-4.9.5-150400.4.59.2
* podman-remote-debuginfo-4.9.5-150400.4.59.2
* podman-remote-4.9.5-150400.4.59.2
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* podman-docker-4.9.5-150400.4.59.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* podman-4.9.5-150400.4.59.2
* podman-debuginfo-4.9.5-150400.4.59.2
* podman-remote-debuginfo-4.9.5-150400.4.59.2
* podman-remote-4.9.5-150400.4.59.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.59.2

## References:

* https://www.suse.com/security/cve/CVE-2025-31133.html
* https://www.suse.com/security/cve/CVE-2025-52565.html
* https://www.suse.com/security/cve/CVE-2025-52881.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252376
* https://bugzilla.suse.com/show_bug.cgi?id=1252543



SUSE-SU-2025:4080-1: important: Security update for podman


# Security update for podman

Announcement ID: SUSE-SU-2025:4080-1
Release Date: 2025-11-12T12:49:14Z
Rating: important
References:

* bsc#1248988
* bsc#1252376
* bsc#1252543

Cross-References:

* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881

CVSS scores:

* CVE-2025-31133 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-31133 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-31133 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-52565 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-52565 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52565 ( NVD ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-52881 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-52881 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52881 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for podman fixes the following issues:

* CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount
race conditions (bsc#1252376)
* CVE-2025-52565: Fixed container escape with malicious config due to
/dev/console mount and related races (bsc#1252376)
* CVE-2025-52881: Fixed container escape and denial of service due to
arbitrary write gadgets and procfs write redirects (bsc#1252376)

Other fixes:

* Fix: podman and buildah with runc 1.3.2 fail with lots of warnings as
rootless (bsc#1252543)
* Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-4080=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4080=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4080=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4080=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-4080=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-4080=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-4080=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-4080=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* podman-debuginfo-4.9.5-150300.9.63.2
* podmansh-4.9.5-150300.9.63.2
* podman-4.9.5-150300.9.63.2
* podman-remote-debuginfo-4.9.5-150300.9.63.2
* podman-remote-4.9.5-150300.9.63.2
* openSUSE Leap 15.3 (noarch)
* podman-docker-4.9.5-150300.9.63.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* podman-4.9.5-150300.9.63.2
* podman-remote-4.9.5-150300.9.63.2
* podman-remote-debuginfo-4.9.5-150300.9.63.2
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* podman-4.9.5-150300.9.63.2
* podman-remote-4.9.5-150300.9.63.2
* podman-remote-debuginfo-4.9.5-150300.9.63.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* podman-4.9.5-150300.9.63.2
* podman-remote-4.9.5-150300.9.63.2
* podman-remote-debuginfo-4.9.5-150300.9.63.2
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* podman-4.9.5-150300.9.63.2
* podman-remote-4.9.5-150300.9.63.2
* podman-remote-debuginfo-4.9.5-150300.9.63.2
* podman-debuginfo-4.9.5-150300.9.63.2
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* podman-4.9.5-150300.9.63.2
* podman-remote-4.9.5-150300.9.63.2
* podman-remote-debuginfo-4.9.5-150300.9.63.2
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* podman-4.9.5-150300.9.63.2
* podman-remote-4.9.5-150300.9.63.2
* podman-remote-debuginfo-4.9.5-150300.9.63.2
* podman-debuginfo-4.9.5-150300.9.63.2
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* podman-4.9.5-150300.9.63.2
* podman-remote-4.9.5-150300.9.63.2
* podman-remote-debuginfo-4.9.5-150300.9.63.2
* podman-debuginfo-4.9.5-150300.9.63.2

## References:

* https://www.suse.com/security/cve/CVE-2025-31133.html
* https://www.suse.com/security/cve/CVE-2025-52565.html
* https://www.suse.com/security/cve/CVE-2025-52881.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248988
* https://bugzilla.suse.com/show_bug.cgi?id=1252376
* https://bugzilla.suse.com/show_bug.cgi?id=1252543



SUSE-SU-2025:4081-1: important: Security update for podman


# Security update for podman

Announcement ID: SUSE-SU-2025:4081-1
Release Date: 2025-11-12T12:49:51Z
Rating: important
References:

* bsc#1252376
* bsc#1252543

Cross-References:

* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881

CVSS scores:

* CVE-2025-31133 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-31133 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-31133 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-52565 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-52565 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52565 ( NVD ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-52881 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-52881 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52881 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* Containers Module 15-SP6
* Containers Module 15-SP7
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves three vulnerabilities can now be installed.

## Description:

This update for podman fixes the following issues:

* CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount
race conditions (bsc#1252376)
* CVE-2025-52565: Fixed container escape with malicious config due to
/dev/console mount and related races (bsc#1252376)
* CVE-2025-52881: Fixed container escape and denial of service due to
arbitrary write gadgets and procfs write redirects (bsc#1252376)

Other fixes:

* Fix: podman and buildah with runc 1.3.2 fail with lots of warnings as
rootless (bsc#1252543)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-4081=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4081=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-4081=1

* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-4081=1

* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2025-4081=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4081=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4081=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4081=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4081=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* podman-4.9.5-150500.3.56.2
* podman-remote-4.9.5-150500.3.56.2
* podman-debuginfo-4.9.5-150500.3.56.2
* podman-remote-debuginfo-4.9.5-150500.3.56.2
* podmansh-4.9.5-150500.3.56.2
* openSUSE Leap 15.5 (noarch)
* podman-docker-4.9.5-150500.3.56.2
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* podman-4.9.5-150500.3.56.2
* podman-remote-4.9.5-150500.3.56.2
* podman-debuginfo-4.9.5-150500.3.56.2
* podman-remote-debuginfo-4.9.5-150500.3.56.2
* podmansh-4.9.5-150500.3.56.2
* openSUSE Leap 15.6 (noarch)
* podman-docker-4.9.5-150500.3.56.2
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* podman-4.9.5-150500.3.56.2
* podman-remote-4.9.5-150500.3.56.2
* podman-debuginfo-4.9.5-150500.3.56.2
* podman-remote-debuginfo-4.9.5-150500.3.56.2
* podmansh-4.9.5-150500.3.56.2
* SUSE Linux Enterprise Micro 5.5 (noarch)
* podman-docker-4.9.5-150500.3.56.2
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* podman-4.9.5-150500.3.56.2
* podman-remote-4.9.5-150500.3.56.2
* podman-debuginfo-4.9.5-150500.3.56.2
* podman-remote-debuginfo-4.9.5-150500.3.56.2
* podmansh-4.9.5-150500.3.56.2
* Containers Module 15-SP6 (noarch)
* podman-docker-4.9.5-150500.3.56.2
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* podman-4.9.5-150500.3.56.2
* podman-remote-4.9.5-150500.3.56.2
* podman-debuginfo-4.9.5-150500.3.56.2
* podman-remote-debuginfo-4.9.5-150500.3.56.2
* podmansh-4.9.5-150500.3.56.2
* Containers Module 15-SP7 (noarch)
* podman-docker-4.9.5-150500.3.56.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* podman-4.9.5-150500.3.56.2
* podman-remote-4.9.5-150500.3.56.2
* podman-debuginfo-4.9.5-150500.3.56.2
* podman-remote-debuginfo-4.9.5-150500.3.56.2
* podmansh-4.9.5-150500.3.56.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* podman-docker-4.9.5-150500.3.56.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* podman-4.9.5-150500.3.56.2
* podman-remote-4.9.5-150500.3.56.2
* podman-debuginfo-4.9.5-150500.3.56.2
* podman-remote-debuginfo-4.9.5-150500.3.56.2
* podmansh-4.9.5-150500.3.56.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* podman-docker-4.9.5-150500.3.56.2
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* podman-4.9.5-150500.3.56.2
* podman-remote-4.9.5-150500.3.56.2
* podman-debuginfo-4.9.5-150500.3.56.2
* podman-remote-debuginfo-4.9.5-150500.3.56.2
* podmansh-4.9.5-150500.3.56.2
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* podman-docker-4.9.5-150500.3.56.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* podman-4.9.5-150500.3.56.2
* podman-remote-4.9.5-150500.3.56.2
* podman-debuginfo-4.9.5-150500.3.56.2
* podman-remote-debuginfo-4.9.5-150500.3.56.2
* podmansh-4.9.5-150500.3.56.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* podman-docker-4.9.5-150500.3.56.2

## References:

* https://www.suse.com/security/cve/CVE-2025-31133.html
* https://www.suse.com/security/cve/CVE-2025-52565.html
* https://www.suse.com/security/cve/CVE-2025-52881.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252376
* https://bugzilla.suse.com/show_bug.cgi?id=1252543



SUSE-SU-2025:4086-1: important: Security update for tomcat11


# Security update for tomcat11

Announcement ID: SUSE-SU-2025:4086-1
Release Date: 2025-11-12T15:02:38Z
Rating: important
References:

* bsc#1252753
* bsc#1252756
* bsc#1252905

Cross-References:

* CVE-2025-55752
* CVE-2025-55754
* CVE-2025-61795

CVSS scores:

* CVE-2025-55752 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55752 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-55752 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-55754 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-55754 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-55754 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-61795 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61795 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61795 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* Web and Scripting Module 15-SP6
* Web and Scripting Module 15-SP7

An update that solves three vulnerabilities can now be installed.

## Description:

This update for tomcat11 fixes the following issues:

Update to Tomcat 11.0.13

* CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if
PUT is enabled (bsc#1252753)
* CVE-2025-55754: Fixed improper neutralization of escape, meta, or control
sequences vulnerability (bsc#1252905)
* CVE-2025-61795: Fixed denial of service due to temporary copies during the
processing of multipart upload (bsc#1252756)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-4086=1 openSUSE-SLE-15.6-2025-4086=1

* Web and Scripting Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP6-2025-4086=1

* Web and Scripting Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2025-4086=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* tomcat11-docs-webapp-11.0.13-150600.13.12.1
* tomcat11-jsvc-11.0.13-150600.13.12.1
* tomcat11-embed-11.0.13-150600.13.12.1
* tomcat11-11.0.13-150600.13.12.1
* tomcat11-doc-11.0.13-150600.13.12.1
* tomcat11-admin-webapps-11.0.13-150600.13.12.1
* tomcat11-el-6_0-api-11.0.13-150600.13.12.1
* tomcat11-webapps-11.0.13-150600.13.12.1
* tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1
* tomcat11-lib-11.0.13-150600.13.12.1
* tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1
* Web and Scripting Module 15-SP6 (noarch)
* tomcat11-11.0.13-150600.13.12.1
* tomcat11-webapps-11.0.13-150600.13.12.1
* tomcat11-admin-webapps-11.0.13-150600.13.12.1
* tomcat11-el-6_0-api-11.0.13-150600.13.12.1
* tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1
* tomcat11-lib-11.0.13-150600.13.12.1
* tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1
* Web and Scripting Module 15-SP7 (noarch)
* tomcat11-11.0.13-150600.13.12.1
* tomcat11-webapps-11.0.13-150600.13.12.1
* tomcat11-admin-webapps-11.0.13-150600.13.12.1
* tomcat11-el-6_0-api-11.0.13-150600.13.12.1
* tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1
* tomcat11-lib-11.0.13-150600.13.12.1
* tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1

## References:

* https://www.suse.com/security/cve/CVE-2025-55752.html
* https://www.suse.com/security/cve/CVE-2025-55754.html
* https://www.suse.com/security/cve/CVE-2025-61795.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252753
* https://bugzilla.suse.com/show_bug.cgi?id=1252756
* https://bugzilla.suse.com/show_bug.cgi?id=1252905



SUSE-SU-2025:4087-1: moderate: Security update for netty, netty-tcnative


# Security update for netty, netty-tcnative

Announcement ID: SUSE-SU-2025:4087-1
Release Date: 2025-11-12T19:35:33Z
Rating: moderate
References:

* bsc#1252097

Cross-References:

* CVE-2025-59419

CVSS scores:

* CVE-2025-59419 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-59419 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-59419 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* Development Tools Module 15-SP6
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for netty, netty-tcnative fixes the following issues:

* CVE-2025-59419: fixed SMTP command injection vulnerability that allowed
email forgery (bsc#1252097)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4087=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-4087=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-4087=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-4087=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4087=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* netty-tcnative-2.0.74-150200.3.33.1
* netty-4.1.128-150200.4.37.1
* openSUSE Leap 15.6 (noarch)
* netty-javadoc-4.1.128-150200.4.37.1
* netty-tcnative-javadoc-2.0.74-150200.3.33.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* netty-tcnative-2.0.74-150200.3.33.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* netty-tcnative-2.0.74-150200.3.33.1
* netty-tcnative-debugsource-2.0.74-150200.3.33.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* netty-4.1.128-150200.4.37.1
* SUSE Package Hub 15 15-SP6 (noarch)
* netty-javadoc-4.1.128-150200.4.37.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* netty-4.1.128-150200.4.37.1
* SUSE Package Hub 15 15-SP7 (noarch)
* netty-javadoc-4.1.128-150200.4.37.1

## References:

* https://www.suse.com/security/cve/CVE-2025-59419.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252097


Mozilla Thunderbird update for Slackware

Linux Kernel (AWS) and BIND updates for Ubuntu

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...