OpenJPEG2, Python-Pycare, Kernel, and more updates for SUSE

SUSE 5494 Published by

SUSE Linux has released several security updates, including patches for the OpenJPEG2 and Python-Pycares packages. Multiple updates have also been made to the Linux Kernel to address potential vulnerabilities. In addition, security updates were issued for other packages such as libssh, Krita, Tor, LuaJIT, and Govulncheck-Vulndb. The severity of these updates ranges from low to important, indicating varying levels of risk if left unpatched.

SUSE-SU-2025:03352-1: low: Security update for openjpeg2
SUSE-SU-2025:03354-1: moderate: Security update for python-pycares
SUSE-SU-2025:03359-1: important: Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)
SUSE-SU-2025:03358-1: important: Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)
SUSE-SU-2025:03363-1: important: Security update for the Linux Kernel (Live Patch 59 for SLE 15 SP3)
SUSE-SU-2025:03362-1: important: Security update for the Linux Kernel (Live Patch 58 for SLE 15 SP3)
SUSE-SU-2025:03369-1: moderate: Security update for libssh
SUSE-SU-2025:03370-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4)
openSUSE-SU-2025:15576-1: moderate: govulncheck-vulndb-0.0.20250924T192141-1.1 on GA media
openSUSE-SU-2025:15577-1: moderate: krita-5.2.13-1.1 on GA media
SUSE-SU-2025:03381-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP4)
SUSE-SU-2025:03375-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4)
openSUSE-SU-2025:0373-1: moderate: Security update for tor
SUSE-SU-2025:03378-1: low: Security update for luajit
SUSE-SU-2025:03374-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP4)



SUSE-SU-2025:03352-1: low: Security update for openjpeg2


# Security update for openjpeg2

Announcement ID: SUSE-SU-2025:03352-1
Release Date: 2025-09-25T11:50:28Z
Rating: low
References:

* bsc#1111638

Cross-References:

* CVE-2018-18088

CVSS scores:

* CVE-2018-18088 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2018-18088 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2018-18088 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for openjpeg2 fixes the following issues:

* CVE-2018-18088: Fixed a null pointer dereferencei in imagetopnm function.
(bsc#1111638).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3352=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3352=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3352=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3352=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3352=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libopenjp2-7-2.3.0-150000.3.21.1
* openjpeg2-debuginfo-2.3.0-150000.3.21.1
* openjpeg2-2.3.0-150000.3.21.1
* libopenjp2-7-debuginfo-2.3.0-150000.3.21.1
* openjpeg2-devel-2.3.0-150000.3.21.1
* openjpeg2-debugsource-2.3.0-150000.3.21.1
* openSUSE Leap 15.6 (x86_64)
* libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.21.1
* libopenjp2-7-32bit-2.3.0-150000.3.21.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libopenjp2-7-2.3.0-150000.3.21.1
* openjpeg2-debuginfo-2.3.0-150000.3.21.1
* openjpeg2-2.3.0-150000.3.21.1
* libopenjp2-7-debuginfo-2.3.0-150000.3.21.1
* openjpeg2-devel-2.3.0-150000.3.21.1
* openjpeg2-debugsource-2.3.0-150000.3.21.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libopenjp2-7-2.3.0-150000.3.21.1
* openjpeg2-debuginfo-2.3.0-150000.3.21.1
* openjpeg2-2.3.0-150000.3.21.1
* libopenjp2-7-debuginfo-2.3.0-150000.3.21.1
* openjpeg2-devel-2.3.0-150000.3.21.1
* openjpeg2-debugsource-2.3.0-150000.3.21.1
* SUSE Package Hub 15 15-SP6 (x86_64)
* libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.21.1
* libopenjp2-7-32bit-2.3.0-150000.3.21.1
* SUSE Package Hub 15 15-SP7 (x86_64)
* libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.21.1
* libopenjp2-7-32bit-2.3.0-150000.3.21.1

## References:

* https://www.suse.com/security/cve/CVE-2018-18088.html
* https://bugzilla.suse.com/show_bug.cgi?id=1111638



SUSE-SU-2025:03354-1: moderate: Security update for python-pycares


# Security update for python-pycares

Announcement ID: SUSE-SU-2025:03354-1
Release Date: 2025-09-25T13:30:03Z
Rating: moderate
References:

* bsc#1244691
* jsc#PED-13442
* jsc#PED-13443

Cross-References:

* CVE-2025-48945

CVSS scores:

* CVE-2025-48945 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-48945 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-48945 ( NVD ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6
* Python 3 Module 15-SP6
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability and contains two features can now be
installed.

## Description:

This update for python-pycares fixes the following issues:

Update to version 4.10.0 (jsc#PED-13442):

* CVE-2025-48945: Fixed use-after-free vulnerability may have led to a crash
(bsc#1244691).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3354=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3354=1

* Python 3 Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-3354=1

* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2025-3354=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3354=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3354=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3354=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3354=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3354=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3354=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3354=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3354=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python-pycares-debugsource-4.10.0-150400.9.8.1
* python311-pycares-4.10.0-150400.9.8.1
* python311-pycares-debuginfo-4.10.0-150400.9.8.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python-pycares-debugsource-4.10.0-150400.9.8.1
* python311-pycares-4.10.0-150400.9.8.1
* python311-pycares-debuginfo-4.10.0-150400.9.8.1
* Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* python-pycares-debugsource-4.10.0-150400.9.8.1
* python311-pycares-4.10.0-150400.9.8.1
* python311-pycares-debuginfo-4.10.0-150400.9.8.1
* Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* python-pycares-debugsource-4.10.0-150400.9.8.1
* python311-pycares-4.10.0-150400.9.8.1
* python311-pycares-debuginfo-4.10.0-150400.9.8.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* python-pycares-debugsource-4.10.0-150400.9.8.1
* python311-pycares-4.10.0-150400.9.8.1
* python311-pycares-debuginfo-4.10.0-150400.9.8.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* python-pycares-debugsource-4.10.0-150400.9.8.1
* python311-pycares-4.10.0-150400.9.8.1
* python311-pycares-debuginfo-4.10.0-150400.9.8.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* python-pycares-debugsource-4.10.0-150400.9.8.1
* python311-pycares-4.10.0-150400.9.8.1
* python311-pycares-debuginfo-4.10.0-150400.9.8.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* python-pycares-debugsource-4.10.0-150400.9.8.1
* python311-pycares-4.10.0-150400.9.8.1
* python311-pycares-debuginfo-4.10.0-150400.9.8.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* python-pycares-debugsource-4.10.0-150400.9.8.1
* python311-pycares-4.10.0-150400.9.8.1
* python311-pycares-debuginfo-4.10.0-150400.9.8.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* python-pycares-debugsource-4.10.0-150400.9.8.1
* python311-pycares-4.10.0-150400.9.8.1
* python311-pycares-debuginfo-4.10.0-150400.9.8.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* python-pycares-debugsource-4.10.0-150400.9.8.1
* python311-pycares-4.10.0-150400.9.8.1
* python311-pycares-debuginfo-4.10.0-150400.9.8.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* python-pycares-debugsource-4.10.0-150400.9.8.1
* python311-pycares-4.10.0-150400.9.8.1
* python311-pycares-debuginfo-4.10.0-150400.9.8.1

## References:

* https://www.suse.com/security/cve/CVE-2025-48945.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244691
* https://jira.suse.com/browse/PED-13442
* https://jira.suse.com/browse/PED-13443



SUSE-SU-2025:03359-1: important: Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:03359-1
Release Date: 2025-09-25T22:18:29Z
Rating: important
References:

* bsc#1246001
* bsc#1246356
* bsc#1247499

Cross-References:

* CVE-2025-38177
* CVE-2025-38181
* CVE-2025-38498

CVSS scores:

* CVE-2025-38177 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_185 fixes several issues.

The following security issues were fixed:

* CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1246356).
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3359=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-3360=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3360=1 SUSE-2025-3359=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_185-default-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-default-14-150300.2.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_51-debugsource-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-default-14-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_50-debugsource-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-default-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-default-debuginfo-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-default-debuginfo-12-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_185-preempt-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-preempt-debuginfo-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-preempt-debuginfo-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-preempt-14-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38177.html
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1246356
* https://bugzilla.suse.com/show_bug.cgi?id=1247499



SUSE-SU-2025:03358-1: important: Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:03358-1
Release Date: 2025-09-25T20:03:49Z
Rating: important
References:

* bsc#1231862
* bsc#1246001
* bsc#1246356
* bsc#1247499

Cross-References:

* CVE-2024-49860
* CVE-2025-38177
* CVE-2025-38181
* CVE-2025-38498

CVSS scores:

* CVE-2024-49860 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-49860 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-49860 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-38177 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_179 fixes several issues.

The following security issues were fixed:

* CVE-2024-49860: ACPI: sysfs: validate return type of _STR method
(bsc#1231862).
* CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1246356).
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3358=1 SUSE-2025-3357=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3358=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-3357=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_48-debugsource-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-default-debuginfo-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-default-17-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_49-debugsource-16-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_174-preempt-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-preempt-debuginfo-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-preempt-debuginfo-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-preempt-16-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_174-default-17-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_49-debugsource-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-16-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-49860.html
* https://www.suse.com/security/cve/CVE-2025-38177.html
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231862
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1246356
* https://bugzilla.suse.com/show_bug.cgi?id=1247499



SUSE-SU-2025:03363-1: important: Security update for the Linux Kernel (Live Patch 59 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 59 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:03363-1
Release Date: 2025-09-26T05:33:43Z
Rating: important
References:

* bsc#1246001
* bsc#1247499

Cross-References:

* CVE-2025-38181
* CVE-2025-38498

CVSS scores:

* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_211 fixes several issues.

The following security issues were fixed:

* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3363=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3363=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_211-default-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-default-debuginfo-5-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_59-debugsource-5-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_211-preempt-debuginfo-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-preempt-5-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_211-default-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_211-default-debuginfo-5-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_59-debugsource-5-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1247499



SUSE-SU-2025:03362-1: important: Security update for the Linux Kernel (Live Patch 58 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 58 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:03362-1
Release Date: 2025-09-26T08:03:42Z
Rating: important
References:

* bsc#1246001
* bsc#1246356
* bsc#1247499

Cross-References:

* CVE-2025-38177
* CVE-2025-38181
* CVE-2025-38498

CVSS scores:

* CVE-2025-38177 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_207 fixes several issues.

The following security issues were fixed:

* CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1246356).
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3364=1 SUSE-2025-3362=1 SUSE-2025-3361=1
SUSE-2025-3366=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3364=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-3362=1 SUSE-SLE-Module-Live-
Patching-15-SP3-2025-3361=1 SUSE-SLE-Module-Live-Patching-15-SP3-2025-3366=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_188-default-11-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-default-debuginfo-11-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_58-debugsource-5-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_54-debugsource-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-default-debuginfo-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_204-default-6-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_52-debugsource-11-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_57-debugsource-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-default-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_204-default-debuginfo-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-default-debuginfo-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-default-8-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_204-preempt-debuginfo-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-preempt-debuginfo-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-preempt-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_204-preempt-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-preempt-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-preempt-debuginfo-11-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-preempt-debuginfo-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-preempt-11-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_188-default-11-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_58-debugsource-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_204-default-6-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_57-debugsource-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-default-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_204-default-debuginfo-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_207-default-debuginfo-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-default-8-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38177.html
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1246356
* https://bugzilla.suse.com/show_bug.cgi?id=1247499



SUSE-SU-2025:03369-1: moderate: Security update for libssh


# Security update for libssh

Announcement ID: SUSE-SU-2025:03369-1
Release Date: 2025-09-26T10:54:53Z
Rating: moderate
References:

* bsc#1246974
* bsc#1249375

Cross-References:

* CVE-2025-8114
* CVE-2025-8277

CVSS scores:

* CVE-2025-8114 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-8114 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-8114 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-8114 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-8277 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-8277 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for libssh fixes the following issues:

* CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper
memory management when KEX process is repeated with incorrect guesses
(bsc#1249375).
* CVE-2025-8114: NULL pointer dereference when an allocation error happens
during the calculation of the KEX session ID (bsc#1246974).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3369=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3369=1 openSUSE-SLE-15.6-2025-3369=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3369=1

## Package List:

* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libssh-devel-0.9.8-150600.11.6.1
* libssh-debugsource-0.9.8-150600.11.6.1
* libssh-config-0.9.8-150600.11.6.1
* libssh4-0.9.8-150600.11.6.1
* libssh4-debuginfo-0.9.8-150600.11.6.1
* Basesystem Module 15-SP7 (x86_64)
* libssh4-32bit-debuginfo-0.9.8-150600.11.6.1
* libssh4-32bit-0.9.8-150600.11.6.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libssh-devel-0.9.8-150600.11.6.1
* libssh-debugsource-0.9.8-150600.11.6.1
* libssh-config-0.9.8-150600.11.6.1
* libssh4-0.9.8-150600.11.6.1
* libssh4-debuginfo-0.9.8-150600.11.6.1
* openSUSE Leap 15.6 (x86_64)
* libssh4-32bit-debuginfo-0.9.8-150600.11.6.1
* libssh4-32bit-0.9.8-150600.11.6.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libssh4-64bit-0.9.8-150600.11.6.1
* libssh4-64bit-debuginfo-0.9.8-150600.11.6.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libssh-devel-0.9.8-150600.11.6.1
* libssh-debugsource-0.9.8-150600.11.6.1
* libssh-config-0.9.8-150600.11.6.1
* libssh4-0.9.8-150600.11.6.1
* libssh4-debuginfo-0.9.8-150600.11.6.1
* Basesystem Module 15-SP6 (x86_64)
* libssh4-32bit-debuginfo-0.9.8-150600.11.6.1
* libssh4-32bit-0.9.8-150600.11.6.1

## References:

* https://www.suse.com/security/cve/CVE-2025-8114.html
* https://www.suse.com/security/cve/CVE-2025-8277.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246974
* https://bugzilla.suse.com/show_bug.cgi?id=1249375



SUSE-SU-2025:03370-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:03370-1
Release Date: 2025-09-26T11:33:33Z
Rating: important
References:

* bsc#1231862
* bsc#1245772
* bsc#1245795
* bsc#1246001
* bsc#1246356
* bsc#1247499
* bsc#1248298

Cross-References:

* CVE-2024-26808
* CVE-2024-49860
* CVE-2025-21755
* CVE-2025-21756
* CVE-2025-38177
* CVE-2025-38181
* CVE-2025-38498
* CVE-2025-38555

CVSS scores:

* CVE-2024-26808 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26808 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-49860 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-49860 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-49860 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21755 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21755 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21756 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21756 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38177 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_136 fixes several issues.

The following security issues were fixed:

* CVE-2024-49860: ACPI: sysfs: validate return type of _STR method
(bsc#1231862).
* CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1246356).
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248298).
* CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for
inet/ingress basechain (bsc#1245772).
* CVE-2025-21756: vsock: Keep the binding until socket destruction
(bsc#1245795).
* CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1245795).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3370=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3370=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-15-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_32-debugsource-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-15-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-15-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_32-debugsource-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-15-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-26808.html
* https://www.suse.com/security/cve/CVE-2024-49860.html
* https://www.suse.com/security/cve/CVE-2025-21755.html
* https://www.suse.com/security/cve/CVE-2025-21756.html
* https://www.suse.com/security/cve/CVE-2025-38177.html
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231862
* https://bugzilla.suse.com/show_bug.cgi?id=1245772
* https://bugzilla.suse.com/show_bug.cgi?id=1245795
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1246356
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
* https://bugzilla.suse.com/show_bug.cgi?id=1248298



openSUSE-SU-2025:15576-1: moderate: govulncheck-vulndb-0.0.20250924T192141-1.1 on GA media


# govulncheck-vulndb-0.0.20250924T192141-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15576-1
Rating: moderate

Cross-References:

* CVE-2025-10630
* CVE-2025-59341
* CVE-2025-59342
* CVE-2025-59345
* CVE-2025-59346
* CVE-2025-59347
* CVE-2025-59348
* CVE-2025-59349
* CVE-2025-59350
* CVE-2025-59351
* CVE-2025-59352
* CVE-2025-59353
* CVE-2025-59354
* CVE-2025-59410
* CVE-2025-9079
* CVE-2025-9081

Affected Products:

* openSUSE Tumbleweed

An update that solves 16 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the govulncheck-vulndb-0.0.20250924T192141-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* govulncheck-vulndb 0.0.20250924T192141-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-10630.html
* https://www.suse.com/security/cve/CVE-2025-59341.html
* https://www.suse.com/security/cve/CVE-2025-59342.html
* https://www.suse.com/security/cve/CVE-2025-59345.html
* https://www.suse.com/security/cve/CVE-2025-59346.html
* https://www.suse.com/security/cve/CVE-2025-59347.html
* https://www.suse.com/security/cve/CVE-2025-59348.html
* https://www.suse.com/security/cve/CVE-2025-59349.html
* https://www.suse.com/security/cve/CVE-2025-59350.html
* https://www.suse.com/security/cve/CVE-2025-59351.html
* https://www.suse.com/security/cve/CVE-2025-59352.html
* https://www.suse.com/security/cve/CVE-2025-59353.html
* https://www.suse.com/security/cve/CVE-2025-59354.html
* https://www.suse.com/security/cve/CVE-2025-59410.html
* https://www.suse.com/security/cve/CVE-2025-9079.html
* https://www.suse.com/security/cve/CVE-2025-9081.html



openSUSE-SU-2025:15577-1: moderate: krita-5.2.13-1.1 on GA media


# krita-5.2.13-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15577-1
Rating: moderate

Cross-References:

* CVE-2025-59820

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the krita-5.2.13-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* krita 5.2.13-1.1
* krita-devel 5.2.13-1.1
* krita-lang 5.2.13-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-59820.html



SUSE-SU-2025:03381-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:03381-1
Release Date: 2025-09-26T19:03:55Z
Rating: important
References:

* bsc#1245772
* bsc#1245795
* bsc#1246001
* bsc#1246356
* bsc#1247499
* bsc#1248298

Cross-References:

* CVE-2024-26808
* CVE-2025-21755
* CVE-2025-21756
* CVE-2025-38177
* CVE-2025-38181
* CVE-2025-38498
* CVE-2025-38555

CVSS scores:

* CVE-2024-26808 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26808 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21755 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21755 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21756 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21756 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38177 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_167 fixes several issues.

The following security issues were fixed:

* CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1246356).
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248298).
* CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for
inet/ingress basechain (bsc#1245772).
* CVE-2025-21756: vsock: Keep the binding until socket destruction
(bsc#1245795).
* CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1245795).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3381=1 SUSE-2025-3385=1 SUSE-2025-3386=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3381=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-3385=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2025-3386=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_144-default-13-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_38-debugsource-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_34-debugsource-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-13-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-5-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_144-default-13-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_38-debugsource-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_34-debugsource-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-13-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-5-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-26808.html
* https://www.suse.com/security/cve/CVE-2025-21755.html
* https://www.suse.com/security/cve/CVE-2025-21756.html
* https://www.suse.com/security/cve/CVE-2025-38177.html
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245772
* https://bugzilla.suse.com/show_bug.cgi?id=1245795
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1246356
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
* https://bugzilla.suse.com/show_bug.cgi?id=1248298



SUSE-SU-2025:03375-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:03375-1
Release Date: 2025-09-26T14:34:11Z
Rating: important
References:

* bsc#1245772
* bsc#1245795
* bsc#1246001
* bsc#1246356
* bsc#1247499
* bsc#1248298

Cross-References:

* CVE-2024-26808
* CVE-2025-21755
* CVE-2025-21756
* CVE-2025-38177
* CVE-2025-38181
* CVE-2025-38498
* CVE-2025-38555

CVSS scores:

* CVE-2024-26808 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26808 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21755 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21755 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21756 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21756 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38177 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_153 fixes several issues.

The following security issues were fixed:

* CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1246356).
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248298).
* CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for
inet/ingress basechain (bsc#1245772).
* CVE-2025-21756: vsock: Keep the binding until socket destruction
(bsc#1245795).
* CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1245795).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3375=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-3377=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3377=1 SUSE-2025-3375=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_37-debugsource-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-debuginfo-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-7-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_36-debugsource-7-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-7-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_37-debugsource-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-debuginfo-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-7-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_36-debugsource-7-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-26808.html
* https://www.suse.com/security/cve/CVE-2025-21755.html
* https://www.suse.com/security/cve/CVE-2025-21756.html
* https://www.suse.com/security/cve/CVE-2025-38177.html
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245772
* https://bugzilla.suse.com/show_bug.cgi?id=1245795
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1246356
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
* https://bugzilla.suse.com/show_bug.cgi?id=1248298



openSUSE-SU-2025:0373-1: moderate: Security update for tor


openSUSE Security Update: Security update for tor
_______________________________

Announcement ID: openSUSE-SU-2025:0373-1
Rating: moderate
References: #1250101
Cross-References: CVE-2025-4444
Affected Products:
openSUSE Backports SLE-15-SP6
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for tor fixes the following issues:

- 0.4.8.18
* CVE-2025-4444: onion service descriptor resource consumption issue
(boo#1250101)

- 0.4.8.17
* Minor features and bugfixes
* use quantum-resistant MLKEM-768 cipher

- tor 0.4.8.16
* fix typo in a directory authority rule file
* fix a sandbox issue for bandwidth authority and a conflux issue
on the control port
* client fix about relay flag usage

- tor 0.4.8.14
* bugfix for onion service directory cache
* test-network now unconditionally includes IPv6
* Regenerate fallback directories 2025-02-05
* Update the geoip files to 2025-02-05
* Fix a pointer free

- tor 0.4.8.13
* Conflux related client circuit building performance bugfix
* Fix minor memory leaks
* Add STATUS TYPE=version handler for Pluggable Transport

- tor 0.4.8.12
* Minor features and bugfixes
* See
https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2025-373=1

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-373=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):

tor-0.4.8.18-bp157.2.3.1
tor-debuginfo-0.4.8.18-bp157.2.3.1
tor-debugsource-0.4.8.18-bp157.2.3.1

- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64):

tor-0.4.8.18-bp156.2.3.1

References:

https://www.suse.com/security/cve/CVE-2025-4444.html
https://bugzilla.suse.com/1250101



SUSE-SU-2025:03378-1: low: Security update for luajit


# Security update for luajit

Announcement ID: SUSE-SU-2025:03378-1
Release Date: 2025-09-26T15:00:52Z
Rating: low
References:

* bsc#1246077
* bsc#1246078
* bsc#1246079

Cross-References:

* CVE-2024-25176
* CVE-2024-25177
* CVE-2024-25178

CVSS scores:

* CVE-2024-25176 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2024-25176 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2024-25176 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-25177 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-25177 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-25177 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-25178 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-25178 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-25178 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves three vulnerabilities can now be installed.

## Description:

This update for luajit fixes the following issues:

* CVE-2024-25176: Fixed stack-buffer-overflow in lj_strfmt_wfnum in
lj_strfmt_num.c (bsc#1246077)
* CVE-2024-25177: Fixed unsinking of IR_FSTORE for NULL metatable
(bsc#1246078)
* CVE-2024-25178: Fixed out-of-bounds read in the stack-overflow handler in
lj_state.c (bsc#1246079)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3378=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3378=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3378=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3378=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3378=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3378=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* luajit-devel-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* openSUSE Leap 15.4 (x86_64)
* libluajit-5_1-2-32bit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* libluajit-5_1-2-32bit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libluajit-5_1-2-64bit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* libluajit-5_1-2-64bit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* luajit-devel-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* openSUSE Leap 15.6 (x86_64)
* libluajit-5_1-2-32bit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* libluajit-5_1-2-32bit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x)
* libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x)
* libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
* luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1

## References:

* https://www.suse.com/security/cve/CVE-2024-25176.html
* https://www.suse.com/security/cve/CVE-2024-25177.html
* https://www.suse.com/security/cve/CVE-2024-25178.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246077
* https://bugzilla.suse.com/show_bug.cgi?id=1246078
* https://bugzilla.suse.com/show_bug.cgi?id=1246079



SUSE-SU-2025:03374-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:03374-1
Release Date: 2025-09-26T12:33:43Z
Rating: important
References:

* bsc#1231862
* bsc#1245772
* bsc#1245795
* bsc#1246001
* bsc#1246356
* bsc#1247499
* bsc#1248298

Cross-References:

* CVE-2024-26808
* CVE-2024-49860
* CVE-2025-21755
* CVE-2025-21756
* CVE-2025-38177
* CVE-2025-38181
* CVE-2025-38498
* CVE-2025-38555

CVSS scores:

* CVE-2024-26808 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26808 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-49860 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-49860 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-49860 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21755 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21755 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21756 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21756 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38177 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_133 fixes several issues.

The following security issues were fixed:

* CVE-2024-49860: ACPI: sysfs: validate return type of _STR method
(bsc#1231862).
* CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1246356).
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248298).
* CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for
inet/ingress basechain (bsc#1245772).
* CVE-2025-21756: vsock: Keep the binding until socket destruction
(bsc#1245795).
* CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1245795).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3374=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3374=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_31-debugsource-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-debuginfo-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-15-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_31-debugsource-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-debuginfo-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-15-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-26808.html
* https://www.suse.com/security/cve/CVE-2024-49860.html
* https://www.suse.com/security/cve/CVE-2025-21755.html
* https://www.suse.com/security/cve/CVE-2025-21756.html
* https://www.suse.com/security/cve/CVE-2025-38177.html
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231862
* https://bugzilla.suse.com/show_bug.cgi?id=1245772
* https://bugzilla.suse.com/show_bug.cgi?id=1245795
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1246356
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
* https://bugzilla.suse.com/show_bug.cgi?id=1248298


Kernel, AIDE, Thunderbird and more updates for Oracle Linux

Linux Kernel updates for Ubuntu

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...