Python, Grub, Kernel, and more updates for SUSE Linux

SUSE 5500 Published by

Multiple security updates have been released for SUSE Linux, addressing various vulnerabilities and issues. The updates include patches for Python 3.9, GRUB2, GOVULN CHECK-VULNDDB, the Linux Kernel (Live Patches), and other packages such as curl, rclone, libIex-3_4, sssd, buildah, and fontforge. Some of these updates are classified as low-risk, while others are considered moderate or important, indicating varying levels of severity.

SUSE-SU-2025:4221-1: low: Security update for python39
SUSE-SU-2025:4224-1: moderate: Security update for grub2
SUSE-SU-2025:4220-1: moderate: Security update for govulncheck-vulndb
SUSE-SU-2025:4227-1: important: Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2025:4237-1: important: Security update for the Linux Kernel (Live Patch 44 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2025:4239-1: important: Security update for the Linux Kernel (Live Patch 40 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2025:4236-1: moderate: Security update for curl
openSUSE-SU-2025:15761-1: moderate: rclone-1.72.0-1.1 on GA media
openSUSE-SU-2025:15762-1: moderate: librnp0-0.18.1-1.1 on GA media
openSUSE-SU-2025:15759-1: moderate: libIex-3_4-33-3.4.3-2.1 on GA media
openSUSE-SU-2025:15760-1: moderate: python311-3.11.14-2.1 on GA media
openSUSE-SU-2025:15758-1: moderate: fontforge-20251009-2.1 on GA media
SUSE-SU-2025:4231-1: important: Security update for sssd
SUSE-SU-2025:4229-1: important: Security update for buildah
SUSE-SU-2025:4233-1: important: Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2025:4230-1: important: Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise 15 SP4)




SUSE-SU-2025:4221-1: low: Security update for python39


# Security update for python39

Announcement ID: SUSE-SU-2025:4221-1
Release Date: 2025-11-25T08:02:56Z
Rating: low
References:

* bsc#1251305
* bsc#1252974

Cross-References:

* CVE-2025-6075
* CVE-2025-8291

CVSS scores:

* CVE-2025-6075 ( SUSE ): 1.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-6075 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-6075 ( NVD ): 1.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-8291 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-8291 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2025-8291 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Affected Products:

* openSUSE Leap 15.3
* openSUSE Leap 15.6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for python39 fixes the following issues:

Updated to 3.9.24:

* CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of
os.path.expandvars() (bsc#1252974)
* CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD)
not checked by the 'zipfile' module (bsc#1251305)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4221=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-4221=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python39-idle-3.9.24-150300.4.84.1
* python39-tools-3.9.24-150300.4.84.1
* python39-dbm-3.9.24-150300.4.84.1
* libpython3_9-1_0-debuginfo-3.9.24-150300.4.84.1
* python39-devel-3.9.24-150300.4.84.1
* python39-debugsource-3.9.24-150300.4.84.1
* python39-curses-3.9.24-150300.4.84.1
* python39-curses-debuginfo-3.9.24-150300.4.84.1
* python39-tk-debuginfo-3.9.24-150300.4.84.1
* python39-core-debugsource-3.9.24-150300.4.84.1
* python39-dbm-debuginfo-3.9.24-150300.4.84.1
* python39-debuginfo-3.9.24-150300.4.84.1
* python39-doc-3.9.24-150300.4.84.1
* python39-tk-3.9.24-150300.4.84.1
* python39-testsuite-debuginfo-3.9.24-150300.4.84.1
* python39-3.9.24-150300.4.84.1
* python39-testsuite-3.9.24-150300.4.84.1
* python39-doc-devhelp-3.9.24-150300.4.84.1
* libpython3_9-1_0-3.9.24-150300.4.84.1
* python39-base-debuginfo-3.9.24-150300.4.84.1
* python39-base-3.9.24-150300.4.84.1
* openSUSE Leap 15.6 (x86_64)
* python39-32bit-debuginfo-3.9.24-150300.4.84.1
* python39-32bit-3.9.24-150300.4.84.1
* python39-base-32bit-debuginfo-3.9.24-150300.4.84.1
* libpython3_9-1_0-32bit-debuginfo-3.9.24-150300.4.84.1
* libpython3_9-1_0-32bit-3.9.24-150300.4.84.1
* python39-base-32bit-3.9.24-150300.4.84.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* python39-idle-3.9.24-150300.4.84.1
* python39-tools-3.9.24-150300.4.84.1
* python39-dbm-3.9.24-150300.4.84.1
* libpython3_9-1_0-debuginfo-3.9.24-150300.4.84.1
* python39-devel-3.9.24-150300.4.84.1
* python39-debugsource-3.9.24-150300.4.84.1
* python39-curses-3.9.24-150300.4.84.1
* python39-curses-debuginfo-3.9.24-150300.4.84.1
* python39-tk-debuginfo-3.9.24-150300.4.84.1
* python39-debuginfo-3.9.24-150300.4.84.1
* python39-dbm-debuginfo-3.9.24-150300.4.84.1
* python39-core-debugsource-3.9.24-150300.4.84.1
* python39-doc-3.9.24-150300.4.84.1
* python39-tk-3.9.24-150300.4.84.1
* python39-testsuite-debuginfo-3.9.24-150300.4.84.1
* python39-3.9.24-150300.4.84.1
* python39-testsuite-3.9.24-150300.4.84.1
* python39-doc-devhelp-3.9.24-150300.4.84.1
* libpython3_9-1_0-3.9.24-150300.4.84.1
* python39-base-debuginfo-3.9.24-150300.4.84.1
* python39-base-3.9.24-150300.4.84.1
* openSUSE Leap 15.3 (x86_64)
* python39-32bit-debuginfo-3.9.24-150300.4.84.1
* python39-32bit-3.9.24-150300.4.84.1
* python39-base-32bit-debuginfo-3.9.24-150300.4.84.1
* libpython3_9-1_0-32bit-debuginfo-3.9.24-150300.4.84.1
* libpython3_9-1_0-32bit-3.9.24-150300.4.84.1
* python39-base-32bit-3.9.24-150300.4.84.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* python39-base-64bit-debuginfo-3.9.24-150300.4.84.1
* libpython3_9-1_0-64bit-3.9.24-150300.4.84.1
* libpython3_9-1_0-64bit-debuginfo-3.9.24-150300.4.84.1
* python39-64bit-debuginfo-3.9.24-150300.4.84.1
* python39-64bit-3.9.24-150300.4.84.1
* python39-base-64bit-3.9.24-150300.4.84.1

## References:

* https://www.suse.com/security/cve/CVE-2025-6075.html
* https://www.suse.com/security/cve/CVE-2025-8291.html
* https://bugzilla.suse.com/show_bug.cgi?id=1251305
* https://bugzilla.suse.com/show_bug.cgi?id=1252974



SUSE-SU-2025:4224-1: moderate: Security update for grub2


# Security update for grub2

Announcement ID: SUSE-SU-2025:4224-1
Release Date: 2025-11-25T09:53:55Z
Rating: moderate
References:

* bsc#1252931
* bsc#1252932
* bsc#1252933
* bsc#1252934
* bsc#1252935

Cross-References:

* CVE-2025-54771
* CVE-2025-61661
* CVE-2025-61662
* CVE-2025-61663
* CVE-2025-61664

CVSS scores:

* CVE-2025-54771 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-54771 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-54771 ( NVD ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-61661 ( SUSE ): 4.3
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61661 ( SUSE ): 4.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-61661 ( NVD ): 4.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-61662 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-61662 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-61662 ( NVD ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-61663 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-61663 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-61663 ( NVD ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-61664 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-61664 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-61664 ( NVD ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for grub2 fixes the following issues:

* CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs
refcount (bsc#1252931)
* CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function
(bsc#1252932)
* CVE-2025-61662: Fixed missing unregister call for gettext command may lead
to use-after-free (bsc#1252933)
* CVE-2025-61663: Fixed missing unregister call for normal commands may lead
to use-after-free (bsc#1252934)
* CVE-2025-61664: Fixed missing unregister call for normal_exit command may
lead to use-after-free (bsc#1252935)

Other fixes:

* Bump upstream SBAT generation to 6

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4224=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-4224=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-4224=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-4224=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-4224=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* grub2-debuginfo-2.06-150400.11.66.1
* grub2-2.06-150400.11.66.1
* grub2-branding-upstream-2.06-150400.11.66.1
* openSUSE Leap 15.4 (aarch64 s390x x86_64 i586)
* grub2-debugsource-2.06-150400.11.66.1
* openSUSE Leap 15.4 (noarch)
* grub2-x86_64-xen-2.06-150400.11.66.1
* grub2-s390x-emu-extras-2.06-150400.11.66.1
* grub2-systemd-sleep-plugin-2.06-150400.11.66.1
* grub2-powerpc-ieee1275-debug-2.06-150400.11.66.1
* grub2-i386-xen-2.06-150400.11.66.1
* grub2-snapper-plugin-2.06-150400.11.66.1
* grub2-arm64-efi-2.06-150400.11.66.1
* grub2-arm64-efi-debug-2.06-150400.11.66.1
* grub2-i386-xen-extras-2.06-150400.11.66.1
* grub2-i386-efi-debug-2.06-150400.11.66.1
* grub2-i386-efi-2.06-150400.11.66.1
* grub2-powerpc-ieee1275-extras-2.06-150400.11.66.1
* grub2-x86_64-efi-extras-2.06-150400.11.66.1
* grub2-powerpc-ieee1275-2.06-150400.11.66.1
* grub2-x86_64-efi-2.06-150400.11.66.1
* grub2-i386-pc-debug-2.06-150400.11.66.1
* grub2-arm64-efi-extras-2.06-150400.11.66.1
* grub2-i386-pc-2.06-150400.11.66.1
* grub2-x86_64-efi-debug-2.06-150400.11.66.1
* grub2-i386-pc-extras-2.06-150400.11.66.1
* grub2-i386-efi-extras-2.06-150400.11.66.1
* grub2-x86_64-xen-extras-2.06-150400.11.66.1
* openSUSE Leap 15.4 (s390x)
* grub2-s390x-emu-debug-2.06-150400.11.66.1
* grub2-s390x-emu-2.06-150400.11.66.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* grub2-debugsource-2.06-150400.11.66.1
* grub2-debuginfo-2.06-150400.11.66.1
* grub2-2.06-150400.11.66.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
* grub2-x86_64-efi-2.06-150400.11.66.1
* grub2-x86_64-xen-2.06-150400.11.66.1
* grub2-snapper-plugin-2.06-150400.11.66.1
* grub2-arm64-efi-2.06-150400.11.66.1
* grub2-i386-pc-2.06-150400.11.66.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (s390x)
* grub2-s390x-emu-2.06-150400.11.66.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* grub2-debugsource-2.06-150400.11.66.1
* grub2-debuginfo-2.06-150400.11.66.1
* grub2-2.06-150400.11.66.1
* SUSE Linux Enterprise Micro 5.3 (noarch)
* grub2-x86_64-efi-2.06-150400.11.66.1
* grub2-x86_64-xen-2.06-150400.11.66.1
* grub2-snapper-plugin-2.06-150400.11.66.1
* grub2-arm64-efi-2.06-150400.11.66.1
* grub2-i386-pc-2.06-150400.11.66.1
* SUSE Linux Enterprise Micro 5.3 (s390x)
* grub2-s390x-emu-2.06-150400.11.66.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* grub2-debugsource-2.06-150400.11.66.1
* grub2-debuginfo-2.06-150400.11.66.1
* grub2-2.06-150400.11.66.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
* grub2-x86_64-efi-2.06-150400.11.66.1
* grub2-x86_64-xen-2.06-150400.11.66.1
* grub2-snapper-plugin-2.06-150400.11.66.1
* grub2-arm64-efi-2.06-150400.11.66.1
* grub2-i386-pc-2.06-150400.11.66.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (s390x)
* grub2-s390x-emu-2.06-150400.11.66.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* grub2-debugsource-2.06-150400.11.66.1
* grub2-debuginfo-2.06-150400.11.66.1
* grub2-2.06-150400.11.66.1
* SUSE Linux Enterprise Micro 5.4 (noarch)
* grub2-x86_64-efi-2.06-150400.11.66.1
* grub2-x86_64-xen-2.06-150400.11.66.1
* grub2-snapper-plugin-2.06-150400.11.66.1
* grub2-arm64-efi-2.06-150400.11.66.1
* grub2-i386-pc-2.06-150400.11.66.1
* SUSE Linux Enterprise Micro 5.4 (s390x)
* grub2-s390x-emu-2.06-150400.11.66.1

## References:

* https://www.suse.com/security/cve/CVE-2025-54771.html
* https://www.suse.com/security/cve/CVE-2025-61661.html
* https://www.suse.com/security/cve/CVE-2025-61662.html
* https://www.suse.com/security/cve/CVE-2025-61663.html
* https://www.suse.com/security/cve/CVE-2025-61664.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252931
* https://bugzilla.suse.com/show_bug.cgi?id=1252932
* https://bugzilla.suse.com/show_bug.cgi?id=1252933
* https://bugzilla.suse.com/show_bug.cgi?id=1252934
* https://bugzilla.suse.com/show_bug.cgi?id=1252935



SUSE-SU-2025:4220-1: moderate: Security update for govulncheck-vulndb


# Security update for govulncheck-vulndb

Announcement ID: SUSE-SU-2025:4220-1
Release Date: 2025-11-25T08:02:38Z
Rating: moderate
References:

* jsc#PED-11136

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that contains one feature can now be installed.

## Description:

This update for govulncheck-vulndb fixes the following issues:

* Update to version 0.0.20251120T220319 2025-11-20T22:03:19Z. (jsc#PED-11136):

* GO-2023-2331

* GO-2024-2587
* GO-2025-3770
* GO-2025-4007
* GO-2025-4134
* GO-2025-4135

* Update to version 0.0.20251118T154415 2025-11-18T15:44:15Z. (jsc#PED-11136):

* GO-2025-4025

* GO-2025-4090
* GO-2025-4091
* GO-2025-4093
* GO-2025-4094
* GO-2025-4095
* GO-2025-4096
* GO-2025-4097
* GO-2025-4098
* GO-2025-4099
* GO-2025-4100
* GO-2025-4101
* GO-2025-4102
* GO-2025-4103
* GO-2025-4104
* GO-2025-4105
* GO-2025-4106
* GO-2025-4107
* GO-2025-4108
* GO-2025-4109
* GO-2025-4110
* GO-2025-4111
* GO-2025-4112
* GO-2025-4113
* GO-2025-4114
* GO-2025-4115
* GO-2025-4117
* GO-2025-4118
* GO-2025-4119
* GO-2025-4120
* GO-2025-4121
* GO-2025-4122
* GO-2025-4123
* GO-2025-4124
* GO-2025-4125
* GO-2025-4126
* GO-2025-4127
* GO-2025-4128
* GO-2025-4129
* GO-2025-4130
* GO-2025-4131

* Update to version 0.0.20251113T211203 2025-11-13T21:12:03Z (jsc#PED-11136):

* GO-2025-4116

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4220=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-4220=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* govulncheck-vulndb-0.0.20251120T220319-150000.1.122.1
* SUSE Package Hub 15 15-SP6 (noarch)
* govulncheck-vulndb-0.0.20251120T220319-150000.1.122.1

## References:

* https://jira.suse.com/browse/PED-11136



SUSE-SU-2025:4227-1: important: Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2025:4227-1
Release Date: 2025-11-25T11:33:58Z
Rating: important
References:

* bsc#1242882
* bsc#1245778
* bsc#1251983

Cross-References:

* CVE-2023-53673
* CVE-2024-53141
* CVE-2025-23145

CVSS scores:

* CVE-2023-53673 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53673 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53141 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53141 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53141 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-23145 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-23145 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-23145 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.150 fixes
various security issues

The following security issues were fixed:

* CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before
deleting conn (bsc#1251983).
* CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt
(bsc#1245778).
* CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow
(bsc#1242882).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4227=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-4227=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_150-default-11-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_36-debugsource-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-debuginfo-11-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_150-default-11-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_36-debugsource-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-debuginfo-11-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-53673.html
* https://www.suse.com/security/cve/CVE-2024-53141.html
* https://www.suse.com/security/cve/CVE-2025-23145.html
* https://bugzilla.suse.com/show_bug.cgi?id=1242882
* https://bugzilla.suse.com/show_bug.cgi?id=1245778
* https://bugzilla.suse.com/show_bug.cgi?id=1251983



SUSE-SU-2025:4237-1: important: Security update for the Linux Kernel (Live Patch 44 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 44 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2025:4237-1
Release Date: 2025-11-25T19:39:10Z
Rating: important
References:

* bsc#1251983

Cross-References:

* CVE-2023-53673

CVSS scores:

* CVE-2023-53673 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53673 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves one vulnerability can now be installed.

## Description:

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.176 fixes one
security issue

The following security issue was fixed:

* CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before
deleting conn (bsc#1251983).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4237=1 SUSE-2025-4241=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-4237=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-4241=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_176-default-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-8-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_44-debugsource-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-4-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_176-default-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-8-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_44-debugsource-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-4-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-53673.html
* https://bugzilla.suse.com/show_bug.cgi?id=1251983



SUSE-SU-2025:4239-1: important: Security update for the Linux Kernel (Live Patch 40 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 40 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2025:4239-1
Release Date: 2025-11-25T18:33:51Z
Rating: important
References:

* bsc#1242882
* bsc#1245778
* bsc#1251983

Cross-References:

* CVE-2023-53673
* CVE-2024-53141
* CVE-2025-23145

CVSS scores:

* CVE-2023-53673 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53673 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53141 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53141 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53141 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-23145 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-23145 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-23145 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.164 fixes
various security issues

The following security issues were fixed:

* CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before
deleting conn (bsc#1251983).
* CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt
(bsc#1245778).
* CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow
(bsc#1242882).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4239=1 SUSE-2025-4240=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-4239=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-4240=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_39-debugsource-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-10-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_39-debugsource-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-10-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-53673.html
* https://www.suse.com/security/cve/CVE-2024-53141.html
* https://www.suse.com/security/cve/CVE-2025-23145.html
* https://bugzilla.suse.com/show_bug.cgi?id=1242882
* https://bugzilla.suse.com/show_bug.cgi?id=1245778
* https://bugzilla.suse.com/show_bug.cgi?id=1251983



SUSE-SU-2025:4236-1: moderate: Security update for curl


# Security update for curl

Announcement ID: SUSE-SU-2025:4236-1
Release Date: 2025-11-25T16:02:25Z
Rating: moderate
References:

* bsc#1253757

Cross-References:

* CVE-2025-11563

CVSS scores:

* CVE-2025-11563 ( SUSE ): 4.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-11563 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for curl fixes the following issues:

* CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes
(bsc#1253757)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4236=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-4236=1 openSUSE-SLE-15.6-2025-4236=1

## Package List:

* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libcurl-devel-8.14.1-150600.4.31.1
* curl-debugsource-8.14.1-150600.4.31.1
* curl-8.14.1-150600.4.31.1
* curl-debuginfo-8.14.1-150600.4.31.1
* libcurl4-8.14.1-150600.4.31.1
* libcurl4-debuginfo-8.14.1-150600.4.31.1
* Basesystem Module 15-SP6 (x86_64)
* libcurl4-32bit-8.14.1-150600.4.31.1
* libcurl4-32bit-debuginfo-8.14.1-150600.4.31.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libcurl-devel-8.14.1-150600.4.31.1
* libcurl-mini4-8.14.1-150600.4.31.1
* libcurl-mini4-debuginfo-8.14.1-150600.4.31.1
* curl-mini-debugsource-8.14.1-150600.4.31.1
* curl-debugsource-8.14.1-150600.4.31.1
* curl-8.14.1-150600.4.31.1
* curl-debuginfo-8.14.1-150600.4.31.1
* libcurl4-8.14.1-150600.4.31.1
* libcurl4-debuginfo-8.14.1-150600.4.31.1
* openSUSE Leap 15.6 (noarch)
* curl-zsh-completion-8.14.1-150600.4.31.1
* curl-fish-completion-8.14.1-150600.4.31.1
* libcurl-devel-doc-8.14.1-150600.4.31.1
* openSUSE Leap 15.6 (x86_64)
* libcurl4-32bit-8.14.1-150600.4.31.1
* libcurl-devel-32bit-8.14.1-150600.4.31.1
* libcurl4-32bit-debuginfo-8.14.1-150600.4.31.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libcurl4-64bit-8.14.1-150600.4.31.1
* libcurl4-64bit-debuginfo-8.14.1-150600.4.31.1
* libcurl-devel-64bit-8.14.1-150600.4.31.1

## References:

* https://www.suse.com/security/cve/CVE-2025-11563.html
* https://bugzilla.suse.com/show_bug.cgi?id=1253757



openSUSE-SU-2025:15761-1: moderate: rclone-1.72.0-1.1 on GA media


# rclone-1.72.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15761-1
Rating: moderate

Cross-References:

* CVE-2025-58181

CVSS scores:

* CVE-2025-58181 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58181 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the rclone-1.72.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* rclone 1.72.0-1.1
* rclone-bash-completion 1.72.0-1.1
* rclone-zsh-completion 1.72.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-58181.html



openSUSE-SU-2025:15762-1: moderate: librnp0-0.18.1-1.1 on GA media


# librnp0-0.18.1-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15762-1
Rating: moderate

Cross-References:

* CVE-2025-13402
* CVE-2025-13470

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the librnp0-0.18.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* librnp0 0.18.1-1.1
* rnp 0.18.1-1.1
* rnp-devel 0.18.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-13402.html
* https://www.suse.com/security/cve/CVE-2025-13470.html



openSUSE-SU-2025:15759-1: moderate: libIex-3_4-33-3.4.3-2.1 on GA media


# libIex-3_4-33-3.4.3-2.1 on GA media

Announcement ID: openSUSE-SU-2025:15759-1
Rating: moderate

Cross-References:

* CVE-2025-12495
* CVE-2025-12839
* CVE-2025-12840

CVSS scores:

* CVE-2025-12495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-12495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-12839 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-12839 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-12840 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-12840 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the libIex-3_4-33-3.4.3-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libIex-3_4-33 3.4.3-2.1
* libIex-3_4-33-32bit 3.4.3-2.1
* libIex-3_4-33-x86-64-v3 3.4.3-2.1
* libIlmThread-3_4-33 3.4.3-2.1
* libIlmThread-3_4-33-32bit 3.4.3-2.1
* libIlmThread-3_4-33-x86-64-v3 3.4.3-2.1
* libOpenEXR-3_4-33 3.4.3-2.1
* libOpenEXR-3_4-33-32bit 3.4.3-2.1
* libOpenEXR-3_4-33-x86-64-v3 3.4.3-2.1
* libOpenEXRCore-3_4-33 3.4.3-2.1
* libOpenEXRCore-3_4-33-32bit 3.4.3-2.1
* libOpenEXRCore-3_4-33-x86-64-v3 3.4.3-2.1
* libOpenEXRUtil-3_4-33 3.4.3-2.1
* libOpenEXRUtil-3_4-33-32bit 3.4.3-2.1
* libOpenEXRUtil-3_4-33-x86-64-v3 3.4.3-2.1
* openexr 3.4.3-2.1
* openexr-devel 3.4.3-2.1
* openexr-doc 3.4.3-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-12495.html
* https://www.suse.com/security/cve/CVE-2025-12839.html
* https://www.suse.com/security/cve/CVE-2025-12840.html



openSUSE-SU-2025:15760-1: moderate: python311-3.11.14-2.1 on GA media


# python311-3.11.14-2.1 on GA media

Announcement ID: openSUSE-SU-2025:15760-1
Rating: moderate

Cross-References:

* CVE-2025-6075
* CVE-2025-8291

CVSS scores:

* CVE-2025-6075 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-6075 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-8291 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2025-8291 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the python311-3.11.14-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311 3.11.14-2.1
* python311-32bit 3.11.14-2.1
* python311-curses 3.11.14-2.1
* python311-dbm 3.11.14-2.1
* python311-idle 3.11.14-2.1
* python311-tk 3.11.14-2.1
* python311-x86-64-v3 3.11.14-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-6075.html
* https://www.suse.com/security/cve/CVE-2025-8291.html



openSUSE-SU-2025:15758-1: moderate: fontforge-20251009-2.1 on GA media


# fontforge-20251009-2.1 on GA media

Announcement ID: openSUSE-SU-2025:15758-1
Rating: moderate

Cross-References:

* CVE-2025-50949

CVSS scores:

* CVE-2025-50949 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-50949 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the fontforge-20251009-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* fontforge 20251009-2.1
* fontforge-devel 20251009-2.1
* fontforge-doc 20251009-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-50949.html



SUSE-SU-2025:4231-1: important: Security update for sssd


# Security update for sssd

Announcement ID: SUSE-SU-2025:4231-1
Release Date: 2025-11-25T14:12:14Z
Rating: important
References:

* bsc#1244325
* bsc#1251827

Cross-References:

* CVE-2025-11561

CVSS scores:

* CVE-2025-11561 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-11561 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-11561 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for sssd fixes the following issues:

* CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due to
default Kerberos configuration disabling localauth an2ln plugin
(bsc#1251827)

Other fixes:

* Install file in krb5.conf.d to include sssd krb5 config snippets
(bsc#1244325)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-4231=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4231=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4231=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4231=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-4231=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-4231=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-4231=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* libsss_idmap0-1.16.1-150300.23.56.1
* sssd-proxy-1.16.1-150300.23.56.1
* sssd-krb5-common-1.16.1-150300.23.56.1
* sssd-ad-debuginfo-1.16.1-150300.23.56.1
* python3-sss-murmur-1.16.1-150300.23.56.1
* libsss_certmap0-1.16.1-150300.23.56.1
* sssd-tools-1.16.1-150300.23.56.1
* sssd-winbind-idmap-1.16.1-150300.23.56.1
* libsss_nss_idmap0-1.16.1-150300.23.56.1
* libnfsidmap-sss-1.16.1-150300.23.56.1
* python3-sssd-config-1.16.1-150300.23.56.1
* libsss_idmap-devel-1.16.1-150300.23.56.1
* libipa_hbac0-1.16.1-150300.23.56.1
* libipa_hbac-devel-1.16.1-150300.23.56.1
* sssd-ipa-1.16.1-150300.23.56.1
* sssd-krb5-1.16.1-150300.23.56.1
* sssd-ad-1.16.1-150300.23.56.1
* sssd-dbus-1.16.1-150300.23.56.1
* sssd-tools-debuginfo-1.16.1-150300.23.56.1
* libsss_idmap0-debuginfo-1.16.1-150300.23.56.1
* python3-sss-murmur-debuginfo-1.16.1-150300.23.56.1
* sssd-common-1.16.1-150300.23.56.1
* sssd-ldap-debuginfo-1.16.1-150300.23.56.1
* libsss_simpleifp-devel-1.16.1-150300.23.56.1
* sssd-proxy-debuginfo-1.16.1-150300.23.56.1
* libipa_hbac0-debuginfo-1.16.1-150300.23.56.1
* sssd-wbclient-devel-1.16.1-150300.23.56.1
* sssd-ipa-debuginfo-1.16.1-150300.23.56.1
* sssd-1.16.1-150300.23.56.1
* sssd-dbus-debuginfo-1.16.1-150300.23.56.1
* libsss_certmap0-debuginfo-1.16.1-150300.23.56.1
* libnfsidmap-sss-debuginfo-1.16.1-150300.23.56.1
* python3-ipa_hbac-debuginfo-1.16.1-150300.23.56.1
* libsss_nss_idmap0-debuginfo-1.16.1-150300.23.56.1
* python3-sss_nss_idmap-1.16.1-150300.23.56.1
* python3-sss_nss_idmap-debuginfo-1.16.1-150300.23.56.1
* libsss_certmap-devel-1.16.1-150300.23.56.1
* python3-sssd-config-debuginfo-1.16.1-150300.23.56.1
* libsss_simpleifp0-1.16.1-150300.23.56.1
* sssd-wbclient-1.16.1-150300.23.56.1
* sssd-common-debuginfo-1.16.1-150300.23.56.1
* sssd-krb5-common-debuginfo-1.16.1-150300.23.56.1
* libsss_simpleifp0-debuginfo-1.16.1-150300.23.56.1
* sssd-ldap-1.16.1-150300.23.56.1
* sssd-winbind-idmap-debuginfo-1.16.1-150300.23.56.1
* python3-ipa_hbac-1.16.1-150300.23.56.1
* libsss_nss_idmap-devel-1.16.1-150300.23.56.1
* sssd-debugsource-1.16.1-150300.23.56.1
* sssd-krb5-debuginfo-1.16.1-150300.23.56.1
* sssd-wbclient-debuginfo-1.16.1-150300.23.56.1
* openSUSE Leap 15.3 (x86_64)
* sssd-common-32bit-debuginfo-1.16.1-150300.23.56.1
* sssd-common-32bit-1.16.1-150300.23.56.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* sssd-common-64bit-1.16.1-150300.23.56.1
* sssd-common-64bit-debuginfo-1.16.1-150300.23.56.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* libsss_idmap0-1.16.1-150300.23.56.1
* sssd-proxy-1.16.1-150300.23.56.1
* sssd-krb5-common-1.16.1-150300.23.56.1
* sssd-ad-debuginfo-1.16.1-150300.23.56.1
* sssd-tools-1.16.1-150300.23.56.1
* libsss_certmap0-1.16.1-150300.23.56.1
* sssd-winbind-idmap-1.16.1-150300.23.56.1
* libsss_nss_idmap0-1.16.1-150300.23.56.1
* python3-sssd-config-1.16.1-150300.23.56.1
* libsss_idmap-devel-1.16.1-150300.23.56.1
* libipa_hbac0-1.16.1-150300.23.56.1
* libipa_hbac-devel-1.16.1-150300.23.56.1
* sssd-ipa-1.16.1-150300.23.56.1
* sssd-krb5-1.16.1-150300.23.56.1
* sssd-ad-1.16.1-150300.23.56.1
* sssd-dbus-1.16.1-150300.23.56.1
* sssd-tools-debuginfo-1.16.1-150300.23.56.1
* libsss_idmap0-debuginfo-1.16.1-150300.23.56.1
* sssd-common-1.16.1-150300.23.56.1
* sssd-ldap-debuginfo-1.16.1-150300.23.56.1
* libsss_simpleifp-devel-1.16.1-150300.23.56.1
* sssd-proxy-debuginfo-1.16.1-150300.23.56.1
* sssd-ipa-debuginfo-1.16.1-150300.23.56.1
* sssd-1.16.1-150300.23.56.1
* sssd-dbus-debuginfo-1.16.1-150300.23.56.1
* libsss_certmap0-debuginfo-1.16.1-150300.23.56.1
* libsss_nss_idmap0-debuginfo-1.16.1-150300.23.56.1
* libsss_certmap-devel-1.16.1-150300.23.56.1
* python3-sssd-config-debuginfo-1.16.1-150300.23.56.1
* libsss_simpleifp0-1.16.1-150300.23.56.1
* sssd-common-debuginfo-1.16.1-150300.23.56.1
* sssd-krb5-common-debuginfo-1.16.1-150300.23.56.1
* libsss_simpleifp0-debuginfo-1.16.1-150300.23.56.1
* sssd-ldap-1.16.1-150300.23.56.1
* sssd-winbind-idmap-debuginfo-1.16.1-150300.23.56.1
* libipa_hbac0-debuginfo-1.16.1-150300.23.56.1
* libsss_nss_idmap-devel-1.16.1-150300.23.56.1
* sssd-debugsource-1.16.1-150300.23.56.1
* sssd-krb5-debuginfo-1.16.1-150300.23.56.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64)
* sssd-common-32bit-debuginfo-1.16.1-150300.23.56.1
* sssd-common-32bit-1.16.1-150300.23.56.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* libsss_idmap0-1.16.1-150300.23.56.1
* sssd-proxy-1.16.1-150300.23.56.1
* sssd-krb5-common-1.16.1-150300.23.56.1
* sssd-ad-debuginfo-1.16.1-150300.23.56.1
* sssd-tools-1.16.1-150300.23.56.1
* libsss_certmap0-1.16.1-150300.23.56.1
* sssd-winbind-idmap-1.16.1-150300.23.56.1
* libsss_nss_idmap0-1.16.1-150300.23.56.1
* python3-sssd-config-1.16.1-150300.23.56.1
* libsss_idmap-devel-1.16.1-150300.23.56.1
* libipa_hbac0-1.16.1-150300.23.56.1
* libipa_hbac-devel-1.16.1-150300.23.56.1
* sssd-ipa-1.16.1-150300.23.56.1
* sssd-krb5-1.16.1-150300.23.56.1
* sssd-ad-1.16.1-150300.23.56.1
* sssd-dbus-1.16.1-150300.23.56.1
* sssd-tools-debuginfo-1.16.1-150300.23.56.1
* libsss_idmap0-debuginfo-1.16.1-150300.23.56.1
* sssd-common-1.16.1-150300.23.56.1
* sssd-ldap-debuginfo-1.16.1-150300.23.56.1
* libsss_simpleifp-devel-1.16.1-150300.23.56.1
* sssd-proxy-debuginfo-1.16.1-150300.23.56.1
* sssd-ipa-debuginfo-1.16.1-150300.23.56.1
* sssd-1.16.1-150300.23.56.1
* sssd-dbus-debuginfo-1.16.1-150300.23.56.1
* libsss_certmap0-debuginfo-1.16.1-150300.23.56.1
* libsss_nss_idmap0-debuginfo-1.16.1-150300.23.56.1
* libsss_certmap-devel-1.16.1-150300.23.56.1
* python3-sssd-config-debuginfo-1.16.1-150300.23.56.1
* libsss_simpleifp0-1.16.1-150300.23.56.1
* sssd-common-debuginfo-1.16.1-150300.23.56.1
* sssd-krb5-common-debuginfo-1.16.1-150300.23.56.1
* libsss_simpleifp0-debuginfo-1.16.1-150300.23.56.1
* sssd-ldap-1.16.1-150300.23.56.1
* sssd-winbind-idmap-debuginfo-1.16.1-150300.23.56.1
* libipa_hbac0-debuginfo-1.16.1-150300.23.56.1
* libsss_nss_idmap-devel-1.16.1-150300.23.56.1
* sssd-debugsource-1.16.1-150300.23.56.1
* sssd-krb5-debuginfo-1.16.1-150300.23.56.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (x86_64)
* sssd-common-32bit-debuginfo-1.16.1-150300.23.56.1
* sssd-common-32bit-1.16.1-150300.23.56.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* libsss_idmap0-1.16.1-150300.23.56.1
* sssd-proxy-1.16.1-150300.23.56.1
* sssd-krb5-common-1.16.1-150300.23.56.1
* sssd-ad-debuginfo-1.16.1-150300.23.56.1
* sssd-tools-1.16.1-150300.23.56.1
* libsss_certmap0-1.16.1-150300.23.56.1
* sssd-winbind-idmap-1.16.1-150300.23.56.1
* libsss_nss_idmap0-1.16.1-150300.23.56.1
* python3-sssd-config-1.16.1-150300.23.56.1
* libsss_idmap-devel-1.16.1-150300.23.56.1
* libipa_hbac0-1.16.1-150300.23.56.1
* libipa_hbac-devel-1.16.1-150300.23.56.1
* sssd-ipa-1.16.1-150300.23.56.1
* sssd-krb5-1.16.1-150300.23.56.1
* sssd-ad-1.16.1-150300.23.56.1
* sssd-dbus-1.16.1-150300.23.56.1
* sssd-tools-debuginfo-1.16.1-150300.23.56.1
* libsss_idmap0-debuginfo-1.16.1-150300.23.56.1
* sssd-common-1.16.1-150300.23.56.1
* sssd-ldap-debuginfo-1.16.1-150300.23.56.1
* libsss_simpleifp-devel-1.16.1-150300.23.56.1
* sssd-proxy-debuginfo-1.16.1-150300.23.56.1
* sssd-ipa-debuginfo-1.16.1-150300.23.56.1
* sssd-1.16.1-150300.23.56.1
* sssd-dbus-debuginfo-1.16.1-150300.23.56.1
* libsss_certmap0-debuginfo-1.16.1-150300.23.56.1
* libsss_nss_idmap0-debuginfo-1.16.1-150300.23.56.1
* libsss_certmap-devel-1.16.1-150300.23.56.1
* python3-sssd-config-debuginfo-1.16.1-150300.23.56.1
* libsss_simpleifp0-1.16.1-150300.23.56.1
* sssd-common-debuginfo-1.16.1-150300.23.56.1
* sssd-krb5-common-debuginfo-1.16.1-150300.23.56.1
* libsss_simpleifp0-debuginfo-1.16.1-150300.23.56.1
* sssd-ldap-1.16.1-150300.23.56.1
* sssd-winbind-idmap-debuginfo-1.16.1-150300.23.56.1
* libipa_hbac0-debuginfo-1.16.1-150300.23.56.1
* libsss_nss_idmap-devel-1.16.1-150300.23.56.1
* sssd-debugsource-1.16.1-150300.23.56.1
* sssd-krb5-debuginfo-1.16.1-150300.23.56.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* sssd-common-32bit-debuginfo-1.16.1-150300.23.56.1
* sssd-common-32bit-1.16.1-150300.23.56.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* libsss_idmap0-1.16.1-150300.23.56.1
* sssd-proxy-1.16.1-150300.23.56.1
* sssd-krb5-common-1.16.1-150300.23.56.1
* sssd-ad-debuginfo-1.16.1-150300.23.56.1
* sssd-tools-1.16.1-150300.23.56.1
* libsss_certmap0-1.16.1-150300.23.56.1
* sssd-winbind-idmap-1.16.1-150300.23.56.1
* libsss_nss_idmap0-1.16.1-150300.23.56.1
* python3-sssd-config-1.16.1-150300.23.56.1
* libsss_idmap-devel-1.16.1-150300.23.56.1
* libipa_hbac0-1.16.1-150300.23.56.1
* libipa_hbac-devel-1.16.1-150300.23.56.1
* sssd-ipa-1.16.1-150300.23.56.1
* sssd-krb5-1.16.1-150300.23.56.1
* sssd-ad-1.16.1-150300.23.56.1
* sssd-dbus-1.16.1-150300.23.56.1
* sssd-tools-debuginfo-1.16.1-150300.23.56.1
* libsss_idmap0-debuginfo-1.16.1-150300.23.56.1
* sssd-common-1.16.1-150300.23.56.1
* sssd-ldap-debuginfo-1.16.1-150300.23.56.1
* libsss_simpleifp-devel-1.16.1-150300.23.56.1
* sssd-proxy-debuginfo-1.16.1-150300.23.56.1
* sssd-ipa-debuginfo-1.16.1-150300.23.56.1
* sssd-1.16.1-150300.23.56.1
* sssd-dbus-debuginfo-1.16.1-150300.23.56.1
* libsss_certmap0-debuginfo-1.16.1-150300.23.56.1
* libsss_nss_idmap0-debuginfo-1.16.1-150300.23.56.1
* libsss_certmap-devel-1.16.1-150300.23.56.1
* python3-sssd-config-debuginfo-1.16.1-150300.23.56.1
* libsss_simpleifp0-1.16.1-150300.23.56.1
* sssd-common-debuginfo-1.16.1-150300.23.56.1
* sssd-krb5-common-debuginfo-1.16.1-150300.23.56.1
* libsss_simpleifp0-debuginfo-1.16.1-150300.23.56.1
* sssd-ldap-1.16.1-150300.23.56.1
* sssd-winbind-idmap-debuginfo-1.16.1-150300.23.56.1
* libipa_hbac0-debuginfo-1.16.1-150300.23.56.1
* libsss_nss_idmap-devel-1.16.1-150300.23.56.1
* sssd-debugsource-1.16.1-150300.23.56.1
* sssd-krb5-debuginfo-1.16.1-150300.23.56.1
* SUSE Enterprise Storage 7.1 (x86_64)
* sssd-common-32bit-debuginfo-1.16.1-150300.23.56.1
* sssd-common-32bit-1.16.1-150300.23.56.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* libsss_idmap0-1.16.1-150300.23.56.1
* sssd-1.16.1-150300.23.56.1
* libsss_certmap0-debuginfo-1.16.1-150300.23.56.1
* sssd-krb5-common-1.16.1-150300.23.56.1
* libsss_idmap0-debuginfo-1.16.1-150300.23.56.1
* sssd-common-debuginfo-1.16.1-150300.23.56.1
* sssd-krb5-common-debuginfo-1.16.1-150300.23.56.1
* libsss_certmap0-1.16.1-150300.23.56.1
* sssd-ldap-1.16.1-150300.23.56.1
* libsss_nss_idmap0-debuginfo-1.16.1-150300.23.56.1
* libsss_nss_idmap0-1.16.1-150300.23.56.1
* sssd-common-1.16.1-150300.23.56.1
* sssd-ldap-debuginfo-1.16.1-150300.23.56.1
* sssd-debugsource-1.16.1-150300.23.56.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* libsss_idmap0-1.16.1-150300.23.56.1
* sssd-1.16.1-150300.23.56.1
* libsss_certmap0-debuginfo-1.16.1-150300.23.56.1
* sssd-krb5-common-1.16.1-150300.23.56.1
* libsss_idmap0-debuginfo-1.16.1-150300.23.56.1
* sssd-common-debuginfo-1.16.1-150300.23.56.1
* sssd-krb5-common-debuginfo-1.16.1-150300.23.56.1
* libsss_certmap0-1.16.1-150300.23.56.1
* sssd-ldap-1.16.1-150300.23.56.1
* libsss_nss_idmap0-debuginfo-1.16.1-150300.23.56.1
* libsss_nss_idmap0-1.16.1-150300.23.56.1
* sssd-common-1.16.1-150300.23.56.1
* sssd-ldap-debuginfo-1.16.1-150300.23.56.1
* sssd-debugsource-1.16.1-150300.23.56.1

## References:

* https://www.suse.com/security/cve/CVE-2025-11561.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244325
* https://bugzilla.suse.com/show_bug.cgi?id=1251827



SUSE-SU-2025:4229-1: important: Security update for buildah


# Security update for buildah

Announcement ID: SUSE-SU-2025:4229-1
Release Date: 2025-11-25T12:46:18Z
Rating: important
References:

* bsc#1253598

Cross-References:

* CVE-2025-47913

CVSS scores:

* CVE-2025-47913 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves one vulnerability can now be installed.

## Description:

This update for buildah fixes the following issues:

* CVE-2025-47913: Fixed a bug in the client process termination when receiving
an unexpected message type in response to a key listing or signing request.
(bsc#1253598)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-4229=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4229=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4229=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4229=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-4229=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* buildah-1.35.5-150300.8.49.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* buildah-1.35.5-150300.8.49.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150300.8.49.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* buildah-1.35.5-150300.8.49.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* buildah-1.35.5-150300.8.49.1

## References:

* https://www.suse.com/security/cve/CVE-2025-47913.html
* https://bugzilla.suse.com/show_bug.cgi?id=1253598



SUSE-SU-2025:4233-1: important: Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2025:4233-1
Release Date: 2025-11-25T14:33:50Z
Rating: important
References:

* bsc#1245778
* bsc#1251983

Cross-References:

* CVE-2023-53673
* CVE-2024-53141

CVSS scores:

* CVE-2023-53673 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53673 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53141 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53141 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53141 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.167 fixes
various security issues

The following security issues were fixed:

* CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before
deleting conn (bsc#1251983).
* CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt
(bsc#1245778).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4233=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-4233=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-53673.html
* https://www.suse.com/security/cve/CVE-2024-53141.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245778
* https://bugzilla.suse.com/show_bug.cgi?id=1251983



SUSE-SU-2025:4230-1: important: Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2025:4230-1
Release Date: 2025-11-25T13:34:28Z
Rating: important
References:

* bsc#1242882
* bsc#1245778
* bsc#1251983

Cross-References:

* CVE-2023-53673
* CVE-2024-53141
* CVE-2025-23145

CVSS scores:

* CVE-2023-53673 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53673 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53141 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53141 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53141 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-23145 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-23145 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-23145 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.158 fixes
various security issues

The following security issues were fixed:

* CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before
deleting conn (bsc#1251983).
* CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt
(bsc#1245778).
* CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow
(bsc#1242882).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4230=1 SUSE-2025-4228=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-4230=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-4228=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_38-debugsource-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_37-debugsource-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-11-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_38-debugsource-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_37-debugsource-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-11-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-53673.html
* https://www.suse.com/security/cve/CVE-2024-53141.html
* https://www.suse.com/security/cve/CVE-2025-23145.html
* https://bugzilla.suse.com/show_bug.cgi?id=1242882
* https://bugzilla.suse.com/show_bug.cgi?id=1245778
* https://bugzilla.suse.com/show_bug.cgi?id=1251983


Podman, Firefox, OpenSSH, and more updates for AlmaLinux

OpenJDK, Kernel, MuPDF updates for Ubuntu

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...