SUSE 5339 Published by

SUSE has announced the release of multiple security updates, which include python311-pyspnego, ruby3.4-rubygem-actionmailer, kramdown, web-console, sprockets, multi_xml, pycapnp, pycapnp-jquery-rails, pywayland, pywayland-loofah, py7zr, oauthlib, fluentd, nltk, activestorage, activerecord, loguru, cramjam, python311-suds, httptools, jwcrypto, and python311-mechanize:

openSUSE-SU-2025:15103-1: moderate: python311-pyspnego-0.11.2-1.4 on GA media
openSUSE-SU-2025:15109-1: moderate: ruby3.4-rubygem-actionmailer-7.0-7.0.8.6-1.3 on GA media
openSUSE-SU-2025:15119-1: moderate: ruby3.4-rubygem-kramdown-2.4.0-1.15 on GA media
openSUSE-SU-2025:15129-1: moderate: ruby3.4-rubygem-web-console-4.2.1-1.7 on GA media
openSUSE-SU-2025:15128-1: moderate: ruby3.4-rubygem-sprockets-3.7-3.7.5-1.3 on GA media
openSUSE-SU-2025:15122-1: moderate: ruby3.4-rubygem-multi_xml-0.6.0-1.29 on GA media
openSUSE-SU-2025:15127-1: moderate: ruby3.4-rubygem-sprockets-4.2.1-1.7 on GA media
openSUSE-SU-2025:15111-1: moderate: ruby3.4-rubygem-actiontext-7.0-7.0.8.6-1.3 on GA media
openSUSE-SU-2025:15107-1: moderate: python311-ujson-5.10.0-1.5 on GA media
openSUSE-SU-2025:15123-1: moderate: ruby3.4-rubygem-puma-6.4.3-1.3 on GA media
openSUSE-SU-2025:15130-1: moderate: ruby3.4-rubygem-websocket-extensions-0.1.5-1.22 on GA media
openSUSE-SU-2025:15117-1: moderate: ruby3.4-rubygem-jquery-rails-4.6.0-1.7 on GA media
openSUSE-SU-2025:15106-1: moderate: python311-treq-24.9.1-1.4 on GA media
openSUSE-SU-2025:15125-1: moderate: ruby3.4-rubygem-rails-html-sanitizer-1.6.0-1.7 on GA media
openSUSE-SU-2025:15102-1: moderate: python311-pycapnp-2.0.0-2.5 on GA media
openSUSE-SU-2025:15124-1: moderate: ruby3.4-rubygem-rails-7.0-7.0.8.6-1.3 on GA media
openSUSE-SU-2025:15104-1: moderate: python311-pywayland-0.4.17-3.5 on GA media
openSUSE-SU-2025:15120-1: moderate: ruby3.4-rubygem-loofah-2.23.1-1.3 on GA media
openSUSE-SU-2025:15116-1: moderate: ruby3.4-rubygem-globalid-1.2.1-1.7 on GA media
openSUSE-SU-2025:15101-1: moderate: python311-py7zr-0.20.8-2.6 on GA media
openSUSE-SU-2025:15100-1: moderate: python311-oauthlib-3.2.2-5.4 on GA media
openSUSE-SU-2025:15115-1: moderate: ruby3.4-rubygem-fluentd-1.17.1-1.3 on GA media
openSUSE-SU-2025:15099-1: moderate: python311-nltk-3.9.1-2.4 on GA media
openSUSE-SU-2025:15113-1: moderate: ruby3.4-rubygem-activestorage-7.0-7.0.8.6-1.3 on GA media
openSUSE-SU-2025:15112-1: moderate: ruby3.4-rubygem-activerecord-7.0-7.0.8.6-1.3 on GA media
openSUSE-SU-2025:15097-1: moderate: python311-loguru-0.7.2-2.5 on GA media
openSUSE-SU-2025:15108-1: moderate: python311-waitress-3.0.2-1.4 on GA media
openSUSE-SU-2025:15094-1: moderate: python311-cramjam-2.9.1-1.3 on GA media
openSUSE-SU-2025:15105-1: moderate: python311-suds-1.2.0-2.4 on GA media
openSUSE-SU-2025:15095-1: moderate: python311-httptools-0.6.1-1.9 on GA media
openSUSE-SU-2025:15096-1: moderate: python311-jwcrypto-1.5.6-2.5 on GA media
openSUSE-SU-2025:15098-1: moderate: python311-mechanize-0.4.10-1.4 on GA media




openSUSE-SU-2025:15103-1: moderate: python311-pyspnego-0.11.2-1.4 on GA media


# python311-pyspnego-0.11.2-1.4 on GA media

Announcement ID: openSUSE-SU-2025:15103-1
Rating: moderate

Cross-References:

* CVE-2018-0886

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-pyspnego-0.11.2-1.4 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-pyspnego 0.11.2-1.4
* python312-pyspnego 0.11.2-1.4
* python313-pyspnego 0.11.2-1.4

## References:

* https://www.suse.com/security/cve/CVE-2018-0886.html



openSUSE-SU-2025:15109-1: moderate: ruby3.4-rubygem-actionmailer-7.0-7.0.8.6-1.3 on GA media


# ruby3.4-rubygem-actionmailer-7.0-7.0.8.6-1.3 on GA media

Announcement ID: openSUSE-SU-2025:15109-1
Rating: moderate

Cross-References:

* CVE-2024-47889

CVSS scores:

* CVE-2024-47889 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ruby3.4-rubygem-actionmailer-7.0-7.0.8.6-1.3 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby3.4-rubygem-actionmailer-7.0 7.0.8.6-1.3

## References:

* https://www.suse.com/security/cve/CVE-2024-47889.html



openSUSE-SU-2025:15119-1: moderate: ruby3.4-rubygem-kramdown-2.4.0-1.15 on GA media


# ruby3.4-rubygem-kramdown-2.4.0-1.15 on GA media

Announcement ID: openSUSE-SU-2025:15119-1
Rating: moderate

Cross-References:

* CVE-2020-14001
* CVE-2021-28834

CVSS scores:

* CVE-2020-14001 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
* CVE-2021-28834 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the ruby3.4-rubygem-kramdown-2.4.0-1.15 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby3.4-rubygem-kramdown 2.4.0-1.15

## References:

* https://www.suse.com/security/cve/CVE-2020-14001.html
* https://www.suse.com/security/cve/CVE-2021-28834.html



openSUSE-SU-2025:15129-1: moderate: ruby3.4-rubygem-web-console-4.2.1-1.7 on GA media


# ruby3.4-rubygem-web-console-4.2.1-1.7 on GA media

Announcement ID: openSUSE-SU-2025:15129-1
Rating: moderate

Cross-References:

* CVE-2015-3224

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ruby3.4-rubygem-web-console-4.2.1-1.7 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby3.4-rubygem-web-console 4.2.1-1.7

## References:

* https://www.suse.com/security/cve/CVE-2015-3224.html



openSUSE-SU-2025:15128-1: moderate: ruby3.4-rubygem-sprockets-3.7-3.7.5-1.3 on GA media


# ruby3.4-rubygem-sprockets-3.7-3.7.5-1.3 on GA media

Announcement ID: openSUSE-SU-2025:15128-1
Rating: moderate

Cross-References:

* CVE-2018-3760

CVSS scores:

* CVE-2018-3760 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ruby3.4-rubygem-sprockets-3.7-3.7.5-1.3 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby3.4-rubygem-sprockets-3.7 3.7.5-1.3

## References:

* https://www.suse.com/security/cve/CVE-2018-3760.html



openSUSE-SU-2025:15122-1: moderate: ruby3.4-rubygem-multi_xml-0.6.0-1.29 on GA media


# ruby3.4-rubygem-multi_xml-0.6.0-1.29 on GA media

Announcement ID: openSUSE-SU-2025:15122-1
Rating: moderate

Cross-References:

* CVE-2013-0175

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ruby3.4-rubygem-multi_xml-0.6.0-1.29 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby3.4-rubygem-multi_xml 0.6.0-1.29

## References:

* https://www.suse.com/security/cve/CVE-2013-0175.html



openSUSE-SU-2025:15127-1: moderate: ruby3.4-rubygem-sprockets-4.2.1-1.7 on GA media


# ruby3.4-rubygem-sprockets-4.2.1-1.7 on GA media

Announcement ID: openSUSE-SU-2025:15127-1
Rating: moderate

Cross-References:

* CVE-2018-3760

CVSS scores:

* CVE-2018-3760 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ruby3.4-rubygem-sprockets-4.2.1-1.7 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby3.4-rubygem-sprockets 4.2.1-1.7

## References:

* https://www.suse.com/security/cve/CVE-2018-3760.html



openSUSE-SU-2025:15111-1: moderate: ruby3.4-rubygem-actiontext-7.0-7.0.8.6-1.3 on GA media


# ruby3.4-rubygem-actiontext-7.0-7.0.8.6-1.3 on GA media

Announcement ID: openSUSE-SU-2025:15111-1
Rating: moderate

Cross-References:

* CVE-2024-34341
* CVE-2024-47888

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the ruby3.4-rubygem-actiontext-7.0-7.0.8.6-1.3 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby3.4-rubygem-actiontext-7.0 7.0.8.6-1.3

## References:

* https://www.suse.com/security/cve/CVE-2024-34341.html
* https://www.suse.com/security/cve/CVE-2024-47888.html



openSUSE-SU-2025:15107-1: moderate: python311-ujson-5.10.0-1.5 on GA media


# python311-ujson-5.10.0-1.5 on GA media

Announcement ID: openSUSE-SU-2025:15107-1
Rating: moderate

Cross-References:

* CVE-2021-45958
* CVE-2022-31116
* CVE-2022-31117

CVSS scores:

* CVE-2021-45958 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2022-31116 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
* CVE-2022-31117 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the python311-ujson-5.10.0-1.5 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-ujson 5.10.0-1.5
* python312-ujson 5.10.0-1.5
* python313-ujson 5.10.0-1.5

## References:

* https://www.suse.com/security/cve/CVE-2021-45958.html
* https://www.suse.com/security/cve/CVE-2022-31116.html
* https://www.suse.com/security/cve/CVE-2022-31117.html



openSUSE-SU-2025:15123-1: moderate: ruby3.4-rubygem-puma-6.4.3-1.3 on GA media


# ruby3.4-rubygem-puma-6.4.3-1.3 on GA media

Announcement ID: openSUSE-SU-2025:15123-1
Rating: moderate

Cross-References:

* CVE-2019-16770
* CVE-2020-11076
* CVE-2022-23634
* CVE-2024-45614

CVSS scores:

* CVE-2019-16770 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2020-11076 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
* CVE-2022-23634 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
* CVE-2024-45614 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
* CVE-2024-45614 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the ruby3.4-rubygem-puma-6.4.3-1.3 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby3.4-rubygem-puma 6.4.3-1.3

## References:

* https://www.suse.com/security/cve/CVE-2019-16770.html
* https://www.suse.com/security/cve/CVE-2020-11076.html
* https://www.suse.com/security/cve/CVE-2022-23634.html
* https://www.suse.com/security/cve/CVE-2024-45614.html



openSUSE-SU-2025:15130-1: moderate: ruby3.4-rubygem-websocket-extensions-0.1.5-1.22 on GA media


# ruby3.4-rubygem-websocket-extensions-0.1.5-1.22 on GA media

Announcement ID: openSUSE-SU-2025:15130-1
Rating: moderate

Cross-References:

* CVE-2020-7663

CVSS scores:

* CVE-2020-7663 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ruby3.4-rubygem-websocket-extensions-0.1.5-1.22 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby3.4-rubygem-websocket-extensions 0.1.5-1.22

## References:

* https://www.suse.com/security/cve/CVE-2020-7663.html



openSUSE-SU-2025:15117-1: moderate: ruby3.4-rubygem-jquery-rails-4.6.0-1.7 on GA media


# ruby3.4-rubygem-jquery-rails-4.6.0-1.7 on GA media

Announcement ID: openSUSE-SU-2025:15117-1
Rating: moderate

Cross-References:

* CVE-2015-1840

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ruby3.4-rubygem-jquery-rails-4.6.0-1.7 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby3.4-rubygem-jquery-rails 4.6.0-1.7

## References:

* https://www.suse.com/security/cve/CVE-2015-1840.html



openSUSE-SU-2025:15106-1: moderate: python311-treq-24.9.1-1.4 on GA media


# python311-treq-24.9.1-1.4 on GA media

Announcement ID: openSUSE-SU-2025:15106-1
Rating: moderate

Cross-References:

* CVE-2022-23607

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-treq-24.9.1-1.4 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-treq 24.9.1-1.4
* python312-treq 24.9.1-1.4
* python313-treq 24.9.1-1.4

## References:

* https://www.suse.com/security/cve/CVE-2022-23607.html



openSUSE-SU-2025:15125-1: moderate: ruby3.4-rubygem-rails-html-sanitizer-1.6.0-1.7 on GA media


# ruby3.4-rubygem-rails-html-sanitizer-1.6.0-1.7 on GA media

Announcement ID: openSUSE-SU-2025:15125-1
Rating: moderate

Cross-References:

* CVE-2015-7578
* CVE-2015-7579
* CVE-2015-7580
* CVE-2018-3741
* CVE-2022-23517
* CVE-2022-23518
* CVE-2022-23519
* CVE-2022-23520
* CVE-2022-32209

CVSS scores:

* CVE-2018-3741 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2022-23517 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2022-23518 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
* CVE-2022-23519 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
* CVE-2022-23520 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2022-32209 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 9 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the ruby3.4-rubygem-rails-html-sanitizer-1.6.0-1.7 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby3.4-rubygem-rails-html-sanitizer 1.6.0-1.7

## References:

* https://www.suse.com/security/cve/CVE-2015-7578.html
* https://www.suse.com/security/cve/CVE-2015-7579.html
* https://www.suse.com/security/cve/CVE-2015-7580.html
* https://www.suse.com/security/cve/CVE-2018-3741.html
* https://www.suse.com/security/cve/CVE-2022-23517.html
* https://www.suse.com/security/cve/CVE-2022-23518.html
* https://www.suse.com/security/cve/CVE-2022-23519.html
* https://www.suse.com/security/cve/CVE-2022-23520.html
* https://www.suse.com/security/cve/CVE-2022-32209.html



openSUSE-SU-2025:15102-1: moderate: python311-pycapnp-2.0.0-2.5 on GA media


# python311-pycapnp-2.0.0-2.5 on GA media

Announcement ID: openSUSE-SU-2025:15102-1
Rating: moderate

Cross-References:

* CVE-2022-46149

CVSS scores:

* CVE-2022-46149 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-pycapnp-2.0.0-2.5 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-pycapnp 2.0.0-2.5
* python312-pycapnp 2.0.0-2.5
* python313-pycapnp 2.0.0-2.5

## References:

* https://www.suse.com/security/cve/CVE-2022-46149.html



openSUSE-SU-2025:15124-1: moderate: ruby3.4-rubygem-rails-7.0-7.0.8.6-1.3 on GA media


# ruby3.4-rubygem-rails-7.0-7.0.8.6-1.3 on GA media

Announcement ID: openSUSE-SU-2025:15124-1
Rating: moderate

Cross-References:

* CVE-2023-38037
* CVE-2024-26143
* CVE-2024-28103
* CVE-2024-34341
* CVE-2024-41128
* CVE-2024-47887
* CVE-2024-47888
* CVE-2024-47889

CVSS scores:

* CVE-2024-26143 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2024-28103 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-41128 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47887 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47889 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 8 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the ruby3.4-rubygem-rails-7.0-7.0.8.6-1.3 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby3.4-rubygem-rails-7.0 7.0.8.6-1.3

## References:

* https://www.suse.com/security/cve/CVE-2023-38037.html
* https://www.suse.com/security/cve/CVE-2024-26143.html
* https://www.suse.com/security/cve/CVE-2024-28103.html
* https://www.suse.com/security/cve/CVE-2024-34341.html
* https://www.suse.com/security/cve/CVE-2024-41128.html
* https://www.suse.com/security/cve/CVE-2024-47887.html
* https://www.suse.com/security/cve/CVE-2024-47888.html
* https://www.suse.com/security/cve/CVE-2024-47889.html



openSUSE-SU-2025:15104-1: moderate: python311-pywayland-0.4.17-3.5 on GA media


# python311-pywayland-0.4.17-3.5 on GA media

Announcement ID: openSUSE-SU-2025:15104-1
Rating: moderate

Cross-References:

* CVE-2007-4559

CVSS scores:

* CVE-2007-4559 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-pywayland-0.4.17-3.5 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-pywayland 0.4.17-3.5
* python312-pywayland 0.4.17-3.5
* python313-pywayland 0.4.17-3.5

## References:

* https://www.suse.com/security/cve/CVE-2007-4559.html



openSUSE-SU-2025:15120-1: moderate: ruby3.4-rubygem-loofah-2.23.1-1.3 on GA media


# ruby3.4-rubygem-loofah-2.23.1-1.3 on GA media

Announcement ID: openSUSE-SU-2025:15120-1
Rating: moderate

Cross-References:

* CVE-2018-16468
* CVE-2018-8048
* CVE-2019-15587
* CVE-2022-23514
* CVE-2022-23515
* CVE-2022-23516

CVSS scores:

* CVE-2018-16468 ( SUSE ): 6.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
* CVE-2018-8048 ( SUSE ): 5.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2019-15587 ( SUSE ): 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2022-23514 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-23515 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2022-23516 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 6 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the ruby3.4-rubygem-loofah-2.23.1-1.3 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby3.4-rubygem-loofah 2.23.1-1.3

## References:

* https://www.suse.com/security/cve/CVE-2018-16468.html
* https://www.suse.com/security/cve/CVE-2018-8048.html
* https://www.suse.com/security/cve/CVE-2019-15587.html
* https://www.suse.com/security/cve/CVE-2022-23514.html
* https://www.suse.com/security/cve/CVE-2022-23515.html
* https://www.suse.com/security/cve/CVE-2022-23516.html



openSUSE-SU-2025:15116-1: moderate: ruby3.4-rubygem-globalid-1.2.1-1.7 on GA media


# ruby3.4-rubygem-globalid-1.2.1-1.7 on GA media

Announcement ID: openSUSE-SU-2025:15116-1
Rating: moderate

Cross-References:

* CVE-2023-22799

CVSS scores:

* CVE-2023-22799 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ruby3.4-rubygem-globalid-1.2.1-1.7 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby3.4-rubygem-globalid 1.2.1-1.7

## References:

* https://www.suse.com/security/cve/CVE-2023-22799.html



openSUSE-SU-2025:15101-1: moderate: python311-py7zr-0.20.8-2.6 on GA media


# python311-py7zr-0.20.8-2.6 on GA media

Announcement ID: openSUSE-SU-2025:15101-1
Rating: moderate

Cross-References:

* CVE-2022-44900

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-py7zr-0.20.8-2.6 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-py7zr 0.20.8-2.6
* python312-py7zr 0.20.8-2.6
* python313-py7zr 0.20.8-2.6

## References:

* https://www.suse.com/security/cve/CVE-2022-44900.html



openSUSE-SU-2025:15100-1: moderate: python311-oauthlib-3.2.2-5.4 on GA media


# python311-oauthlib-3.2.2-5.4 on GA media

Announcement ID: openSUSE-SU-2025:15100-1
Rating: moderate

Cross-References:

* CVE-2022-36087

CVSS scores:

* CVE-2022-36087 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-oauthlib-3.2.2-5.4 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-oauthlib 3.2.2-5.4
* python312-oauthlib 3.2.2-5.4
* python313-oauthlib 3.2.2-5.4

## References:

* https://www.suse.com/security/cve/CVE-2022-36087.html



openSUSE-SU-2025:15115-1: moderate: ruby3.4-rubygem-fluentd-1.17.1-1.3 on GA media


# ruby3.4-rubygem-fluentd-1.17.1-1.3 on GA media

Announcement ID: openSUSE-SU-2025:15115-1
Rating: moderate

Cross-References:

* CVE-2021-41186

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ruby3.4-rubygem-fluentd-1.17.1-1.3 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby3.4-rubygem-fluentd 1.17.1-1.3

## References:

* https://www.suse.com/security/cve/CVE-2021-41186.html



openSUSE-SU-2025:15099-1: moderate: python311-nltk-3.9.1-2.4 on GA media


# python311-nltk-3.9.1-2.4 on GA media

Announcement ID: openSUSE-SU-2025:15099-1
Rating: moderate

Cross-References:

* CVE-2021-3828

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-nltk-3.9.1-2.4 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-nltk 3.9.1-2.4
* python312-nltk 3.9.1-2.4
* python313-nltk 3.9.1-2.4

## References:

* https://www.suse.com/security/cve/CVE-2021-3828.html



openSUSE-SU-2025:15113-1: moderate: ruby3.4-rubygem-activestorage-7.0-7.0.8.6-1.3 on GA media


# ruby3.4-rubygem-activestorage-7.0-7.0.8.6-1.3 on GA media

Announcement ID: openSUSE-SU-2025:15113-1
Rating: moderate

Cross-References:

* CVE-2022-21831

CVSS scores:

* CVE-2022-21831 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ruby3.4-rubygem-activestorage-7.0-7.0.8.6-1.3 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby3.4-rubygem-activestorage-7.0 7.0.8.6-1.3

## References:

* https://www.suse.com/security/cve/CVE-2022-21831.html



openSUSE-SU-2025:15112-1: moderate: ruby3.4-rubygem-activerecord-7.0-7.0.8.6-1.3 on GA media


# ruby3.4-rubygem-activerecord-7.0-7.0.8.6-1.3 on GA media

Announcement ID: openSUSE-SU-2025:15112-1
Rating: moderate

Cross-References:

* CVE-2022-32224
* CVE-2022-44566
* CVE-2023-22794
* CVE-2023-38037

CVSS scores:

* CVE-2022-32224 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-44566 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the ruby3.4-rubygem-activerecord-7.0-7.0.8.6-1.3 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby3.4-rubygem-activerecord-7.0 7.0.8.6-1.3

## References:

* https://www.suse.com/security/cve/CVE-2022-32224.html
* https://www.suse.com/security/cve/CVE-2022-44566.html
* https://www.suse.com/security/cve/CVE-2023-22794.html
* https://www.suse.com/security/cve/CVE-2023-38037.html



openSUSE-SU-2025:15097-1: moderate: python311-loguru-0.7.2-2.5 on GA media


# python311-loguru-0.7.2-2.5 on GA media

Announcement ID: openSUSE-SU-2025:15097-1
Rating: moderate

Cross-References:

* CVE-2022-0329

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-loguru-0.7.2-2.5 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-loguru 0.7.2-2.5
* python312-loguru 0.7.2-2.5
* python313-loguru 0.7.2-2.5

## References:

* https://www.suse.com/security/cve/CVE-2022-0329.html



openSUSE-SU-2025:15108-1: moderate: python311-waitress-3.0.2-1.4 on GA media


# python311-waitress-3.0.2-1.4 on GA media

Announcement ID: openSUSE-SU-2025:15108-1
Rating: moderate

Cross-References:

* CVE-2022-24761
* CVE-2022-31015

CVSS scores:

* CVE-2022-24761 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2022-31015 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the python311-waitress-3.0.2-1.4 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-waitress 3.0.2-1.4
* python312-waitress 3.0.2-1.4
* python313-waitress 3.0.2-1.4

## References:

* https://www.suse.com/security/cve/CVE-2022-24761.html
* https://www.suse.com/security/cve/CVE-2022-31015.html



openSUSE-SU-2025:15094-1: moderate: python311-cramjam-2.9.1-1.3 on GA media


# python311-cramjam-2.9.1-1.3 on GA media

Announcement ID: openSUSE-SU-2025:15094-1
Rating: moderate

Cross-References:

* CVE-2023-22895

CVSS scores:

* CVE-2023-22895 ( SUSE ): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-cramjam-2.9.1-1.3 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-cramjam 2.9.1-1.3
* python312-cramjam 2.9.1-1.3
* python313-cramjam 2.9.1-1.3

## References:

* https://www.suse.com/security/cve/CVE-2023-22895.html



openSUSE-SU-2025:15105-1: moderate: python311-suds-1.2.0-2.4 on GA media


# python311-suds-1.2.0-2.4 on GA media

Announcement ID: openSUSE-SU-2025:15105-1
Rating: moderate

Cross-References:

* CVE-2013-2217

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-suds-1.2.0-2.4 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-suds 1.2.0-2.4
* python312-suds 1.2.0-2.4
* python313-suds 1.2.0-2.4

## References:

* https://www.suse.com/security/cve/CVE-2013-2217.html



openSUSE-SU-2025:15095-1: moderate: python311-httptools-0.6.1-1.9 on GA media


# python311-httptools-0.6.1-1.9 on GA media

Announcement ID: openSUSE-SU-2025:15095-1
Rating: moderate

Cross-References:

* CVE-2021-22959
* CVE-2022-32213

CVSS scores:

* CVE-2021-22959 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2022-32213 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the python311-httptools-0.6.1-1.9 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-httptools 0.6.1-1.9
* python312-httptools 0.6.1-1.9
* python313-httptools 0.6.1-1.9

## References:

* https://www.suse.com/security/cve/CVE-2021-22959.html
* https://www.suse.com/security/cve/CVE-2022-32213.html



openSUSE-SU-2025:15096-1: moderate: python311-jwcrypto-1.5.6-2.5 on GA media


# python311-jwcrypto-1.5.6-2.5 on GA media

Announcement ID: openSUSE-SU-2025:15096-1
Rating: moderate

Cross-References:

* CVE-2022-3102

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-jwcrypto-1.5.6-2.5 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-jwcrypto 1.5.6-2.5
* python312-jwcrypto 1.5.6-2.5
* python313-jwcrypto 1.5.6-2.5

## References:

* https://www.suse.com/security/cve/CVE-2022-3102.html



openSUSE-SU-2025:15098-1: moderate: python311-mechanize-0.4.10-1.4 on GA media


# python311-mechanize-0.4.10-1.4 on GA media

Announcement ID: openSUSE-SU-2025:15098-1
Rating: moderate

Cross-References:

* CVE-2021-32837

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-mechanize-0.4.10-1.4 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-mechanize 0.4.10-1.4
* python312-mechanize 0.4.10-1.4
* python313-mechanize 0.4.10-1.4

## References:

* https://www.suse.com/security/cve/CVE-2021-32837.html