OpenSSL, Glib2, Chromium, and more updates for SUSE Linux

SUSE 5550 Published 2026-02-04 07:44 by Philipp Esselbach

News

openSUSE-SU-2026:20152-1: important: Security update for openssl-3

openSUSE security update: security update for openssl-3
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20152-1
Rating: important
References:

* bsc#1256829
* bsc#1256830
* bsc#1256831
* bsc#1256832
* bsc#1256833
* bsc#1256834
* bsc#1256835
* bsc#1256836
* bsc#1256837
* bsc#1256838
* bsc#1256839
* bsc#1256840
* bsc#1257274

Cross-References:

* CVE-2025-11187
* CVE-2025-15467
* CVE-2025-15468
* CVE-2025-15469
* CVE-2025-66199
* CVE-2025-68160
* CVE-2025-69418
* CVE-2025-69419
* CVE-2025-69420
* CVE-2025-69421
* CVE-2026-22795
* CVE-2026-22796

CVSS scores:

* CVE-2025-11187 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-11187 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-15467 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-15467 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-15468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-15468 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-15469 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-15469 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-66199 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-66199 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-68160 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68160 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-69418 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-69418 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-69419 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-69419 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-69420 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-69420 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-69421 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-69421 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22795 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22795 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22796 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 12 vulnerabilities and has 13 bug fixes can now be installed.

Description:

This update for openssl-3 fixes the following issues:

Security fixes:

- CVE-2025-11187: Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (bsc#1256829).
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
- CVE-2025-15468: NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256831).
- CVE-2025-15469: "openssl dgst" one-shot codepath silently truncates inputs >16MB (bsc#1256832).
- CVE-2025-66199: TLS 1.3 CompressedCertificate excessive memory allocation (bsc#1256833).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).

Other fixes:

- Enable livepatching support for ppc64le (bsc#1257274).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-237=1

Package List:

- openSUSE Leap 16.0:

libopenssl-3-devel-3.5.0-160000.5.1
libopenssl-3-fips-provider-3.5.0-160000.5.1
libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1
libopenssl3-3.5.0-160000.5.1
libopenssl3-x86-64-v3-3.5.0-160000.5.1
openssl-3-3.5.0-160000.5.1
openssl-3-doc-3.5.0-160000.5.1

References:

* https://www.suse.com/security/cve/CVE-2025-11187.html
* https://www.suse.com/security/cve/CVE-2025-15467.html
* https://www.suse.com/security/cve/CVE-2025-15468.html
* https://www.suse.com/security/cve/CVE-2025-15469.html
* https://www.suse.com/security/cve/CVE-2025-66199.html
* https://www.suse.com/security/cve/CVE-2025-68160.html
* https://www.suse.com/security/cve/CVE-2025-69418.html
* https://www.suse.com/security/cve/CVE-2025-69419.html
* https://www.suse.com/security/cve/CVE-2025-69420.html
* https://www.suse.com/security/cve/CVE-2025-69421.html
* https://www.suse.com/security/cve/CVE-2026-22795.html
* https://www.suse.com/security/cve/CVE-2026-22796.html

openSUSE-SU-2026:20150-1: important: Security update for glib2

openSUSE security update: security update for glib2
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20150-1
Rating: important
References:

* bsc#1257049
* bsc#1257353
* bsc#1257354
* bsc#1257355

Cross-References:

* CVE-2026-0988
* CVE-2026-1484
* CVE-2026-1485
* CVE-2026-1489

CVSS scores:

* CVE-2026-0988 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-0988 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-1484 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-1484 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-1485 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-1485 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-1489 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-1489 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 4 vulnerabilities and has 4 bug fixes can now be installed.

Description:

This update for glib2 fixes the following issues:

- CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354).
- CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355).
- CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353).
- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-235=1

Package List:

- openSUSE Leap 16.0:

gio-branding-upstream-2.84.4-160000.2.1
glib2-devel-2.84.4-160000.2.1
glib2-devel-static-2.84.4-160000.2.1
glib2-doc-2.84.4-160000.2.1
glib2-lang-2.84.4-160000.2.1
glib2-tests-devel-2.84.4-160000.2.1
glib2-tools-2.84.4-160000.2.1
libgio-2_0-0-2.84.4-160000.2.1
libgirepository-2_0-0-2.84.4-160000.2.1
libglib-2_0-0-2.84.4-160000.2.1
libgmodule-2_0-0-2.84.4-160000.2.1
libgobject-2_0-0-2.84.4-160000.2.1
libgthread-2_0-0-2.84.4-160000.2.1
typelib-1_0-GIRepository-3_0-2.84.4-160000.2.1
typelib-1_0-GLib-2_0-2.84.4-160000.2.1
typelib-1_0-GLibUnix-2_0-2.84.4-160000.2.1
typelib-1_0-GModule-2_0-2.84.4-160000.2.1
typelib-1_0-GObject-2_0-2.84.4-160000.2.1
typelib-1_0-Gio-2_0-2.84.4-160000.2.1

References:

* https://www.suse.com/security/cve/CVE-2026-0988.html
* https://www.suse.com/security/cve/CVE-2026-1484.html
* https://www.suse.com/security/cve/CVE-2026-1485.html
* https://www.suse.com/security/cve/CVE-2026-1489.html

openSUSE-SU-2026:20156-1: moderate: Security update for chromium

openSUSE security update: security update for chromium
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20156-1
Rating: moderate
References:

* bsc#1257404

Cross-References:

* CVE-2026-1504

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for chromium fixes the following issues:

- Chromium 144.0.7559.109 (boo#1257404)
* CVE-2026-1504: Inappropriate implementation in Background Fetch API

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-101=1

Package List:

- openSUSE Leap 16.0:

chromedriver-144.0.7559.109-bp160.1.1
chromium-144.0.7559.109-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-1504.html

openSUSE-SU-2026:20142-1: important: Security update for libsoup

openSUSE security update: security update for libsoup
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20142-1
Rating: important
References:

* bsc#1250562
* bsc#1256399
* bsc#1256418

Cross-References:

* CVE-2025-11021
* CVE-2026-0716
* CVE-2026-0719

CVSS scores:

* CVE-2025-11021 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-11021 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-0716 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-0716 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-0719 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-0719 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.

Description:

This update for libsoup fixes the following issues:

- CVE-2025-11021: Fixed out-of-bounds read in Cookie Date Handling of libsoup HTTP Library (bsc#1250562).
- CVE-2026-0719: Fixed stack-based buffer overflow in NTLM authentication can lead to arbitrary code execution (bsc#1256399).
- CVE-2026-0716: Fixed improper bounds handling may allow out-of-bounds read (bsc#1256418).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-227=1

Package List:

- openSUSE Leap 16.0:

libsoup-3_0-0-3.6.5-160000.3.1
libsoup-devel-3.6.5-160000.3.1
libsoup-lang-3.6.5-160000.3.1
typelib-1_0-Soup-3_0-3.6.5-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-11021.html
* https://www.suse.com/security/cve/CVE-2026-0716.html
* https://www.suse.com/security/cve/CVE-2026-0719.html

openSUSE-SU-2026:20148-1: moderate: Security update for dpdk

openSUSE security update: security update for dpdk
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20148-1
Rating: moderate
References:

* bsc#1247389
* bsc#1254161

Cross-References:

* CVE-2025-23259

CVSS scores:

* CVE-2025-23259 ( SUSE ): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-23259 ( SUSE ): 7 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has 2 bug fixes can now be installed.

Description:

This update for dpdk fixes the following issues:

Update to version 24.11.4.

Security issues fixed:

- CVE-2025-23259: issue in the Poll Mode Driver (PMD) allows an attacker on a VM in the system to leak information and
cause a denial of service on the network interface (bsc#1254161).

Other issues fixed:

- Remove obsolete build option -Denable_kmods.
- Add "which" as a build requirement.
- Drop pesign and needssslcertforbuild because we don't build a kmp anymore (bsc#1247389).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-233=1

Package List:

- openSUSE Leap 16.0:

dpdk-24.11.4-160000.1.1
dpdk-devel-24.11.4-160000.1.1
dpdk-devel-static-24.11.4-160000.1.1
dpdk-doc-24.11.4-160000.1.1
dpdk-examples-24.11.4-160000.1.1
dpdk-tools-24.11.4-160000.1.1
libdpdk-25-24.11.4-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-23259.html

openSUSE-SU-2026:20147-1: important: Security update for python-wheel

openSUSE security update: security update for python-wheel
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20147-1
Rating: important
References:

* bsc#1257100

Cross-References:

* CVE-2026-24049

CVSS scores:

* CVE-2026-24049 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-24049 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for python-wheel fixes the following issues:

- CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification (bsc#1257100).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-232=1

Package List:

- openSUSE Leap 16.0:

python313-wheel-0.45.1-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-24049.html

openSUSE-SU-2026:20141-1: moderate: Security update for udisks2

openSUSE security update: security update for udisks2
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20141-1
Rating: moderate
References:

* bsc#1248502

Cross-References:

* CVE-2025-8067

CVSS scores:

* CVE-2025-8067 ( SUSE ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for udisks2 fixes the following issues:

- CVE-2025-8067: Fixed a missing bounds check that could lead to out-of-bounds
read in udisks daemon (bsc#1248502).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-226=1

Package List:

- openSUSE Leap 16.0:

libudisks2-0-2.10.1-160000.3.1
libudisks2-0-devel-2.10.1-160000.3.1
libudisks2-0_btrfs-2.10.1-160000.3.1
libudisks2-0_lsm-2.10.1-160000.3.1
libudisks2-0_lvm2-2.10.1-160000.3.1
typelib-1_0-UDisks-2_0-2.10.1-160000.3.1
udisks2-2.10.1-160000.3.1
udisks2-bash-completion-2.10.1-160000.3.1
udisks2-docs-2.10.1-160000.3.1
udisks2-lang-2.10.1-160000.3.1
udisks2-zsh-completion-2.10.1-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-8067.html

openSUSE-SU-2026:20139-1: moderate: Security update for unbound

openSUSE security update: security update for unbound
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20139-1
Rating: moderate
References:

* bsc#1252525

Cross-References:

* CVE-2025-11411

CVSS scores:

* CVE-2025-11411 ( SUSE ): 6.9 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L
* CVE-2025-11411 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:L

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for unbound fixes the following issues:

Update to 1.24.1:

- CVE-2025-11411: Fixed possible domain hijacking attack (bsc#1252525).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-224=1

Package List:

- openSUSE Leap 16.0:

libunbound8-1.24.1-160000.1.1
python3-unbound-1.24.1-160000.1.1
unbound-1.24.1-160000.1.1
unbound-anchor-1.24.1-160000.1.1
unbound-devel-1.24.1-160000.1.1
unbound-munin-1.24.1-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-11411.html

openSUSE-SU-2026:20145-1: important: Security update for the Linux Kernel

openSUSE security update: security update for the linux kernel
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20145-1
Rating: important
References:

* bsc#1205462
* bsc#1214285
* bsc#1243112
* bsc#1245193
* bsc#1247500
* bsc#1250388
* bsc#1252046
* bsc#1252861
* bsc#1253155
* bsc#1253238
* bsc#1253262
* bsc#1253365
* bsc#1253400
* bsc#1253413
* bsc#1253414
* bsc#1253442
* bsc#1253458
* bsc#1253623
* bsc#1253674
* bsc#1253739
* bsc#1254126
* bsc#1254128
* bsc#1254195
* bsc#1254244
* bsc#1254363
* bsc#1254378
* bsc#1254408
* bsc#1254477
* bsc#1254510
* bsc#1254518
* bsc#1254519
* bsc#1254520
* bsc#1254615
* bsc#1254616
* bsc#1254618
* bsc#1254621
* bsc#1254624
* bsc#1254791
* bsc#1254793
* bsc#1254794
* bsc#1254795
* bsc#1254796
* bsc#1254797
* bsc#1254798
* bsc#1254808
* bsc#1254809
* bsc#1254813
* bsc#1254815
* bsc#1254821
* bsc#1254824
* bsc#1254825
* bsc#1254827
* bsc#1254828
* bsc#1254829
* bsc#1254830
* bsc#1254832
* bsc#1254835
* bsc#1254840
* bsc#1254843
* bsc#1254846
* bsc#1254847
* bsc#1254849
* bsc#1254850
* bsc#1254851
* bsc#1254852
* bsc#1254854
* bsc#1254856
* bsc#1254858
* bsc#1254860
* bsc#1254861
* bsc#1254864
* bsc#1254868
* bsc#1254869
* bsc#1254871
* bsc#1254894
* bsc#1254957
* bsc#1254959
* bsc#1254961
* bsc#1254964
* bsc#1254996
* bsc#1255026
* bsc#1255030
* bsc#1255034
* bsc#1255035
* bsc#1255039
* bsc#1255040
* bsc#1255041
* bsc#1255042
* bsc#1255057
* bsc#1255058
* bsc#1255064
* bsc#1255065
* bsc#1255068
* bsc#1255071
* bsc#1255072
* bsc#1255075
* bsc#1255077
* bsc#1255081
* bsc#1255082
* bsc#1255083
* bsc#1255087
* bsc#1255092
* bsc#1255094
* bsc#1255095
* bsc#1255097
* bsc#1255099
* bsc#1255103
* bsc#1255116
* bsc#1255120
* bsc#1255121
* bsc#1255122
* bsc#1255124
* bsc#1255131
* bsc#1255134
* bsc#1255135
* bsc#1255136
* bsc#1255138
* bsc#1255140
* bsc#1255142
* bsc#1255145
* bsc#1255146
* bsc#1255149
* bsc#1255150
* bsc#1255152
* bsc#1255154
* bsc#1255155
* bsc#1255156
* bsc#1255161
* bsc#1255167
* bsc#1255169
* bsc#1255171
* bsc#1255175
* bsc#1255179
* bsc#1255181
* bsc#1255182
* bsc#1255186
* bsc#1255187
* bsc#1255190
* bsc#1255193
* bsc#1255196
* bsc#1255197
* bsc#1255199
* bsc#1255202
* bsc#1255203
* bsc#1255206
* bsc#1255209
* bsc#1255218
* bsc#1255220
* bsc#1255221
* bsc#1255223
* bsc#1255226
* bsc#1255227
* bsc#1255228
* bsc#1255230
* bsc#1255231
* bsc#1255233
* bsc#1255234
* bsc#1255242
* bsc#1255243
* bsc#1255246
* bsc#1255247
* bsc#1255251
* bsc#1255252
* bsc#1255253
* bsc#1255255
* bsc#1255256
* bsc#1255259
* bsc#1255260
* bsc#1255261
* bsc#1255262
* bsc#1255272
* bsc#1255273
* bsc#1255274
* bsc#1255276
* bsc#1255279
* bsc#1255297
* bsc#1255312
* bsc#1255316
* bsc#1255318
* bsc#1255325
* bsc#1255329
* bsc#1255346
* bsc#1255349
* bsc#1255351
* bsc#1255354
* bsc#1255357
* bsc#1255377
* bsc#1255379
* bsc#1255380
* bsc#1255395
* bsc#1255401
* bsc#1255415
* bsc#1255428
* bsc#1255433
* bsc#1255434
* bsc#1255480
* bsc#1255483
* bsc#1255488
* bsc#1255489
* bsc#1255493
* bsc#1255495
* bsc#1255505
* bsc#1255507
* bsc#1255508
* bsc#1255509
* bsc#1255533
* bsc#1255541
* bsc#1255550
* bsc#1255552
* bsc#1255553
* bsc#1255567
* bsc#1255580
* bsc#1255601
* bsc#1255603
* bsc#1255611
* bsc#1255614
* bsc#1255672
* bsc#1255688
* bsc#1255698
* bsc#1255706
* bsc#1255707
* bsc#1255709
* bsc#1255722
* bsc#1255723
* bsc#1255724
* bsc#1255812
* bsc#1255813
* bsc#1255814
* bsc#1255816
* bsc#1255931
* bsc#1255932
* bsc#1255934
* bsc#1255943
* bsc#1255944
* bsc#1256238
* bsc#1256495
* bsc#1256606
* bsc#1256794

Cross-References:

* CVE-2025-38704
* CVE-2025-39880
* CVE-2025-39977
* CVE-2025-40042
* CVE-2025-40123
* CVE-2025-40130
* CVE-2025-40160
* CVE-2025-40167
* CVE-2025-40170
* CVE-2025-40179
* CVE-2025-40190
* CVE-2025-40209
* CVE-2025-40211
* CVE-2025-40212
* CVE-2025-40213
* CVE-2025-40214
* CVE-2025-40215
* CVE-2025-40218
* CVE-2025-40219
* CVE-2025-40220
* CVE-2025-40221
* CVE-2025-40223
* CVE-2025-40225
* CVE-2025-40226
* CVE-2025-40231
* CVE-2025-40233
* CVE-2025-40235
* CVE-2025-40237
* CVE-2025-40238
* CVE-2025-40239
* CVE-2025-40240
* CVE-2025-40242
* CVE-2025-40246
* CVE-2025-40248
* CVE-2025-40250
* CVE-2025-40251
* CVE-2025-40252
* CVE-2025-40254
* CVE-2025-40255
* CVE-2025-40256
* CVE-2025-40258
* CVE-2025-40262
* CVE-2025-40263
* CVE-2025-40264
* CVE-2025-40266
* CVE-2025-40268
* CVE-2025-40269
* CVE-2025-40271
* CVE-2025-40272
* CVE-2025-40273
* CVE-2025-40274
* CVE-2025-40275
* CVE-2025-40276
* CVE-2025-40277
* CVE-2025-40278
* CVE-2025-40279
* CVE-2025-40280
* CVE-2025-40282
* CVE-2025-40283
* CVE-2025-40284
* CVE-2025-40287
* CVE-2025-40288
* CVE-2025-40289
* CVE-2025-40292
* CVE-2025-40293
* CVE-2025-40294
* CVE-2025-40297
* CVE-2025-40301
* CVE-2025-40302
* CVE-2025-40303
* CVE-2025-40304
* CVE-2025-40307
* CVE-2025-40308
* CVE-2025-40309
* CVE-2025-40310
* CVE-2025-40311
* CVE-2025-40314
* CVE-2025-40315
* CVE-2025-40316
* CVE-2025-40317
* CVE-2025-40318
* CVE-2025-40319
* CVE-2025-40320
* CVE-2025-40321
* CVE-2025-40322
* CVE-2025-40323
* CVE-2025-40324
* CVE-2025-40328
* CVE-2025-40329
* CVE-2025-40330
* CVE-2025-40331
* CVE-2025-40332
* CVE-2025-40337
* CVE-2025-40338
* CVE-2025-40339
* CVE-2025-40340
* CVE-2025-40342
* CVE-2025-40343
* CVE-2025-40344
* CVE-2025-40345
* CVE-2025-40346
* CVE-2025-40347
* CVE-2025-40350
* CVE-2025-40353
* CVE-2025-40354
* CVE-2025-40355
* CVE-2025-40357
* CVE-2025-40359
* CVE-2025-40360
* CVE-2025-40362
* CVE-2025-68167
* CVE-2025-68170
* CVE-2025-68171
* CVE-2025-68172
* CVE-2025-68176
* CVE-2025-68180
* CVE-2025-68181
* CVE-2025-68183
* CVE-2025-68184
* CVE-2025-68185
* CVE-2025-68190
* CVE-2025-68192
* CVE-2025-68194
* CVE-2025-68195
* CVE-2025-68197
* CVE-2025-68198
* CVE-2025-68201
* CVE-2025-68202
* CVE-2025-68206
* CVE-2025-68207
* CVE-2025-68208
* CVE-2025-68209
* CVE-2025-68210
* CVE-2025-68213
* CVE-2025-68215
* CVE-2025-68217
* CVE-2025-68222
* CVE-2025-68223
* CVE-2025-68230
* CVE-2025-68233
* CVE-2025-68235
* CVE-2025-68237
* CVE-2025-68238
* CVE-2025-68239
* CVE-2025-68242
* CVE-2025-68244
* CVE-2025-68249
* CVE-2025-68252
* CVE-2025-68254
* CVE-2025-68255
* CVE-2025-68256
* CVE-2025-68257
* CVE-2025-68258
* CVE-2025-68259
* CVE-2025-68264
* CVE-2025-68283
* CVE-2025-68284
* CVE-2025-68285
* CVE-2025-68286
* CVE-2025-68287
* CVE-2025-68289
* CVE-2025-68290
* CVE-2025-68293
* CVE-2025-68298
* CVE-2025-68301
* CVE-2025-68302
* CVE-2025-68303
* CVE-2025-68305
* CVE-2025-68306
* CVE-2025-68307
* CVE-2025-68308
* CVE-2025-68311
* CVE-2025-68312
* CVE-2025-68313
* CVE-2025-68317
* CVE-2025-68327
* CVE-2025-68328
* CVE-2025-68330
* CVE-2025-68331
* CVE-2025-68332
* CVE-2025-68335
* CVE-2025-68339
* CVE-2025-68340
* CVE-2025-68342
* CVE-2025-68343
* CVE-2025-68344
* CVE-2025-68345
* CVE-2025-68346
* CVE-2025-68347
* CVE-2025-68351
* CVE-2025-68352
* CVE-2025-68353
* CVE-2025-68354
* CVE-2025-68362
* CVE-2025-68363
* CVE-2025-68378
* CVE-2025-68380
* CVE-2025-68724
* CVE-2025-68732
* CVE-2025-68736
* CVE-2025-68740
* CVE-2025-68742
* CVE-2025-68744
* CVE-2025-68746
* CVE-2025-68747
* CVE-2025-68748
* CVE-2025-68749
* CVE-2025-68750
* CVE-2025-68753
* CVE-2025-68757
* CVE-2025-68758
* CVE-2025-68759
* CVE-2025-68765
* CVE-2025-68766
* CVE-2025-71096

CVSS scores:

* CVE-2025-38704 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39880 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39977 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40042 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40123 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40123 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40130 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40130 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40160 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-40160 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-40167 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40167 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40170 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-40170 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40179 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40179 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40190 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40190 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40209 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40209 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40211 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-40211 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40212 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40212 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40213 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40213 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40214 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40214 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40215 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40215 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40218 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40219 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-40219 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40220 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40220 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40221 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-40221 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40223 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40225 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40226 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40231 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40233 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40235 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40237 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40238 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40239 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40240 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40242 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40242 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40246 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40248 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40250 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40251 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40252 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40254 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40255 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40256 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40258 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40258 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40262 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40263 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40263 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40264 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40266 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
* CVE-2025-40266 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-40268 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40268 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40269 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40271 ( SUSE ): 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-40272 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40273 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40274 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40275 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40276 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40277 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40278 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40279 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-40279 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-40280 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40280 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40282 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40282 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40283 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40283 ( SUSE ): 7 CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40284 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40284 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40287 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40288 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40288 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40289 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40289 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40292 ( SUSE ): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2025-40292 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40293 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40293 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40294 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-40294 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-40297 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40297 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40301 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-40301 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-40302 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-40302 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40303 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40303 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40304 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40304 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40307 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40307 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40308 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40308 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40309 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40310 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40310 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40311 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-40311 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-40314 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40314 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40315 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40315 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40316 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40317 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40318 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40319 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40320 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40321 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40322 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-40322 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40323 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40323 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40324 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40328 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40329 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40330 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40331 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40332 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40332 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40337 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40338 ( SUSE ): 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-40338 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40339 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40340 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-40342 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40342 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40343 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40343 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40344 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40345 ( SUSE ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40345 ( SUSE ): 7 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40346 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40346 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40347 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40350 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40353 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-40353 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-40354 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40354 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40355 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40357 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40357 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40359 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-40359 ( SUSE ): 2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-40360 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40360 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40362 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40362 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68167 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68167 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68170 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68171 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68172 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68176 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68180 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68181 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68183 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-68183 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68184 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68184 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68185 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68185 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68190 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68190 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68192 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68194 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68194 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68195 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68197 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68198 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68202 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68202 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68206 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68206 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68207 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68208 ( SUSE ): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-68208 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68209 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68210 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68213 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68215 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68217 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68222 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68223 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68223 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68230 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68230 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68233 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68235 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68237 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68238 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68239 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68244 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68249 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68252 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68254 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68254 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68255 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-68255 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68256 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68256 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68257 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68258 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68259 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68264 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-68264 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68283 ( SUSE ): 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-68283 ( SUSE ): 5.9 CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68284 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-68284 ( SUSE ): 7 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68285 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68285 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68286 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68287 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68289 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68290 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68293 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68298 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68301 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68302 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68303 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68305 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68305 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68306 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68306 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68307 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-68307 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68308 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68308 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68311 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68311 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68312 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68312 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68313 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-68313 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68317 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-68317 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-68327 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68327 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68328 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-68328 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68330 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68330 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68331 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68331 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68332 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68335 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68339 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-68339 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68340 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-68340 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68342 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-68342 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68343 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-68343 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68344 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-68344 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68345 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68346 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68347 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-68347 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68351 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68352 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68353 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68353 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68354 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68362 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68363 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68378 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68380 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68724 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68732 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68732 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68736 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-68736 ( SUSE ): 7 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-68740 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68740 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68742 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68742 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68744 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68744 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68746 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68746 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68747 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68747 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68748 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68748 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68749 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68749 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68750 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-68750 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-68753 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-68757 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68757 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68758 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-68758 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68759 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68759 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68765 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68765 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68766 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-68766 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71096 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2025-71096 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 215 vulnerabilities and has 238 bug fixes can now be installed.

Description:

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2025-38704: rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408).
- CVE-2025-39880: ceph: fix race condition validating r_parent before applying state (bsc#1250388).
- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
- CVE-2025-40042: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (bsc#1252861).
- CVE-2025-40123: bpf: Enforce expected_attach_type for tailcall compatibility (bsc#1253365).
- CVE-2025-40130: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling
- CVE-2025-40160: xen/events: Cleanup find_virq() return codes (bsc#1253400).
- CVE-2025-40167: ext4: detect invalid INLINE_DATA + EXTENTS flag combination (bsc#1253458).
- CVE-2025-40170: net: use dst_dev_rcu() in sk_setup_caps() (bsc#1253413).
- CVE-2025-40179: ext4: verify orphan file size is not too big (bsc#1253442).
- CVE-2025-40190: ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623).
- CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1254961).
- CVE-2025-40215: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40218: mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (bsc#1254964).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40231: vsock: fix lock inversion in vsock_assign_transport() (bsc#1254815).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40237: fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809).
- CVE-2025-40238: net/mlx5: Fix IPsec cleanup over MPV device (bsc#1254871).
- CVE-2025-40239: net: phy: micrel: always set shared->phydev for LAN8814 (bsc#1254868).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-40246: xfs: fix out of bounds memory read error in symlink repair (bsc#1254861).
- CVE-2025-40248: vsock: Ignore signal/timeout on connect() if already established (bsc#1254864).
- CVE-2025-40250: net/mlx5: Clean up only new IRQ glue on request_irq() failure (bsc#1254854).
- CVE-2025-40251: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (bsc#1254856).
- CVE-2025-40252: net: qlogic/qede: fix potential out-of-bounds read in
qede_tpa_cont() and qede_tpa_end() (bsc#1254849).
- CVE-2025-40254: net: openvswitch: remove never-working support for setting nsh fields (bsc#1254852).
- CVE-2025-40255: net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).
- CVE-2025-40264: be2net: pass wrb_params in case of OS2BMC (bsc#1254835).
- CVE-2025-40268: cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082).
- CVE-2025-40271: fs/proc: fix uaf in proc_readdir_de() (bsc#1255297).
- CVE-2025-40274: KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying (bsc#1254830).
- CVE-2025-40276: drm/panthor: Flush shmem writes before mapping buffers CPU-uncached (bsc#1254824).
- CVE-2025-40278: net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (bsc#1254825).
- CVE-2025-40279: net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (bsc#1254846).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40292: virtio-net: fix received length check in big packets (bsc#1255175).
- CVE-2025-40293: iommufd: Don't overflow during division for dirty tracking (bsc#1255179).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255187).
- CVE-2025-40319: bpf: Sync pending IRQ work before freeing ring buffer (bsc#1254794).
- CVE-2025-40328: smb: client: fix potential UAF in smb2_close_cached_fid() (bsc#1254624).
- CVE-2025-40330: bnxt_en: Shutdown FW DMA in bnxt_shutdown() (bsc#1254616).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-40338: ASoC: Intel: avs: Do not share the name pointer between components (bsc#1255273).
- CVE-2025-40346: arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (bsc#1255318).
- CVE-2025-40347: net: enetc: fix the deadlock of enetc_mdio_lock (bsc#1255262).
- CVE-2025-40350: net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (bsc#1255260).
- CVE-2025-40355: sysfs: check visibility before changing group attribute ownership (bsc#1255261).
- CVE-2025-40357: net/smc: fix general protection fault in __smc_diag_dump (bsc#1255097).
- CVE-2025-40359: perf/x86/intel: Fix KASAN global-out-of-bounds warning (bsc#1255087).
- CVE-2025-40362: ceph: fix multifs mds auth caps issue (bsc#1255103).
- CVE-2025-68171: x86/fpu: Ensure XFD state on signal delivery (bsc#1255255).
- CVE-2025-68197: bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (bsc#1255242).
- CVE-2025-68198: crash: fix crashkernel resource shrink (bsc#1255243).
- CVE-2025-68202: sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223).
- CVE-2025-68206: netfilter: nft_ct: add seqadj extension for natted connections (bsc#1255142).
- CVE-2025-68208: bpf: account for current allocated stack depth in widen_imprecise_scalars() (bsc#1255227).
- CVE-2025-68209: mlx5: Fix default values in create CQ (bsc#1255230).
- CVE-2025-68215: ice: fix PTP cleanup on driver removal in error path (bsc#1255226).
- CVE-2025-68239: binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272).
- CVE-2025-68259: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (bsc#1255199).
- CVE-2025-68264: ext4: refresh inline data size before write operations (bsc#1255380).
- CVE-2025-68283: libceph: replace BUG_ON with bounds check for map->max_osd (bsc#1255379).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-68293: mm/huge_memory: fix NULL pointer deference when splitting folio (bsc#1255150).
- CVE-2025-68301: net: atlantic: fix fragment overflow handling in RX path (bsc#1255120).
- CVE-2025-68302: net: sxgbe: fix potential NULL dereference in sxgbe_rx() (bsc#1255121).
- CVE-2025-68317: io_uring/zctx: check chained notif contexts (bsc#1255354).
- CVE-2025-68340: team: Move team device type change at the end of team_port_add (bsc#1255507).
- CVE-2025-68353: net: vxlan: prevent NULL deref in vxlan_xmit_one (bsc#1255533).
- CVE-2025-68363: bpf: Check skb->transport_header is set in bpf_skb_check_mtu (bsc#1255552).
- CVE-2025-68378: bpf: Refactor stack map trace depth calculation into helper function (bsc#1255614).
- CVE-2025-68736: landlock: Optimize file path walks and prepare for audit support (bsc#1255698).
- CVE-2025-68742: bpf: Fix invalid prog->stats access when update_effective_progs fails (bsc#1255707).
- CVE-2025-68744: bpf: Free special fields when update [lru_,]percpu_hash maps (bsc#1255709).
- CVE-2025-71096: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (bsc#1256606).

The following non security issues were fixed:

- KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672).
- Set HZ=1000 for ppc64 default configuration (jsc#PED-14344)
- bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433).
- btrfs: handle aligned EOF truncation correctly for subpage cases (bsc#1253238).
- cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434).
- cifs: update dstaddr whenever channel iface is updated (git-fixes).
- cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026).
- cpuset: fix warning when disabling remote partition (bsc#1256794).
- ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378).
- net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes).
- netdevsim: print human readable IP address (bsc#1255071).
- powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event
handling (bsc#1253262 ltc#216029).
- powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493
bsc#1254244 ltc#216496).
- sched: Increase sched_tick_remote timeout (bsc#1254510).
- selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346).
- selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349).
- selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349).
- serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes).
- supported.conf: Mark lan 743x supported (jsc#PED-14571)
- tick/sched: Limit non-timekeeper CPUs calling jiffies update (bsc#1254477).
- wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes).
- x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495).
- x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495).
- x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495).
- x86/microcode/AMD: Select which microcode patch to load (bsc#1256495).
- x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-230=1

Package List:

- openSUSE Leap 16.0:

cluster-md-kmp-64kb-6.12.0-160000.9.1
cluster-md-kmp-azure-6.12.0-160000.9.1
cluster-md-kmp-default-6.12.0-160000.9.1
cluster-md-kmp-rt-6.12.0-160000.9.1
dlm-kmp-64kb-6.12.0-160000.9.1
dlm-kmp-azure-6.12.0-160000.9.1
dlm-kmp-default-6.12.0-160000.9.1
dlm-kmp-rt-6.12.0-160000.9.1
dtb-allwinner-6.12.0-160000.9.1
dtb-altera-6.12.0-160000.9.1
dtb-amazon-6.12.0-160000.9.1
dtb-amd-6.12.0-160000.9.1
dtb-amlogic-6.12.0-160000.9.1
dtb-apm-6.12.0-160000.9.1
dtb-apple-6.12.0-160000.9.1
dtb-arm-6.12.0-160000.9.1
dtb-broadcom-6.12.0-160000.9.1
dtb-cavium-6.12.0-160000.9.1
dtb-exynos-6.12.0-160000.9.1
dtb-freescale-6.12.0-160000.9.1
dtb-hisilicon-6.12.0-160000.9.1
dtb-lg-6.12.0-160000.9.1
dtb-marvell-6.12.0-160000.9.1
dtb-mediatek-6.12.0-160000.9.1
dtb-nvidia-6.12.0-160000.9.1
dtb-qcom-6.12.0-160000.9.1
dtb-renesas-6.12.0-160000.9.1
dtb-rockchip-6.12.0-160000.9.1
dtb-socionext-6.12.0-160000.9.1
dtb-sprd-6.12.0-160000.9.1
dtb-xilinx-6.12.0-160000.9.1
gfs2-kmp-64kb-6.12.0-160000.9.1
gfs2-kmp-azure-6.12.0-160000.9.1
gfs2-kmp-default-6.12.0-160000.9.1
gfs2-kmp-rt-6.12.0-160000.9.1
kernel-64kb-6.12.0-160000.9.1
kernel-64kb-devel-6.12.0-160000.9.1
kernel-64kb-extra-6.12.0-160000.9.1
kernel-64kb-optional-6.12.0-160000.9.1
kernel-azure-6.12.0-160000.9.1
kernel-azure-devel-6.12.0-160000.9.1
kernel-azure-extra-6.12.0-160000.9.1
kernel-azure-optional-6.12.0-160000.9.1
kernel-azure-vdso-6.12.0-160000.9.1
kernel-default-6.12.0-160000.9.1
kernel-default-base-6.12.0-160000.9.1.160000.2.6
kernel-default-devel-6.12.0-160000.9.1
kernel-default-extra-6.12.0-160000.9.1
kernel-default-optional-6.12.0-160000.9.1
kernel-default-vdso-6.12.0-160000.9.1
kernel-devel-6.12.0-160000.9.1
kernel-docs-6.12.0-160000.9.1
kernel-docs-html-6.12.0-160000.9.1
kernel-kvmsmall-6.12.0-160000.9.1
kernel-kvmsmall-devel-6.12.0-160000.9.1
kernel-kvmsmall-vdso-6.12.0-160000.9.1
kernel-macros-6.12.0-160000.9.1
kernel-obs-build-6.12.0-160000.9.1
kernel-obs-qa-6.12.0-160000.9.1
kernel-rt-6.12.0-160000.9.1
kernel-rt-devel-6.12.0-160000.9.1
kernel-rt-extra-6.12.0-160000.9.1
kernel-rt-optional-6.12.0-160000.9.1
kernel-rt-vdso-6.12.0-160000.9.1
kernel-source-6.12.0-160000.9.1
kernel-source-vanilla-6.12.0-160000.9.1
kernel-syms-6.12.0-160000.9.1
kernel-zfcpdump-6.12.0-160000.9.1
kselftests-kmp-64kb-6.12.0-160000.9.1
kselftests-kmp-azure-6.12.0-160000.9.1
kselftests-kmp-default-6.12.0-160000.9.1
kselftests-kmp-rt-6.12.0-160000.9.1
ocfs2-kmp-64kb-6.12.0-160000.9.1
ocfs2-kmp-azure-6.12.0-160000.9.1
ocfs2-kmp-default-6.12.0-160000.9.1
ocfs2-kmp-rt-6.12.0-160000.9.1

References:

* https://www.suse.com/security/cve/CVE-2025-38704.html
* https://www.suse.com/security/cve/CVE-2025-39880.html
* https://www.suse.com/security/cve/CVE-2025-39977.html
* https://www.suse.com/security/cve/CVE-2025-40042.html
* https://www.suse.com/security/cve/CVE-2025-40123.html
* https://www.suse.com/security/cve/CVE-2025-40130.html
* https://www.suse.com/security/cve/CVE-2025-40160.html
* https://www.suse.com/security/cve/CVE-2025-40167.html
* https://www.suse.com/security/cve/CVE-2025-40170.html
* https://www.suse.com/security/cve/CVE-2025-40179.html
* https://www.suse.com/security/cve/CVE-2025-40190.html
* https://www.suse.com/security/cve/CVE-2025-40209.html
* https://www.suse.com/security/cve/CVE-2025-40211.html
* https://www.suse.com/security/cve/CVE-2025-40212.html
* https://www.suse.com/security/cve/CVE-2025-40213.html
* https://www.suse.com/security/cve/CVE-2025-40214.html
* https://www.suse.com/security/cve/CVE-2025-40215.html
* https://www.suse.com/security/cve/CVE-2025-40218.html
* https://www.suse.com/security/cve/CVE-2025-40219.html
* https://www.suse.com/security/cve/CVE-2025-40220.html
* https://www.suse.com/security/cve/CVE-2025-40221.html
* https://www.suse.com/security/cve/CVE-2025-40223.html
* https://www.suse.com/security/cve/CVE-2025-40225.html
* https://www.suse.com/security/cve/CVE-2025-40226.html
* https://www.suse.com/security/cve/CVE-2025-40231.html
* https://www.suse.com/security/cve/CVE-2025-40233.html
* https://www.suse.com/security/cve/CVE-2025-40235.html
* https://www.suse.com/security/cve/CVE-2025-40237.html
* https://www.suse.com/security/cve/CVE-2025-40238.html
* https://www.suse.com/security/cve/CVE-2025-40239.html
* https://www.suse.com/security/cve/CVE-2025-40240.html
* https://www.suse.com/security/cve/CVE-2025-40242.html
* https://www.suse.com/security/cve/CVE-2025-40246.html
* https://www.suse.com/security/cve/CVE-2025-40248.html
* https://www.suse.com/security/cve/CVE-2025-40250.html
* https://www.suse.com/security/cve/CVE-2025-40251.html
* https://www.suse.com/security/cve/CVE-2025-40252.html
* https://www.suse.com/security/cve/CVE-2025-40254.html
* https://www.suse.com/security/cve/CVE-2025-40255.html
* https://www.suse.com/security/cve/CVE-2025-40256.html
* https://www.suse.com/security/cve/CVE-2025-40258.html
* https://www.suse.com/security/cve/CVE-2025-40262.html
* https://www.suse.com/security/cve/CVE-2025-40263.html
* https://www.suse.com/security/cve/CVE-2025-40264.html
* https://www.suse.com/security/cve/CVE-2025-40266.html
* https://www.suse.com/security/cve/CVE-2025-40268.html
* https://www.suse.com/security/cve/CVE-2025-40269.html
* https://www.suse.com/security/cve/CVE-2025-40271.html
* https://www.suse.com/security/cve/CVE-2025-40272.html
* https://www.suse.com/security/cve/CVE-2025-40273.html
* https://www.suse.com/security/cve/CVE-2025-40274.html
* https://www.suse.com/security/cve/CVE-2025-40275.html
* https://www.suse.com/security/cve/CVE-2025-40276.html
* https://www.suse.com/security/cve/CVE-2025-40277.html
* https://www.suse.com/security/cve/CVE-2025-40278.html
* https://www.suse.com/security/cve/CVE-2025-40279.html
* https://www.suse.com/security/cve/CVE-2025-40280.html
* https://www.suse.com/security/cve/CVE-2025-40282.html
* https://www.suse.com/security/cve/CVE-2025-40283.html
* https://www.suse.com/security/cve/CVE-2025-40284.html
* https://www.suse.com/security/cve/CVE-2025-40287.html
* https://www.suse.com/security/cve/CVE-2025-40288.html
* https://www.suse.com/security/cve/CVE-2025-40289.html
* https://www.suse.com/security/cve/CVE-2025-40292.html
* https://www.suse.com/security/cve/CVE-2025-40293.html
* https://www.suse.com/security/cve/CVE-2025-40294.html
* https://www.suse.com/security/cve/CVE-2025-40297.html
* https://www.suse.com/security/cve/CVE-2025-40301.html
* https://www.suse.com/security/cve/CVE-2025-40302.html
* https://www.suse.com/security/cve/CVE-2025-40303.html
* https://www.suse.com/security/cve/CVE-2025-40304.html
* https://www.suse.com/security/cve/CVE-2025-40307.html
* https://www.suse.com/security/cve/CVE-2025-40308.html
* https://www.suse.com/security/cve/CVE-2025-40309.html
* https://www.suse.com/security/cve/CVE-2025-40310.html
* https://www.suse.com/security/cve/CVE-2025-40311.html
* https://www.suse.com/security/cve/CVE-2025-40314.html
* https://www.suse.com/security/cve/CVE-2025-40315.html
* https://www.suse.com/security/cve/CVE-2025-40316.html
* https://www.suse.com/security/cve/CVE-2025-40317.html
* https://www.suse.com/security/cve/CVE-2025-40318.html
* https://www.suse.com/security/cve/CVE-2025-40319.html
* https://www.suse.com/security/cve/CVE-2025-40320.html
* https://www.suse.com/security/cve/CVE-2025-40321.html
* https://www.suse.com/security/cve/CVE-2025-40322.html
* https://www.suse.com/security/cve/CVE-2025-40323.html
* https://www.suse.com/security/cve/CVE-2025-40324.html
* https://www.suse.com/security/cve/CVE-2025-40328.html
* https://www.suse.com/security/cve/CVE-2025-40329.html
* https://www.suse.com/security/cve/CVE-2025-40330.html
* https://www.suse.com/security/cve/CVE-2025-40331.html
* https://www.suse.com/security/cve/CVE-2025-40332.html
* https://www.suse.com/security/cve/CVE-2025-40337.html
* https://www.suse.com/security/cve/CVE-2025-40338.html
* https://www.suse.com/security/cve/CVE-2025-40339.html
* https://www.suse.com/security/cve/CVE-2025-40340.html
* https://www.suse.com/security/cve/CVE-2025-40342.html
* https://www.suse.com/security/cve/CVE-2025-40343.html
* https://www.suse.com/security/cve/CVE-2025-40344.html
* https://www.suse.com/security/cve/CVE-2025-40345.html
* https://www.suse.com/security/cve/CVE-2025-40346.html
* https://www.suse.com/security/cve/CVE-2025-40347.html
* https://www.suse.com/security/cve/CVE-2025-40350.html
* https://www.suse.com/security/cve/CVE-2025-40353.html
* https://www.suse.com/security/cve/CVE-2025-40354.html
* https://www.suse.com/security/cve/CVE-2025-40355.html
* https://www.suse.com/security/cve/CVE-2025-40357.html
* https://www.suse.com/security/cve/CVE-2025-40359.html
* https://www.suse.com/security/cve/CVE-2025-40360.html
* https://www.suse.com/security/cve/CVE-2025-40362.html
* https://www.suse.com/security/cve/CVE-2025-68167.html
* https://www.suse.com/security/cve/CVE-2025-68170.html
* https://www.suse.com/security/cve/CVE-2025-68171.html
* https://www.suse.com/security/cve/CVE-2025-68172.html
* https://www.suse.com/security/cve/CVE-2025-68176.html
* https://www.suse.com/security/cve/CVE-2025-68180.html
* https://www.suse.com/security/cve/CVE-2025-68181.html
* https://www.suse.com/security/cve/CVE-2025-68183.html
* https://www.suse.com/security/cve/CVE-2025-68184.html
* https://www.suse.com/security/cve/CVE-2025-68185.html
* https://www.suse.com/security/cve/CVE-2025-68190.html
* https://www.suse.com/security/cve/CVE-2025-68192.html
* https://www.suse.com/security/cve/CVE-2025-68194.html
* https://www.suse.com/security/cve/CVE-2025-68195.html
* https://www.suse.com/security/cve/CVE-2025-68197.html
* https://www.suse.com/security/cve/CVE-2025-68198.html
* https://www.suse.com/security/cve/CVE-2025-68201.html
* https://www.suse.com/security/cve/CVE-2025-68202.html
* https://www.suse.com/security/cve/CVE-2025-68206.html
* https://www.suse.com/security/cve/CVE-2025-68207.html
* https://www.suse.com/security/cve/CVE-2025-68208.html
* https://www.suse.com/security/cve/CVE-2025-68209.html
* https://www.suse.com/security/cve/CVE-2025-68210.html
* https://www.suse.com/security/cve/CVE-2025-68213.html
* https://www.suse.com/security/cve/CVE-2025-68215.html
* https://www.suse.com/security/cve/CVE-2025-68217.html
* https://www.suse.com/security/cve/CVE-2025-68222.html
* https://www.suse.com/security/cve/CVE-2025-68223.html
* https://www.suse.com/security/cve/CVE-2025-68230.html
* https://www.suse.com/security/cve/CVE-2025-68233.html
* https://www.suse.com/security/cve/CVE-2025-68235.html
* https://www.suse.com/security/cve/CVE-2025-68237.html
* https://www.suse.com/security/cve/CVE-2025-68238.html
* https://www.suse.com/security/cve/CVE-2025-68239.html
* https://www.suse.com/security/cve/CVE-2025-68242.html
* https://www.suse.com/security/cve/CVE-2025-68244.html
* https://www.suse.com/security/cve/CVE-2025-68249.html
* https://www.suse.com/security/cve/CVE-2025-68252.html
* https://www.suse.com/security/cve/CVE-2025-68254.html
* https://www.suse.com/security/cve/CVE-2025-68255.html
* https://www.suse.com/security/cve/CVE-2025-68256.html
* https://www.suse.com/security/cve/CVE-2025-68257.html
* https://www.suse.com/security/cve/CVE-2025-68258.html
* https://www.suse.com/security/cve/CVE-2025-68259.html
* https://www.suse.com/security/cve/CVE-2025-68264.html
* https://www.suse.com/security/cve/CVE-2025-68283.html
* https://www.suse.com/security/cve/CVE-2025-68284.html
* https://www.suse.com/security/cve/CVE-2025-68285.html
* https://www.suse.com/security/cve/CVE-2025-68286.html
* https://www.suse.com/security/cve/CVE-2025-68287.html
* https://www.suse.com/security/cve/CVE-2025-68289.html
* https://www.suse.com/security/cve/CVE-2025-68290.html
* https://www.suse.com/security/cve/CVE-2025-68293.html
* https://www.suse.com/security/cve/CVE-2025-68298.html
* https://www.suse.com/security/cve/CVE-2025-68301.html
* https://www.suse.com/security/cve/CVE-2025-68302.html
* https://www.suse.com/security/cve/CVE-2025-68303.html
* https://www.suse.com/security/cve/CVE-2025-68305.html
* https://www.suse.com/security/cve/CVE-2025-68306.html
* https://www.suse.com/security/cve/CVE-2025-68307.html
* https://www.suse.com/security/cve/CVE-2025-68308.html
* https://www.suse.com/security/cve/CVE-2025-68311.html
* https://www.suse.com/security/cve/CVE-2025-68312.html
* https://www.suse.com/security/cve/CVE-2025-68313.html
* https://www.suse.com/security/cve/CVE-2025-68317.html
* https://www.suse.com/security/cve/CVE-2025-68327.html
* https://www.suse.com/security/cve/CVE-2025-68328.html
* https://www.suse.com/security/cve/CVE-2025-68330.html
* https://www.suse.com/security/cve/CVE-2025-68331.html
* https://www.suse.com/security/cve/CVE-2025-68332.html
* https://www.suse.com/security/cve/CVE-2025-68335.html
* https://www.suse.com/security/cve/CVE-2025-68339.html
* https://www.suse.com/security/cve/CVE-2025-68340.html
* https://www.suse.com/security/cve/CVE-2025-68342.html
* https://www.suse.com/security/cve/CVE-2025-68343.html
* https://www.suse.com/security/cve/CVE-2025-68344.html
* https://www.suse.com/security/cve/CVE-2025-68345.html
* https://www.suse.com/security/cve/CVE-2025-68346.html
* https://www.suse.com/security/cve/CVE-2025-68347.html
* https://www.suse.com/security/cve/CVE-2025-68351.html
* https://www.suse.com/security/cve/CVE-2025-68352.html
* https://www.suse.com/security/cve/CVE-2025-68353.html
* https://www.suse.com/security/cve/CVE-2025-68354.html
* https://www.suse.com/security/cve/CVE-2025-68362.html
* https://www.suse.com/security/cve/CVE-2025-68363.html
* https://www.suse.com/security/cve/CVE-2025-68378.html
* https://www.suse.com/security/cve/CVE-2025-68380.html
* https://www.suse.com/security/cve/CVE-2025-68724.html
* https://www.suse.com/security/cve/CVE-2025-68732.html
* https://www.suse.com/security/cve/CVE-2025-68736.html
* https://www.suse.com/security/cve/CVE-2025-68740.html
* https://www.suse.com/security/cve/CVE-2025-68742.html
* https://www.suse.com/security/cve/CVE-2025-68744.html
* https://www.suse.com/security/cve/CVE-2025-68746.html
* https://www.suse.com/security/cve/CVE-2025-68747.html
* https://www.suse.com/security/cve/CVE-2025-68748.html
* https://www.suse.com/security/cve/CVE-2025-68749.html
* https://www.suse.com/security/cve/CVE-2025-68750.html
* https://www.suse.com/security/cve/CVE-2025-68753.html
* https://www.suse.com/security/cve/CVE-2025-68757.html
* https://www.suse.com/security/cve/CVE-2025-68758.html
* https://www.suse.com/security/cve/CVE-2025-68759.html
* https://www.suse.com/security/cve/CVE-2025-68765.html
* https://www.suse.com/security/cve/CVE-2025-68766.html
* https://www.suse.com/security/cve/CVE-2025-71096.html

openSUSE-SU-2026:20151-1: moderate: Security update for wireshark

openSUSE security update: security update for wireshark
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20151-1
Rating: moderate
References:

* bsc#1249090
* bsc#1251933
* bsc#1254108
* bsc#1254471
* bsc#1254472
* bsc#1256734
* bsc#1256738
* bsc#1256739

Cross-References:

* CVE-2025-11626
* CVE-2025-13499
* CVE-2025-13945
* CVE-2025-13946
* CVE-2025-9817
* CVE-2026-0959
* CVE-2026-0961
* CVE-2026-0962

CVSS scores:

* CVE-2025-11626 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-11626 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-13499 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2025-13499 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-13945 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-13946 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-9817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-9817 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-0959 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-0959 ( SUSE ): 6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-0961 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-0961 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-0962 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-0962 ( SUSE ): 6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 8 vulnerabilities and has 8 bug fixes can now be installed.

Description:

This update for wireshark fixes the following issues:

Update to Wireshark 4.4.13:

- CVE-2025-11626: MONGO dissector infinite loop (bsc#1251933).
- CVE-2025-13499: Kafka dissector crash (bsc#1254108).
- CVE-2025-13945: HTTP3 dissector crash (bsc#1254471).
- CVE-2025-13946: MEGACO dissector infinite loop (bsc#1254472).
- CVE-2025-9817: SSH dissector crash (bsc#1249090).
- CVE-2026-0959: IEEE 802.11 dissector crash (bsc#1256734).
- CVE-2026-0961: BLF file parser crash (bsc#1256738).
- CVE-2026-0962: SOME/IP-SD dissector crash (bsc#1256739).

Full changelog:

https://www.wireshark.org/docs/relnotes/wireshark-4.4.13.html

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-236=1

Package List:

- openSUSE Leap 16.0:

libwireshark18-4.4.13-160000.1.1
libwiretap15-4.4.13-160000.1.1
libwsutil16-4.4.13-160000.1.1
wireshark-4.4.13-160000.1.1
wireshark-devel-4.4.13-160000.1.1
wireshark-ui-qt-4.4.13-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-11626.html
* https://www.suse.com/security/cve/CVE-2025-13499.html
* https://www.suse.com/security/cve/CVE-2025-13945.html
* https://www.suse.com/security/cve/CVE-2025-13946.html
* https://www.suse.com/security/cve/CVE-2025-9817.html
* https://www.suse.com/security/cve/CVE-2026-0959.html
* https://www.suse.com/security/cve/CVE-2026-0961.html
* https://www.suse.com/security/cve/CVE-2026-0962.html

openSUSE-SU-2026:20138-1: moderate: Security update for jasper

openSUSE security update: security update for jasper
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20138-1
Rating: moderate
References:

* bsc#1247901
* bsc#1247902
* bsc#1247904

Cross-References:

* CVE-2025-8835
* CVE-2025-8836
* CVE-2025-8837

CVSS scores:

* CVE-2025-8835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-8835 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-8836 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-8836 ( SUSE ): 2 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-8837 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2025-8837 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.

Description:

This update for jasper fixes the following issues:

Update to 4.2.8:

- CVE-2025-8837: Fixed a bug in the JPC decoder that could cause bad memory accesses if the debug level is set sufficiently high (bsc#1247901).
- CVE-2025-8836: Added some missing range checking on several coding parameters in the JPC encoder (bsc#1247902).
- CVE-2025-8835: Added a check for a missing color component in the jas_image_chclrspc function (bsc#1247904).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-223=1

Package List:

- openSUSE Leap 16.0:

jasper-4.2.8-160000.1.1
libjasper-devel-4.2.8-160000.1.1
libjasper7-4.2.8-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-8835.html
* https://www.suse.com/security/cve/CVE-2025-8836.html
* https://www.suse.com/security/cve/CVE-2025-8837.html

openSUSE-SU-2026:20140-1: important: Security update for alloy

openSUSE security update: security update for alloy
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20140-1
Rating: important
References:

* bsc#1255074
* bsc#1255333

Cross-References:

* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881
* CVE-2025-68156

CVSS scores:

* CVE-2025-31133 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-31133 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-52565 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52565 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-52881 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52881 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-68156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68156 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 4 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for alloy fixes the following issues:

Update to 1.12.2:

Security fixes:

- CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion (bsc#1255333):
- CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container
breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1255074)

Other fixes:

- Add missing configuration parameter
deployment_name_from_replicaset to k8sattributes processor
(5b90a9d) (@dehaansa)
- database_observability: Fix schema_details collector to fetch
column definitions with case sensitive table names (#4872)
(560dff4) (@jharvey10, @fridgepoet)
- deps: Update jose2go to 1.7.0 (#4858) (dfdd341) (@jharvey10)
- deps: Update npm dependencies [backport] (#5201) (8e06c26)
(@jharvey10)
- Ensure the squid exporter wrapper properly brackets ipv6
addresses [backport] (#5205) (e329cc6) (@dehaansa)
- Preserve meta labels in loki.source.podlogs (#5097) (ab4b21e)
(@kalleep)
- Prevent panic in import.git when update fails [backport]
(#5204) (c82fbae) (@dehaansa, @jharvey10)
- show correct fallback alloy version instead of v1.13.0
(#5110) (b72be99) (@dehaansa, @jharvey10)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-225=1

Package List:

- openSUSE Leap 16.0:

alloy-1.12.2-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-31133.html
* https://www.suse.com/security/cve/CVE-2025-52565.html
* https://www.suse.com/security/cve/CVE-2025-52881.html
* https://www.suse.com/security/cve/CVE-2025-68156.html

openSUSE-SU-2026:20137-1: important: Security update for openvpn

openSUSE security update: security update for openvpn
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20137-1
Rating: important
References:

* bsc#1254486

Cross-References:

* CVE-2025-13086

CVSS scores:

* CVE-2025-13086 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-13086 ( SUSE ): 4.6 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for openvpn fixes the following issues:

- CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS (bsc#1254486).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-222=1

Package List:

- openSUSE Leap 16.0:

openvpn-2.6.10-160000.3.1
openvpn-auth-pam-plugin-2.6.10-160000.3.1
openvpn-devel-2.6.10-160000.3.1
openvpn-down-root-plugin-2.6.10-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-13086.html

openSUSE-SU-2026:20134-1: important: Security update for java-17-openjdk

openSUSE security update: security update for java-17-openjdk
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20134-1
Rating: important
References:

* bsc#1255446
* bsc#1257034
* bsc#1257036
* bsc#1257037
* bsc#1257038

Cross-References:

* CVE-2026-21925
* CVE-2026-21932
* CVE-2026-21933
* CVE-2026-21945

CVSS scores:

* CVE-2026-21925 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-21932 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
* CVE-2026-21933 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-21945 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 4 vulnerabilities and has 5 bug fixes can now be installed.

Description:

This update for java-17-openjdk fixes the following issues:

Upgrade to upstream tag jdk-17.0.18+8 (January 2026 CPU)

Security fixes:

- CVE-2026-21925: Fixed Oracle Java SE component RMI (bsc#1257034).
- CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX (bsc#1257036).
- CVE-2026-21933: Fixed Oracle Java SE component Networking (bsc#1257037).
- CVE-2026-21945: Fixed Oracle Java SE component Security (bsc#1257038).

Other fixes:

- OpenJDK rendering blue borders when it should not, due to missing the fix for JDK-6304250 from upstream (bsc#1255446).
- Do not depend on update-desktop-files (jsc#PED-14507, jsc#PED-15216).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-219=1

Package List:

- openSUSE Leap 16.0:

java-17-openjdk-17.0.18.0-160000.1.1
java-17-openjdk-demo-17.0.18.0-160000.1.1
java-17-openjdk-devel-17.0.18.0-160000.1.1
java-17-openjdk-headless-17.0.18.0-160000.1.1
java-17-openjdk-javadoc-17.0.18.0-160000.1.1
java-17-openjdk-jmods-17.0.18.0-160000.1.1
java-17-openjdk-src-17.0.18.0-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-21925.html
* https://www.suse.com/security/cve/CVE-2026-21932.html
* https://www.suse.com/security/cve/CVE-2026-21933.html
* https://www.suse.com/security/cve/CVE-2026-21945.html

openSUSE-SU-2026:20132-1: important: Security update for elemental-register, elemental-toolkit

openSUSE security update: security update for elemental-register, elemental-toolkit
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20132-1
Rating: important
References:

* bsc#1241826
* bsc#1241857
* bsc#1251511
* bsc#1251679
* bsc#1253581
* bsc#1253901
* bsc#1254079

Cross-References:

* CVE-2025-22872
* CVE-2025-47911
* CVE-2025-47913
* CVE-2025-47914
* CVE-2025-58181
* CVE-2025-58190

CVSS scores:

* CVE-2025-22872 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
* CVE-2025-22872 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
* CVE-2025-47911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-47911 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-47914 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58181 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58181 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58190 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 6 vulnerabilities and has 7 bug fixes can now be installed.

Description:

This update for elemental-register, elemental-toolkit fixes the following issues:

elemental-register was updated to 1.8.1:

Changes on top of v1.8.1:

* Update headers to 2026
* Update questions to include SL Micro 6.2

Update to v1.8.1:

* Install yip config files in before-install step
* Bump github.com/rancher-sandbox/go-tpm and its dependencies
This includes few CVE fixes:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)

elemental-toolkit was updated to v2.3.2:

* Bump golang.org/x/crypto library
This includes few CVE fixes:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
* bsc#1253581 (CVE-2025-47913)
* bsc#1253901 (CVE-2025-58181)
* bsc#1254079 (CVE-2025-47914)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-217=1

Package List:

- openSUSE Leap 16.0:

elemental-register-1.8.1-160000.1.1
elemental-support-1.8.1-160000.1.1
elemental-toolkit-2.3.2-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-22872.html
* https://www.suse.com/security/cve/CVE-2025-47911.html
* https://www.suse.com/security/cve/CVE-2025-47913.html
* https://www.suse.com/security/cve/CVE-2025-47914.html
* https://www.suse.com/security/cve/CVE-2025-58181.html
* https://www.suse.com/security/cve/CVE-2025-58190.html

openSUSE-SU-2026:20133-1: important: Security update for glibc

openSUSE security update: security update for glibc
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20133-1
Rating: important
References:

* bsc#1236282
* bsc#1256436
* bsc#1256766
* bsc#1256822
* bsc#1257005

Cross-References:

* CVE-2025-0395
* CVE-2025-15281
* CVE-2026-0861
* CVE-2026-0915

CVSS scores:

* CVE-2025-0395 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-0395 ( SUSE ): 2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-15281 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-15281 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-0861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-0861 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-0915 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-0915 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 4 vulnerabilities and has 5 bug fixes can now be installed.

Description:

This update for glibc fixes the following issues:

Security fixes:

- CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282).
- CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766).
- CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822).
- CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005).

Other fixes:

- NPTL: Optimize trylock for high cache contention workloads (bsc#1256436)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-218=1

Package List:

- openSUSE Leap 16.0:

cross-aarch64-glibc-devel-2.40-160000.3.1
cross-ppc64le-glibc-devel-2.40-160000.3.1
cross-riscv64-glibc-devel-2.40-160000.3.1
cross-s390x-glibc-devel-2.40-160000.3.1
glibc-2.40-160000.3.1
glibc-devel-2.40-160000.3.1
glibc-devel-static-2.40-160000.3.1
glibc-extra-2.40-160000.3.1
glibc-gconv-modules-extra-2.40-160000.3.1
glibc-html-2.40-160000.3.1
glibc-i18ndata-2.40-160000.3.1
glibc-info-2.40-160000.3.1
glibc-lang-2.40-160000.3.1
glibc-locale-2.40-160000.3.1
glibc-locale-base-2.40-160000.3.1
glibc-profile-2.40-160000.3.1
glibc-utils-2.40-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-0395.html
* https://www.suse.com/security/cve/CVE-2025-15281.html
* https://www.suse.com/security/cve/CVE-2026-0861.html
* https://www.suse.com/security/cve/CVE-2026-0915.html

openSUSE-SU-2026:20131-1: important: Security update for postgresql17 and postgresql18

openSUSE security update: security update for postgresql17 and postgresql18
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20131-1
Rating: important
References:

* bsc#1253332
* bsc#1253333

Cross-References:

* CVE-2025-12817
* CVE-2025-12818

CVSS scores:

* CVE-2025-12817 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-12817 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-12818 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-12818 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for postgresql17 and postgresql18 fixes the following issues:

Changes in postgresql17, postgresql18:

Update to 17.7:

* https://www.postgresql.org/about/news/p-3171/
* https://www.postgresql.org/docs/release/17.7/

* bsc#1253332, CVE-2025-12817: Missing check for CREATE
privileges on the schema in CREATE STATISTICS allowed table
owners to create statistics in any schema, potentially leading
to unexpected naming conflicts.
* bsc#1253333, CVE-2025-12818: Several places in libpq were not
sufficiently careful about computing the required size of a
memory allocation. Sufficiently large inputs could cause
integer overflow, resulting in an undersized buffer, which
would then lead to writing past the end of the buffer.

Postgresql is shipped in version 18.1.

pgvector was updated to 0.8.1 to support postgresql18.

pgaudit was updated to support postgresql18.

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-216=1

Package List:

- openSUSE Leap 16.0:

libecpg6-18.1-160000.1.1
libpq5-18.1-160000.1.1
postgresql-18-160000.1.1
postgresql-contrib-18-160000.1.1
postgresql-devel-18-160000.1.1
postgresql-docs-18-160000.1.1
postgresql-llvmjit-18-160000.1.1
postgresql-llvmjit-devel-18-160000.1.1
postgresql-plperl-18-160000.1.1
postgresql-plpython-18-160000.1.1
postgresql-pltcl-18-160000.1.1
postgresql-server-18-160000.1.1
postgresql-server-devel-18-160000.1.1
postgresql-test-18-160000.1.1
postgresql13-pgaudit-1.5.3-160000.3.1
postgresql13-pgvector-0.8.1-160000.1.1
postgresql14-pgaudit-1.6.3-160000.3.1
postgresql14-pgvector-0.8.1-160000.1.1
postgresql15-pgaudit-1.7.1-160000.3.1
postgresql15-pgvector-0.8.1-160000.1.1
postgresql16-pgaudit-16.1-160000.3.1
postgresql16-pgvector-0.8.1-160000.1.1
postgresql17-17.7-160000.1.1
postgresql17-contrib-17.7-160000.1.1
postgresql17-devel-17.7-160000.1.1
postgresql17-docs-17.7-160000.1.1
postgresql17-llvmjit-17.7-160000.1.1
postgresql17-llvmjit-devel-17.7-160000.1.1
postgresql17-pgaudit-17.1-160000.3.1
postgresql17-pgvector-0.8.1-160000.1.1
postgresql17-plperl-17.7-160000.1.1
postgresql17-plpython-17.7-160000.1.1
postgresql17-pltcl-17.7-160000.1.1
postgresql17-server-17.7-160000.1.1
postgresql17-server-devel-17.7-160000.1.1
postgresql17-test-17.7-160000.1.1
postgresql18-18.1-160000.1.1
postgresql18-contrib-18.1-160000.1.1
postgresql18-devel-18.1-160000.1.1
postgresql18-devel-mini-18.1-160000.1.1
postgresql18-docs-18.1-160000.1.1
postgresql18-llvmjit-18.1-160000.1.1
postgresql18-llvmjit-devel-18.1-160000.1.1
postgresql18-pgaudit-18.0-160000.3.1
postgresql18-pgvector-0.8.1-160000.1.1
postgresql18-plperl-18.1-160000.1.1
postgresql18-plpython-18.1-160000.1.1
postgresql18-pltcl-18.1-160000.1.1
postgresql18-server-18.1-160000.1.1
postgresql18-server-devel-18.1-160000.1.1
postgresql18-test-18.1-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-12817.html
* https://www.suse.com/security/cve/CVE-2025-12818.html

openSUSE-SU-2026:20127-1: important: Security update for python-urllib3

openSUSE security update: security update for python-urllib3
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20127-1
Rating: important
References:

* bsc#1254866
* bsc#1254867

Cross-References:

* CVE-2025-66418
* CVE-2025-66471

CVSS scores:

* CVE-2025-66418 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-66418 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-66471 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-66471 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for python-urllib3 fixes the following issues:

- CVE-2025-66471: Fixed excessive resource consumption via decompression
of highly compressed data in Streaming API (bsc#1254867)
- CVE-2025-66418: Fixed resource exhaustion via unbounded number of links
in the decompression chain (bsc#1254866)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-212=1

Package List:

- openSUSE Leap 16.0:

python313-urllib3-2.5.0-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2025-66418.html
* https://www.suse.com/security/cve/CVE-2025-66471.html

openSUSE-SU-2026:20130-1: important: Security update for postgresql16

openSUSE security update: security update for postgresql16
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20130-1
Rating: important
References:

* bsc#1253332
* bsc#1253333

Cross-References:

* CVE-2025-12817
* CVE-2025-12818

CVSS scores:

* CVE-2025-12817 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-12817 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-12818 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-12818 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for postgresql16 fixes the following issues:

Security fixes:

- CVE-2025-12817: Missing check for CREATE
privileges on the schema in CREATE STATISTICS allowed table
owners to create statistics in any schema, potentially leading
to unexpected naming conflicts (bsc#1253332)
- CVE-2025-12818: Several places in libpq were not
sufficiently careful about computing the required size of a
memory allocation. Sufficiently large inputs could cause
integer overflow, resulting in an undersized buffer, which
would then lead to writing past the end of the buffer (bsc#1253333)

Other fixes:

- Upgrade to 16.11

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-215=1

Package List:

- openSUSE Leap 16.0:

postgresql16-16.11-160000.1.1
postgresql16-contrib-16.11-160000.1.1
postgresql16-devel-16.11-160000.1.1
postgresql16-docs-16.11-160000.1.1
postgresql16-llvmjit-16.11-160000.1.1
postgresql16-llvmjit-devel-16.11-160000.1.1
postgresql16-plperl-16.11-160000.1.1
postgresql16-plpython-16.11-160000.1.1
postgresql16-pltcl-16.11-160000.1.1
postgresql16-server-16.11-160000.1.1
postgresql16-server-devel-16.11-160000.1.1
postgresql16-test-16.11-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-12817.html
* https://www.suse.com/security/cve/CVE-2025-12818.html

openSUSE-SU-2026:20120-1: important: Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16)

openSUSE security update: security update for the linux kernel (live patch 1 for suse linux enterprise 16)
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20120-1
Rating: important
References:

* bsc#1251982
* bsc#1252270
* bsc#1253437
* bsc#1254196

Cross-References:

* CVE-2025-39963
* CVE-2025-40204
* CVE-2025-40212

CVSS scores:

* CVE-2025-39963 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39963 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-40204 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-40212 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40212 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has 4 bug fixes can now be installed.

Description:

This update for the SUSE Linux Enterprise kernel 6.12.0-160000.6.1 fixes various security issues

The following security issues were fixed:

- CVE-2025-39963: io_uring: fix incorrect io_kiocb reference in io_link_skb (bsc#1251982).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).
- CVE-2025-40212: nfsd: fix refcount leak in nfsd_set_fh_dentry() (bsc#1254196).

The following non security issues was fixed:

- Explicitly add module-common.c with vermagic and retpoline modinfo (bsc#1252270).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-205=1

Package List:

- openSUSE Leap 16.0:

kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-39963.html
* https://www.suse.com/security/cve/CVE-2025-40204.html
* https://www.suse.com/security/cve/CVE-2025-40212.html

openSUSE-SU-2026:20122-1: moderate: Security update for python-h2

openSUSE security update: security update for python-h2
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20122-1
Rating: moderate
References:

* bsc#1248737

Cross-References:

* CVE-2025-57804

CVSS scores:

* CVE-2025-57804 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-57804 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for python-h2 fixes the following issues:

- CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers (bsc#1248737)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-207=1

Package List:

- openSUSE Leap 16.0:

python313-h2-4.2.0-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-57804.html

openSUSE-SU-2026:20118-1: important: Security update for ImageMagick

openSUSE security update: security update for imagemagick
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20118-1
Rating: important
References:

* bsc#1254435
* bsc#1254820
* bsc#1255821
* bsc#1255822
* bsc#1255823

Cross-References:

* CVE-2025-65955
* CVE-2025-66628
* CVE-2025-68618
* CVE-2025-68950
* CVE-2025-69204

CVSS scores:

* CVE-2025-65955 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-65955 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-66628 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-66628 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-68618 ( SUSE ): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-68618 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-68950 ( SUSE ): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-68950 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-69204 ( SUSE ): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-69204 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed.

Description:

This update for ImageMagick fixes the following issues:

- CVE-2025-65955: Fixed use-after-free/double-free in ImageMagick (bsc#1254435)
- CVE-2025-66628: Fixed Integer Overflow leading to out of bounds read in ImageMagick (32-bit only) (bsc#1254820)
- CVE-2025-68618: Fixed that reading a malicious SVG file may result in a DoS attack (bsc#1255821)
- CVE-2025-68950: Fixed check for circular references in mvg files may lead to stack overflow (bsc#1255822)
- CVE-2025-69204: Fixed an integer overflow can lead to a DoS attack (bsc#1255823)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-203=1

Package List:

- openSUSE Leap 16.0:

ImageMagick-7.1.2.0-160000.5.1
ImageMagick-config-7-SUSE-7.1.2.0-160000.5.1
ImageMagick-config-7-upstream-limited-7.1.2.0-160000.5.1
ImageMagick-config-7-upstream-open-7.1.2.0-160000.5.1
ImageMagick-config-7-upstream-secure-7.1.2.0-160000.5.1
ImageMagick-config-7-upstream-websafe-7.1.2.0-160000.5.1
ImageMagick-devel-7.1.2.0-160000.5.1
ImageMagick-doc-7.1.2.0-160000.5.1
ImageMagick-extra-7.1.2.0-160000.5.1
libMagick++-7_Q16HDRI5-7.1.2.0-160000.5.1
libMagick++-devel-7.1.2.0-160000.5.1
libMagickCore-7_Q16HDRI10-7.1.2.0-160000.5.1
libMagickWand-7_Q16HDRI10-7.1.2.0-160000.5.1
perl-PerlMagick-7.1.2.0-160000.5.1

References:

* https://www.suse.com/security/cve/CVE-2025-65955.html
* https://www.suse.com/security/cve/CVE-2025-66628.html
* https://www.suse.com/security/cve/CVE-2025-68618.html
* https://www.suse.com/security/cve/CVE-2025-68950.html
* https://www.suse.com/security/cve/CVE-2025-69204.html

openSUSE-SU-2026:20119-1: moderate: Security update for python-FontTools

openSUSE security update: security update for python-fonttools
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20119-1
Rating: moderate
References:

* bsc#1254366

Cross-References:

* CVE-2025-66034

CVSS scores:

* CVE-2025-66034 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L
* CVE-2025-66034 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for python-FontTools fixes the following issues:

- CVE-2025-66034: Fixed arbitrary file write vulnerability that could lead to remote code execution (bsc#1254366).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-204=1

Package List:

- openSUSE Leap 16.0:

python313-FontTools-4.53.1-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2025-66034.html

openSUSE-SU-2026:20125-1: important: Security update for python-python-multipart

openSUSE security update: security update for python-python-multipart
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20125-1
Rating: important
References:

* bsc#1257301

Cross-References:

* CVE-2026-24486

CVSS scores:

* CVE-2026-24486 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
* CVE-2026-24486 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for python-python-multipart fixes the following issues:

- CVE-2026-24486: Fixed non-default configuration options can lead to path traversal (bsc#1257301).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-210=1

Package List:

- openSUSE Leap 16.0:

python313-python-multipart-0.0.20-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-24486.html

openSUSE-SU-2026:20124-1: important: Security update for ucode-amd

openSUSE security update: security update for ucode-amd
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20124-1
Rating: important

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves various issues can now be installed.

Description:

This update for ucode-amd fixes the following issues:

Changes in ucode-amd:

- Update to version 20251203 (git commit a0f0e52138e5):

* linux-firmware: Update amd-ucode copyright information
* linux-firmware: Update AMD cpu microcode

- Update to version 20251113 (git commit fb0dbcd30118):

* linux-firmware: Update AMD cpu microcode

- Update to version 20251031 (git commit 04b323bb64f9):

* linux-firmware: Update AMD cpu microcode

- Update to version 20251028 (git commit 4f72031fc195):

* linux-firmware: Update AMD cpu microcode

- Update to version 20251024 (git commit 9b899c779b8a):

* amd-ucode: Fix minimum revisions in README

- Update to version 20250730 (git commit 910c19074091):

* linux-firmware: Update AMD cpu microcode

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-209=1

Package List:

- openSUSE Leap 16.0:

ucode-amd-20251203-160000.1.1

openSUSE-SU-2026:10130-1: moderate: python311-PyNaCl-1.6.2-1.1 on GA media

# python311-PyNaCl-1.6.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10130-1
Rating: moderate

Cross-References:

* CVE-2025-69277

CVSS scores:

* CVE-2025-69277 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-69277 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-PyNaCl-1.6.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-PyNaCl 1.6.2-1.1
* python312-PyNaCl 1.6.2-1.1
* python313-PyNaCl 1.6.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-69277.html

openSUSE-SU-2026:10131-1: moderate: trivy-0.69.0-1.1 on GA media

# trivy-0.69.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10131-1
Rating: moderate

Cross-References:

* CVE-2025-64702
* CVE-2025-66564

CVSS scores:

* CVE-2025-64702 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-64702 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the trivy-0.69.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* trivy 0.69.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-64702.html
* https://www.suse.com/security/cve/CVE-2025-66564.html

openSUSE-SU-2026:10129-1: moderate: libmlt++-7-7-7.36.1-1.1 on GA media

# libmlt++-7-7-7.36.1-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10129-1
Rating: moderate

Cross-References:

* CVE-2025-65834

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libmlt++-7-7-7.36.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libmlt++-7-7 7.36.1-1.1
* libmlt-7-7 7.36.1-1.1
* libmlt-devel 7.36.1-1.1
* libmlt7-data 7.36.1-1.1
* libmlt7-module-qt6 7.36.1-1.1
* libmlt7-modules 7.36.1-1.1
* melt 7.36.1-1.1
* python3-mlt 7.36.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-65834.html

SUSE-SU-2026:0363-1: important: Security update for java-21-openjdk

# Security update for java-21-openjdk

Announcement ID: SUSE-SU-2026:0363-1
Release Date: 2026-02-03T09:39:29Z
Rating: important
References:

* bsc#1257034
* bsc#1257036
* bsc#1257037
* bsc#1257038
* jsc#PED-14507
* jsc#PED-15217

Cross-References:

* CVE-2026-21925
* CVE-2026-21932
* CVE-2026-21933
* CVE-2026-21945

CVSS scores:

* CVE-2026-21925 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-21925 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-21932 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
* CVE-2026-21932 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
* CVE-2026-21933 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-21933 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-21945 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21945 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves four vulnerabilities and contains two features can now be
installed.

## Description:

This update for java-21-openjdk fixes the following issues:

Update to upstream tag jdk-21.0.10+7 (January 2026 CPU)

Security fixes:

* CVE-2026-21925: Fixed Oracle Java SE component RMI (bsc#1257034).
* CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX (bsc#1257036).
* CVE-2026-21933: Fixed Oracle Java SE component Networking (bsc#1257037).
* CVE-2026-21945: Fixed Oracle Java SE component Security (bsc#1257038).

Other fixes:

* Do not depend on update-desktop-files (jsc#PED-14507, jsc#PED-15217).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-363=1 openSUSE-SLE-15.6-2026-363=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-363=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-363=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-363=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* java-21-openjdk-devel-debuginfo-21.0.10.0-150600.3.23.1
* java-21-openjdk-demo-21.0.10.0-150600.3.23.1
* java-21-openjdk-src-21.0.10.0-150600.3.23.1
* java-21-openjdk-21.0.10.0-150600.3.23.1
* java-21-openjdk-headless-debuginfo-21.0.10.0-150600.3.23.1
* java-21-openjdk-devel-21.0.10.0-150600.3.23.1
* java-21-openjdk-headless-21.0.10.0-150600.3.23.1
* java-21-openjdk-jmods-21.0.10.0-150600.3.23.1
* java-21-openjdk-debugsource-21.0.10.0-150600.3.23.1
* java-21-openjdk-debuginfo-21.0.10.0-150600.3.23.1
* openSUSE Leap 15.6 (noarch)
* java-21-openjdk-javadoc-21.0.10.0-150600.3.23.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* java-21-openjdk-devel-debuginfo-21.0.10.0-150600.3.23.1
* java-21-openjdk-demo-21.0.10.0-150600.3.23.1
* java-21-openjdk-21.0.10.0-150600.3.23.1
* java-21-openjdk-headless-debuginfo-21.0.10.0-150600.3.23.1
* java-21-openjdk-devel-21.0.10.0-150600.3.23.1
* java-21-openjdk-headless-21.0.10.0-150600.3.23.1
* java-21-openjdk-debugsource-21.0.10.0-150600.3.23.1
* java-21-openjdk-debuginfo-21.0.10.0-150600.3.23.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* java-21-openjdk-devel-debuginfo-21.0.10.0-150600.3.23.1
* java-21-openjdk-demo-21.0.10.0-150600.3.23.1
* java-21-openjdk-21.0.10.0-150600.3.23.1
* java-21-openjdk-headless-debuginfo-21.0.10.0-150600.3.23.1
* java-21-openjdk-devel-21.0.10.0-150600.3.23.1
* java-21-openjdk-headless-21.0.10.0-150600.3.23.1
* java-21-openjdk-debugsource-21.0.10.0-150600.3.23.1
* java-21-openjdk-debuginfo-21.0.10.0-150600.3.23.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* java-21-openjdk-devel-debuginfo-21.0.10.0-150600.3.23.1
* java-21-openjdk-demo-21.0.10.0-150600.3.23.1
* java-21-openjdk-21.0.10.0-150600.3.23.1
* java-21-openjdk-headless-debuginfo-21.0.10.0-150600.3.23.1
* java-21-openjdk-devel-21.0.10.0-150600.3.23.1
* java-21-openjdk-headless-21.0.10.0-150600.3.23.1
* java-21-openjdk-debugsource-21.0.10.0-150600.3.23.1
* java-21-openjdk-debuginfo-21.0.10.0-150600.3.23.1

## References:

* https://www.suse.com/security/cve/CVE-2026-21925.html
* https://www.suse.com/security/cve/CVE-2026-21932.html
* https://www.suse.com/security/cve/CVE-2026-21933.html
* https://www.suse.com/security/cve/CVE-2026-21945.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257034
* https://bugzilla.suse.com/show_bug.cgi?id=1257036
* https://bugzilla.suse.com/show_bug.cgi?id=1257037
* https://bugzilla.suse.com/show_bug.cgi?id=1257038
* https://jira.suse.com/browse/PED-14507
* https://jira.suse.com/browse/PED-15217

SUSE-SU-2026:0364-1: moderate: Security update for libpng16

# Security update for libpng16

Announcement ID: SUSE-SU-2026:0364-1
Release Date: 2026-02-03T09:51:01Z
Rating: moderate
References:

* bsc#1257364
* bsc#1257365

Cross-References:

* CVE-2025-28162
* CVE-2025-28164

CVSS scores:

* CVE-2025-28162 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-28162 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-28162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-28164 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-28164 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-28164 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for libpng16 fixes the following issues:

* CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364).
* CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365).
* CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read
(bsc#1256525).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-364=1 openSUSE-SLE-15.6-2026-364=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-364=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libpng16-16-debuginfo-1.6.40-150600.3.9.1
* libpng16-tools-debuginfo-1.6.40-150600.3.9.1
* libpng16-compat-devel-1.6.40-150600.3.9.1
* libpng16-devel-1.6.40-150600.3.9.1
* libpng16-tools-1.6.40-150600.3.9.1
* libpng16-16-1.6.40-150600.3.9.1
* libpng16-debugsource-1.6.40-150600.3.9.1
* openSUSE Leap 15.6 (x86_64)
* libpng16-16-32bit-debuginfo-1.6.40-150600.3.9.1
* libpng16-devel-32bit-1.6.40-150600.3.9.1
* libpng16-compat-devel-32bit-1.6.40-150600.3.9.1
* libpng16-16-32bit-1.6.40-150600.3.9.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libpng16-16-64bit-debuginfo-1.6.40-150600.3.9.1
* libpng16-16-64bit-1.6.40-150600.3.9.1
* libpng16-devel-64bit-1.6.40-150600.3.9.1
* libpng16-compat-devel-64bit-1.6.40-150600.3.9.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libpng16-16-debuginfo-1.6.40-150600.3.9.1
* libpng16-compat-devel-1.6.40-150600.3.9.1
* libpng16-devel-1.6.40-150600.3.9.1
* libpng16-16-1.6.40-150600.3.9.1
* libpng16-debugsource-1.6.40-150600.3.9.1
* Basesystem Module 15-SP7 (x86_64)
* libpng16-16-32bit-debuginfo-1.6.40-150600.3.9.1
* libpng16-16-32bit-1.6.40-150600.3.9.1

## References:

* https://www.suse.com/security/cve/CVE-2025-28162.html
* https://www.suse.com/security/cve/CVE-2025-28164.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257364
* https://bugzilla.suse.com/show_bug.cgi?id=1257365

SUSE-SU-2026:0368-1: moderate: Security update for libsodium

# Security update for libsodium

Announcement ID: SUSE-SU-2026:0368-1
Release Date: 2026-02-03T13:41:03Z
Rating: moderate
References:

* bsc#1255764
* bsc#1256070

Cross-References:

* CVE-2025-15444
* CVE-2025-69277

CVSS scores:

* CVE-2025-15444 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-15444 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-69277 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-69277 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-69277 ( NVD ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for libsodium fixes the following issues:

* CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point
validation (bsc#1256070).
* CVE-2025-69277: Fixed incorrect validation of elliptic curve points in
crypto_core_ed25519_is_valid_point function (bsc#1255764).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-368=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-368=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-368=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-368=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-368=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-368=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-368=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-368=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-368=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libsodium23-debuginfo-1.0.18-150000.4.14.1
* libsodium23-1.0.18-150000.4.14.1
* libsodium-devel-1.0.18-150000.4.14.1
* libsodium-debugsource-1.0.18-150000.4.14.1
* openSUSE Leap 15.6 (x86_64)
* libsodium23-32bit-1.0.18-150000.4.14.1
* libsodium23-32bit-debuginfo-1.0.18-150000.4.14.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libsodium23-debuginfo-1.0.18-150000.4.14.1
* libsodium23-1.0.18-150000.4.14.1
* libsodium-debugsource-1.0.18-150000.4.14.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libsodium23-debuginfo-1.0.18-150000.4.14.1
* libsodium23-1.0.18-150000.4.14.1
* libsodium-debugsource-1.0.18-150000.4.14.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libsodium23-debuginfo-1.0.18-150000.4.14.1
* libsodium23-1.0.18-150000.4.14.1
* libsodium-debugsource-1.0.18-150000.4.14.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libsodium23-debuginfo-1.0.18-150000.4.14.1
* libsodium23-1.0.18-150000.4.14.1
* libsodium-debugsource-1.0.18-150000.4.14.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libsodium23-debuginfo-1.0.18-150000.4.14.1
* libsodium23-1.0.18-150000.4.14.1
* libsodium-debugsource-1.0.18-150000.4.14.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libsodium23-debuginfo-1.0.18-150000.4.14.1
* libsodium23-1.0.18-150000.4.14.1
* libsodium-devel-1.0.18-150000.4.14.1
* libsodium-debugsource-1.0.18-150000.4.14.1
* Basesystem Module 15-SP7 (x86_64)
* libsodium23-32bit-1.0.18-150000.4.14.1
* libsodium23-32bit-debuginfo-1.0.18-150000.4.14.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* libsodium23-debuginfo-1.0.18-150000.4.14.1
* libsodium23-1.0.18-150000.4.14.1
* libsodium-debugsource-1.0.18-150000.4.14.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* libsodium23-debuginfo-1.0.18-150000.4.14.1
* libsodium23-1.0.18-150000.4.14.1
* libsodium-debugsource-1.0.18-150000.4.14.1

## References:

* https://www.suse.com/security/cve/CVE-2025-15444.html
* https://www.suse.com/security/cve/CVE-2025-69277.html
* https://bugzilla.suse.com/show_bug.cgi?id=1255764
* https://bugzilla.suse.com/show_bug.cgi?id=1256070

SUSE-SU-2026:0367-1: moderate: Security update for python-urllib3

# Security update for python-urllib3

Announcement ID: SUSE-SU-2026:0367-1
Release Date: 2026-02-03T13:09:51Z
Rating: moderate
References:

* bsc#1254866
* bsc#1254867

Cross-References:

* CVE-2025-66418
* CVE-2025-66471

CVSS scores:

* CVE-2025-66418 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-66418 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-66418 ( NVD ): 8.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-66418 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-66471 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-66471 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-66471 ( NVD ): 8.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-66471 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6
* Public Cloud Module 15-SP4
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves two vulnerabilities can now be installed.

## Description:

This update for python-urllib3 fixes the following issues:

* CVE-2025-66471: excessive resource consumption via decompression of highly
compressed data in Streaming API (bsc#1254867).
* CVE-2025-66418: resource exhaustion via unbounded number of links in the
decompression chain (bsc#1254866).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-367=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-367=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-367=1

* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-367=1

## Package List:

* openSUSE Leap 15.4 (noarch)
* python311-urllib3-2.0.7-150400.7.27.1
* openSUSE Leap 15.6 (noarch)
* python311-urllib3-2.0.7-150400.7.27.1
* Public Cloud Module 15-SP4 (noarch)
* python311-urllib3-2.0.7-150400.7.27.1
* Python 3 Module 15-SP7 (noarch)
* python311-urllib3-2.0.7-150400.7.27.1

## References:

* https://www.suse.com/security/cve/CVE-2025-66418.html
* https://www.suse.com/security/cve/CVE-2025-66471.html
* https://bugzilla.suse.com/show_bug.cgi?id=1254866
* https://bugzilla.suse.com/show_bug.cgi?id=1254867

SUSE-SU-2026:0369-1: important: Security update for the Linux Kernel

# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2026:0369-1
Release Date: 2026-02-03T13:42:48Z
Rating: important
References:

* bsc#1065729
* bsc#1196823
* bsc#1204957
* bsc#1206889
* bsc#1207051
* bsc#1207088
* bsc#1207653
* bsc#1209799
* bsc#1213653
* bsc#1213969
* bsc#1225109
* bsc#1228015
* bsc#1245210
* bsc#1245751
* bsc#1249739
* bsc#1249871
* bsc#1250397
* bsc#1252678
* bsc#1254520
* bsc#1254592
* bsc#1254614
* bsc#1254615
* bsc#1254632
* bsc#1254634
* bsc#1254686
* bsc#1254711
* bsc#1254751
* bsc#1254763
* bsc#1254775
* bsc#1254785
* bsc#1254792
* bsc#1254813
* bsc#1254847
* bsc#1254851
* bsc#1254894
* bsc#1254902
* bsc#1254959
* bsc#1255002
* bsc#1255565
* bsc#1255576
* bsc#1255607
* bsc#1255609
* bsc#1255636
* bsc#1255844
* bsc#1255901
* bsc#1255908
* bsc#1255919
* bsc#1256040
* bsc#1256045
* bsc#1256048
* bsc#1256049
* bsc#1256053
* bsc#1256056
* bsc#1256064
* bsc#1256095
* bsc#1256127
* bsc#1256132
* bsc#1256136
* bsc#1256137
* bsc#1256143
* bsc#1256154
* bsc#1256165
* bsc#1256194
* bsc#1256203
* bsc#1256207
* bsc#1256208
* bsc#1256216
* bsc#1256230
* bsc#1256242
* bsc#1256248
* bsc#1256333
* bsc#1256344
* bsc#1256353
* bsc#1256426
* bsc#1256641
* bsc#1256779
* jsc#SLE-13847

Cross-References:

* CVE-2022-0854
* CVE-2022-48853
* CVE-2022-50282
* CVE-2022-50623
* CVE-2022-50630
* CVE-2022-50635
* CVE-2022-50640
* CVE-2022-50641
* CVE-2022-50644
* CVE-2022-50646
* CVE-2022-50649
* CVE-2022-50668
* CVE-2022-50671
* CVE-2022-50678
* CVE-2022-50700
* CVE-2022-50703
* CVE-2022-50709
* CVE-2022-50717
* CVE-2022-50726
* CVE-2022-50730
* CVE-2022-50731
* CVE-2022-50733
* CVE-2022-50736
* CVE-2022-50742
* CVE-2022-50744
* CVE-2022-50756
* CVE-2022-50758
* CVE-2022-50767
* CVE-2022-50814
* CVE-2022-50821
* CVE-2022-50823
* CVE-2022-50827
* CVE-2022-50828
* CVE-2022-50840
* CVE-2022-50843
* CVE-2022-50850
* CVE-2022-50870
* CVE-2022-50876
* CVE-2022-50880
* CVE-2022-50884
* CVE-2022-50889
* CVE-2023-23559
* CVE-2023-4132
* CVE-2023-53215
* CVE-2023-53254
* CVE-2023-53761
* CVE-2023-53781
* CVE-2023-54019
* CVE-2023-54024
* CVE-2023-54110
* CVE-2023-54142
* CVE-2023-54168
* CVE-2023-54170
* CVE-2023-54242
* CVE-2023-54243
* CVE-2023-54270
* CVE-2025-38068
* CVE-2025-38159
* CVE-2025-40019
* CVE-2025-40215
* CVE-2025-40220
* CVE-2025-40233
* CVE-2025-40256
* CVE-2025-40277
* CVE-2025-40280
* CVE-2025-40331
* CVE-2025-68813
* CVE-2025-71120

CVSS scores:

* CVE-2022-0854 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2022-0854 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2022-48853 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-48853 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2022-50282 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50282 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-50282 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50623 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50630 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50635 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50640 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50640 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50641 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2022-50641 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2022-50644 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2022-50644 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2022-50646 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2022-50646 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2022-50649 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2022-50649 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50668 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50671 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50678 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50700 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50700 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-50703 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50709 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50709 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2022-50717 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50717 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-50726 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50726 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-50730 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50731 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50733 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50733 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50736 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50736 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-50742 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50742 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50744 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50744 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50756 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50756 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-50758 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50758 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50767 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
* CVE-2022-50814 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50821 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50823 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50823 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50827 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50827 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50828 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50840 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50843 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50850 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50870 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50876 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50880 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50884 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50889 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50889 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
* CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4132 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4132 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4132 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53215 ( SUSE ): 0.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2023-53215 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N
* CVE-2023-53215 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53215 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53254 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53254 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53254 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-53254 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-53761 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53761 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53781 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53781 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-54019 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-54024 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-54110 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-54142 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-54142 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-54168 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-54170 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-54242 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-54242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-54243 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2023-54243 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2023-54270 ( SUSE ): 5.4
CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-54270 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38068 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38068 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-38068 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38159 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38159 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-40019 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40019 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40215 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40215 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40220 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40220 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40233 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40256 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40277 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40280 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40280 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40331 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68813 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71120 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2

An update that solves 68 vulnerabilities, contains one feature and has eight
security fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP3 kernel was updated to fix various security
issues

The following security issues were fixed:

* CVE-2022-50282: chardev: fix error handling in cdev_device_add()
(bsc#1249739).
* CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault
(bsc#1254785).
* CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer
(bsc#1255576).
* CVE-2022-50717: nvmet-tcp: add bounds check on Transfer Tag (bsc#1255844).
* CVE-2022-50726: net/mlx5: Fix possible use-after-free in async command
interface (bsc#1256040).
* CVE-2022-50736: RDMA/siw: Fix immediate work request flush to completion
queue (bsc#1256137).
* CVE-2022-50756: nvme-core: replace ctrl page size with a macro
(bsc#1256216).
* CVE-2023-53215: sched/fair: Don't balance task to its current running CPU
(bsc#1250397).
* CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at
different levels (bsc#1249871).
* CVE-2023-53761: USB: usbtmc: Fix direction for 0-length ioctl control
messages (bsc#1255002).
* CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler()
(bsc#1254751).
* CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy()
(bsc#1256095).
* CVE-2023-54168: RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
(bsc#1256053).
* CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free
(bsc#1255908).
* CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
* CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out
of bounds (bsc#1245751).
* CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place
encryption (bsc#1252678).
* CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
* CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk
workers (bsc#1254520).
* CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents
(bsc#1254813).
* CVE-2025-40277: drm/vmwgfx: Validate command header size against
(bsc#1254894).
* CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self()
(bsc#1254847).
* CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
* CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path
(bsc#1256641).
* CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
gss_token in gss_read_proxy_verf (bsc#1256779).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-369=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-369=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-369=1

## Package List:

* openSUSE Leap 15.3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.232.1
* openSUSE Leap 15.3 (noarch)
* kernel-docs-html-5.3.18-150300.59.232.1
* kernel-source-vanilla-5.3.18-150300.59.232.1
* kernel-devel-5.3.18-150300.59.232.1
* kernel-macros-5.3.18-150300.59.232.1
* kernel-source-5.3.18-150300.59.232.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64)
* kernel-default-optional-debuginfo-5.3.18-150300.59.232.1
* kernel-obs-build-5.3.18-150300.59.232.1
* kernel-default-debuginfo-5.3.18-150300.59.232.1
* kernel-default-extra-5.3.18-150300.59.232.1
* kernel-syms-5.3.18-150300.59.232.1
* kernel-default-devel-5.3.18-150300.59.232.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.232.1
* gfs2-kmp-default-debuginfo-5.3.18-150300.59.232.1
* ocfs2-kmp-default-debuginfo-5.3.18-150300.59.232.1
* cluster-md-kmp-default-5.3.18-150300.59.232.1
* reiserfs-kmp-default-5.3.18-150300.59.232.1
* kernel-obs-qa-5.3.18-150300.59.232.1
* kernel-default-debugsource-5.3.18-150300.59.232.1
* kernel-default-livepatch-5.3.18-150300.59.232.1
* kernel-default-base-5.3.18-150300.59.232.1.150300.18.138.1
* kernel-default-base-rebuild-5.3.18-150300.59.232.1.150300.18.138.1
* dlm-kmp-default-5.3.18-150300.59.232.1
* kselftests-kmp-default-debuginfo-5.3.18-150300.59.232.1
* kselftests-kmp-default-5.3.18-150300.59.232.1
* ocfs2-kmp-default-5.3.18-150300.59.232.1
* cluster-md-kmp-default-debuginfo-5.3.18-150300.59.232.1
* dlm-kmp-default-debuginfo-5.3.18-150300.59.232.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.232.1
* kernel-obs-build-debugsource-5.3.18-150300.59.232.1
* kernel-default-extra-debuginfo-5.3.18-150300.59.232.1
* kernel-default-optional-5.3.18-150300.59.232.1
* gfs2-kmp-default-5.3.18-150300.59.232.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.3.18-150300.59.232.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-default-livepatch-devel-5.3.18-150300.59.232.1
* openSUSE Leap 15.3 (nosrc ppc64le x86_64)
* kernel-kvmsmall-5.3.18-150300.59.232.1
* openSUSE Leap 15.3 (ppc64le x86_64)
* kernel-kvmsmall-devel-5.3.18-150300.59.232.1
* kernel-kvmsmall-debuginfo-5.3.18-150300.59.232.1
* kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.232.1
* kernel-kvmsmall-debugsource-5.3.18-150300.59.232.1
* openSUSE Leap 15.3 (aarch64 x86_64)
* gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.232.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.232.1
* kernel-preempt-debugsource-5.3.18-150300.59.232.1
* kernel-preempt-extra-5.3.18-150300.59.232.1
* kernel-preempt-optional-debuginfo-5.3.18-150300.59.232.1
* kselftests-kmp-preempt-5.3.18-150300.59.232.1
* dlm-kmp-preempt-debuginfo-5.3.18-150300.59.232.1
* kernel-preempt-extra-debuginfo-5.3.18-150300.59.232.1
* kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.232.1
* cluster-md-kmp-preempt-5.3.18-150300.59.232.1
* kernel-preempt-optional-5.3.18-150300.59.232.1
* kernel-preempt-devel-5.3.18-150300.59.232.1
* kernel-preempt-debuginfo-5.3.18-150300.59.232.1
* reiserfs-kmp-preempt-5.3.18-150300.59.232.1
* reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.232.1
* gfs2-kmp-preempt-5.3.18-150300.59.232.1
* ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.232.1
* dlm-kmp-preempt-5.3.18-150300.59.232.1
* cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.232.1
* ocfs2-kmp-preempt-5.3.18-150300.59.232.1
* openSUSE Leap 15.3 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.232.1
* openSUSE Leap 15.3 (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.232.1
* openSUSE Leap 15.3 (s390x)
* kernel-zfcpdump-debugsource-5.3.18-150300.59.232.1
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.232.1
* openSUSE Leap 15.3 (nosrc)
* dtb-aarch64-5.3.18-150300.59.232.1
* openSUSE Leap 15.3 (aarch64)
* dtb-al-5.3.18-150300.59.232.1
* dtb-exynos-5.3.18-150300.59.232.1
* dtb-amd-5.3.18-150300.59.232.1
* kselftests-kmp-64kb-5.3.18-150300.59.232.1
* dtb-allwinner-5.3.18-150300.59.232.1
* dtb-rockchip-5.3.18-150300.59.232.1
* cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.232.1
* ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.232.1
* gfs2-kmp-64kb-5.3.18-150300.59.232.1
* dtb-cavium-5.3.18-150300.59.232.1
* dtb-broadcom-5.3.18-150300.59.232.1
* dtb-arm-5.3.18-150300.59.232.1
* dtb-nvidia-5.3.18-150300.59.232.1
* kernel-64kb-debuginfo-5.3.18-150300.59.232.1
* dtb-amlogic-5.3.18-150300.59.232.1
* dtb-qcom-5.3.18-150300.59.232.1
* cluster-md-kmp-64kb-5.3.18-150300.59.232.1
* gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.232.1
* kernel-64kb-extra-debuginfo-5.3.18-150300.59.232.1
* reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.232.1
* dtb-altera-5.3.18-150300.59.232.1
* dtb-sprd-5.3.18-150300.59.232.1
* kernel-64kb-extra-5.3.18-150300.59.232.1
* dtb-marvell-5.3.18-150300.59.232.1
* kernel-64kb-devel-5.3.18-150300.59.232.1
* kernel-64kb-optional-debuginfo-5.3.18-150300.59.232.1
* dtb-renesas-5.3.18-150300.59.232.1
* dtb-zte-5.3.18-150300.59.232.1
* reiserfs-kmp-64kb-5.3.18-150300.59.232.1
* dtb-freescale-5.3.18-150300.59.232.1
* dlm-kmp-64kb-5.3.18-150300.59.232.1
* dtb-xilinx-5.3.18-150300.59.232.1
* dtb-mediatek-5.3.18-150300.59.232.1
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.232.1
* kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.232.1
* ocfs2-kmp-64kb-5.3.18-150300.59.232.1
* dlm-kmp-64kb-debuginfo-5.3.18-150300.59.232.1
* kernel-64kb-debugsource-5.3.18-150300.59.232.1
* kernel-64kb-optional-5.3.18-150300.59.232.1
* dtb-lg-5.3.18-150300.59.232.1
* dtb-hisilicon-5.3.18-150300.59.232.1
* dtb-apm-5.3.18-150300.59.232.1
* dtb-socionext-5.3.18-150300.59.232.1
* openSUSE Leap 15.3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.232.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.232.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.232.1.150300.18.138.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.3.18-150300.59.232.1
* kernel-default-debuginfo-5.3.18-150300.59.232.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.232.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.232.1.150300.18.138.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.3.18-150300.59.232.1
* kernel-default-debuginfo-5.3.18-150300.59.232.1

## References:

* https://www.suse.com/security/cve/CVE-2022-0854.html
* https://www.suse.com/security/cve/CVE-2022-48853.html
* https://www.suse.com/security/cve/CVE-2022-50282.html
* https://www.suse.com/security/cve/CVE-2022-50623.html
* https://www.suse.com/security/cve/CVE-2022-50630.html
* https://www.suse.com/security/cve/CVE-2022-50635.html
* https://www.suse.com/security/cve/CVE-2022-50640.html
* https://www.suse.com/security/cve/CVE-2022-50641.html
* https://www.suse.com/security/cve/CVE-2022-50644.html
* https://www.suse.com/security/cve/CVE-2022-50646.html
* https://www.suse.com/security/cve/CVE-2022-50649.html
* https://www.suse.com/security/cve/CVE-2022-50668.html
* https://www.suse.com/security/cve/CVE-2022-50671.html
* https://www.suse.com/security/cve/CVE-2022-50678.html
* https://www.suse.com/security/cve/CVE-2022-50700.html
* https://www.suse.com/security/cve/CVE-2022-50703.html
* https://www.suse.com/security/cve/CVE-2022-50709.html
* https://www.suse.com/security/cve/CVE-2022-50717.html
* https://www.suse.com/security/cve/CVE-2022-50726.html
* https://www.suse.com/security/cve/CVE-2022-50730.html
* https://www.suse.com/security/cve/CVE-2022-50731.html
* https://www.suse.com/security/cve/CVE-2022-50733.html
* https://www.suse.com/security/cve/CVE-2022-50736.html
* https://www.suse.com/security/cve/CVE-2022-50742.html
* https://www.suse.com/security/cve/CVE-2022-50744.html
* https://www.suse.com/security/cve/CVE-2022-50756.html
* https://www.suse.com/security/cve/CVE-2022-50758.html
* https://www.suse.com/security/cve/CVE-2022-50767.html
* https://www.suse.com/security/cve/CVE-2022-50814.html
* https://www.suse.com/security/cve/CVE-2022-50821.html
* https://www.suse.com/security/cve/CVE-2022-50823.html
* https://www.suse.com/security/cve/CVE-2022-50827.html
* https://www.suse.com/security/cve/CVE-2022-50828.html
* https://www.suse.com/security/cve/CVE-2022-50840.html
* https://www.suse.com/security/cve/CVE-2022-50843.html
* https://www.suse.com/security/cve/CVE-2022-50850.html
* https://www.suse.com/security/cve/CVE-2022-50870.html
* https://www.suse.com/security/cve/CVE-2022-50876.html
* https://www.suse.com/security/cve/CVE-2022-50880.html
* https://www.suse.com/security/cve/CVE-2022-50884.html
* https://www.suse.com/security/cve/CVE-2022-50889.html
* https://www.suse.com/security/cve/CVE-2023-23559.html
* https://www.suse.com/security/cve/CVE-2023-4132.html
* https://www.suse.com/security/cve/CVE-2023-53215.html
* https://www.suse.com/security/cve/CVE-2023-53254.html
* https://www.suse.com/security/cve/CVE-2023-53761.html
* https://www.suse.com/security/cve/CVE-2023-53781.html
* https://www.suse.com/security/cve/CVE-2023-54019.html
* https://www.suse.com/security/cve/CVE-2023-54024.html
* https://www.suse.com/security/cve/CVE-2023-54110.html
* https://www.suse.com/security/cve/CVE-2023-54142.html
* https://www.suse.com/security/cve/CVE-2023-54168.html
* https://www.suse.com/security/cve/CVE-2023-54170.html
* https://www.suse.com/security/cve/CVE-2023-54242.html
* https://www.suse.com/security/cve/CVE-2023-54243.html
* https://www.suse.com/security/cve/CVE-2023-54270.html
* https://www.suse.com/security/cve/CVE-2025-38068.html
* https://www.suse.com/security/cve/CVE-2025-38159.html
* https://www.suse.com/security/cve/CVE-2025-40019.html
* https://www.suse.com/security/cve/CVE-2025-40215.html
* https://www.suse.com/security/cve/CVE-2025-40220.html
* https://www.suse.com/security/cve/CVE-2025-40233.html
* https://www.suse.com/security/cve/CVE-2025-40256.html
* https://www.suse.com/security/cve/CVE-2025-40277.html
* https://www.suse.com/security/cve/CVE-2025-40280.html
* https://www.suse.com/security/cve/CVE-2025-40331.html
* https://www.suse.com/security/cve/CVE-2025-68813.html
* https://www.suse.com/security/cve/CVE-2025-71120.html
* https://bugzilla.suse.com/show_bug.cgi?id=1065729
* https://bugzilla.suse.com/show_bug.cgi?id=1196823
* https://bugzilla.suse.com/show_bug.cgi?id=1204957
* https://bugzilla.suse.com/show_bug.cgi?id=1206889
* https://bugzilla.suse.com/show_bug.cgi?id=1207051
* https://bugzilla.suse.com/show_bug.cgi?id=1207088
* https://bugzilla.suse.com/show_bug.cgi?id=1207653
* https://bugzilla.suse.com/show_bug.cgi?id=1209799
* https://bugzilla.suse.com/show_bug.cgi?id=1213653
* https://bugzilla.suse.com/show_bug.cgi?id=1213969
* https://bugzilla.suse.com/show_bug.cgi?id=1225109
* https://bugzilla.suse.com/show_bug.cgi?id=1228015
* https://bugzilla.suse.com/show_bug.cgi?id=1245210
* https://bugzilla.suse.com/show_bug.cgi?id=1245751
* https://bugzilla.suse.com/show_bug.cgi?id=1249739
* https://bugzilla.suse.com/show_bug.cgi?id=1249871
* https://bugzilla.suse.com/show_bug.cgi?id=1250397
* https://bugzilla.suse.com/show_bug.cgi?id=1252678
* https://bugzilla.suse.com/show_bug.cgi?id=1254520
* https://bugzilla.suse.com/show_bug.cgi?id=1254592
* https://bugzilla.suse.com/show_bug.cgi?id=1254614
* https://bugzilla.suse.com/show_bug.cgi?id=1254615
* https://bugzilla.suse.com/show_bug.cgi?id=1254632
* https://bugzilla.suse.com/show_bug.cgi?id=1254634
* https://bugzilla.suse.com/show_bug.cgi?id=1254686
* https://bugzilla.suse.com/show_bug.cgi?id=1254711
* https://bugzilla.suse.com/show_bug.cgi?id=1254751
* https://bugzilla.suse.com/show_bug.cgi?id=1254763
* https://bugzilla.suse.com/show_bug.cgi?id=1254775
* https://bugzilla.suse.com/show_bug.cgi?id=1254785
* https://bugzilla.suse.com/show_bug.cgi?id=1254792
* https://bugzilla.suse.com/show_bug.cgi?id=1254813
* https://bugzilla.suse.com/show_bug.cgi?id=1254847
* https://bugzilla.suse.com/show_bug.cgi?id=1254851
* https://bugzilla.suse.com/show_bug.cgi?id=1254894
* https://bugzilla.suse.com/show_bug.cgi?id=1254902
* https://bugzilla.suse.com/show_bug.cgi?id=1254959
* https://bugzilla.suse.com/show_bug.cgi?id=1255002
* https://bugzilla.suse.com/show_bug.cgi?id=1255565
* https://bugzilla.suse.com/show_bug.cgi?id=1255576
* https://bugzilla.suse.com/show_bug.cgi?id=1255607
* https://bugzilla.suse.com/show_bug.cgi?id=1255609
* https://bugzilla.suse.com/show_bug.cgi?id=1255636
* https://bugzilla.suse.com/show_bug.cgi?id=1255844
* https://bugzilla.suse.com/show_bug.cgi?id=1255901
* https://bugzilla.suse.com/show_bug.cgi?id=1255908
* https://bugzilla.suse.com/show_bug.cgi?id=1255919
* https://bugzilla.suse.com/show_bug.cgi?id=1256040
* https://bugzilla.suse.com/show_bug.cgi?id=1256045
* https://bugzilla.suse.com/show_bug.cgi?id=1256048
* https://bugzilla.suse.com/show_bug.cgi?id=1256049
* https://bugzilla.suse.com/show_bug.cgi?id=1256053
* https://bugzilla.suse.com/show_bug.cgi?id=1256056
* https://bugzilla.suse.com/show_bug.cgi?id=1256064
* https://bugzilla.suse.com/show_bug.cgi?id=1256095
* https://bugzilla.suse.com/show_bug.cgi?id=1256127
* https://bugzilla.suse.com/show_bug.cgi?id=1256132
* https://bugzilla.suse.com/show_bug.cgi?id=1256136
* https://bugzilla.suse.com/show_bug.cgi?id=1256137
* https://bugzilla.suse.com/show_bug.cgi?id=1256143
* https://bugzilla.suse.com/show_bug.cgi?id=1256154
* https://bugzilla.suse.com/show_bug.cgi?id=1256165
* https://bugzilla.suse.com/show_bug.cgi?id=1256194
* https://bugzilla.suse.com/show_bug.cgi?id=1256203
* https://bugzilla.suse.com/show_bug.cgi?id=1256207
* https://bugzilla.suse.com/show_bug.cgi?id=1256208
* https://bugzilla.suse.com/show_bug.cgi?id=1256216
* https://bugzilla.suse.com/show_bug.cgi?id=1256230
* https://bugzilla.suse.com/show_bug.cgi?id=1256242
* https://bugzilla.suse.com/show_bug.cgi?id=1256248
* https://bugzilla.suse.com/show_bug.cgi?id=1256333
* https://bugzilla.suse.com/show_bug.cgi?id=1256344
* https://bugzilla.suse.com/show_bug.cgi?id=1256353
* https://bugzilla.suse.com/show_bug.cgi?id=1256426
* https://bugzilla.suse.com/show_bug.cgi?id=1256641
* https://bugzilla.suse.com/show_bug.cgi?id=1256779
* https://jira.suse.com/browse/SLE-13847

SUSE-SU-2026:0370-1: moderate: Security update for php8

# Security update for php8

Announcement ID: SUSE-SU-2026:0370-1
Release Date: 2026-02-03T15:20:51Z
Rating: moderate
References:

* bsc#1255711

Cross-References:

* CVE-2025-14178

CVSS scores:

* CVE-2025-14178 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-14178 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-14178 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-14178 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Affected Products:

* openSUSE Leap 15.4

An update that solves one vulnerability can now be installed.

## Description:

This update for php8 fixes the following issues:

* CVE-2025-14178: heap buffer overflow occurs in array_merge() when the total
element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE
(bsc#1255711).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-370=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* php8-xmlwriter-debuginfo-8.0.30-150400.4.60.1
* php8-odbc-8.0.30-150400.4.60.1
* php8-pcntl-debuginfo-8.0.30-150400.4.60.1
* php8-gettext-8.0.30-150400.4.60.1
* php8-snmp-8.0.30-150400.4.60.1
* php8-dom-8.0.30-150400.4.60.1
* php8-zip-debuginfo-8.0.30-150400.4.60.1
* php8-mysql-8.0.30-150400.4.60.1
* php8-tokenizer-8.0.30-150400.4.60.1
* php8-xmlreader-debuginfo-8.0.30-150400.4.60.1
* php8-soap-8.0.30-150400.4.60.1
* php8-fileinfo-8.0.30-150400.4.60.1
* php8-bz2-debuginfo-8.0.30-150400.4.60.1
* php8-calendar-debuginfo-8.0.30-150400.4.60.1
* php8-bcmath-debuginfo-8.0.30-150400.4.60.1
* php8-ctype-8.0.30-150400.4.60.1
* php8-xsl-debuginfo-8.0.30-150400.4.60.1
* php8-mysql-debuginfo-8.0.30-150400.4.60.1
* php8-sockets-8.0.30-150400.4.60.1
* php8-pgsql-8.0.30-150400.4.60.1
* php8-soap-debuginfo-8.0.30-150400.4.60.1
* php8-xmlwriter-8.0.30-150400.4.60.1
* php8-mbstring-debuginfo-8.0.30-150400.4.60.1
* php8-zip-8.0.30-150400.4.60.1
* php8-cli-debuginfo-8.0.30-150400.4.60.1
* php8-exif-debuginfo-8.0.30-150400.4.60.1
* php8-opcache-8.0.30-150400.4.60.1
* php8-opcache-debuginfo-8.0.30-150400.4.60.1
* php8-debuginfo-8.0.30-150400.4.60.1
* php8-zlib-8.0.30-150400.4.60.1
* php8-enchant-8.0.30-150400.4.60.1
* php8-bz2-8.0.30-150400.4.60.1
* php8-sodium-8.0.30-150400.4.60.1
* php8-snmp-debuginfo-8.0.30-150400.4.60.1
* php8-pdo-8.0.30-150400.4.60.1
* php8-shmop-8.0.30-150400.4.60.1
* apache2-mod_php8-debugsource-8.0.30-150400.4.60.1
* php8-sysvmsg-debuginfo-8.0.30-150400.4.60.1
* php8-sockets-debuginfo-8.0.30-150400.4.60.1
* php8-tokenizer-debuginfo-8.0.30-150400.4.60.1
* php8-debugsource-8.0.30-150400.4.60.1
* php8-fastcgi-8.0.30-150400.4.60.1
* php8-cli-8.0.30-150400.4.60.1
* php8-exif-8.0.30-150400.4.60.1
* php8-openssl-debuginfo-8.0.30-150400.4.60.1
* php8-gd-debuginfo-8.0.30-150400.4.60.1
* php8-gd-8.0.30-150400.4.60.1
* php8-phar-8.0.30-150400.4.60.1
* php8-sysvshm-8.0.30-150400.4.60.1
* php8-xmlreader-8.0.30-150400.4.60.1
* php8-posix-debuginfo-8.0.30-150400.4.60.1
* php8-fastcgi-debugsource-8.0.30-150400.4.60.1
* php8-xsl-8.0.30-150400.4.60.1
* php8-sysvshm-debuginfo-8.0.30-150400.4.60.1
* php8-phar-debuginfo-8.0.30-150400.4.60.1
* php8-fastcgi-debuginfo-8.0.30-150400.4.60.1
* apache2-mod_php8-debuginfo-8.0.30-150400.4.60.1
* php8-curl-debuginfo-8.0.30-150400.4.60.1
* php8-openssl-8.0.30-150400.4.60.1
* php8-embed-debuginfo-8.0.30-150400.4.60.1
* php8-tidy-debuginfo-8.0.30-150400.4.60.1
* php8-dom-debuginfo-8.0.30-150400.4.60.1
* php8-ftp-8.0.30-150400.4.60.1
* php8-sqlite-8.0.30-150400.4.60.1
* php8-pdo-debuginfo-8.0.30-150400.4.60.1
* php8-readline-8.0.30-150400.4.60.1
* php8-embed-8.0.30-150400.4.60.1
* php8-embed-debugsource-8.0.30-150400.4.60.1
* php8-intl-8.0.30-150400.4.60.1
* php8-zlib-debuginfo-8.0.30-150400.4.60.1
* php8-sqlite-debuginfo-8.0.30-150400.4.60.1
* php8-ldap-debuginfo-8.0.30-150400.4.60.1
* php8-mbstring-8.0.30-150400.4.60.1
* php8-sysvsem-debuginfo-8.0.30-150400.4.60.1
* php8-iconv-8.0.30-150400.4.60.1
* php8-curl-8.0.30-150400.4.60.1
* php8-fpm-debuginfo-8.0.30-150400.4.60.1
* php8-gettext-debuginfo-8.0.30-150400.4.60.1
* php8-calendar-8.0.30-150400.4.60.1
* php8-devel-8.0.30-150400.4.60.1
* php8-sodium-debuginfo-8.0.30-150400.4.60.1
* php8-ftp-debuginfo-8.0.30-150400.4.60.1
* php8-sysvsem-8.0.30-150400.4.60.1
* php8-sysvmsg-8.0.30-150400.4.60.1
* php8-posix-8.0.30-150400.4.60.1
* php8-intl-debuginfo-8.0.30-150400.4.60.1
* php8-bcmath-8.0.30-150400.4.60.1
* php8-ctype-debuginfo-8.0.30-150400.4.60.1
* php8-fpm-8.0.30-150400.4.60.1
* php8-test-8.0.30-150400.4.60.1
* php8-8.0.30-150400.4.60.1
* php8-dba-8.0.30-150400.4.60.1
* apache2-mod_php8-8.0.30-150400.4.60.1
* php8-dba-debuginfo-8.0.30-150400.4.60.1
* php8-gmp-debuginfo-8.0.30-150400.4.60.1
* php8-fpm-debugsource-8.0.30-150400.4.60.1
* php8-iconv-debuginfo-8.0.30-150400.4.60.1
* php8-ldap-8.0.30-150400.4.60.1
* php8-gmp-8.0.30-150400.4.60.1
* php8-odbc-debuginfo-8.0.30-150400.4.60.1
* php8-fileinfo-debuginfo-8.0.30-150400.4.60.1
* php8-enchant-debuginfo-8.0.30-150400.4.60.1
* php8-pgsql-debuginfo-8.0.30-150400.4.60.1
* php8-shmop-debuginfo-8.0.30-150400.4.60.1
* php8-readline-debuginfo-8.0.30-150400.4.60.1
* php8-pcntl-8.0.30-150400.4.60.1
* php8-tidy-8.0.30-150400.4.60.1

## References:

* https://www.suse.com/security/cve/CVE-2025-14178.html
* https://bugzilla.suse.com/show_bug.cgi?id=1255711

CURL, Kernel, Podman, v4l-Utils, Shim updates for Oracle Linux

CRaC JDK, OpenJDK, Keystone Middleware updates for Ubuntu

OpenSSL, Glib2, Chromium, and more updates for SUSE Linux

openSUSE-SU-2026:20152-1: important: Security update for openssl-3

openSUSE-SU-2026:20150-1: important: Security update for glib2

openSUSE-SU-2026:20156-1: moderate: Security update for chromium

openSUSE-SU-2026:20142-1: important: Security update for libsoup

openSUSE-SU-2026:20148-1: moderate: Security update for dpdk

openSUSE-SU-2026:20147-1: important: Security update for python-wheel

openSUSE-SU-2026:20141-1: moderate: Security update for udisks2

openSUSE-SU-2026:20139-1: moderate: Security update for unbound

openSUSE-SU-2026:20145-1: important: Security update for the Linux Kernel

openSUSE-SU-2026:20151-1: moderate: Security update for wireshark

openSUSE-SU-2026:20138-1: moderate: Security update for jasper

openSUSE-SU-2026:20140-1: important: Security update for alloy

openSUSE-SU-2026:20137-1: important: Security update for openvpn

openSUSE-SU-2026:20134-1: important: Security update for java-17-openjdk

openSUSE-SU-2026:20132-1: important: Security update for elemental-register, elemental-toolkit

openSUSE-SU-2026:20133-1: important: Security update for glibc

openSUSE-SU-2026:20131-1: important: Security update for postgresql17 and postgresql18

openSUSE-SU-2026:20127-1: important: Security update for python-urllib3

openSUSE-SU-2026:20130-1: important: Security update for postgresql16

openSUSE-SU-2026:20120-1: important: Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16)

openSUSE-SU-2026:20122-1: moderate: Security update for python-h2

openSUSE-SU-2026:20118-1: important: Security update for ImageMagick

openSUSE-SU-2026:20119-1: moderate: Security update for python-FontTools

openSUSE-SU-2026:20125-1: important: Security update for python-python-multipart

openSUSE-SU-2026:20124-1: important: Security update for ucode-amd

openSUSE-SU-2026:10130-1: moderate: python311-PyNaCl-1.6.2-1.1 on GA media

openSUSE-SU-2026:10131-1: moderate: trivy-0.69.0-1.1 on GA media

openSUSE-SU-2026:10129-1: moderate: libmlt++-7-7-7.36.1-1.1 on GA media

SUSE-SU-2026:0363-1: important: Security update for java-21-openjdk

SUSE-SU-2026:0364-1: moderate: Security update for libpng16

SUSE-SU-2026:0368-1: moderate: Security update for libsodium

SUSE-SU-2026:0367-1: moderate: Security update for python-urllib3

SUSE-SU-2026:0369-1: important: Security update for the Linux Kernel

SUSE-SU-2026:0370-1: moderate: Security update for php8

Windows

Linux

macOS

Community