Python, Grub2, Redis, and more updates for SUSE

SUSE 5495 Published 2025-08-05 07:49 by Philipp Esselbach

News

openSUSE-SU-2025:15404-1: moderate: python39-3.9.23-4.1 on GA media

# python39-3.9.23-4.1 on GA media

Announcement ID: openSUSE-SU-2025:15404-1
Rating: moderate

Cross-References:

* CVE-2025-8194

CVSS scores:

* CVE-2025-8194 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-8194 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python39-3.9.23-4.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python39 3.9.23-4.1
* python39-curses 3.9.23-4.1
* python39-dbm 3.9.23-4.1
* python39-idle 3.9.23-4.1
* python39-tk 3.9.23-4.1

## References:

* https://www.suse.com/security/cve/CVE-2025-8194.html

openSUSE-SU-2025:15403-1: moderate: python314-3.14.0~rc1-2.1 on GA media

# python314-3.14.0~rc1-2.1 on GA media

Announcement ID: openSUSE-SU-2025:15403-1
Rating: moderate

Cross-References:

* CVE-2025-8194

CVSS scores:

* CVE-2025-8194 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-8194 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python314-3.14.0~rc1-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python314 3.14.0~rc1-2.1
* python314-curses 3.14.0~rc1-2.1
* python314-dbm 3.14.0~rc1-2.1
* python314-idle 3.14.0~rc1-2.1
* python314-tk 3.14.0~rc1-2.1
* python314-x86-64-v3 3.14.0~rc1-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-8194.html

openSUSE-SU-2025:15400-1: moderate: grub2-2.12-56.1 on GA media

# grub2-2.12-56.1 on GA media

Announcement ID: openSUSE-SU-2025:15400-1
Rating: moderate

Cross-References:

* CVE-2024-56738

CVSS scores:

* CVE-2024-56738 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-56738 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the grub2-2.12-56.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* grub2 2.12-56.1
* grub2-branding-upstream 2.12-56.1
* grub2-common 2.12-56.1
* grub2-i386-efi 2.12-56.1
* grub2-i386-efi-bls 2.12-56.1
* grub2-i386-efi-debug 2.12-56.1
* grub2-i386-efi-extras 2.12-56.1
* grub2-i386-pc 2.12-56.1
* grub2-i386-pc-debug 2.12-56.1
* grub2-i386-pc-extras 2.12-56.1
* grub2-i386-xen 2.12-56.1
* grub2-i386-xen-debug 2.12-56.1
* grub2-i386-xen-extras 2.12-56.1
* grub2-snapper-plugin 2.12-56.1
* grub2-systemd-sleep-plugin 2.12-56.1
* grub2-x86_64-efi 2.12-56.1
* grub2-x86_64-efi-bls 2.12-56.1
* grub2-x86_64-efi-debug 2.12-56.1
* grub2-x86_64-efi-extras 2.12-56.1
* grub2-x86_64-xen 2.12-56.1
* grub2-x86_64-xen-debug 2.12-56.1
* grub2-x86_64-xen-extras 2.12-56.1

## References:

* https://www.suse.com/security/cve/CVE-2024-56738.html

openSUSE-SU-2025:15402-1: moderate: python310-3.10.18-4.1 on GA media

# python310-3.10.18-4.1 on GA media

Announcement ID: openSUSE-SU-2025:15402-1
Rating: moderate

Cross-References:

* CVE-2025-8194

CVSS scores:

* CVE-2025-8194 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-8194 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python310-3.10.18-4.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python310 3.10.18-4.1
* python310-32bit 3.10.18-4.1
* python310-curses 3.10.18-4.1
* python310-dbm 3.10.18-4.1
* python310-idle 3.10.18-4.1
* python310-tk 3.10.18-4.1

## References:

* https://www.suse.com/security/cve/CVE-2025-8194.html

openSUSE-SU-2025:15401-1: moderate: liblua5_5-5-5.5.0~beta1-1.1 on GA media

# liblua5_5-5-5.5.0~beta1-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15401-1
Rating: moderate

Cross-References:

* CVE-2020-15888
* CVE-2020-15945
* CVE-2020-24342
* CVE-2020-24369
* CVE-2020-24370
* CVE-2020-24371
* CVE-2021-43519
* CVE-2021-44647
* CVE-2022-33099

CVSS scores:

* CVE-2020-15888 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2020-15945 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2020-24369 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2020-24370 ( SUSE ): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2020-24371 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-43519 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2022-33099 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 9 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the liblua5_5-5-5.5.0~beta1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* liblua5_5-5 5.5.0~beta1-1.1
* lua55 5.5.0~beta1-1.1
* lua55-devel 5.5.0~beta1-1.1
* lua55-doc 5.5.0~beta1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2020-15888.html
* https://www.suse.com/security/cve/CVE-2020-15945.html
* https://www.suse.com/security/cve/CVE-2020-24342.html
* https://www.suse.com/security/cve/CVE-2020-24369.html
* https://www.suse.com/security/cve/CVE-2020-24370.html
* https://www.suse.com/security/cve/CVE-2020-24371.html
* https://www.suse.com/security/cve/CVE-2021-43519.html
* https://www.suse.com/security/cve/CVE-2021-44647.html
* https://www.suse.com/security/cve/CVE-2022-33099.html

SUSE-SU-2025:02657-1: important: Security update for java-21-openjdk

# Security update for java-21-openjdk

Announcement ID: SUSE-SU-2025:02657-1
Release Date: 2025-08-04T10:34:53Z
Rating: important
References:

* bsc#1213796
* bsc#1246575
* bsc#1246584
* bsc#1246595
* bsc#1246598

Cross-References:

* CVE-2025-30749
* CVE-2025-30754
* CVE-2025-50059
* CVE-2025-50106

CVSS scores:

* CVE-2025-30749 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-30749 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-30749 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-30754 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-30754 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-30754 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-50059 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-50059 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-50106 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-50106 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves four vulnerabilities and has one security fix can now be
installed.

## Description:

This update for java-21-openjdk fixes the following issues:

Update to upstream tag jdk-21.0.8+9 (July 2025 CPU):

Security fixes:

* CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595)
* CVE-2025-30754: incomplete handshake may lead to weakening TLS protections
(bsc#1246598)
* CVE-2025-50059: Improve HTTP client header handling (bsc#1246575)
* CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584)

Other fixes:

* Allow compilation of openjdk for 40 years (bsc#1213796)

Changelog:

+ JDK-6956385: URLConnection.getLastModified() leaks file
handles for jar:file and file: URLs
+ JDK-8051591: Test
javax/swing/JTabbedPane/8007563/Test8007563.java fails
+ JDK-8136895: Writer not closed with disk full error, file
resource leaked
+ JDK-8180450: secondary_super_cache does not scale well
+ JDK-8183348: Better cleanup for
jdk/test/sun/security/pkcs12/P12SecretKey.java
+ JDK-8200566: DistributionPointFetcher fails to fetch CRLs if
the DistributionPoints field contains more than one
DistributionPoint and the first one fails
+ JDK-8202100: Merge vm/share/InMemoryJavaCompiler w/
jdk/test/lib/compiler/InMemoryJavaCompiler
+ JDK-8210471: GZIPInputStream constructor could leak an
un-end()ed Inflater
+ JDK-8211400: nsk.share.gc.Memory::getArrayLength returns
wrong value
+ JDK-8220213: com/sun/jndi/dns/ConfigTests/Timeout.java
failed intermittent
+ JDK-8249831: Test sun/security/mscapi/nonUniqueAliases/
/NonUniqueAliases.java is marked with @ignore
+ JDK-8253440: serviceability/sa/TestJhsdbJstackLineNumbers.java
failed with "Didn't find enough line numbers"
+ JDK-8256211: assert fired in
java/net/httpclient/DependentPromiseActionsTest (infrequent)
+ JDK-8258483: [TESTBUG] gtest
CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is
too small
+ JDK-8267174: Many test files have the wrong Copyright header
+ JDK-8270269: Desktop.browse method fails if earlier
CoInitialize call as COINIT_MULTITHREADED
+ JDK-8276995: Bug in jdk.jfr.event.gc.collection.TestSystemGC
+ JDK-8279016: JFR Leak Profiler is broken with Shenandoah
+ JDK-8280991: [XWayland] No displayChanged event after
setDisplayMode call
+ JDK-8281511: java/net/ipv6tests/UdpTest.java fails with
checkTime failed
+ JDK-8282726: java/net/vthread/BlockingSocketOps.java
timeout/hang intermittently on Windows
+ JDK-8286204: [Accessibility,macOS,VoiceOver] VoiceOver reads
the spinner value 10 as 1 when user iterates to 10 for the
first time on macOS
+ JDK-8286789: Test forceEarlyReturn002.java timed out
+ JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit
access thread fields from native
+ JDK-8294155: Exception thrown before awaitAndCheck hangs
PassFailJFrame
+ JDK-8295804: javax/swing/JFileChooser/
/JFileChooserSetLocationTest.java failed with "setLocation()
is not working properly"
+ JDK-8297692: Avoid sending per-region GCPhaseParallel JFR
events in G1ScanCollectionSetRegionClosure
+ JDK-8303770: Remove Baltimore root certificate expiring in
May 2025
+ JDK-8305010: Test vmTestbase/nsk/jvmti/scenarios/sampling/
/SP05/sp05t003/TestDescription.java timed out: thread not
suspended
+ JDK-8307318: Test serviceability/sa/
/ClhsdbCDSJstackPrintAll.java failed:
ArrayIndexOutOfBoundsException
+ JDK-8307824: Clean up Finalizable.java and finalize
terminology in vmTestbase/nsk/share
+ JDK-8308033: The jcmd thread dump related tests should test
virtual threads
+ JDK-8308966: Add intrinsic for float/double modulo for x86
AVX2 and AVX512
+ JDK-8309667: TLS handshake fails because of
ConcurrentModificationException in PKCS12KeyStore
.engineGetEntry
+ JDK-8309841: Jarsigner should print a warning if an entry is
removed
+ JDK-8309978: [x64] Fix useless padding
+ JDK-8310066: Improve test coverage for JVMTI GetThreadState
on carrier and mounted vthread
+ JDK-8310525: DynamicLauncher for JDP test needs to try
harder to find a free port
+ JDK-8310643: Misformatted copyright messages in FFM
+ JDK-8312246: NPE when HSDB visits bad oop
+ JDK-8312475: org.jline.util.PumpReader signed byte problem
+ JDK-8313290: Misleading exception message from
STS.Subtask::get when task forked after shutdown
+ JDK-8313430: [JVMCI] fatal error: Never compilable: in JVMCI
shutdown
+ JDK-8313654: Test WaitNotifySuspendedVThreadTest.java timed
out
+ JDK-8314056: Remove runtime platform check from frem/drem
+ JDK-8314136: Test java/net/httpclient/CancelRequestTest.java
failed: WARNING: tracker for HttpClientImpl(42) has
outstanding operations
+ JDK-8314236: Overflow in Collections.rotate
+ JDK-8314319: LogCompilation doesn't reset lateInlining when
it encounters a failure.
+ JDK-8314840: 3 gc/epsilon tests ignore external vm options
+ JDK-8314842: zgc/genzgc tests ignore vm flags
+ JDK-8315128: jdk/jfr/event/runtime/
/TestResidentSetSizeEvent.java fails with "The size should be
less than or equal to peak"
+ JDK-8315484: java/awt/dnd/RejectDragDropActionTest.java
timed out
+ JDK-8315669: Open source several Swing PopupMenu related
tests
+ JDK-8315742: Open source several Swing Scroll related tests
+ JDK-8315827: Kitchensink.java and RenaissanceStressTest.java
time out with jvmti module errors
+ JDK-8315871: Opensource five more Swing regression tests
+ JDK-8315876: Open source several Swing CSS related tests
+ JDK-8315951: Open source several Swing HTMLEditorKit related
tests
+ JDK-8315981: Opensource five more random Swing tests
+ JDK-8316061: Open source several Swing RootPane and Slider
related tests
+ JDK-8316324: Opensource five miscellaneous Swing tests
+ JDK-8316388: Opensource five Swing component related
regression tests
+ JDK-8316452: java/lang/instrument/modules/
/AppendToClassPathModuleTest.java ignores VM flags
+ JDK-8316497: ColorConvertOp - typo for non-ICC conversions
needs one-line fix
+ JDK-8316580: HttpClient with StructuredTaskScope does not
close when a task fails
+ JDK-8316629: j.text.DateFormatSymbols setZoneStrings()
exception is unhelpful
+ JDK-8317264: Pattern.Bound has `static` fields that should
be `static final`.
+ JDK-8318509: x86 count_positives intrinsic broken for
-XX:AVX3Threshold=0
+ JDK-8318636: Add jcmd to print annotated process memory map
+ JDK-8318700: MacOS Zero cannot run gtests due to wrong JVM
path
+ JDK-8318811: Compiler directives parser swallows a character
after line comments
+ JDK-8318915: Enhance checks in BigDecimal.toPlainString()
+ JDK-8319439: Move BufferNode from PtrQueue files to new files
+ JDK-8319572: Test jdk/incubator/vector/LoadJsvmlTest.java
ignores VM flags
+ JDK-8319690: [AArch64] C2 compilation hits
offset_ok_for_immed: assert "c2 compiler bug"
+ JDK-8320687: sun.jvmstat.monitor.MonitoredHost
.getMonitoredHost() throws unexpected exceptions when invoked
concurrently
+ JDK-8320948: NPE due to unreported compiler error
+ JDK-8321204: C2: assert(false) failed: node should be in
igvn hash table
+ JDK-8321479: java -D-D crashes
+ JDK-8321931: memory_swap_current_in_bytes reports 0 as
"unlimited"
+ JDK-8322141: SequenceInputStream.transferTo should not
return as soon as Long.MAX_VALUE bytes have been transferred
+ JDK-8322475: Extend printing for System.map
+ JDK-8323795: jcmd Compiler.codecache should print total size
of code cache
+ JDK-8324345: Stack overflow during C2 compilation when
splitting memory phi
+ JDK-8324678: Replace NULL with nullptr in HotSpot gtests
+ JDK-8324681: Replace NULL with nullptr in HotSpot jtreg test
native code files
+ JDK-8324799: Use correct extension for C++ test headers
+ JDK-8324880: Rename get_stack_trace.h
+ JDK-8325055: Rename Injector.h
+ JDK-8325180: Rename jvmti_FollowRefObjects.h
+ JDK-8325347: Rename native_thread.h
+ JDK-8325367: Rename nsk_list.h
+ JDK-8325435: [macos] Menu or JPopupMenu not closed when main
window is resized
+ JDK-8325456: Rename nsk_mutex.h
+ JDK-8325458: Rename mlvmJvmtiUtils.h
+ JDK-8325680: Uninitialised memory in deleteGSSCB of
GSSLibStub.c:179
+ JDK-8325682: Rename nsk_strace.h
+ JDK-8325910: Rename jnihelper.h
+ JDK-8326090: Rename jvmti_aod.h
+ JDK-8326389: [test] improve assertEquals failure output
+ JDK-8326524: Rename agent_common.h
+ JDK-8326586: Improve Speed of System.map
+ JDK-8327071: [Testbug] g-tests for cgroup leave files in
/tmp on linux
+ JDK-8327169: serviceability/dcmd/vm/SystemMapTest.java and
SystemDumpMapTest.java may fail after JDK-8326586
+ JDK-8327370: (ch) sun.nio.ch.Poller.register throws
AssertionError
+ JDK-8327461: KeyStore getEntry is not thread-safe
+ JDK-8328107: Shenandoah/C2: TestVerifyLoopOptimizations test
failure
+ JDK-8328301: Convert Applet test
ManualHTMLDataFlavorTest.java to main program
+ JDK-8328482: Convert and Open source few manual applet test
to main based
+ JDK-8328484: Convert and Opensource few JFileChooser applet
test to main
+ JDK-8328648: Remove applet usage from JFileChooser tests
bug4150029
+ JDK-8328670: Automate and open source few closed manual
applet test
+ JDK-8328673: Convert closed text/html/CSS manual applet test
to main
+ JDK-8328864: NullPointerException in
sun.security.jca.ProviderList.getService()
+ JDK-8329261: G1: interpreter post-barrier x86 code asserts
index size of wrong buffer
+ JDK-8329729:
java/util/Properties/StoreReproducibilityTest.java times out
+ JDK-8330106: C2: VectorInsertNode::make() shouldn't call
ConINode::make() directly
+ JDK-8330158: C2: Loop strip mining uses ABS with min int
+ JDK-8330534: Update nsk/jdwp tests to use driver instead of
othervm
+ JDK-8330598: java/net/httpclient/Http1ChunkedTest.java fails
with java.util.MissingFormatArgumentException: Format
specifier '%s'
+ JDK-8330936: [ubsan] exclude function BilinearInterp and
ShapeSINextSpan in libawt java2d from ubsan checks
+ JDK-8331088: Incorrect TraceLoopPredicate output
+ JDK-8331735: UpcallLinker::on_exit races with GC when
copying frame anchor
+ JDK-8332252: Clean up vmTestbase/vm/share
+ JDK-8332506: SIGFPE In
ObjectSynchronizer::is_async_deflation_needed()
+ JDK-8332631: Update nsk.share.jpda.BindServer to don't use
finalization
+ JDK-8332641: Update nsk.share.jpda.Jdb to don't use
finalization
+ JDK-8332880: JFR GCHelper class recognizes "Archive" regions
as valid
+ JDK-8332921: Ctrl+C does not call shutdown hooks after JLine
upgrade
+ JDK-8333013: Update vmTestbase/nsk/share/LocalProcess.java
to don't use finalization
+ JDK-8333117: Remove support of remote and manual debuggee
launchers
+ JDK-8333680: com/sun/tools/attach/BasicTests.java fails with
"SocketException: Permission denied: connect"
+ JDK-8333805: Replaying compilation with null static final
fields results in a crash
+ JDK-8333890: Fatal error in auto-vectorizer with float16
kernel.
+ JDK-8334644: Automate
javax/print/attribute/PageRangesException.java
+ JDK-8334780: Crash: assert(h_array_list.not_null()) failed:
invariant
+ JDK-8334895: OpenJDK fails to configure on linux aarch64
when CDS is disabled after JDK-8331942
+ JDK-8335181: Incorrect handling of HTTP/2 GOAWAY frames in
HttpClient
+ JDK-8335643: serviceability/dcmd/vm tests fail for ZGC after
JDK-8322475
+ JDK-8335662: [AArch64] C1: guarantee(val < (1ULL << nbits))
failed: Field too big for insn
+ JDK-8335684: Test ThreadCpuTime.java should pause like
ThreadCpuTimeArray.java
+ JDK-8335710: serviceability/dcmd/vm/SystemDumpMapTest.java
and SystemMapTest.java fail on Linux Alpine after 8322475
+ JDK-8335836: serviceability/jvmti/StartPhase/AllowedFunctions/
/AllowedFunctions.java fails with unexpected exit code: 112
+ JDK-8335860: compiler/vectorization/
/TestFloat16VectorConvChain.java fails with non-standard
AVX/SSE settings
+ JDK-8336042: Caller/callee param size mismatch in
deoptimization causes crash
+ JDK-8336499: Failure when creating non-CRT RSA private keys
in SunPKCS11
+ JDK-8336587: failure_handler lldb command times out on
macosx-aarch64 core file
+ JDK-8336827: compiler/vectorization/
/TestFloat16VectorConvChain.java timeouts on ppc64 platforms
after JDK-8335860
+ JDK-8337221: CompileFramework: test library to conveniently
compile java and jasm sources for fuzzing
+ JDK-8337299: vmTestbase/nsk/jdb/stop_at/stop_at002/
/stop_at002.java failure goes undetected
+ JDK-8337681: PNGImageWriter uses much more memory than
necessary
+ JDK-8337795: Type annotation attached to incorrect type
during class reading
+ JDK-8337958: Out-of-bounds array access in
secondary_super_cache
+ JDK-8337981: ShenandoahHeap::is_in should check for alive
regions
+ JDK-8337998: CompletionFailure in getEnclosingType attaching
type annotations
+ JDK-8338010: WB_IsFrameDeoptimized miss ResourceMark
+ JDK-8338064: Give better error for ConcurrentHashTable
corruption
+ JDK-8338136: Hotspot should support multiple large page
sizes on Windows
+ JDK-8338154: Fix -Wzero-as-null-pointer-constant warnings in
gtest framework
+ JDK-8338202: Shenandoah: Improve handshake closure labels
+ JDK-8338314: JFR: Split JFRCheckpoint VM operation
+ JDK-8339148: Make os::Linux::active_processor_count() public
+ JDK-8339288: Improve diagnostic logging
runtime/cds/DeterministicDump.java
+ JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm
gtest fails on ppc64 based platforms
+ JDK-8339538: Wrong timeout computations in DnsClient
+ JDK-8339639: Opensource few AWT PopupMenu tests
+ JDK-8339678: Update runtime/condy tests to be executed with
VM flags
+ JDK-8339727: Open source several AWT focus tests - series 1
+ JDK-8339769: Incorrect error message during startup if
working directory does not exist
+ JDK-8339794: Open source closed choice tests #1
+ JDK-8339810: Clean up the code in sun.tools.jar.Main to
properly close resources and use ZipFile during extract
+ JDK-8339836: Open source several AWT Mouse tests - Batch 1
+ JDK-8339842: Open source several AWT focus tests - series 2
+ JDK-8339895: Open source several AWT focus tests - series 3
+ JDK-8339906: Open source several AWT focus tests - series 4
+ JDK-8339935: Open source several AWT focus tests - series 5
+ JDK-8339982: Open source several AWT Mouse tests - Batch 2
+ JDK-8339984: Open source AWT MenuItem related tests
+ JDK-8339995: Open source several AWT focus tests - series 6
+ JDK-8340024: In ClassReader, extract a constant for the
superclass supertype_index
+ JDK-8340077: Open source few Checkbox tests - Set2
+ JDK-8340084: Open source AWT Frame related tests
+ JDK-8340143: Open source several Java2D rendering loop tests.
+ JDK-8340146: ZGC: TestAllocateHeapAt.java should not run
with UseLargePages
+ JDK-8340164: Open source few Component tests - Set1
+ JDK-8340173: Open source some Component/Panel/EventQueue
tests - Set2
+ JDK-8340176: Replace usage of -noclassgc with -Xnoclassgc in
test/jdk/java/lang/management/MemoryMXBean/LowMemoryTest2.java
+ JDK-8340193: Open source several AWT Dialog tests - Batch 1
+ JDK-8340228: Open source couple more miscellaneous AWT tests
+ JDK-8340271: Open source several AWT Robot tests
+ JDK-8340279: Open source several AWT Dialog tests - Batch 2
+ JDK-8340332: Open source mixed AWT tests - Set3
+ JDK-8340366: Open source several AWT Dialog tests - Batch 3
+ JDK-8340367: Opensource few AWT image tests
+ JDK-8340393: Open source closed choice tests #2
+ JDK-8340407: Open source a few more Component related tests
+ JDK-8340417: Open source some MenuBar tests - Set1
+ JDK-8340432: Open source some MenuBar tests - Set2
+ JDK-8340433: Open source closed choice tests #3
+ JDK-8340437: Open source few more AWT Frame related tests
+ JDK-8340458: Open source additional Component tests (part 2)
+ JDK-8340555: Open source DnD tests - Set4
+ JDK-8340560: Open Source several AWT/2D font and rendering
tests
+ JDK-8340605: Open source several AWT PopupMenu tests
+ JDK-8340621: Open source several AWT List tests
+ JDK-8340625: Open source additional Component tests (part 3)
+ JDK-8340639: Open source few more AWT List tests
+ JDK-8340713: Open source DnD tests - Set5
+ JDK-8340784: Remove PassFailJFrame constructor with
screenshots
+ JDK-8340790: Open source several AWT Dialog tests - Batch 4
+ JDK-8340809: Open source few more AWT PopupMenu tests
+ JDK-8340874: Open source some of the AWT Geometry/Button
tests
+ JDK-8340907: Open source closed frame tests # 2
+ JDK-8340966: Open source few Checkbox and Cursor tests - Set1
+ JDK-8340967: Open source few Cursor tests - Set2
+ JDK-8340978: Open source few DnD tests - Set6
+ JDK-8340985: Open source some Desktop related tests
+ JDK-8341000: Open source some of the AWT Window tests
+ JDK-8341004: Open source AWT FileDialog related tests
+ JDK-8341072: Open source several AWT Canvas and Rectangle
related tests
+ JDK-8341128: open source some 2d graphics tests
+ JDK-8341148: Open source several Choice related tests
+ JDK-8341162: Open source some of the AWT window test
+ JDK-8341170: Open source several Choice related tests (part 2)
+ JDK-8341177: Opensource few List and a Window test
+ JDK-8341191: Open source few more AWT FileDialog tests
+ JDK-8341239: Open source closed frame tests # 3
+ JDK-8341257: Open source few DND tests - Set1
+ JDK-8341258: Open source few various AWT tests - Set1
+ JDK-8341278: Open source few TrayIcon tests - Set7
+ JDK-8341298: Open source more AWT window tests
+ JDK-8341373: Open source closed frame tests # 4
+ JDK-8341378: Open source few TrayIcon tests - Set8
+ JDK-8341447: Open source closed frame tests # 5
+ JDK-8341535: sun/awt/font/TestDevTransform.java fails with
RuntimeException: Different rendering
+ JDK-8341637: java/net/Socket/UdpSocket.java fails with
"java.net.BindException: Address already in use"
(macos-aarch64)
+ JDK-8341779: [REDO BACKPORT] type annotations are not
visible to javac plugins across compilation boundaries
(JDK-8225377)
+ JDK-8341972: java/awt/dnd/DnDRemoveFocusOwnerCrashTest.java
timed out after JDK-8341257
+ JDK-8342075: HttpClient: improve HTTP/2 flow control checks
+ JDK-8342376: More reliable OOM handling in
ExceptionDuringDumpAtObjectsInitPhase test
+ JDK-8342524: Use latch in AbstractButton/bug6298940.java
instead of delay
+ JDK-8342633: javax/management/security/
/HashedPasswordFileTest.java creates tmp file in src dir
+ JDK-8342958: Use jvmArgs consistently in microbenchmarks
+ JDK-8343019: Primitive caches must use boxed instances from
the archive
+ JDK-8343037: Missing @since tag on JColorChooser.showDialog
overload
+ JDK-8343103: Enable debug logging for vmTestbase/nsk/jvmti/
/scenarios/sampling/SP05/sp05t003/TestDescription.java
+ JDK-8343124: Tests fails with java.lang.IllegalAccessException:
class com.sun.javatest.regtest.agent.MainWrapper$MainTask
cannot access
+ JDK-8343144: UpcallLinker::on_entry racingly clears pending
exception with GC safepoints
+ JDK-8343170: java/awt/Cursor/JPanelCursorTest/
/JPanelCursorTest.java does not show the default cursor
+ JDK-8343224: print/Dialog/PaperSizeError.java fails with
MediaSizeName is not A4: A4
+ JDK-8343342: java/io/File/GetXSpace.java fails on Windows
with CD-ROM drive
+ JDK-8343345: Use -jvmArgsPrepend when running
microbenchmarks in RunTests.gmk
+ JDK-8343529: serviceability/sa/ClhsdbWhere.java fails
AssertionFailure: Corrupted constant pool
+ JDK-8343754: Problemlist
jdk/jfr/event/oldobject/TestShenandoah.java after JDK-8279016
+ JDK-8343855: HTTP/2 ConnectionWindowUpdateSender may miss
some unprocessed DataFrames from closed streams
+ JDK-8343891: Test javax/swing/JTabbedPane/
/TestJTabbedPaneBackgroundColor.java failed
+ JDK-8343936: Adjust timeout in test
javax/management/monitor/DerivedGaugeMonitorTest.java
+ JDK-8344316: security/auth/callback/TextCallbackHandler/
/Password.java make runnable with JTReg and add the UI
+ JDK-8344346: java/net/httpclient/ShutdownNow.java fails with
java.lang.AssertionError: client was still running, but exited
after further delay: timeout should be adjusted
+ JDK-8344361: Restore null return for invalid services from
legacy providers
+ JDK-8344414: ZGC: Another division by zero in
rule_major_allocation_rate
+ JDK-8344925: translet-name ignored when package-name is also
set
+ JDK-8345133: Test sun/security/tools/jarsigner/
/TsacertOptionTest.java failed: Warning found in stdout
+ JDK-8345134: Test sun/security/tools/jarsigner/
/ConciseJarsigner.java failed: unable to find valid
certification path to requested target
+ JDK-8345146: [PPC64] Make intrinsic conversions between bit
representations of half precision values and floats
+ JDK-8345341: Fix incorrect log message in JDI stop002t test
+ JDK-8345357: test/jdk/javax/swing/JRadioButton/8033699/
/bug8033699.java fails in ubuntu22.04
+ JDK-8345447: test/jdk/javax/swing/JToolBar/4529206/
/bug4529206.java fails in ubuntu22.04
+ JDK-8345547: test/jdk/javax/swing/text/DefaultEditorKit/
/4278839/bug4278839.java fails in ubuntu22.04
+ JDK-8345598: Upgrade NSS binaries for interop tests
+ JDK-8345625: Better HTTP connections
+ JDK-8345728: [Accessibility,macOS,Screen Magnifier]:
JCheckbox unchecked state does not magnify but works for
checked state
+ JDK-8345838: Remove the
appcds/javaldr/AnonVmClassesDuringDump.java test
+ JDK-8346049: jdk/test/lib/security/timestamp/TsaServer.java
warnings
+ JDK-8346082: Output JVMTI agent information in hserr files
+ JDK-8346264: "Total compile time" counter should include
time spent in failing/bailout compiles
+ JDK-8346581: JRadioButton/ButtonGroupFocusTest.java fails in
CI on Linux
+ JDK-8346888: [ubsan] block.cpp:1617:30: runtime error:
9.97582e+36 is outside the range of representable values of
type 'int'
+ JDK-8347000: Bug in
com/sun/net/httpserver/bugs/B6361557.java test
+ JDK-8347019: Test javax/swing/JRadioButton/8033699/
/bug8033699.java still fails: Focus is not on Radio Button
Single as Expected
+ JDK-8347083: Incomplete logging in nsk/jvmti/
/ResourceExhausted/resexhausted00* tests
+ JDK-8347126: gc/stress/TestStressG1Uncommit.java gets
OOM-killed
+ JDK-8347173: java/net/DatagramSocket/
/InterruptibleDatagramSocket.java fails with virtual thread
factory
+ JDK-8347286: (fs) Remove some extensions from
java/nio/file/Files/probeContentType/Basic.java
+ JDK-8347296: WinInstallerUiTest fails in local test runs if
the path to test work directory is longer that regular
+ JDK-8347373: HTTP/2 flow control checks may count
unprocessed data twice
+ JDK-8347506: Compatible OCSP readtimeout property with OCSP
timeout
+ JDK-8347596: Update HSS/LMS public key encoding
+ JDK-8347629: Test FailOverDirectExecutionControlTest.java
fails with -Xcomp
+ JDK-8347995: Race condition in jdk/java/net/httpclient/
/offline/FixedResponseHttpClient.java
+ JDK-8348107: test/jdk/java/net/httpclient/
/HttpsTunnelAuthTest.java fails intermittently
+ JDK-8348110: Update LCMS to 2.17
+ JDK-8348299: Update List/ItemEventTest/ItemEventTest.java
+ JDK-8348323: Corrupted timezone string in JVM crash log
+ JDK-8348596: Update FreeType to 2.13.3
+ JDK-8348597: Update HarfBuzz to 10.4.0
+ JDK-8348598: Update Libpng to 1.6.47
+ JDK-8348600: Update PipeWire to 1.3.81
+ JDK-8348865: JButton/bug4796987.java never runs because
Windows XP is unavailable
+ JDK-8348936: [Accessibility,macOS,VoiceOver] VoiceOver
doesn't announce untick on toggling the checkbox with "space"
key on macOS
+ JDK-8348989: Better Glyph drawing
+ JDK-8349111: Enhance Swing supports
+ JDK-8349200: [JMH]
time.format.ZonedDateTimeFormatterBenchmark fails
+ JDK-8349348: Refactor ClassLoaderDeadlock.sh and Deadlock.sh
to run fully in java
+ JDK-8349358: [JMH] Cannot access class
jdk.internal.vm.ContinuationScope
+ JDK-8349492: Update sun/security/pkcs12/
/KeytoolOpensslInteropTest.java to use a recent Openssl
version
+ JDK-8349501: Relocate supporting classes in
security/testlibrary to test/lib/jdk tree
+ JDK-8349594: Enhance TLS protocol support
+ JDK-8349623: [ASAN] Gtest os_linux.glibc_mallinfo_wrapper_vm
fails
+ JDK-8349637: Integer.numberOfLeadingZeros outputs
incorrectly in certain cases
+ JDK-8349751: AIX build failure after upgrade pipewire to
1.3.81
+ JDK-8350201: Out of bounds access on Linux aarch64 in
os::print_register_info
+ JDK-8350211: CTW: Attempt to preload all classes in constant
pool
+ JDK-8350224: Test javax/swing/JComboBox/
/TestComboBoxComponentRendering.java fails in ubuntu 23.x and
later
+ JDK-8350260: Improve HTML instruction formatting in
PassFailJFrame
+ JDK-8350313: Include timings for leaving safepoint in
safepoint logging
+ JDK-8350383: Test: add more test case for string compare (UL
case)
+ JDK-8350386: Test TestCodeCacheFull.java fails with option
-XX:-UseCodeCacheFlushing
+ JDK-8350412: [21u] AArch64: Ambiguous frame layout leads to
incorrect traces in JFR
+ JDK-8350483: AArch64: turn on signum intrinsics by default
on Ampere CPUs
+ JDK-8350498: Remove two Camerfirma root CA certificates
+ JDK-8350546: Several java/net/InetAddress tests fails
UnknownHostException
+ JDK-8350616: Skip ValidateHazardPtrsClosure in non-debug
builds
+ JDK-8350650: Bump update version for OpenJDK: jdk-21.0.8
+ JDK-8350682: [JMH] vector.IndexInRangeBenchmark failed with
IndexOutOfBoundsException for size=1024
+ JDK-8350786: Some java/lang jtreg tests miss requires
vm.hasJFR
+ JDK-8350924: javax/swing/JMenu/4213634/bug4213634.java fails
+ JDK-8350991: Improve HTTP client header handling
+ JDK-8351086: (fc) Make java/nio/channels/FileChannel/
/BlockDeviceSize.java test manual
+ JDK-8351500: G1: NUMA migrations cause crashes in region
allocation
+ JDK-8351665: Remove unused UseNUMA in os_aix.cpp
+ JDK-8351933: Inaccurate masking of TC subfield decrement in
ForkJoinPool
+ JDK-8352076: [21u] Problem list tests that fail in 21 and
would be fixed by 8309622
+ JDK-8352109: java/awt/Desktop/MailTest.java fails in
platforms where Action.MAIL is not supported
+ JDK-8352302: Test sun/security/tools/jarsigner/
/TimestampCheck.java is failing
+ JDK-8352512: TestVectorZeroCount: counter not reset between
iterations
+ JDK-8352676: Opensource JMenu tests - series1
+ JDK-8352680: Opensource few misc swing tests
+ JDK-8352684: Opensource JInternalFrame tests - series1
+ JDK-8352706: httpclient HeadTest does not run on HTTP2
+ JDK-8352716: (tz) Update Timezone Data to 2025b
+ JDK-8352908: Open source several swing tests batch1
+ JDK-8352942: jdk/jfr/startupargs/TestMemoryOptions.java
fails with 32-bit build
+ JDK-8353070: Clean up and open source couple AWT Graphics
related tests (Part 1)
+ JDK-8353138: Screen capture for test
TaskbarPositionTest.java, failure case
+ JDK-8353190: Use "/native" Run Option for
TestAvailableProcessors Execution
+ JDK-8353237: [AArch64] Incorrect result of
VectorizedHashCode intrinsic on Cortex-A53
+ JDK-8353320: Open source more Swing text tests
+ JDK-8353446: Open source several AWT Menu tests - Batch 2
+ JDK-8353475: Open source two Swing DefaultCaret tests
+ JDK-8353685: Open some JComboBox bugs 4
+ JDK-8353709: Debug symbols bundle should contain full debug
files when building --with-external-symbols-in-bundles=public
+ JDK-8353787: Increased number of SHA-384-Digest
java.util.jar.Attributes$Name instances leading to higher
memory footprint
+ JDK-8353942: Open source Swing Tests - Set 5
+ JDK-8354255: [jittester] Remove TempDir debug output
+ JDK-8354530: AIX: sporadic unexpected errno when calling
setsockopt in Net.joinOrDrop
+ JDK-8354554: Open source several clipboard tests batch1
+ JDK-8354802: MAX_SECS definition is unused in os_linux
+ JDK-8354893: [REDO BACKPORT] javac crashes while adding type
annotations to the return type of a constructor (JDK-8320001)
+ JDK-8355498: [AIX] Adapt code for C++ VLA rule
+ JDK-8356053: Test java/awt/Toolkit/Headless/
/HeadlessToolkit.java fails by timeout
+ JDK-8356096: ISO 4217 Amendment 179 Update
+ JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS
+ JDK-8357105: C2: compilation fails with "assert(false)
failed: empty program detected during loop optimization"
+ JDK-8357193: [VS 2022 17.14] Warning C5287 in debugInit.c:
enum type mismatch during build
+ JDK-8359170: Add 2 TLS and 2 CS Sectigo roots
+ JDK-8360147: Better Glyph drawing redux
+ JDK-8360406: [21u] Disable logic for attaching type
annotations to class files until 8359336 is fixed
+ JDK-8361672: [21u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.8

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2657=1 openSUSE-SLE-15.6-2025-2657=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2657=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2657=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* java-21-openjdk-debuginfo-21.0.8.0-150600.3.15.1
* java-21-openjdk-debugsource-21.0.8.0-150600.3.15.1
* java-21-openjdk-devel-21.0.8.0-150600.3.15.1
* java-21-openjdk-headless-debuginfo-21.0.8.0-150600.3.15.1
* java-21-openjdk-src-21.0.8.0-150600.3.15.1
* java-21-openjdk-21.0.8.0-150600.3.15.1
* java-21-openjdk-demo-21.0.8.0-150600.3.15.1
* java-21-openjdk-devel-debuginfo-21.0.8.0-150600.3.15.1
* java-21-openjdk-headless-21.0.8.0-150600.3.15.1
* java-21-openjdk-jmods-21.0.8.0-150600.3.15.1
* openSUSE Leap 15.6 (noarch)
* java-21-openjdk-javadoc-21.0.8.0-150600.3.15.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* java-21-openjdk-debuginfo-21.0.8.0-150600.3.15.1
* java-21-openjdk-debugsource-21.0.8.0-150600.3.15.1
* java-21-openjdk-devel-21.0.8.0-150600.3.15.1
* java-21-openjdk-headless-debuginfo-21.0.8.0-150600.3.15.1
* java-21-openjdk-21.0.8.0-150600.3.15.1
* java-21-openjdk-demo-21.0.8.0-150600.3.15.1
* java-21-openjdk-devel-debuginfo-21.0.8.0-150600.3.15.1
* java-21-openjdk-headless-21.0.8.0-150600.3.15.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* java-21-openjdk-debuginfo-21.0.8.0-150600.3.15.1
* java-21-openjdk-debugsource-21.0.8.0-150600.3.15.1
* java-21-openjdk-devel-21.0.8.0-150600.3.15.1
* java-21-openjdk-headless-debuginfo-21.0.8.0-150600.3.15.1
* java-21-openjdk-21.0.8.0-150600.3.15.1
* java-21-openjdk-demo-21.0.8.0-150600.3.15.1
* java-21-openjdk-devel-debuginfo-21.0.8.0-150600.3.15.1
* java-21-openjdk-headless-21.0.8.0-150600.3.15.1

## References:

* https://www.suse.com/security/cve/CVE-2025-30749.html
* https://www.suse.com/security/cve/CVE-2025-30754.html
* https://www.suse.com/security/cve/CVE-2025-50059.html
* https://www.suse.com/security/cve/CVE-2025-50106.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213796
* https://bugzilla.suse.com/show_bug.cgi?id=1246575
* https://bugzilla.suse.com/show_bug.cgi?id=1246584
* https://bugzilla.suse.com/show_bug.cgi?id=1246595
* https://bugzilla.suse.com/show_bug.cgi?id=1246598

SUSE-SU-2025:02632-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)

# Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:02632-1
Release Date: 2025-08-04T11:34:30Z
Rating: important
References:

* bsc#1235250
* bsc#1245771
* bsc#1245776
* bsc#1245793
* bsc#1245797
* bsc#1245804

Cross-References:

* CVE-2024-26809
* CVE-2024-53125
* CVE-2024-56664
* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2024-26809 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26809 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53125 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_17 fixes several issues.

The following security issues were fixed:

* CVE-2024-56664: bpf, sockmap: Fix race between element replace and close()
(bsc#1235250).
* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def
(bsc#1245804).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).
* CVE-2024-26809: netfilter: nft_set_pipapo: release elements in clone only
from destroy path (bsc#1245771).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2632=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-2665=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2665=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
* kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1
* kernel-livepatch-SLE15-SP6-RT_Update_1-debugsource-18-150600.2.1
* kernel-livepatch-6_4_0-150600_10_5-rt-debuginfo-18-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_3-debugsource-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-18-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_3-debugsource-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-18-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-26809.html
* https://www.suse.com/security/cve/CVE-2024-53125.html
* https://www.suse.com/security/cve/CVE-2024-56664.html
* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235250
* https://bugzilla.suse.com/show_bug.cgi?id=1245771
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797
* https://bugzilla.suse.com/show_bug.cgi?id=1245804

SUSE-SU-2025:02637-1: important: Security update for the Linux Kernel RT (Live Patch 10 for SLE 15 SP6)

# Security update for the Linux Kernel RT (Live Patch 10 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:02637-1
Release Date: 2025-08-04T11:34:13Z
Rating: important
References:

* bsc#1245776
* bsc#1245793
* bsc#1245797

Cross-References:

* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 12-SP5
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_10_34 fixes several issues.

The following security issues were fixed:

* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 12-SP5
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2025-2637=1 SUSE-SLE-Live-
Patching-12-SP5-2025-2622=1 SUSE-SLE-Live-Patching-12-SP5-2025-2663=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2650=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2650=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2654=1 SUSE-2025-2642=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2654=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-2642=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2635=1

## Package List:

* SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
* kgraft-patch-4_12_14-122_244-default-7-2.1
* kgraft-patch-4_12_14-122_247-default-5-2.1
* kgraft-patch-4_12_14-122_255-default-4-2.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_198-default-5-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_55-debugsource-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-default-debuginfo-5-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_198-preempt-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-preempt-debuginfo-5-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_198-default-5-150300.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_24-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_23-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_94-default-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-4-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_24-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_23-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_94-default-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-4-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
* kernel-livepatch-6_4_0-150600_10_34-rt-debuginfo-3-150600.2.1
* kernel-livepatch-SLE15-SP6-RT_Update_10-debugsource-3-150600.2.1
* kernel-livepatch-6_4_0-150600_10_34-rt-3-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797

SUSE-SU-2025:02648-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP6)

# Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:02648-1
Release Date: 2025-08-04T10:05:04Z
Rating: important
References:

* bsc#1235250
* bsc#1245776
* bsc#1245793
* bsc#1245797

Cross-References:

* CVE-2024-56664
* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2024-56664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 12-SP5
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_10_23 fixes several issues.

The following security issues were fixed:

* CVE-2024-56664: bpf, sockmap: Fix race between element replace and close()
(bsc#1235250).
* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 12-SP5
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2025-2648=1 SUSE-SLE-Live-
Patching-12-SP5-2025-2646=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2649=1 SUSE-2025-2629=1 SUSE-2025-2628=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2628=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-2649=1 SUSE-SLE-Module-Live-
Patching-15-SP3-2025-2629=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2623=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2623=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2644=1

## Package List:

* SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
* kgraft-patch-4_12_14-122_225-default-14-2.1
* kgraft-patch-4_12_14-122_222-default-15-2.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_188-default-debuginfo-8-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_49-debugsource-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-default-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-13-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_52-debugsource-8-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_47-debugsource-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-13-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_179-preempt-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-preempt-debuginfo-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-preempt-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-preempt-debuginfo-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-preempt-debuginfo-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-preempt-8-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_49-debugsource-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-default-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-13-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_47-debugsource-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-13-150300.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_22-debugsource-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-8-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_22-debugsource-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-8-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
* kernel-livepatch-SLE15-SP6-RT_Update_7-debugsource-9-150600.2.1
* kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1
* kernel-livepatch-6_4_0-150600_10_23-rt-debuginfo-9-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-56664.html
* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235250
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797

SUSE-SU-2025:02652-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)

# Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:02652-1
Release Date: 2025-08-04T10:05:39Z
Rating: important
References:

* bsc#1232927
* bsc#1235250
* bsc#1245776
* bsc#1245793
* bsc#1245797
* bsc#1245804

Cross-References:

* CVE-2024-53125
* CVE-2024-56664
* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2024-53125 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves five vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_83 fixes several issues.

The following security issues were fixed:

* CVE-2024-56664: bpf, sockmap: Fix race between element replace and close()
(bsc#1235250).
* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def
(bsc#1245804).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2653=1 SUSE-2025-2652=1 SUSE-2025-2631=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2653=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-2652=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2025-2631=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_73-default-debuginfo-14-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-12-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_20-debugsource-12-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_19-debugsource-12-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_17-debugsource-14-150500.2.1
* kernel-livepatch-5_14_21-150500_55_73-default-14-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-12-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_73-default-debuginfo-14-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-12-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_20-debugsource-12-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_19-debugsource-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_73-default-14-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-12-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le x86_64)
* kernel-livepatch-SLE15-SP5_Update_17-debugsource-14-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-53125.html
* https://www.suse.com/security/cve/CVE-2024-56664.html
* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232927
* https://bugzilla.suse.com/show_bug.cgi?id=1235250
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797
* https://bugzilla.suse.com/show_bug.cgi?id=1245804

SUSE-SU-2025:02627-1: important: Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)

# Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:02627-1
Release Date: 2025-08-04T08:34:47Z
Rating: important
References:

* bsc#1228645
* bsc#1235250
* bsc#1245776
* bsc#1245793
* bsc#1245797

Cross-References:

* CVE-2024-41069
* CVE-2024-56664
* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2024-41069 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41069 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_167 fixes several issues.

The following security issues were fixed:

* CVE-2024-56664: bpf, sockmap: Fix race between element replace and close()
(bsc#1235250).
* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).
* CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228645).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2627=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2627=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_46-debugsource-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_167-default-debuginfo-17-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_167-preempt-debuginfo-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_167-preempt-17-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-41069.html
* https://www.suse.com/security/cve/CVE-2024-56664.html
* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1228645
* https://bugzilla.suse.com/show_bug.cgi?id=1235250
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797

SUSE-SU-2025:02638-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)

# Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:02638-1
Release Date: 2025-08-04T11:04:30Z
Rating: important
References:

* bsc#1235250
* bsc#1245776
* bsc#1245793
* bsc#1245797
* bsc#1245804

Cross-References:

* CVE-2024-53125
* CVE-2024-56664
* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2024-53125 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_25 fixes several issues.

The following security issues were fixed:

* CVE-2024-56664: bpf, sockmap: Fix race between element replace and close()
(bsc#1235250).
* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def
(bsc#1245804).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2630=1 SUSE-2025-2638=1 SUSE-2025-2639=1
SUSE-2025-2658=1 SUSE-2025-2640=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-2630=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-2638=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2025-2639=1 SUSE-SLE-Module-Live-Patching-15-SP4-2025-2658=1
SUSE-SLE-Module-Live-Patching-15-SP4-2025-2640=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2624=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-2625=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2025-2633=1 SUSE-SLE-Module-Live-Patching-15-SP6-2025-2634=1
SUSE-SLE-Module-Live-Patching-15-SP6-2025-2643=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2025-2659=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2659=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_35-debugsource-9-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_33-debugsource-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_128-default-debuginfo-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-11-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_32-debugsource-12-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_31-debugsource-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-11-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_29-debugsource-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-debuginfo-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_128-default-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-debuginfo-9-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_35-debugsource-9-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_33-debugsource-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_128-default-debuginfo-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-11-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_32-debugsource-12-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_31-debugsource-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-11-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_29-debugsource-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-debuginfo-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_128-default-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-debuginfo-9-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
* kernel-livepatch-6_4_0-150600_10_14-rt-debuginfo-13-150600.2.1
* kernel-livepatch-SLE15-SP6-RT_Update_5-debugsource-12-150600.2.1
* kernel-livepatch-6_4_0-150600_10_14-rt-13-150600.2.1
* kernel-livepatch-SLE15-SP6-RT_Update_2-debugsource-14-150600.2.1
* kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo-9-150600.2.1
* kernel-livepatch-6_4_0-150600_10_11-rt-debuginfo-14-150600.2.1
* kernel-livepatch-SLE15-SP6-RT_Update_4-debugsource-13-150600.2.1
* kernel-livepatch-6_4_0-150600_10_20-rt-9-150600.2.1
* kernel-livepatch-6_4_0-150600_10_11-rt-14-150600.2.1
* kernel-livepatch-6_4_0-150600_10_17-rt-debuginfo-12-150600.2.1
* kernel-livepatch-SLE15-SP6-RT_Update_3-debugsource-14-150600.2.1
* kernel-livepatch-6_4_0-150600_10_17-rt-12-150600.2.1
* kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource-9-150600.2.1
* kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1
* kernel-livepatch-6_4_0-150600_10_8-rt-debuginfo-14-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_25-default-13-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_5-debugsource-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-13-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_25-default-13-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_5-debugsource-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-13-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-53125.html
* https://www.suse.com/security/cve/CVE-2024-56664.html
* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235250
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797
* https://bugzilla.suse.com/show_bug.cgi?id=1245804

SUSE-SU-2025:02636-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)

# Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:02636-1
Release Date: 2025-08-04T09:04:46Z
Rating: important
References:

* bsc#1228645
* bsc#1235250
* bsc#1245776
* bsc#1245793
* bsc#1245797
* bsc#1245804

Cross-References:

* CVE-2024-41069
* CVE-2024-53125
* CVE-2024-56664
* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2024-41069 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41069 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53125 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_125 fixes several issues.

The following security issues were fixed:

* CVE-2024-56664: bpf, sockmap: Fix race between element replace and close()
(bsc#1235250).
* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def
(bsc#1245804).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).
* CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228645).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2636=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-2636=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_28-debugsource-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-16-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_28-debugsource-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-16-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-41069.html
* https://www.suse.com/security/cve/CVE-2024-53125.html
* https://www.suse.com/security/cve/CVE-2024-56664.html
* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1228645
* https://bugzilla.suse.com/show_bug.cgi?id=1235250
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797
* https://bugzilla.suse.com/show_bug.cgi?id=1245804

SUSE-SU-2025:02647-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP4)

# Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:02647-1
Release Date: 2025-08-04T11:34:23Z
Rating: important
References:

* bsc#1245776
* bsc#1245793
* bsc#1245797
* bsc#1245804

Cross-References:

* CVE-2024-53125
* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2024-53125 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_164 fixes several issues.

The following security issues were fixed:

* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def
(bsc#1245804).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2651=1 SUSE-2025-2641=1 SUSE-2025-2664=1
SUSE-2025-2647=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-2647=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-2651=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2025-2641=1 SUSE-SLE-Module-Live-Patching-15-SP4-2025-2664=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_150-default-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_37-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-3-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_39-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-3-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-debuginfo-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_36-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-4-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_150-default-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_37-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-3-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_39-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-3-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-debuginfo-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_36-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-4-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-53125.html
* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797
* https://bugzilla.suse.com/show_bug.cgi?id=1245804

SUSE-SU-2025:02600-1: important: Security update for nvidia-open-driver-G06-signed

# Security update for nvidia-open-driver-G06-signed

Announcement ID: SUSE-SU-2025:02600-1
Release Date: 2025-08-01T20:15:46Z
Rating: important
References:

* bsc#1234675
* bsc#1235461
* bsc#1235871

Cross-References:

* CVE-2024-0131
* CVE-2024-0147
* CVE-2024-0149
* CVE-2024-0150
* CVE-2024-53869

CVSS scores:

* CVE-2024-0131 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-0131 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0147 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0147 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0149 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-0149 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-0150 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-0150 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-53869 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53869 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.4
* Public Cloud Module 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Proxy 4.3 LTS
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Retail Branch Server 4.3 LTS
* SUSE Manager Server 4.3
* SUSE Manager Server 4.3 LTS

An update that solves five vulnerabilities can now be installed.

## Description:

This update for nvidia-open-driver-G06-signed fixes the following issues:

* Update to 550.144.03 (bsc#1235461, bsc#1235871)
* fixes CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150,
CVE-2024-53869

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Manager Retail Branch Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-LTS-2025-2600=1

* SUSE Manager Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-2600=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2600=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2600=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2600=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2600=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2600=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2025-2600=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2600=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2600=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2600=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2600=1

* SUSE Manager Proxy 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-2600=1

## Package List:

* SUSE Manager Retail Branch Server 4.3 LTS (x86_64)
* nvidia-open-driver-G06-signed-cuda-debugsource-565.57.01-150400.89.1
* kernel-firmware-nvidia-gspx-G06-cuda-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-debugsource-550.144.03-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-default-devel-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-default-devel-550.144.03-150400.89.1
* nv-prefer-signed-open-driver-565.57.01-150400.89.1
* SUSE Manager Server 4.3 LTS (x86_64)
* nvidia-open-driver-G06-signed-cuda-debugsource-565.57.01-150400.89.1
* kernel-firmware-nvidia-gspx-G06-cuda-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-debugsource-550.144.03-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-default-devel-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-default-devel-550.144.03-150400.89.1
* nv-prefer-signed-open-driver-565.57.01-150400.89.1
* openSUSE Leap 15.4 (x86_64)
* nvidia-open-driver-G06-signed-cuda-azure-devel-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-kmp-azure-debuginfo-550.144.03_k5.14.21_150400.14.75-150400.89.1
* nvidia-open-driver-G06-signed-azure-devel-550.144.03-150400.89.1
* nvidia-open-driver-G06-signed-kmp-azure-550.144.03_k5.14.21_150400.14.75-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-azure-565.57.01_k5.14.21_150400.14.75-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-azure-debuginfo-565.57.01_k5.14.21_150400.14.75-150400.89.1
* openSUSE Leap 15.4 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-cuda-debugsource-565.57.01-150400.89.1
* kernel-firmware-nvidia-gspx-G06-cuda-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-debugsource-550.144.03-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-default-devel-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-default-devel-550.144.03-150400.89.1
* nv-prefer-signed-open-driver-565.57.01-150400.89.1
* openSUSE Leap 15.4 (aarch64)
* nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-64kb-devel-550.144.03-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-64kb-debuginfo-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-kmp-64kb-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-64kb-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-64kb-devel-565.57.01-150400.89.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-cuda-debugsource-565.57.01-150400.89.1
* kernel-firmware-nvidia-gspx-G06-cuda-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-debugsource-550.144.03-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nv-prefer-signed-open-driver-565.57.01-150400.89.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-cuda-debugsource-565.57.01-150400.89.1
* kernel-firmware-nvidia-gspx-G06-cuda-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-debugsource-550.144.03-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nv-prefer-signed-open-driver-565.57.01-150400.89.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-cuda-debugsource-565.57.01-150400.89.1
* kernel-firmware-nvidia-gspx-G06-cuda-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-debugsource-550.144.03-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nv-prefer-signed-open-driver-565.57.01-150400.89.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-cuda-debugsource-565.57.01-150400.89.1
* kernel-firmware-nvidia-gspx-G06-cuda-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-debugsource-550.144.03-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nv-prefer-signed-open-driver-565.57.01-150400.89.1
* Public Cloud Module 15-SP4 (x86_64)
* nvidia-open-driver-G06-signed-cuda-azure-devel-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-kmp-azure-debuginfo-550.144.03_k5.14.21_150400.14.75-150400.89.1
* kernel-firmware-nvidia-gspx-G06-cuda-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-azure-devel-550.144.03-150400.89.1
* nvidia-open-driver-G06-signed-kmp-azure-550.144.03_k5.14.21_150400.14.75-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-azure-565.57.01_k5.14.21_150400.14.75-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-azure-debuginfo-565.57.01_k5.14.21_150400.14.75-150400.89.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* nvidia-open-driver-G06-signed-cuda-debugsource-565.57.01-150400.89.1
* kernel-firmware-nvidia-gspx-G06-cuda-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-debugsource-550.144.03-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-default-devel-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-default-devel-550.144.03-150400.89.1
* nv-prefer-signed-open-driver-565.57.01-150400.89.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64)
* nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-64kb-devel-550.144.03-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-64kb-debuginfo-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-kmp-64kb-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-64kb-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-64kb-devel-565.57.01-150400.89.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* nvidia-open-driver-G06-signed-cuda-debugsource-565.57.01-150400.89.1
* kernel-firmware-nvidia-gspx-G06-cuda-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-debugsource-550.144.03-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-default-devel-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-default-devel-550.144.03-150400.89.1
* nv-prefer-signed-open-driver-565.57.01-150400.89.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64)
* nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-64kb-devel-550.144.03-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-64kb-debuginfo-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-kmp-64kb-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-64kb-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-64kb-devel-565.57.01-150400.89.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 x86_64)
* nvidia-open-driver-G06-signed-cuda-debugsource-565.57.01-150400.89.1
* kernel-firmware-nvidia-gspx-G06-cuda-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-debugsource-550.144.03-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-default-devel-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-default-devel-550.144.03-150400.89.1
* nv-prefer-signed-open-driver-565.57.01-150400.89.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64)
* nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-64kb-devel-550.144.03-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-64kb-debuginfo-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-kmp-64kb-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-64kb-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-64kb-devel-565.57.01-150400.89.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* nvidia-open-driver-G06-signed-debugsource-550.144.03-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.144.03_k5.14.21_150400.24.170-150400.89.1
* kernel-firmware-nvidia-gspx-G06-cuda-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-default-devel-550.144.03-150400.89.1
* SUSE Manager Proxy 4.3 LTS (x86_64)
* nvidia-open-driver-G06-signed-cuda-debugsource-565.57.01-150400.89.1
* kernel-firmware-nvidia-gspx-G06-cuda-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-debugsource-550.144.03-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-565.57.01_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-kmp-default-550.144.03_k5.14.21_150400.24.170-150400.89.1
* nvidia-open-driver-G06-signed-cuda-default-devel-565.57.01-150400.89.1
* nvidia-open-driver-G06-signed-default-devel-550.144.03-150400.89.1
* nv-prefer-signed-open-driver-565.57.01-150400.89.1

## References:

* https://www.suse.com/security/cve/CVE-2024-0131.html
* https://www.suse.com/security/cve/CVE-2024-0147.html
* https://www.suse.com/security/cve/CVE-2024-0149.html
* https://www.suse.com/security/cve/CVE-2024-0150.html
* https://www.suse.com/security/cve/CVE-2024-53869.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234675
* https://bugzilla.suse.com/show_bug.cgi?id=1235461
* https://bugzilla.suse.com/show_bug.cgi?id=1235871

SUSE-SU-2025:02608-1: important: Security update for the Linux Kernel (Live Patch 57 for SLE 15 SP3)

# Security update for the Linux Kernel (Live Patch 57 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:02608-1
Release Date: 2025-08-02T23:34:26Z
Rating: important
References:

* bsc#1245776
* bsc#1245793
* bsc#1245797

Cross-References:

* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_204 fixes several issues.

The following security issues were fixed:

* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2608=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2608=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_204-default-debuginfo-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_204-default-3-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_57-debugsource-3-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_204-preempt-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_204-preempt-debuginfo-3-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_204-default-debuginfo-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_204-default-3-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_57-debugsource-3-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797

SUSE-SU-2025:02610-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)

# Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:02610-1
Release Date: 2025-08-03T09:34:08Z
Rating: important
References:

* bsc#1235250
* bsc#1245776
* bsc#1245793
* bsc#1245797
* bsc#1245804

Cross-References:

* CVE-2024-53125
* CVE-2024-56664
* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2024-53125 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_144 fixes several issues.

The following security issues were fixed:

* CVE-2024-56664: bpf, sockmap: Fix race between element replace and close()
(bsc#1235250).
* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def
(bsc#1245804).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-2610=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2610=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_34-debugsource-10-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_34-debugsource-10-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-53125.html
* https://www.suse.com/security/cve/CVE-2024-56664.html
* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235250
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797
* https://bugzilla.suse.com/show_bug.cgi?id=1245804

SUSE-SU-2025:02607-1: important: Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)

# Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:02607-1
Release Date: 2025-08-03T02:34:31Z
Rating: important
References:

* bsc#1235250
* bsc#1245776
* bsc#1245793
* bsc#1245797

Cross-References:

* CVE-2024-56664
* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2024-56664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_185 fixes several issues.

The following security issues were fixed:

* CVE-2024-56664: bpf, sockmap: Fix race between element replace and close()
(bsc#1235250).
* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2607=1 SUSE-2025-2609=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2607=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-2609=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_48-debugsource-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-default-debuginfo-14-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_51-debugsource-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-default-debuginfo-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-default-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-default-14-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_185-preempt-debuginfo-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-preempt-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-preempt-debuginfo-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-preempt-14-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_185-default-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-default-14-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-56664.html
* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235250
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797

SUSE-SU-2025:02611-1: important: Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP4)

# Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:02611-1
Release Date: 2025-08-03T16:34:15Z
Rating: important
References:

* bsc#1245776
* bsc#1245793
* bsc#1245797
* bsc#1245804

Cross-References:

* CVE-2024-53125
* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2024-53125 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_158 fixes several issues.

The following security issues were fixed:

* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def
(bsc#1245804).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2611=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-2611=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-3-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_38-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-3-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-3-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_38-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_158-default-3-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-53125.html
* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797
* https://bugzilla.suse.com/show_bug.cgi?id=1245804

SUSE-SU-2025:02619-1: important: Security update for the Linux Kernel (Live Patch 56 for SLE 15 SP3)

# Security update for the Linux Kernel (Live Patch 56 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:02619-1
Release Date: 2025-08-04T07:34:31Z
Rating: important
References:

* bsc#1245776
* bsc#1245793
* bsc#1245797

Cross-References:

* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_201 fixes several issues.

The following security issues were fixed:

* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2619=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2619=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_56-debugsource-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-debuginfo-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-3-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_201-preempt-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-preempt-debuginfo-3-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_56-debugsource-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-debuginfo-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-3-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797

SUSE-SU-2025:02620-1: important: Security update for libxml2

# Security update for libxml2

Announcement ID: SUSE-SU-2025:02620-1
Release Date: 2025-08-04T07:43:07Z
Rating: important
References:

* bsc#1246296

Cross-References:

* CVE-2025-7425

CVSS scores:

* CVE-2025-7425 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-7425 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
* CVE-2025-7425 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Proxy 4.3 LTS
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Retail Branch Server 4.3 LTS
* SUSE Manager Server 4.3
* SUSE Manager Server 4.3 LTS

An update that solves one vulnerability can now be installed.

## Description:

This update for libxml2 fixes the following issues:

* CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype
corruption in xmlAttrPtr (bsc#1246296)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Manager Proxy 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-2620=1

* SUSE Manager Retail Branch Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-LTS-2025-2620=1

* SUSE Manager Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-2620=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2620=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2620=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2620=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2620=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2620=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2620=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2620=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2620=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2620=1

## Package List:

* SUSE Manager Proxy 4.3 LTS (x86_64)
* python3-libxml2-2.9.14-150400.5.47.1
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.47.1
* libxml2-2-debuginfo-2.9.14-150400.5.47.1
* libxml2-2-2.9.14-150400.5.47.1
* libxml2-2-32bit-2.9.14-150400.5.47.1
* libxml2-devel-2.9.14-150400.5.47.1
* libxml2-tools-debuginfo-2.9.14-150400.5.47.1
* libxml2-tools-2.9.14-150400.5.47.1
* libxml2-debugsource-2.9.14-150400.5.47.1
* python3-libxml2-debuginfo-2.9.14-150400.5.47.1
* SUSE Manager Retail Branch Server 4.3 LTS (x86_64)
* python3-libxml2-2.9.14-150400.5.47.1
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.47.1
* libxml2-2-debuginfo-2.9.14-150400.5.47.1
* libxml2-2-2.9.14-150400.5.47.1
* libxml2-2-32bit-2.9.14-150400.5.47.1
* libxml2-devel-2.9.14-150400.5.47.1
* libxml2-tools-debuginfo-2.9.14-150400.5.47.1
* libxml2-tools-2.9.14-150400.5.47.1
* libxml2-debugsource-2.9.14-150400.5.47.1
* python3-libxml2-debuginfo-2.9.14-150400.5.47.1
* SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64)
* python3-libxml2-2.9.14-150400.5.47.1
* libxml2-2-debuginfo-2.9.14-150400.5.47.1
* libxml2-2-2.9.14-150400.5.47.1
* libxml2-devel-2.9.14-150400.5.47.1
* libxml2-tools-debuginfo-2.9.14-150400.5.47.1
* libxml2-tools-2.9.14-150400.5.47.1
* libxml2-debugsource-2.9.14-150400.5.47.1
* python3-libxml2-debuginfo-2.9.14-150400.5.47.1
* SUSE Manager Server 4.3 LTS (x86_64)
* libxml2-2-32bit-2.9.14-150400.5.47.1
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.47.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python3-libxml2-2.9.14-150400.5.47.1
* python311-libxml2-debuginfo-2.9.14-150400.5.47.1
* libxml2-2-debuginfo-2.9.14-150400.5.47.1
* libxml2-2-2.9.14-150400.5.47.1
* libxml2-python-debugsource-2.9.14-150400.5.47.1
* libxml2-devel-2.9.14-150400.5.47.1
* libxml2-tools-debuginfo-2.9.14-150400.5.47.1
* python311-libxml2-2.9.14-150400.5.47.1
* libxml2-tools-2.9.14-150400.5.47.1
* libxml2-debugsource-2.9.14-150400.5.47.1
* python3-libxml2-debuginfo-2.9.14-150400.5.47.1
* openSUSE Leap 15.4 (x86_64)
* libxml2-2-32bit-2.9.14-150400.5.47.1
* libxml2-devel-32bit-2.9.14-150400.5.47.1
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.47.1
* openSUSE Leap 15.4 (noarch)
* libxml2-doc-2.9.14-150400.5.47.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libxml2-2-64bit-2.9.14-150400.5.47.1
* libxml2-2-64bit-debuginfo-2.9.14-150400.5.47.1
* libxml2-devel-64bit-2.9.14-150400.5.47.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* python3-libxml2-2.9.14-150400.5.47.1
* libxml2-2-debuginfo-2.9.14-150400.5.47.1
* libxml2-2-2.9.14-150400.5.47.1
* libxml2-python-debugsource-2.9.14-150400.5.47.1
* libxml2-tools-debuginfo-2.9.14-150400.5.47.1
* libxml2-tools-2.9.14-150400.5.47.1
* libxml2-debugsource-2.9.14-150400.5.47.1
* python3-libxml2-debuginfo-2.9.14-150400.5.47.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* python3-libxml2-2.9.14-150400.5.47.1
* libxml2-2-debuginfo-2.9.14-150400.5.47.1
* libxml2-2-2.9.14-150400.5.47.1
* libxml2-python-debugsource-2.9.14-150400.5.47.1
* libxml2-tools-debuginfo-2.9.14-150400.5.47.1
* libxml2-tools-2.9.14-150400.5.47.1
* libxml2-debugsource-2.9.14-150400.5.47.1
* python3-libxml2-debuginfo-2.9.14-150400.5.47.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* python3-libxml2-2.9.14-150400.5.47.1
* libxml2-2-debuginfo-2.9.14-150400.5.47.1
* libxml2-2-2.9.14-150400.5.47.1
* libxml2-python-debugsource-2.9.14-150400.5.47.1
* libxml2-tools-debuginfo-2.9.14-150400.5.47.1
* libxml2-tools-2.9.14-150400.5.47.1
* libxml2-debugsource-2.9.14-150400.5.47.1
* python3-libxml2-debuginfo-2.9.14-150400.5.47.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* python3-libxml2-2.9.14-150400.5.47.1
* libxml2-2-debuginfo-2.9.14-150400.5.47.1
* libxml2-2-2.9.14-150400.5.47.1
* libxml2-python-debugsource-2.9.14-150400.5.47.1
* libxml2-tools-debuginfo-2.9.14-150400.5.47.1
* libxml2-tools-2.9.14-150400.5.47.1
* libxml2-debugsource-2.9.14-150400.5.47.1
* python3-libxml2-debuginfo-2.9.14-150400.5.47.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* python3-libxml2-2.9.14-150400.5.47.1
* python311-libxml2-debuginfo-2.9.14-150400.5.47.1
* libxml2-2-debuginfo-2.9.14-150400.5.47.1
* libxml2-2-2.9.14-150400.5.47.1
* libxml2-devel-2.9.14-150400.5.47.1
* libxml2-tools-debuginfo-2.9.14-150400.5.47.1
* python311-libxml2-2.9.14-150400.5.47.1
* libxml2-tools-2.9.14-150400.5.47.1
* libxml2-debugsource-2.9.14-150400.5.47.1
* python3-libxml2-debuginfo-2.9.14-150400.5.47.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* libxml2-2-32bit-2.9.14-150400.5.47.1
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.47.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* python3-libxml2-2.9.14-150400.5.47.1
* python311-libxml2-debuginfo-2.9.14-150400.5.47.1
* libxml2-2-debuginfo-2.9.14-150400.5.47.1
* libxml2-2-2.9.14-150400.5.47.1
* libxml2-devel-2.9.14-150400.5.47.1
* libxml2-tools-debuginfo-2.9.14-150400.5.47.1
* python311-libxml2-2.9.14-150400.5.47.1
* libxml2-tools-2.9.14-150400.5.47.1
* libxml2-debugsource-2.9.14-150400.5.47.1
* python3-libxml2-debuginfo-2.9.14-150400.5.47.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* libxml2-2-32bit-2.9.14-150400.5.47.1
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.47.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* python3-libxml2-2.9.14-150400.5.47.1
* python311-libxml2-debuginfo-2.9.14-150400.5.47.1
* libxml2-2-debuginfo-2.9.14-150400.5.47.1
* libxml2-2-2.9.14-150400.5.47.1
* libxml2-devel-2.9.14-150400.5.47.1
* libxml2-tools-debuginfo-2.9.14-150400.5.47.1
* python311-libxml2-2.9.14-150400.5.47.1
* libxml2-tools-2.9.14-150400.5.47.1
* libxml2-debugsource-2.9.14-150400.5.47.1
* python3-libxml2-debuginfo-2.9.14-150400.5.47.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
* libxml2-2-32bit-2.9.14-150400.5.47.1
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.47.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* python3-libxml2-2.9.14-150400.5.47.1
* python311-libxml2-debuginfo-2.9.14-150400.5.47.1
* libxml2-2-debuginfo-2.9.14-150400.5.47.1
* libxml2-2-2.9.14-150400.5.47.1
* libxml2-devel-2.9.14-150400.5.47.1
* libxml2-tools-debuginfo-2.9.14-150400.5.47.1
* python311-libxml2-2.9.14-150400.5.47.1
* libxml2-tools-2.9.14-150400.5.47.1
* libxml2-debugsource-2.9.14-150400.5.47.1
* python3-libxml2-debuginfo-2.9.14-150400.5.47.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* libxml2-2-32bit-2.9.14-150400.5.47.1
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.47.1

## References:

* https://www.suse.com/security/cve/CVE-2025-7425.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246296

SUSE-SU-2025:02621-1: important: Security update for libxml2

# Security update for libxml2

Announcement ID: SUSE-SU-2025:02621-1
Release Date: 2025-08-04T07:44:00Z
Rating: important
References:

* bsc#1246296

Cross-References:

* CVE-2025-7425

CVSS scores:

* CVE-2025-7425 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-7425 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
* CVE-2025-7425 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves one vulnerability can now be installed.

## Description:

This update for libxml2 fixes the following issues:

* CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype
corruption in xmlAttrPtr (bsc#1246296)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2621=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2621=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2621=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2621=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-2621=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-2621=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2621=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2621=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python3-libxml2-python-debuginfo-2.9.7-150000.3.85.1
* python3-libxml2-python-2.9.7-150000.3.85.1
* python-libxml2-python-debugsource-2.9.7-150000.3.85.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* python3-libxml2-python-debuginfo-2.9.7-150000.3.85.1
* libxml2-tools-2.9.7-150000.3.85.1
* libxml2-2-2.9.7-150000.3.85.1
* libxml2-tools-debuginfo-2.9.7-150000.3.85.1
* libxml2-debugsource-2.9.7-150000.3.85.1
* libxml2-2-debuginfo-2.9.7-150000.3.85.1
* libxml2-devel-2.9.7-150000.3.85.1
* python-libxml2-python-debugsource-2.9.7-150000.3.85.1
* python3-libxml2-python-2.9.7-150000.3.85.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64)
* libxml2-2-32bit-2.9.7-150000.3.85.1
* libxml2-2-32bit-debuginfo-2.9.7-150000.3.85.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* python3-libxml2-python-debuginfo-2.9.7-150000.3.85.1
* libxml2-tools-2.9.7-150000.3.85.1
* libxml2-2-2.9.7-150000.3.85.1
* libxml2-tools-debuginfo-2.9.7-150000.3.85.1
* libxml2-debugsource-2.9.7-150000.3.85.1
* libxml2-2-debuginfo-2.9.7-150000.3.85.1
* libxml2-devel-2.9.7-150000.3.85.1
* python-libxml2-python-debugsource-2.9.7-150000.3.85.1
* python3-libxml2-python-2.9.7-150000.3.85.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (x86_64)
* libxml2-2-32bit-2.9.7-150000.3.85.1
* libxml2-2-32bit-debuginfo-2.9.7-150000.3.85.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* python3-libxml2-python-debuginfo-2.9.7-150000.3.85.1
* libxml2-tools-2.9.7-150000.3.85.1
* libxml2-2-2.9.7-150000.3.85.1
* libxml2-tools-debuginfo-2.9.7-150000.3.85.1
* libxml2-debugsource-2.9.7-150000.3.85.1
* libxml2-2-debuginfo-2.9.7-150000.3.85.1
* libxml2-devel-2.9.7-150000.3.85.1
* python-libxml2-python-debugsource-2.9.7-150000.3.85.1
* python3-libxml2-python-2.9.7-150000.3.85.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* libxml2-2-32bit-2.9.7-150000.3.85.1
* libxml2-2-32bit-debuginfo-2.9.7-150000.3.85.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* python3-libxml2-python-debuginfo-2.9.7-150000.3.85.1
* libxml2-tools-2.9.7-150000.3.85.1
* libxml2-2-2.9.7-150000.3.85.1
* libxml2-tools-debuginfo-2.9.7-150000.3.85.1
* libxml2-debugsource-2.9.7-150000.3.85.1
* libxml2-2-debuginfo-2.9.7-150000.3.85.1
* libxml2-devel-2.9.7-150000.3.85.1
* python-libxml2-python-debugsource-2.9.7-150000.3.85.1
* python3-libxml2-python-2.9.7-150000.3.85.1
* SUSE Enterprise Storage 7.1 (x86_64)
* libxml2-2-32bit-2.9.7-150000.3.85.1
* libxml2-2-32bit-debuginfo-2.9.7-150000.3.85.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* libxml2-tools-2.9.7-150000.3.85.1
* libxml2-2-2.9.7-150000.3.85.1
* libxml2-tools-debuginfo-2.9.7-150000.3.85.1
* libxml2-debugsource-2.9.7-150000.3.85.1
* libxml2-2-debuginfo-2.9.7-150000.3.85.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* python3-libxml2-python-debuginfo-2.9.7-150000.3.85.1
* libxml2-tools-2.9.7-150000.3.85.1
* libxml2-2-2.9.7-150000.3.85.1
* libxml2-tools-debuginfo-2.9.7-150000.3.85.1
* libxml2-debugsource-2.9.7-150000.3.85.1
* libxml2-2-debuginfo-2.9.7-150000.3.85.1
* python-libxml2-python-debugsource-2.9.7-150000.3.85.1
* python3-libxml2-python-2.9.7-150000.3.85.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* python3-libxml2-python-debuginfo-2.9.7-150000.3.85.1
* libxml2-tools-2.9.7-150000.3.85.1
* libxml2-2-2.9.7-150000.3.85.1
* libxml2-tools-debuginfo-2.9.7-150000.3.85.1
* libxml2-debugsource-2.9.7-150000.3.85.1
* libxml2-2-debuginfo-2.9.7-150000.3.85.1
* python-libxml2-python-debugsource-2.9.7-150000.3.85.1
* python3-libxml2-python-2.9.7-150000.3.85.1

## References:

* https://www.suse.com/security/cve/CVE-2025-7425.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246296

SUSE-SU-2025:02675-1: moderate: Security update for systemd

# Security update for systemd

Announcement ID: SUSE-SU-2025:02675-1
Release Date: 2025-08-04T14:00:15Z
Rating: moderate
References:

* bsc#1243935

Cross-References:

* CVE-2025-4598

CVSS scores:

* CVE-2025-4598 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-4598 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for systemd fixes the following issues:

* CVE-2025-4598: Fixed race condition that allows a local attacker to crash a
SUID program and gain read access to the resulting core dump (bsc#1243935).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2675=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2675=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2675=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2675=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2675=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2675=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2675=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-2675=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-2675=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2675=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2675=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2675=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2675=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2675=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2675=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-2675=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2675=1

## Package List:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* systemd-249.17-150400.8.49.2
* systemd-coredump-debuginfo-249.17-150400.8.49.2
* systemd-debuginfo-249.17-150400.8.49.2
* libsystemd0-249.17-150400.8.49.2
* systemd-container-249.17-150400.8.49.2
* libudev1-debuginfo-249.17-150400.8.49.2
* systemd-doc-249.17-150400.8.49.2
* libudev1-249.17-150400.8.49.2
* libsystemd0-debuginfo-249.17-150400.8.49.2
* systemd-debugsource-249.17-150400.8.49.2
* systemd-sysvinit-249.17-150400.8.49.2
* udev-249.17-150400.8.49.2
* systemd-coredump-249.17-150400.8.49.2
* systemd-container-debuginfo-249.17-150400.8.49.2
* systemd-devel-249.17-150400.8.49.2
* udev-debuginfo-249.17-150400.8.49.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* systemd-lang-249.17-150400.8.49.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* systemd-32bit-249.17-150400.8.49.2
* libsystemd0-32bit-debuginfo-249.17-150400.8.49.2
* libsystemd0-32bit-249.17-150400.8.49.2
* systemd-32bit-debuginfo-249.17-150400.8.49.2
* libudev1-32bit-249.17-150400.8.49.2
* libudev1-32bit-debuginfo-249.17-150400.8.49.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* systemd-249.17-150400.8.49.2
* systemd-coredump-debuginfo-249.17-150400.8.49.2
* systemd-debuginfo-249.17-150400.8.49.2
* libsystemd0-249.17-150400.8.49.2
* systemd-container-249.17-150400.8.49.2
* libudev1-debuginfo-249.17-150400.8.49.2
* systemd-doc-249.17-150400.8.49.2
* libudev1-249.17-150400.8.49.2
* libsystemd0-debuginfo-249.17-150400.8.49.2
* systemd-debugsource-249.17-150400.8.49.2
* systemd-sysvinit-249.17-150400.8.49.2
* udev-249.17-150400.8.49.2
* systemd-coredump-249.17-150400.8.49.2
* systemd-container-debuginfo-249.17-150400.8.49.2
* systemd-devel-249.17-150400.8.49.2
* udev-debuginfo-249.17-150400.8.49.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* systemd-lang-249.17-150400.8.49.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
* systemd-32bit-249.17-150400.8.49.2
* libsystemd0-32bit-249.17-150400.8.49.2
* systemd-32bit-debuginfo-249.17-150400.8.49.2
* libudev1-32bit-249.17-150400.8.49.2
* libsystemd0-32bit-debuginfo-249.17-150400.8.49.2
* libudev1-32bit-debuginfo-249.17-150400.8.49.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* systemd-249.17-150400.8.49.2
* systemd-coredump-debuginfo-249.17-150400.8.49.2
* systemd-debuginfo-249.17-150400.8.49.2
* libsystemd0-249.17-150400.8.49.2
* systemd-container-249.17-150400.8.49.2
* libudev1-debuginfo-249.17-150400.8.49.2
* systemd-doc-249.17-150400.8.49.2
* libudev1-249.17-150400.8.49.2
* libsystemd0-debuginfo-249.17-150400.8.49.2
* systemd-debugsource-249.17-150400.8.49.2
* systemd-sysvinit-249.17-150400.8.49.2
* udev-249.17-150400.8.49.2
* systemd-coredump-249.17-150400.8.49.2
* systemd-container-debuginfo-249.17-150400.8.49.2
* systemd-devel-249.17-150400.8.49.2
* udev-debuginfo-249.17-150400.8.49.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* systemd-lang-249.17-150400.8.49.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
* systemd-32bit-249.17-150400.8.49.2
* libsystemd0-32bit-249.17-150400.8.49.2
* systemd-32bit-debuginfo-249.17-150400.8.49.2
* libudev1-32bit-249.17-150400.8.49.2
* libsystemd0-32bit-debuginfo-249.17-150400.8.49.2
* libudev1-32bit-debuginfo-249.17-150400.8.49.2
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* systemd-249.17-150400.8.49.2
* systemd-coredump-debuginfo-249.17-150400.8.49.2
* systemd-debuginfo-249.17-150400.8.49.2
* libsystemd0-249.17-150400.8.49.2
* systemd-container-249.17-150400.8.49.2
* libudev1-debuginfo-249.17-150400.8.49.2
* systemd-doc-249.17-150400.8.49.2
* libudev1-249.17-150400.8.49.2
* libsystemd0-debuginfo-249.17-150400.8.49.2
* systemd-debugsource-249.17-150400.8.49.2
* systemd-sysvinit-249.17-150400.8.49.2
* udev-249.17-150400.8.49.2
* systemd-coredump-249.17-150400.8.49.2
* systemd-container-debuginfo-249.17-150400.8.49.2
* systemd-devel-249.17-150400.8.49.2
* udev-debuginfo-249.17-150400.8.49.2
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* systemd-lang-249.17-150400.8.49.2
* SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
* systemd-32bit-249.17-150400.8.49.2
* libsystemd0-32bit-debuginfo-249.17-150400.8.49.2
* libsystemd0-32bit-249.17-150400.8.49.2
* systemd-32bit-debuginfo-249.17-150400.8.49.2
* libudev1-32bit-249.17-150400.8.49.2
* libudev1-32bit-debuginfo-249.17-150400.8.49.2
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* systemd-249.17-150400.8.49.2
* systemd-coredump-debuginfo-249.17-150400.8.49.2
* systemd-debuginfo-249.17-150400.8.49.2
* libsystemd0-249.17-150400.8.49.2
* systemd-container-249.17-150400.8.49.2
* libudev1-debuginfo-249.17-150400.8.49.2
* systemd-doc-249.17-150400.8.49.2
* libudev1-249.17-150400.8.49.2
* libsystemd0-debuginfo-249.17-150400.8.49.2
* systemd-debugsource-249.17-150400.8.49.2
* systemd-sysvinit-249.17-150400.8.49.2
* udev-249.17-150400.8.49.2
* systemd-coredump-249.17-150400.8.49.2
* systemd-container-debuginfo-249.17-150400.8.49.2
* systemd-devel-249.17-150400.8.49.2
* udev-debuginfo-249.17-150400.8.49.2
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* systemd-lang-249.17-150400.8.49.2
* SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
* systemd-32bit-249.17-150400.8.49.2
* libsystemd0-32bit-249.17-150400.8.49.2
* systemd-32bit-debuginfo-249.17-150400.8.49.2
* libudev1-32bit-249.17-150400.8.49.2
* libsystemd0-32bit-debuginfo-249.17-150400.8.49.2
* libudev1-32bit-debuginfo-249.17-150400.8.49.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* systemd-249.17-150400.8.49.2
* systemd-coredump-debuginfo-249.17-150400.8.49.2
* systemd-debuginfo-249.17-150400.8.49.2
* libsystemd0-249.17-150400.8.49.2
* systemd-container-249.17-150400.8.49.2
* libudev1-debuginfo-249.17-150400.8.49.2
* systemd-doc-249.17-150400.8.49.2
* libudev1-249.17-150400.8.49.2
* libsystemd0-debuginfo-249.17-150400.8.49.2
* systemd-debugsource-249.17-150400.8.49.2
* systemd-sysvinit-249.17-150400.8.49.2
* udev-249.17-150400.8.49.2
* systemd-coredump-249.17-150400.8.49.2
* systemd-container-debuginfo-249.17-150400.8.49.2
* systemd-devel-249.17-150400.8.49.2
* udev-debuginfo-249.17-150400.8.49.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* systemd-lang-249.17-150400.8.49.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* systemd-32bit-249.17-150400.8.49.2
* libsystemd0-32bit-debuginfo-249.17-150400.8.49.2
* libsystemd0-32bit-249.17-150400.8.49.2
* systemd-32bit-debuginfo-249.17-150400.8.49.2
* libudev1-32bit-249.17-150400.8.49.2
* libudev1-32bit-debuginfo-249.17-150400.8.49.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* systemd-249.17-150400.8.49.2
* systemd-coredump-debuginfo-249.17-150400.8.49.2
* systemd-debuginfo-249.17-150400.8.49.2
* libsystemd0-249.17-150400.8.49.2
* systemd-container-249.17-150400.8.49.2
* libudev1-debuginfo-249.17-150400.8.49.2
* systemd-doc-249.17-150400.8.49.2
* libudev1-249.17-150400.8.49.2
* libsystemd0-debuginfo-249.17-150400.8.49.2
* systemd-debugsource-249.17-150400.8.49.2
* systemd-sysvinit-249.17-150400.8.49.2
* udev-249.17-150400.8.49.2
* systemd-coredump-249.17-150400.8.49.2
* systemd-container-debuginfo-249.17-150400.8.49.2
* systemd-devel-249.17-150400.8.49.2
* udev-debuginfo-249.17-150400.8.49.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* systemd-lang-249.17-150400.8.49.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* systemd-32bit-249.17-150400.8.49.2
* libsystemd0-32bit-249.17-150400.8.49.2
* systemd-32bit-debuginfo-249.17-150400.8.49.2
* libudev1-32bit-249.17-150400.8.49.2
* libsystemd0-32bit-debuginfo-249.17-150400.8.49.2
* libudev1-32bit-debuginfo-249.17-150400.8.49.2
* SUSE Manager Proxy 4.3 (x86_64)
* systemd-debuginfo-249.17-150400.8.49.2
* libudev1-debuginfo-249.17-150400.8.49.2
* libsystemd0-32bit-debuginfo-249.17-150400.8.49.2
* libudev1-32bit-debuginfo-249.17-150400.8.49.2
* udev-249.17-150400.8.49.2
* systemd-249.17-150400.8.49.2
* libsystemd0-249.17-150400.8.49.2
* libudev1-249.17-150400.8.49.2
* systemd-debugsource-249.17-150400.8.49.2
* systemd-doc-249.17-150400.8.49.2
* systemd-container-debuginfo-249.17-150400.8.49.2
* libsystemd0-32bit-249.17-150400.8.49.2
* libsystemd0-debuginfo-249.17-150400.8.49.2
* systemd-sysvinit-249.17-150400.8.49.2
* systemd-32bit-debuginfo-249.17-150400.8.49.2
* systemd-coredump-249.17-150400.8.49.2
* libudev1-32bit-249.17-150400.8.49.2
* systemd-devel-249.17-150400.8.49.2
* udev-debuginfo-249.17-150400.8.49.2
* systemd-32bit-249.17-150400.8.49.2
* systemd-coredump-debuginfo-249.17-150400.8.49.2
* systemd-container-249.17-150400.8.49.2
* SUSE Manager Proxy 4.3 (noarch)
* systemd-lang-249.17-150400.8.49.2
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* systemd-debuginfo-249.17-150400.8.49.2
* libudev1-debuginfo-249.17-150400.8.49.2
* libsystemd0-32bit-debuginfo-249.17-150400.8.49.2
* libudev1-32bit-debuginfo-249.17-150400.8.49.2
* udev-249.17-150400.8.49.2
* systemd-249.17-150400.8.49.2
* libsystemd0-249.17-150400.8.49.2
* libudev1-249.17-150400.8.49.2
* systemd-debugsource-249.17-150400.8.49.2
* systemd-doc-249.17-150400.8.49.2
* systemd-container-debuginfo-249.17-150400.8.49.2
* libsystemd0-32bit-249.17-150400.8.49.2
* libsystemd0-debuginfo-249.17-150400.8.49.2
* systemd-sysvinit-249.17-150400.8.49.2
* systemd-32bit-debuginfo-249.17-150400.8.49.2
* systemd-coredump-249.17-150400.8.49.2
* libudev1-32bit-249.17-150400.8.49.2
* systemd-devel-249.17-150400.8.49.2
* udev-debuginfo-249.17-150400.8.49.2
* systemd-32bit-249.17-150400.8.49.2
* systemd-coredump-debuginfo-249.17-150400.8.49.2
* systemd-container-249.17-150400.8.49.2
* SUSE Manager Retail Branch Server 4.3 (noarch)
* systemd-lang-249.17-150400.8.49.2
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* systemd-249.17-150400.8.49.2
* systemd-coredump-debuginfo-249.17-150400.8.49.2
* systemd-debuginfo-249.17-150400.8.49.2
* libsystemd0-249.17-150400.8.49.2
* systemd-container-249.17-150400.8.49.2
* libudev1-debuginfo-249.17-150400.8.49.2
* systemd-doc-249.17-150400.8.49.2
* libudev1-249.17-150400.8.49.2
* libsystemd0-debuginfo-249.17-150400.8.49.2
* systemd-debugsource-249.17-150400.8.49.2
* systemd-sysvinit-249.17-150400.8.49.2
* udev-249.17-150400.8.49.2
* systemd-coredump-249.17-150400.8.49.2
* systemd-container-debuginfo-249.17-150400.8.49.2
* systemd-devel-249.17-150400.8.49.2
* udev-debuginfo-249.17-150400.8.49.2
* SUSE Manager Server 4.3 (noarch)
* systemd-lang-249.17-150400.8.49.2
* SUSE Manager Server 4.3 (x86_64)
* systemd-32bit-249.17-150400.8.49.2
* libsystemd0-32bit-debuginfo-249.17-150400.8.49.2
* libsystemd0-32bit-249.17-150400.8.49.2
* systemd-32bit-debuginfo-249.17-150400.8.49.2
* libudev1-32bit-249.17-150400.8.49.2
* libudev1-32bit-debuginfo-249.17-150400.8.49.2
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* systemd-testsuite-debuginfo-249.17-150400.8.49.2
* nss-myhostname-249.17-150400.8.49.2
* systemd-mini-devel-249.17-150400.8.49.1
* systemd-debuginfo-249.17-150400.8.49.2
* systemd-testsuite-249.17-150400.8.49.2
* libudev1-debuginfo-249.17-150400.8.49.2
* systemd-experimental-249.17-150400.8.49.2
* systemd-mini-doc-249.17-150400.8.49.1
* systemd-mini-debugsource-249.17-150400.8.49.1
* udev-mini-249.17-150400.8.49.1
* udev-249.17-150400.8.49.2
* systemd-portable-249.17-150400.8.49.2
* libudev-mini1-249.17-150400.8.49.1
* systemd-249.17-150400.8.49.2
* libsystemd0-249.17-150400.8.49.2
* libudev1-249.17-150400.8.49.2
* systemd-debugsource-249.17-150400.8.49.2
* systemd-journal-remote-249.17-150400.8.49.2
* libudev-mini1-debuginfo-249.17-150400.8.49.1
* systemd-doc-249.17-150400.8.49.2
* systemd-journal-remote-debuginfo-249.17-150400.8.49.2
* systemd-container-debuginfo-249.17-150400.8.49.2
* nss-systemd-249.17-150400.8.49.2
* systemd-network-249.17-150400.8.49.2
* systemd-mini-container-debuginfo-249.17-150400.8.49.1
* systemd-portable-debuginfo-249.17-150400.8.49.2
* systemd-mini-debuginfo-249.17-150400.8.49.1
* libsystemd0-debuginfo-249.17-150400.8.49.2
* systemd-sysvinit-249.17-150400.8.49.2
* libsystemd0-mini-debuginfo-249.17-150400.8.49.1
* systemd-coredump-249.17-150400.8.49.2
* systemd-mini-container-249.17-150400.8.49.1
* systemd-devel-249.17-150400.8.49.2
* udev-debuginfo-249.17-150400.8.49.2
* nss-myhostname-debuginfo-249.17-150400.8.49.2
* systemd-mini-249.17-150400.8.49.1
* systemd-coredump-debuginfo-249.17-150400.8.49.2
* systemd-container-249.17-150400.8.49.2
* systemd-mini-sysvinit-249.17-150400.8.49.1
* udev-mini-debuginfo-249.17-150400.8.49.1
* nss-systemd-debuginfo-249.17-150400.8.49.2
* systemd-network-debuginfo-249.17-150400.8.49.2
* systemd-experimental-debuginfo-249.17-150400.8.49.2
* libsystemd0-mini-249.17-150400.8.49.1
* openSUSE Leap 15.4 (x86_64)
* nss-myhostname-32bit-debuginfo-249.17-150400.8.49.2
* systemd-32bit-249.17-150400.8.49.2
* libsystemd0-32bit-249.17-150400.8.49.2
* systemd-32bit-debuginfo-249.17-150400.8.49.2
* libudev1-32bit-249.17-150400.8.49.2
* libsystemd0-32bit-debuginfo-249.17-150400.8.49.2
* libudev1-32bit-debuginfo-249.17-150400.8.49.2
* nss-myhostname-32bit-249.17-150400.8.49.2
* openSUSE Leap 15.4 (noarch)
* systemd-lang-249.17-150400.8.49.2
* openSUSE Leap 15.4 (aarch64_ilp32)
* libsystemd0-64bit-debuginfo-249.17-150400.8.49.2
* libudev1-64bit-debuginfo-249.17-150400.8.49.2
* nss-myhostname-64bit-249.17-150400.8.49.2
* systemd-64bit-debuginfo-249.17-150400.8.49.2
* nss-myhostname-64bit-debuginfo-249.17-150400.8.49.2
* libsystemd0-64bit-249.17-150400.8.49.2
* systemd-64bit-249.17-150400.8.49.2
* libudev1-64bit-249.17-150400.8.49.2
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* systemd-249.17-150400.8.49.2
* systemd-debuginfo-249.17-150400.8.49.2
* libsystemd0-249.17-150400.8.49.2
* systemd-container-249.17-150400.8.49.2
* libudev1-debuginfo-249.17-150400.8.49.2
* libudev1-249.17-150400.8.49.2
* libsystemd0-debuginfo-249.17-150400.8.49.2
* systemd-debugsource-249.17-150400.8.49.2
* systemd-journal-remote-249.17-150400.8.49.2
* systemd-sysvinit-249.17-150400.8.49.2
* systemd-journal-remote-debuginfo-249.17-150400.8.49.2
* systemd-container-debuginfo-249.17-150400.8.49.2
* udev-249.17-150400.8.49.2
* udev-debuginfo-249.17-150400.8.49.2
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* systemd-249.17-150400.8.49.2
* systemd-debuginfo-249.17-150400.8.49.2
* libsystemd0-249.17-150400.8.49.2
* systemd-container-249.17-150400.8.49.2
* libudev1-debuginfo-249.17-150400.8.49.2
* libudev1-249.17-150400.8.49.2
* libsystemd0-debuginfo-249.17-150400.8.49.2
* systemd-debugsource-249.17-150400.8.49.2
* systemd-journal-remote-249.17-150400.8.49.2
* systemd-sysvinit-249.17-150400.8.49.2
* systemd-journal-remote-debuginfo-249.17-150400.8.49.2
* systemd-container-debuginfo-249.17-150400.8.49.2
* udev-249.17-150400.8.49.2
* udev-debuginfo-249.17-150400.8.49.2
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* systemd-249.17-150400.8.49.2
* systemd-debuginfo-249.17-150400.8.49.2
* libsystemd0-249.17-150400.8.49.2
* systemd-container-249.17-150400.8.49.2
* libudev1-debuginfo-249.17-150400.8.49.2
* libudev1-249.17-150400.8.49.2
* libsystemd0-debuginfo-249.17-150400.8.49.2
* systemd-debugsource-249.17-150400.8.49.2
* systemd-journal-remote-249.17-150400.8.49.2
* systemd-sysvinit-249.17-150400.8.49.2
* systemd-journal-remote-debuginfo-249.17-150400.8.49.2
* systemd-container-debuginfo-249.17-150400.8.49.2
* udev-249.17-150400.8.49.2
* udev-debuginfo-249.17-150400.8.49.2
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* systemd-249.17-150400.8.49.2
* systemd-debuginfo-249.17-150400.8.49.2
* libsystemd0-249.17-150400.8.49.2
* systemd-container-249.17-150400.8.49.2
* libudev1-debuginfo-249.17-150400.8.49.2
* libudev1-249.17-150400.8.49.2
* libsystemd0-debuginfo-249.17-150400.8.49.2
* systemd-debugsource-249.17-150400.8.49.2
* systemd-journal-remote-249.17-150400.8.49.2
* systemd-sysvinit-249.17-150400.8.49.2
* systemd-journal-remote-debuginfo-249.17-150400.8.49.2
* systemd-container-debuginfo-249.17-150400.8.49.2
* udev-249.17-150400.8.49.2
* udev-debuginfo-249.17-150400.8.49.2
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* systemd-249.17-150400.8.49.2
* systemd-debuginfo-249.17-150400.8.49.2
* libsystemd0-249.17-150400.8.49.2
* systemd-container-249.17-150400.8.49.2
* libudev1-debuginfo-249.17-150400.8.49.2
* libudev1-249.17-150400.8.49.2
* libsystemd0-debuginfo-249.17-150400.8.49.2
* systemd-debugsource-249.17-150400.8.49.2
* systemd-journal-remote-249.17-150400.8.49.2
* systemd-sysvinit-249.17-150400.8.49.2
* systemd-journal-remote-debuginfo-249.17-150400.8.49.2
* systemd-container-debuginfo-249.17-150400.8.49.2
* udev-249.17-150400.8.49.2
* udev-debuginfo-249.17-150400.8.49.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* systemd-249.17-150400.8.49.2
* systemd-coredump-debuginfo-249.17-150400.8.49.2
* systemd-debuginfo-249.17-150400.8.49.2
* libsystemd0-249.17-150400.8.49.2
* systemd-container-249.17-150400.8.49.2
* libudev1-debuginfo-249.17-150400.8.49.2
* systemd-doc-249.17-150400.8.49.2
* libudev1-249.17-150400.8.49.2
* libsystemd0-debuginfo-249.17-150400.8.49.2
* systemd-debugsource-249.17-150400.8.49.2
* systemd-sysvinit-249.17-150400.8.49.2
* udev-249.17-150400.8.49.2
* systemd-coredump-249.17-150400.8.49.2
* systemd-container-debuginfo-249.17-150400.8.49.2
* systemd-devel-249.17-150400.8.49.2
* udev-debuginfo-249.17-150400.8.49.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* systemd-lang-249.17-150400.8.49.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* systemd-32bit-249.17-150400.8.49.2
* libsystemd0-32bit-debuginfo-249.17-150400.8.49.2
* libsystemd0-32bit-249.17-150400.8.49.2
* systemd-32bit-debuginfo-249.17-150400.8.49.2
* libudev1-32bit-249.17-150400.8.49.2
* libudev1-32bit-debuginfo-249.17-150400.8.49.2

## References:

* https://www.suse.com/security/cve/CVE-2025-4598.html
* https://bugzilla.suse.com/show_bug.cgi?id=1243935

SUSE-SU-2025:02667-1: important: Security update for java-17-openjdk

# Security update for java-17-openjdk

Announcement ID: SUSE-SU-2025:02667-1
Release Date: 2025-08-04T12:38:11Z
Rating: important
References:

* bsc#1246575
* bsc#1246584
* bsc#1246595
* bsc#1246598

Cross-References:

* CVE-2025-30749
* CVE-2025-30754
* CVE-2025-50059
* CVE-2025-50106

CVSS scores:

* CVE-2025-30749 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-30749 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-30749 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-30754 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-30754 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-30754 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-50059 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-50059 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-50106 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-50106 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* Legacy Module 15-SP6
* Legacy Module 15-SP7
* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for java-17-openjdk fixes the following issues:

Upgrade to upstream tag jdk-17.0.16+8 (July 2025 CPU):

* CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595)
* CVE-2025-30754: incomplete handshake may lead to weakening TLS protections
(bsc#1246598)
* CVE-2025-50059: Improve HTTP client header handling (bsc#1246575)
* CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584)

Changelog:

+ JDK-4850101: Setting mnemonic to VK_F4 underlines the letter
S in a button.
+ JDK-5074006: Swing JOptionPane shows </html> tag as a string
after newline
+ JDK-6956385: URLConnection.getLastModified() leaks file
handles for jar:file and file: URLs
+ JDK-8024624: [TEST_BUG] [macosx] CTRL+RIGHT(LEFT) doesn't
move selection on next cell in JTable on Aqua L&F
+ JDK-8042134: JOptionPane bungles HTML messages
+ JDK-8051591: Test
javax/swing/JTabbedPane/8007563/Test8007563.java fails
+ JDK-8077371: Binary files in JAXP test should be removed
+ JDK-8183348: Better cleanup for
jdk/test/sun/security/pkcs12/P12SecretKey.java
+ JDK-8196465:
javax/swing/JComboBox/8182031/ComboPopupTest.java fails on
Linux
+ JDK-8202100: Merge vm/share/InMemoryJavaCompiler w/
jdk/test/lib/compiler/InMemoryJavaCompiler
+ JDK-8211400: nsk.share.gc.Memory::getArrayLength returns
wrong value
+ JDK-8218474: JComboBox display issue with GTKLookAndFeel
+ JDK-8224267: JOptionPane message string with 5000+ newlines
produces StackOverflowError
+ JDK-8249831: Test sun/security/mscapi/nonUniqueAliases/
/NonUniqueAliases.java is marked with @ignore
+ JDK-8251505: Use of types in compiler shared code should be
consistent.
+ JDK-8253440: serviceability/sa/TestJhsdbJstackLineNumbers.java
failed with "Didn't find enough line numbers"
+ JDK-8254786: java/net/httpclient/CancelRequestTest.java
failing intermittently
+ JDK-8256211: assert fired in
java/net/httpclient/DependentPromiseActionsTest (infrequent)
+ JDK-8258483: [TESTBUG] gtest
CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is
too small
+ JDK-8269516: AArch64: Assembler cleanups
+ JDK-8271419: Refactor test code for modifying CDS archive
contents
+ JDK-8276995: Bug in jdk.jfr.event.gc.collection.TestSystemGC
+ JDK-8277983: Remove unused fields from
sun.net.www.protocol.jar.JarURLConnection
+ JDK-8279884: Use better file for cygwin source permission
check
+ JDK-8279894: javax/swing/JInternalFrame/8020708/bug8020708.java
timeouts on Windows 11
+ JDK-8280468: Crashes in getConfigColormap,
getConfigVisualId, XVisualIDFromVisual on Linux
+ JDK-8280820: Clean up bug8033699 and bug8075609.java tests:
regtesthelpers aren't used
+ JDK-8280991: [XWayland] No displayChanged event after
setDisplayMode call
+ JDK-8281511: java/net/ipv6tests/UdpTest.java fails with
checkTime failed
+ JDK-8282863: java/awt/FullScreen/FullscreenWindowProps/
/FullscreenWindowProps.java fails on Windows 10 with HiDPI
screen
+ JDK-8286204: [Accessibility,macOS,VoiceOver] VoiceOver reads
the spinner value 10 as 1 when user iterates to 10 for the
first time on macOS
+ JDK-8286789: Test forceEarlyReturn002.java timed out
+ JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit
access thread fields from native
+ JDK-8286925: Move JSON parser used in JFR tests to test
library
+ JDK-8287352: DockerTestUtils::execute shows incorrect
elapsed time
+ JDK-8287801: Fix test-bugs related to stress flags
+ JDK-8288707: javax/swing/JToolBar/4529206/bug4529206.java:
setFloating does not work correctly
+ JDK-8290162: Reset recursion counter missed in fix of
JDK-8224267
+ JDK-8292064: Convert java/lang/management/MemoryMXBean shell
tests to java version
+ JDK-8293503: gc/metaspace/TestMetaspacePerfCounters.java
#Epsilon-64 failed assertGreaterThanOrEqual:
expected MMM >= NNN
+ JDK-8294038: Remove "Classpath" exception from javax/swing
tests
+ JDK-8294155: Exception thrown before awaitAndCheck hangs
PassFailJFrame
+ JDK-8295470: Update openjdk.java.net => openjdk.org URLs in
test code
+ JDK-8295670: Remove duplication in
java/util/Formatter/Basic*.java
+ JDK-8295804:
javax/swing/JFileChooser/JFileChooserSetLocationTest.java
failed with "setLocation() is not working properly"
+ JDK-8296072: CertAttrSet::encode and DerEncoder::derEncode
should write into DerOutputStream
+ JDK-8296167: test/langtools/tools/jdeps/jdkinternals/
/ShowReplacement.java failing after JDK-8296072
+ JDK-8296920: Regression Test DialogOrient.java fails on MacOS
+ JDK-8297173: usageTicks and totalTicks should be volatile to
ensure that different threads get the latest ticks
+ JDK-8297242: Use-after-free during library unloading on Linux
+ JDK-8298061: vmTestbase/nsk/sysdict/vm/stress/btree/btree012/
/btree012.java failed with "fatal error: refcount has gone to
zero"
+ JDK-8298147: Clang warns about pointless comparisons
+ JDK-8298248: Limit sscanf output width in cgroup file parsers
+ JDK-8298709: Fix typos in src/java.desktop/ and various test
classes of client component
+ JDK-8298730: Refactor subsystem_file_line_contents and add
docs and tests
+ JDK-8300645: Handle julong values in logging of
GET_CONTAINER_INFO macros
+ JDK-8300658: memory_and_swap_limit() reporting wrong values
on systems with swapaccount=0
+ JDK-8302226: failure_handler native.core should wait for
coredump to finish
+ JDK-8303549: [AIX] TestNativeStack.java is failing with exit
value 1
+ JDK-8303770: Remove Baltimore root certificate expiring in
May 2025
+ JDK-8305010: Test vmTestbase/nsk/jvmti/scenarios/sampling/
/SP05/sp05t003/TestDescription.java timed out: thread not
suspended
+ JDK-8305578: X11GraphicsDevice.pGetBounds() is slow in
remote X11 sessions
+ JDK-8306997: C2: "malformed control flow" assert due to
missing safepoint on backedge with a switch
+ JDK-8307318: Test
serviceability/sa/ClhsdbCDSJstackPrintAll.java failed:
ArrayIndexOutOfBoundsException
+ JDK-8308875: java/awt/Toolkit/GetScreenInsetsCustomGC/
/GetScreenInsetsCustomGC.java failed with 'Cannot invoke
"sun.awt.X11GraphicsDevice.getInsets()" because "device" is
null'
+ JDK-8309841: Jarsigner should print a warning if an entry is
removed
+ JDK-8310525: DynamicLauncher for JDP test needs to try
harder to find a free port
+ JDK-8312246: NPE when HSDB visits bad oop
+ JDK-8314120: Add tests for FileDescriptor.sync
+ JDK-8314236: Overflow in Collections.rotate
+ JDK-8314246: javax/swing/JToolBar/4529206/bug4529206.java
fails intermittently on Linux
+ JDK-8314320: Mark runtime/CommandLine/ tests as flagless
+ JDK-8314828: Mark 3 jcmd command-line options test as
vm.flagless
+ JDK-8315484: java/awt/dnd/RejectDragDropActionTest.java
timed out
+ JDK-8315669: Open source several Swing PopupMenu related
tests
+ JDK-8315721: CloseRace.java#id0 fails transiently on libgraal
+ JDK-8315742: Open source several Swing Scroll related tests
+ JDK-8315871: Opensource five more Swing regression tests
+ JDK-8315876: Open source several Swing CSS related tests
+ JDK-8315951: Open source several Swing HTMLEditorKit related
tests
+ JDK-8315981: Opensource five more random Swing tests
+ JDK-8316061: Open source several Swing RootPane and Slider
related tests
+ JDK-8316156: ByteArrayInputStream.transferTo causes
MaxDirectMemorySize overflow
+ JDK-8316228: jcmd tests are broken by 8314828
+ JDK-8316324: Opensource five miscellaneous Swing tests
+ JDK-8316388: Opensource five Swing component related
regression tests
+ JDK-8316451: 6 java/lang/instrument/PremainClass tests
ignore VM flags
+ JDK-8316452: java/lang/instrument/modules/
/AppendToClassPathModuleTest.java ignores VM flags
+ JDK-8316460: 4 javax/management tests ignore VM flags
+ JDK-8316497: ColorConvertOp - typo for non-ICC conversions
needs one-line fix
+ JDK-8316629: j.text.DateFormatSymbols setZoneStrings()
exception is unhelpful
+ JDK-8318700: MacOS Zero cannot run gtests due to wrong JVM
path
+ JDK-8318915: Enhance checks in BigDecimal.toPlainString()
+ JDK-8318962: Update ProcessTools javadoc with suggestions in
8315097
+ JDK-8319572: Test jdk/incubator/vector/LoadJsvmlTest.java
ignores VM flags
+ JDK-8319578: Few java/lang/instrument ignore test.java.opts
and accept test.vm.opts only
+ JDK-8319690: [AArch64] C2 compilation hits
offset_ok_for_immed: assert "c2 compiler bug"
+ JDK-8320682: [AArch64] C1 compilation fails with "Field too
big for insn"
+ JDK-8320687: sun.jvmstat.monitor.MonitoredHost
.getMonitoredHost() throws unexpected exceptions when invoked
concurrently
+ JDK-8321204: C2: assert(false) failed: node should be in
igvn hash table
+ JDK-8321479: java -D-D crashes
+ JDK-8321509: False positive in get_trampoline fast path
causes crash
+ JDK-8321713: Harmonize executeTestJvm with
create[Limited]TestJavaProcessBuilder
+ JDK-8321718: ProcessTools.executeProcess calls waitFor
before logging
+ JDK-8321931: memory_swap_current_in_bytes reports 0 as
"unlimited"
+ JDK-8325435: [macos] Menu or JPopupMenu not closed when main
window is resized
+ JDK-8325680: Uninitialised memory in deleteGSSCB of
GSSLibStub.c:179
+ JDK-8325682: Rename nsk_strace.h
+ JDK-8326389: [test] improve assertEquals failure output
+ JDK-8328301: Convert Applet test
ManualHTMLDataFlavorTest.java to main program
+ JDK-8328482: Convert and Open source few manual applet test
to main based
+ JDK-8328484: Convert and Opensource few JFileChooser applet
test to main
+ JDK-8328648: Remove applet usage from JFileChooser tests
bug4150029
+ JDK-8328670: Automate and open source few closed manual
applet test
+ JDK-8328673: Convert closed text/html/CSS manual applet test
to main
+ JDK-8329261: G1: interpreter post-barrier x86 code asserts
index size of wrong buffer
+ JDK-8330534: Update nsk/jdwp tests to use driver instead of
othervm
+ JDK-8330598: java/net/httpclient/Http1ChunkedTest.java fails
with java.util.MissingFormatArgumentException: Format
specifier '%s'
+ JDK-8331735: UpcallLinker::on_exit races with GC when
copying frame anchor
+ JDK-8333117: Remove support of remote and manual debuggee
launchers
+ JDK-8333680: com/sun/tools/attach/BasicTests.java fails with
"SocketException: Permission denied: connect"
+ JDK-8334560: [PPC64]: postalloc_expand_java_dynamic_call_sched
does not copy all fields
+ JDK-8334644: Automate
javax/print/attribute/PageRangesException.java
+ JDK-8334780: Crash: assert(h_array_list.not_null()) failed:
invariant
+ JDK-8334895: OpenJDK fails to configure on linux aarch64
when CDS is disabled after JDK-8331942
+ JDK-8335662: [AArch64] C1: guarantee(val < (1ULL << nbits))
failed: Field too big for insn
+ JDK-8335684: Test ThreadCpuTime.java should pause like
ThreadCpuTimeArray.java
+ JDK-8335836: serviceability/jvmti/StartPhase/AllowedFunctions/
/AllowedFunctions.java fails with unexpected exit code: 112
+ JDK-8336587: failure_handler lldb command times out on
macosx-aarch64 core file
+ JDK-8337221: CompileFramework: test library to conveniently
compile java and jasm sources for fuzzing
+ JDK-8337299: vmTestbase/nsk/jdb/stop_at/stop_at002/
/stop_at002.java failure goes undetected
+ JDK-8338154: Fix -Wzero-as-null-pointer-constant warnings in
gtest framework
+ JDK-8339148: Make os::Linux::active_processor_count() public
+ JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm
gtest fails on ppc64 based platforms
+ JDK-8339639: Opensource few AWT PopupMenu tests
+ JDK-8339678: Update runtime/condy tests to be executed with
VM flags
+ JDK-8339727: Open source several AWT focus tests - series 1
+ JDK-8339794: Open source closed choice tests #1
+ JDK-8339810: Clean up the code in sun.tools.jar.Main to
properly close resources and use ZipFile during extract
+ JDK-8339836: Open source several AWT Mouse tests - Batch 1
+ JDK-8339842: Open source several AWT focus tests - series 2
+ JDK-8339895: Open source several AWT focus tests - series 3
+ JDK-8339906: Open source several AWT focus tests - series 4
+ JDK-8339935: Open source several AWT focus tests - series 5
+ JDK-8339982: Open source several AWT Mouse tests - Batch 2
+ JDK-8339984: Open source AWT MenuItem related tests
+ JDK-8339995: Open source several AWT focus tests - series 6
+ JDK-8340077: Open source few Checkbox tests - Set2
+ JDK-8340084: Open source AWT Frame related tests
+ JDK-8340143: Open source several Java2D rendering loop tests.
+ JDK-8340164: Open source few Component tests - Set1
+ JDK-8340173: Open source some Component/Panel/EventQueue
tests - Set2
+ JDK-8340176: Replace usage of -noclassgc with -Xnoclassgc in
test/jdk/java/lang/management/MemoryMXBean/LowMemoryTest2.java
+ JDK-8340193: Open source several AWT Dialog tests - Batch 1
+ JDK-8340228: Open source couple more miscellaneous AWT tests
+ JDK-8340271: Open source several AWT Robot tests
+ JDK-8340279: Open source several AWT Dialog tests - Batch 2
+ JDK-8340332: Open source mixed AWT tests - Set3
+ JDK-8340366: Open source several AWT Dialog tests - Batch 3
+ JDK-8340367: Opensource few AWT image tests
+ JDK-8340393: Open source closed choice tests #2
+ JDK-8340407: Open source a few more Component related tests
+ JDK-8340417: Open source some MenuBar tests - Set1
+ JDK-8340432: Open source some MenuBar tests - Set2
+ JDK-8340433: Open source closed choice tests #3
+ JDK-8340437: Open source few more AWT Frame related tests
+ JDK-8340458: Open source additional Component tests (part 2)
+ JDK-8340555: Open source DnD tests - Set4
+ JDK-8340560: Open Source several AWT/2D font and rendering
tests
+ JDK-8340605: Open source several AWT PopupMenu tests
+ JDK-8340621: Open source several AWT List tests
+ JDK-8340625: Open source additional Component tests (part 3)
+ JDK-8340639: Open source few more AWT List tests
+ JDK-8340713: Open source DnD tests - Set5
+ JDK-8340784: Remove PassFailJFrame constructor with
screenshots
+ JDK-8340790: Open source several AWT Dialog tests - Batch 4
+ JDK-8340809: Open source few more AWT PopupMenu tests
+ JDK-8340874: Open source some of the AWT Geometry/Button
tests
+ JDK-8340907: Open source closed frame tests # 2
+ JDK-8340966: Open source few Checkbox and Cursor tests - Set1
+ JDK-8340967: Open source few Cursor tests - Set2
+ JDK-8340978: Open source few DnD tests - Set6
+ JDK-8340985: Open source some Desktop related tests
+ JDK-8341000: Open source some of the AWT Window tests
+ JDK-8341004: Open source AWT FileDialog related tests
+ JDK-8341072: Open source several AWT Canvas and Rectangle
related tests
+ JDK-8341128: open source some 2d graphics tests
+ JDK-8341148: Open source several Choice related tests
+ JDK-8341162: Open source some of the AWT window test
+ JDK-8341170: Open source several Choice related tests (part
2)
+ JDK-8341177: Opensource few List and a Window test
+ JDK-8341191: Open source few more AWT FileDialog tests
+ JDK-8341239: Open source closed frame tests # 3
+ JDK-8341257: Open source few DND tests - Set1
+ JDK-8341258: Open source few various AWT tests - Set1
+ JDK-8341278: Open source few TrayIcon tests - Set7
+ JDK-8341298: Open source more AWT window tests
+ JDK-8341373: Open source closed frame tests # 4
+ JDK-8341378: Open source few TrayIcon tests - Set8
+ JDK-8341447: Open source closed frame tests # 5
+ JDK-8341535: sun/awt/font/TestDevTransform.java fails with
RuntimeException: Different rendering
+ JDK-8341637: java/net/Socket/UdpSocket.java fails with
"java.net.BindException: Address already in use"
(macos-aarch64)
+ JDK-8341972: java/awt/dnd/DnDRemoveFocusOwnerCrashTest.java
timed out after JDK-8341257
+ JDK-8342376: More reliable OOM handling in
ExceptionDuringDumpAtObjectsInitPhase test
+ JDK-8342524: Use latch in AbstractButton/bug6298940.java
instead of delay
+ JDK-8342633: javax/management/security/
/HashedPasswordFileTest.java creates tmp file in src dir
+ JDK-8343037: Missing @since tag on JColorChooser.showDialog
overload
+ JDK-8343103: Enable debug logging for vmTestbase/nsk/jvmti/
/scenarios/sampling/SP05/sp05t003/TestDescription.java
+ JDK-8343124: Tests fails with
java.lang.IllegalAccessException: class
com.sun.javatest.regtest.agent.MainWrapper$MainTask cannot
access
+ JDK-8343170: java/awt/Cursor/JPanelCursorTest/
/JPanelCursorTest.java does not show the default cursor
+ JDK-8343205: CompileBroker::possibly_add_compiler_threads
excessively polls available memory
+ JDK-8343529: serviceability/sa/ClhsdbWhere.java fails
AssertionFailure: Corrupted constant pool
+ JDK-8343891: Test javax/swing/JTabbedPane/
/TestJTabbedPaneBackgroundColor.java failed
+ JDK-8343936: Adjust timeout in test
javax/management/monitor/DerivedGaugeMonitorTest.java
+ JDK-8344316: security/auth/callback/TextCallbackHandler/
/Password.java make runnable with JTReg and add the UI
+ JDK-8344361: Restore null return for invalid services from
legacy providers
+ JDK-8345133: Test sun/security/tools/jarsigner/
/TsacertOptionTest.java failed: Warning found in stdout
+ JDK-8345134: Test sun/security/tools/jarsigner/
/ConciseJarsigner.java failed: unable to find valid
certification path to requested target
+ JDK-8345357: test/jdk/javax/swing/JRadioButton/8033699/
/bug8033699.java fails in ubuntu22.04
+ JDK-8345447: test/jdk/javax/swing/JToolBar/4529206/
/bug4529206.java fails in ubuntu22.04
+ JDK-8345547: test/jdk/javax/swing/text/DefaultEditorKit/
/4278839/bug4278839.java fails in ubuntu22.04
+ JDK-8345598: Upgrade NSS binaries for interop tests
+ JDK-8345625: Better HTTP connections
+ JDK-8345728: [Accessibility,macOS,Screen Magnifier]:
JCheckbox unchecked state does not magnify but works for
checked tate
+ JDK-8345838: Remove the
appcds/javaldr/AnonVmClassesDuringDump.java test
+ JDK-8346049: jdk/test/lib/security/timestamp/TsaServer.java
warnings
+ JDK-8346581: JRadioButton/ButtonGroupFocusTest.java fails in
CI on Linux
+ JDK-8347000: Bug in
com/sun/net/httpserver/bugs/B6361557.java test
+ JDK-8347019: Test javax/swing/JRadioButton/8033699/
/bug8033699.java still fails: Focus is not on Radio Button
Single as Expected
+ JDK-8347083: Incomplete logging in
nsk/jvmti/ResourceExhausted/resexhausted00* tests
+ JDK-8347126: gc/stress/TestStressG1Uncommit.java gets
OOM-killed
+ JDK-8347267: [macOS]: UnixOperatingSystem.c:67:40: runtime
error: division by zero
+ JDK-8347286: (fs) Remove some extensions from
java/nio/file/Files/probeContentType/Basic.java
+ JDK-8347576: Error output in libjsound has non matching
format strings
+ JDK-8347629: Test FailOverDirectExecutionControlTest.java
fails with -Xcomp
+ JDK-8347911: Limit the length of inflated text chunks
+ JDK-8347995: Race condition in jdk/java/net/httpclient/
/offline/FixedResponseHttpClient.java
+ JDK-8348107: test/jdk/java/net/httpclient/
/HttpsTunnelAuthTest.java fails intermittently
+ JDK-8348110: Update LCMS to 2.17
+ JDK-8348299: Update List/ItemEventTest/ItemEventTest.java
+ JDK-8348596: Update FreeType to 2.13.3
+ JDK-8348597: Update HarfBuzz to 10.4.0
+ JDK-8348598: Update Libpng to 1.6.47
+ JDK-8348600: Update PipeWire to 1.3.81
+ JDK-8348865: JButton/bug4796987.java never runs because
Windows XP is unavailable
+ JDK-8348936: [Accessibility,macOS,VoiceOver] VoiceOver
doesn't announce untick on toggling the checkbox with "space"
key on macOS
+ JDK-8348989: Better Glyph drawing
+ JDK-8349039: Adjust exception No type named <ThreadType> in
database
+ JDK-8349111: Enhance Swing supports
+ JDK-8349200: [JMH] time.format.ZonedDateTimeFormatterBenchmark
fails
+ JDK-8349348: Refactor ClassLoaderDeadlock.sh and Deadlock.sh
to run fully in java
+ JDK-8349492: Update sun/security/pkcs12/
/KeytoolOpensslInteropTest.java to use a recent Openssl
version
+ JDK-8349501: Relocate supporting classes in
security/testlibrary to test/lib/jdk tree
+ JDK-8349594: Enhance TLS protocol support
+ JDK-8349751: AIX build failure after upgrade pipewire to
1.3.81
+ JDK-8349974: [JMH,17u] MaskQueryOperationsBenchmark fails
java.lang.NoClassDefFoundError
+ JDK-8350211: CTW: Attempt to preload all classes in constant
pool
+ JDK-8350224: Test javax/swing/JComboBox/
/TestComboBoxComponentRendering.java fails in ubuntu 23.x and
later
+ JDK-8350260: Improve HTML instruction formatting in
PassFailJFrame
+ JDK-8350383: Test: add more test case for string compare (UL
case)
+ JDK-8350386: Test TestCodeCacheFull.java fails with option
-XX:-UseCodeCacheFlushing
+ JDK-8350412: [21u] AArch64: Ambiguous frame layout leads to
incorrect traces in JFR
+ JDK-8350498: Remove two Camerfirma root CA certificates
+ JDK-8350540: [17u,11u] B8312065.java fails Network is
unreachable
+ JDK-8350546: Several java/net/InetAddress tests fails
UnknownHostException
+ JDK-8350616: Skip ValidateHazardPtrsClosure in non-debug
builds
+ JDK-8350651: Bump update version for OpenJDK: jdk-17.0.16
+ JDK-8350924: javax/swing/JMenu/4213634/bug4213634.java fails
+ JDK-8350991: Improve HTTP client header handling
+ JDK-8351086: (fc) Make
java/nio/channels/FileChannel/BlockDeviceSize.java test manual
+ JDK-8352076: [21u] Problem list tests that fail in 21 and
would be fixed by 8309622
+ JDK-8352109: java/awt/Desktop/MailTest.java fails in
platforms where Action.MAIL is not supported
+ JDK-8352302: Test
sun/security/tools/jarsigner/TimestampCheck.java is failing
+ JDK-8352649: [17u] guarantee(is_result_safe ||
is_in_asgct()) failed inside AsyncGetCallTrace
+ JDK-8352676: Opensource JMenu tests - series1
+ JDK-8352680: Opensource few misc swing tests
+ JDK-8352684: Opensource JInternalFrame tests - series1
+ JDK-8352706: httpclient HeadTest does not run on HTTP2
+ JDK-8352716: (tz) Update Timezone Data to 2025b
+ JDK-8352908: Open source several swing tests batch1
+ JDK-8352942: jdk/jfr/startupargs/TestMemoryOptions.java
fails with 32-bit build
+ JDK-8353070: Clean up and open source couple AWT Graphics
related tests (Part 1)
+ JDK-8353138: Screen capture for test
TaskbarPositionTest.java, failure case
+ JDK-8353320: Open source more Swing text tests
+ JDK-8353446: Open source several AWT Menu tests - Batch 2
+ JDK-8353475: Open source two Swing DefaultCaret tests
+ JDK-8353685: Open some JComboBox bugs 4
+ JDK-8353709: Debug symbols bundle should contain full debug
files when building --with-external-symbols-in-bundles=public
+ JDK-8353714: [17u] Backport of 8347740 incomplete
+ JDK-8353942: Open source Swing Tests - Set 5
+ JDK-8354554: Open source several clipboard tests batch1
+ JDK-8356053: Test java/awt/Toolkit/Headless/
/HeadlessToolkit.java fails by timeout
+ JDK-8356096: ISO 4217 Amendment 179 Update
+ JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS
+ JDK-8357105: C2: compilation fails with "assert(false)
failed: empty program detected during loop optimization"
+ JDK-8357193: [VS 2022 17.14] Warning C5287 in debugInit.c:
enum type mismatch during build
+ JDK-8359170: Add 2 TLS and 2 CS Sectigo roots
+ JDK-8360147: Better Glyph drawing redux
+ JDK-8361674: [17u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.16

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-2667=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-2667=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2667=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2667=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2667=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2667=1

* Legacy Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-2667=1

* Legacy Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2025-2667=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2667=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2667=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2667=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2667=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2667=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2667=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2667=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2667=1

## Package List:

* SUSE Manager Proxy 4.3 (x86_64)
* java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-17.0.16.0-150400.3.57.1
* java-17-openjdk-demo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-17.0.16.0-150400.3.57.1
* java-17-openjdk-demo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-17.0.16.0-150400.3.57.1
* java-17-openjdk-demo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-src-17.0.16.0-150400.3.57.1
* java-17-openjdk-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-17.0.16.0-150400.3.57.1
* java-17-openjdk-jmods-17.0.16.0-150400.3.57.1
* java-17-openjdk-demo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
* openSUSE Leap 15.4 (noarch)
* java-17-openjdk-javadoc-17.0.16.0-150400.3.57.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-src-17.0.16.0-150400.3.57.1
* java-17-openjdk-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-17.0.16.0-150400.3.57.1
* java-17-openjdk-jmods-17.0.16.0-150400.3.57.1
* java-17-openjdk-demo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
* openSUSE Leap 15.6 (noarch)
* java-17-openjdk-javadoc-17.0.16.0-150400.3.57.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
* Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-demo-17.0.16.0-150400.3.57.1
* java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
* Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-17.0.16.0-150400.3.57.1
* java-17-openjdk-demo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-17.0.16.0-150400.3.57.1
* java-17-openjdk-demo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-17.0.16.0-150400.3.57.1
* java-17-openjdk-demo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-17.0.16.0-150400.3.57.1
* java-17-openjdk-demo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-17.0.16.0-150400.3.57.1
* java-17-openjdk-demo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-17.0.16.0-150400.3.57.1
* java-17-openjdk-demo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-17.0.16.0-150400.3.57.1
* java-17-openjdk-demo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-17.0.16.0-150400.3.57.1
* java-17-openjdk-demo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-17.0.16.0-150400.3.57.1
* java-17-openjdk-demo-17.0.16.0-150400.3.57.1
* java-17-openjdk-headless-17.0.16.0-150400.3.57.1
* java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
* java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1

## References:

* https://www.suse.com/security/cve/CVE-2025-30749.html
* https://www.suse.com/security/cve/CVE-2025-30754.html
* https://www.suse.com/security/cve/CVE-2025-50059.html
* https://www.suse.com/security/cve/CVE-2025-50106.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246575
* https://bugzilla.suse.com/show_bug.cgi?id=1246584
* https://bugzilla.suse.com/show_bug.cgi?id=1246595
* https://bugzilla.suse.com/show_bug.cgi?id=1246598

SUSE-SU-2025:02672-1: important: Security update for sqlite3

# Security update for sqlite3

Announcement ID: SUSE-SU-2025:02672-1
Release Date: 2025-08-04T13:07:46Z
Rating: important
References:

* bsc#1246597

Cross-References:

* CVE-2025-6965

CVSS scores:

* CVE-2025-6965 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L
* CVE-2025-6965 ( NVD ): 7.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green
* CVE-2025-6965 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Proxy 4.3
* SUSE Manager Proxy 4.3 LTS
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Retail Branch Server 4.3 LTS
* SUSE Manager Server 4.3
* SUSE Manager Server 4.3 LTS

An update that solves one vulnerability can now be installed.

## Description:

This update for sqlite3 fixes the following issues:

* Update to version 3.50.2
* CVE-2025-6965: Fixed an integer truncation to avoid assertion faults.
(bsc#1246597)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2672=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2672=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2672=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2672=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2672=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-2672=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2672=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2672=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2672=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2672=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2672=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2672=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2672=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2672=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2672=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2672=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2672=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2672=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2672=1

* SUSE Manager Proxy 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-2672=1

* SUSE Manager Retail Branch Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-LTS-2025-2672=1

* SUSE Manager Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-2672=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-2672=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-2672=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2672=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2672=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* sqlite3-devel-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-tcl-debuginfo-3.50.2-150000.3.33.1
* sqlite3-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* openSUSE Leap 15.6 (x86_64)
* libsqlite3-0-32bit-debuginfo-3.50.2-150000.3.33.1
* libsqlite3-0-32bit-3.50.2-150000.3.33.1
* openSUSE Leap 15.6 (noarch)
* sqlite3-doc-3.50.2-150000.3.33.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-tcl-debuginfo-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-tcl-debuginfo-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-tcl-debuginfo-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* sqlite3-devel-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-tcl-debuginfo-3.50.2-150000.3.33.1
* sqlite3-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* Basesystem Module 15-SP6 (x86_64)
* libsqlite3-0-32bit-debuginfo-3.50.2-150000.3.33.1
* libsqlite3-0-32bit-3.50.2-150000.3.33.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* sqlite3-devel-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-tcl-debuginfo-3.50.2-150000.3.33.1
* sqlite3-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* Basesystem Module 15-SP7 (x86_64)
* libsqlite3-0-32bit-debuginfo-3.50.2-150000.3.33.1
* libsqlite3-0-32bit-3.50.2-150000.3.33.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* sqlite3-devel-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64)
* libsqlite3-0-32bit-debuginfo-3.50.2-150000.3.33.1
* libsqlite3-0-32bit-3.50.2-150000.3.33.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* sqlite3-devel-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* libsqlite3-0-32bit-debuginfo-3.50.2-150000.3.33.1
* libsqlite3-0-32bit-3.50.2-150000.3.33.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* sqlite3-devel-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* libsqlite3-0-32bit-debuginfo-3.50.2-150000.3.33.1
* libsqlite3-0-32bit-3.50.2-150000.3.33.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* sqlite3-devel-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-tcl-debuginfo-3.50.2-150000.3.33.1
* sqlite3-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
* libsqlite3-0-32bit-debuginfo-3.50.2-150000.3.33.1
* libsqlite3-0-32bit-3.50.2-150000.3.33.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* sqlite3-devel-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-tcl-debuginfo-3.50.2-150000.3.33.1
* sqlite3-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
* libsqlite3-0-32bit-debuginfo-3.50.2-150000.3.33.1
* libsqlite3-0-32bit-3.50.2-150000.3.33.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* sqlite3-devel-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (x86_64)
* libsqlite3-0-32bit-debuginfo-3.50.2-150000.3.33.1
* libsqlite3-0-32bit-3.50.2-150000.3.33.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* sqlite3-devel-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
* libsqlite3-0-32bit-debuginfo-3.50.2-150000.3.33.1
* libsqlite3-0-32bit-3.50.2-150000.3.33.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* sqlite3-devel-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-tcl-debuginfo-3.50.2-150000.3.33.1
* sqlite3-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
* libsqlite3-0-32bit-debuginfo-3.50.2-150000.3.33.1
* libsqlite3-0-32bit-3.50.2-150000.3.33.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* sqlite3-devel-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* libsqlite3-0-32bit-debuginfo-3.50.2-150000.3.33.1
* libsqlite3-0-32bit-3.50.2-150000.3.33.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* sqlite3-devel-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* libsqlite3-0-32bit-debuginfo-3.50.2-150000.3.33.1
* libsqlite3-0-32bit-3.50.2-150000.3.33.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* sqlite3-devel-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-tcl-debuginfo-3.50.2-150000.3.33.1
* sqlite3-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* libsqlite3-0-32bit-debuginfo-3.50.2-150000.3.33.1
* libsqlite3-0-32bit-3.50.2-150000.3.33.1
* SUSE Manager Proxy 4.3 LTS (x86_64)
* libsqlite3-0-32bit-debuginfo-3.50.2-150000.3.33.1
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* libsqlite3-0-32bit-3.50.2-150000.3.33.1
* sqlite3-devel-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* SUSE Manager Retail Branch Server 4.3 LTS (x86_64)
* libsqlite3-0-32bit-debuginfo-3.50.2-150000.3.33.1
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* libsqlite3-0-32bit-3.50.2-150000.3.33.1
* sqlite3-devel-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* sqlite3-devel-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* SUSE Manager Server 4.3 LTS (x86_64)
* libsqlite3-0-32bit-debuginfo-3.50.2-150000.3.33.1
* libsqlite3-0-32bit-3.50.2-150000.3.33.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* sqlite3-tcl-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-3.50.2-150000.3.33.1
* sqlite3-devel-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* sqlite3-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* SUSE Enterprise Storage 7.1 (x86_64)
* libsqlite3-0-32bit-debuginfo-3.50.2-150000.3.33.1
* libsqlite3-0-32bit-3.50.2-150000.3.33.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* libsqlite3-0-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* libsqlite3-0-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* libsqlite3-0-3.50.2-150000.3.33.1
* sqlite3-debuginfo-3.50.2-150000.3.33.1
* sqlite3-debugsource-3.50.2-150000.3.33.1
* libsqlite3-0-debuginfo-3.50.2-150000.3.33.1

## References:

* https://www.suse.com/security/cve/CVE-2025-6965.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246597

SUSE-SU-2025:02677-1: low: Security update for cairo

# Security update for cairo

Announcement ID: SUSE-SU-2025:02677-1
Release Date: 2025-08-04T14:31:56Z
Rating: low
References:

* bsc#1122338

Cross-References:

* CVE-2019-6461

CVSS scores:

* CVE-2019-6461 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2019-6461 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2019-6461 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves one vulnerability can now be installed.

## Description:

This update for cairo fixes the following issues:

* CVE-2019-6461: avoid assert when drawing arcs with NaN angles (bsc#1122338).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2677=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2677=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2677=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2677=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2677=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-2677=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libcairo-gobject2-1.16.0-150400.11.6.1
* cairo-tools-1.16.0-150400.11.6.1
* libcairo2-1.16.0-150400.11.6.1
* cairo-debugsource-1.16.0-150400.11.6.1
* libcairo2-debuginfo-1.16.0-150400.11.6.1
* cairo-devel-1.16.0-150400.11.6.1
* libcairo-script-interpreter2-debuginfo-1.16.0-150400.11.6.1
* cairo-tools-debuginfo-1.16.0-150400.11.6.1
* libcairo-script-interpreter2-1.16.0-150400.11.6.1
* libcairo-gobject2-debuginfo-1.16.0-150400.11.6.1
* openSUSE Leap 15.4 (x86_64)
* libcairo-script-interpreter2-32bit-1.16.0-150400.11.6.1
* libcairo2-32bit-debuginfo-1.16.0-150400.11.6.1
* libcairo-gobject2-32bit-debuginfo-1.16.0-150400.11.6.1
* libcairo2-32bit-1.16.0-150400.11.6.1
* cairo-devel-32bit-1.16.0-150400.11.6.1
* libcairo-gobject2-32bit-1.16.0-150400.11.6.1
* libcairo-script-interpreter2-32bit-debuginfo-1.16.0-150400.11.6.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libcairo-script-interpreter2-64bit-1.16.0-150400.11.6.1
* libcairo-gobject2-64bit-debuginfo-1.16.0-150400.11.6.1
* libcairo2-64bit-debuginfo-1.16.0-150400.11.6.1
* libcairo2-64bit-1.16.0-150400.11.6.1
* libcairo-gobject2-64bit-1.16.0-150400.11.6.1
* cairo-devel-64bit-1.16.0-150400.11.6.1
* libcairo-script-interpreter2-64bit-debuginfo-1.16.0-150400.11.6.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libcairo-gobject2-1.16.0-150400.11.6.1
* libcairo2-1.16.0-150400.11.6.1
* cairo-debugsource-1.16.0-150400.11.6.1
* libcairo2-debuginfo-1.16.0-150400.11.6.1
* libcairo-gobject2-debuginfo-1.16.0-150400.11.6.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libcairo-gobject2-1.16.0-150400.11.6.1
* libcairo2-1.16.0-150400.11.6.1
* cairo-debugsource-1.16.0-150400.11.6.1
* libcairo2-debuginfo-1.16.0-150400.11.6.1
* libcairo-gobject2-debuginfo-1.16.0-150400.11.6.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libcairo-gobject2-1.16.0-150400.11.6.1
* libcairo2-1.16.0-150400.11.6.1
* cairo-debugsource-1.16.0-150400.11.6.1
* libcairo2-debuginfo-1.16.0-150400.11.6.1
* libcairo-gobject2-debuginfo-1.16.0-150400.11.6.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libcairo-gobject2-1.16.0-150400.11.6.1
* libcairo2-1.16.0-150400.11.6.1
* cairo-debugsource-1.16.0-150400.11.6.1
* libcairo2-debuginfo-1.16.0-150400.11.6.1
* libcairo-gobject2-debuginfo-1.16.0-150400.11.6.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libcairo-gobject2-1.16.0-150400.11.6.1
* libcairo2-1.16.0-150400.11.6.1
* cairo-debugsource-1.16.0-150400.11.6.1
* libcairo2-debuginfo-1.16.0-150400.11.6.1
* libcairo-gobject2-debuginfo-1.16.0-150400.11.6.1

## References:

* https://www.suse.com/security/cve/CVE-2019-6461.html
* https://bugzilla.suse.com/show_bug.cgi?id=1122338

SUSE-SU-2025:02666-1: important: Security update for java-11-openjdk

# Security update for java-11-openjdk

Announcement ID: SUSE-SU-2025:02666-1
Release Date: 2025-08-04T12:36:38Z
Rating: important
References:

* bsc#1246575
* bsc#1246580
* bsc#1246584
* bsc#1246595
* bsc#1246598

Cross-References:

* CVE-2025-30749
* CVE-2025-30754
* CVE-2025-30761
* CVE-2025-50059
* CVE-2025-50106

CVSS scores:

* CVE-2025-30749 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-30749 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-30749 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-30754 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-30754 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-30754 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-30761 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-30761 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-50059 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-50059 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-50106 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-50106 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Legacy Module 15-SP6
* Legacy Module 15-SP7
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves five vulnerabilities can now be installed.

## Description:

This update for java-11-openjdk fixes the following issues:

Upgrade to upstream tag jdk-11.0.28+6 (July 2025 CPU):

Security fixes:

* CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595)
* CVE-2025-30754: incomplete handshake may lead to weakening TLS protections
(bsc#1246598)
* CVE-2025-30761: Improve scripting supports (bsc#1246580)
* CVE-2025-50059: Improve HTTP client header handling (bsc#1246575)
* CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584)

Changelog:

+ JDK-8026976: ECParameters, Point does not match field size
+ JDK-8211400: nsk.share.gc.Memory::getArrayLength returns wrong
value
+ JDK-8231058: VerifyOops crashes with assert(_offset >= 0)
failed: offset for non comment?
+ JDK-8232625: HttpClient redirect policy should be more
conservative
+ JDK-8258483: [TESTBUG] gtest
CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is
too small
+ JDK-8293345: SunPKCS11 provider checks on PKCS11 Mechanism are
problematic
+ JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts
+ JDK-8301753: AppendFile/WriteFile has differences between make
3.81 and 4+
+ JDK-8303770: Remove Baltimore root certificate expiring in May
2025
+ JDK-8315380: AsyncGetCallTrace crash in frame::safe_for_sender
+ JDK-8327476: Upgrade JLine to 3.26.1
+ JDK-8328957: Update PKCS11Test.java to not use hardcoded path
+ JDK-8331959: Update PKCS#11 Cryptographic Token Interface to
v3.1
+ JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm
gtest fails on ppc64 based platforms
+ JDK-8339728: [Accessibility,Windows,JAWS] Bug in the
getKeyChar method of the AccessBridge class
+ JDK-8345133: Test sun/security/tools/jarsigner/
/TsacertOptionTest.java failed: Warning found in stdout
+ JDK-8345625: Better HTTP connections
+ JDK-8346887: DrawFocusRect() may cause an assertion failure
+ JDK-8347629: Test FailOverDirectExecutionControlTest.java
fails with -Xcomp
+ JDK-8348110: Update LCMS to 2.17
+ JDK-8348596: Update FreeType to 2.13.3
+ JDK-8348598: Update Libpng to 1.6.47
+ JDK-8348989: Better Glyph drawing
+ JDK-8349111: Enhance Swing supports
+ JDK-8349594: Enhance TLS protocol support
+ JDK-8350469: [11u] Test AbsPathsInImage.java fails
- JDK-8239429 public clone
+ JDK-8350498: Remove two Camerfirma root CA certificates
+ JDK-8350991: Improve HTTP client header handling
+ JDK-8351099: Bump update version of OpenJDK: 11.0.28
+ JDK-8351422: Improve scripting supports
+ JDK-8352302: Test sun/security/tools/jarsigner/
/TimestampCheck.java is failing
+ JDK-8352716: (tz) Update Timezone Data to 2025b
+ JDK-8356096: ISO 4217 Amendment 179 Update
+ JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS
+ JDK-8359170: Add 2 TLS and 2 CS Sectigo roots
+ JDK-8360147: Better Glyph drawing redux

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Legacy Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-2666=1

* Legacy Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2025-2666=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2666=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2666=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2666=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2666=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2666=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2666=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2666=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2666=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2666=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2666=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2666=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2666=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2666=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-2666=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-2666=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2666=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-2666=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2666=1

## Package List:

* Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-devel-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-debuginfo-11.0.28.0-150000.3.129.2
* java-11-openjdk-debugsource-11.0.28.0-150000.3.129.2
* java-11-openjdk-11.0.28.0-150000.3.129.2
* java-11-openjdk-devel-debuginfo-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-11.0.28.0-150000.3.129.2
* java-11-openjdk-debuginfo-11.0.28.0-150000.3.129.2
* java-11-openjdk-demo-11.0.28.0-150000.3.129.2
* Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-devel-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-debuginfo-11.0.28.0-150000.3.129.2
* java-11-openjdk-debugsource-11.0.28.0-150000.3.129.2
* java-11-openjdk-11.0.28.0-150000.3.129.2
* java-11-openjdk-devel-debuginfo-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-11.0.28.0-150000.3.129.2
* java-11-openjdk-debuginfo-11.0.28.0-150000.3.129.2
* java-11-openjdk-demo-11.0.28.0-150000.3.129.2
* SUSE Package Hub 15 15-SP6 (noarch)
* java-11-openjdk-javadoc-11.0.28.0-150000.3.129.2
* SUSE Package Hub 15 15-SP7 (noarch)
* java-11-openjdk-javadoc-11.0.28.0-150000.3.129.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* java-11-openjdk-devel-11.0.28.0-150000.3.129.2
* java-11-openjdk-debugsource-11.0.28.0-150000.3.129.2
* java-11-openjdk-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-11.0.28.0-150000.3.129.2
* java-11-openjdk-debuginfo-11.0.28.0-150000.3.129.2
* java-11-openjdk-demo-11.0.28.0-150000.3.129.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* java-11-openjdk-devel-11.0.28.0-150000.3.129.2
* java-11-openjdk-debugsource-11.0.28.0-150000.3.129.2
* java-11-openjdk-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-11.0.28.0-150000.3.129.2
* java-11-openjdk-demo-11.0.28.0-150000.3.129.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* java-11-openjdk-devel-11.0.28.0-150000.3.129.2
* java-11-openjdk-debugsource-11.0.28.0-150000.3.129.2
* java-11-openjdk-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-11.0.28.0-150000.3.129.2
* java-11-openjdk-demo-11.0.28.0-150000.3.129.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* java-11-openjdk-devel-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-11.0.28.0-150000.3.129.2
* java-11-openjdk-demo-11.0.28.0-150000.3.129.2
* java-11-openjdk-11.0.28.0-150000.3.129.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* java-11-openjdk-devel-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-11.0.28.0-150000.3.129.2
* java-11-openjdk-demo-11.0.28.0-150000.3.129.2
* java-11-openjdk-11.0.28.0-150000.3.129.2
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-devel-11.0.28.0-150000.3.129.2
* java-11-openjdk-debugsource-11.0.28.0-150000.3.129.2
* java-11-openjdk-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-11.0.28.0-150000.3.129.2
* java-11-openjdk-debuginfo-11.0.28.0-150000.3.129.2
* java-11-openjdk-demo-11.0.28.0-150000.3.129.2
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-devel-11.0.28.0-150000.3.129.2
* java-11-openjdk-debugsource-11.0.28.0-150000.3.129.2
* java-11-openjdk-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-11.0.28.0-150000.3.129.2
* java-11-openjdk-demo-11.0.28.0-150000.3.129.2
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-devel-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-11.0.28.0-150000.3.129.2
* java-11-openjdk-demo-11.0.28.0-150000.3.129.2
* java-11-openjdk-11.0.28.0-150000.3.129.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* java-11-openjdk-devel-11.0.28.0-150000.3.129.2
* java-11-openjdk-debugsource-11.0.28.0-150000.3.129.2
* java-11-openjdk-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-11.0.28.0-150000.3.129.2
* java-11-openjdk-debuginfo-11.0.28.0-150000.3.129.2
* java-11-openjdk-demo-11.0.28.0-150000.3.129.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* java-11-openjdk-devel-11.0.28.0-150000.3.129.2
* java-11-openjdk-debugsource-11.0.28.0-150000.3.129.2
* java-11-openjdk-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-11.0.28.0-150000.3.129.2
* java-11-openjdk-demo-11.0.28.0-150000.3.129.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* java-11-openjdk-devel-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-11.0.28.0-150000.3.129.2
* java-11-openjdk-demo-11.0.28.0-150000.3.129.2
* java-11-openjdk-11.0.28.0-150000.3.129.2
* SUSE Manager Proxy 4.3 (x86_64)
* java-11-openjdk-devel-11.0.28.0-150000.3.129.2
* java-11-openjdk-debugsource-11.0.28.0-150000.3.129.2
* java-11-openjdk-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-11.0.28.0-150000.3.129.2
* java-11-openjdk-demo-11.0.28.0-150000.3.129.2
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* java-11-openjdk-devel-11.0.28.0-150000.3.129.2
* java-11-openjdk-debugsource-11.0.28.0-150000.3.129.2
* java-11-openjdk-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-11.0.28.0-150000.3.129.2
* java-11-openjdk-demo-11.0.28.0-150000.3.129.2
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* java-11-openjdk-devel-11.0.28.0-150000.3.129.2
* java-11-openjdk-debugsource-11.0.28.0-150000.3.129.2
* java-11-openjdk-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-11.0.28.0-150000.3.129.2
* java-11-openjdk-demo-11.0.28.0-150000.3.129.2
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* java-11-openjdk-devel-11.0.28.0-150000.3.129.2
* java-11-openjdk-debugsource-11.0.28.0-150000.3.129.2
* java-11-openjdk-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-11.0.28.0-150000.3.129.2
* java-11-openjdk-debuginfo-11.0.28.0-150000.3.129.2
* java-11-openjdk-demo-11.0.28.0-150000.3.129.2
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-devel-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-debuginfo-11.0.28.0-150000.3.129.2
* java-11-openjdk-debugsource-11.0.28.0-150000.3.129.2
* java-11-openjdk-jmods-11.0.28.0-150000.3.129.2
* java-11-openjdk-src-11.0.28.0-150000.3.129.2
* java-11-openjdk-11.0.28.0-150000.3.129.2
* java-11-openjdk-devel-debuginfo-11.0.28.0-150000.3.129.2
* java-11-openjdk-headless-11.0.28.0-150000.3.129.2
* java-11-openjdk-debuginfo-11.0.28.0-150000.3.129.2
* java-11-openjdk-demo-11.0.28.0-150000.3.129.2
* openSUSE Leap 15.6 (noarch)
* java-11-openjdk-javadoc-11.0.28.0-150000.3.129.2

## References:

* https://www.suse.com/security/cve/CVE-2025-30749.html
* https://www.suse.com/security/cve/CVE-2025-30754.html
* https://www.suse.com/security/cve/CVE-2025-30761.html
* https://www.suse.com/security/cve/CVE-2025-50059.html
* https://www.suse.com/security/cve/CVE-2025-50106.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246575
* https://bugzilla.suse.com/show_bug.cgi?id=1246580
* https://bugzilla.suse.com/show_bug.cgi?id=1246584
* https://bugzilla.suse.com/show_bug.cgi?id=1246595
* https://bugzilla.suse.com/show_bug.cgi?id=1246598

SUSE-SU-2025:02679-1: important: Security update for redis

# Security update for redis

Announcement ID: SUSE-SU-2025:02679-1
Release Date: 2025-08-04T15:03:15Z
Rating: important
References:

* bsc#1243804
* bsc#1246058
* bsc#1246059

Cross-References:

* CVE-2025-27151
* CVE-2025-32023
* CVE-2025-48367

CVSS scores:

* CVE-2025-27151 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-27151 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32023 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32023 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-32023 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-48367 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-48367 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-48367 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for redis fixes the following issues:

* CVE-2025-27151: Fixed absence of filename size check may cause a stack
overflow. (bsc#1243804)
* CVE-2025-32023: Fixed out-of-bounds write when working with HyperLogLog
commands can lead to remote code execution. (bsc#1246059)
* CVE-2025-48367: Fixed unauthenticated connection causing repeated IP
protocol erros can lead to client starvation and DoS. (bsc#1246058)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-2679=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2679=1 openSUSE-SLE-15.6-2025-2679=1

## Package List:

* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* redis7-7.0.8-150600.8.16.1
* redis7-debugsource-7.0.8-150600.8.16.1
* redis7-debuginfo-7.0.8-150600.8.16.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* redis7-7.0.8-150600.8.16.1
* redis7-debugsource-7.0.8-150600.8.16.1
* redis7-debuginfo-7.0.8-150600.8.16.1

## References:

* https://www.suse.com/security/cve/CVE-2025-27151.html
* https://www.suse.com/security/cve/CVE-2025-32023.html
* https://www.suse.com/security/cve/CVE-2025-48367.html
* https://bugzilla.suse.com/show_bug.cgi?id=1243804
* https://bugzilla.suse.com/show_bug.cgi?id=1246058
* https://bugzilla.suse.com/show_bug.cgi?id=1246059

SUSE-SU-2025:02681-1: important: Security update for redis

# Security update for redis

Announcement ID: SUSE-SU-2025:02681-1
Release Date: 2025-08-04T15:04:38Z
Rating: important
References:

* bsc#1243804
* bsc#1246058
* bsc#1246059

Cross-References:

* CVE-2025-27151
* CVE-2025-32023
* CVE-2025-48367

CVSS scores:

* CVE-2025-27151 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-27151 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-32023 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32023 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-32023 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-48367 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-48367 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-48367 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves three vulnerabilities can now be installed.

## Description:

This update for redis fixes the following issues:

* CVE-2025-27151: Fixed absence of filename size check may cause a stack
overflow. (bsc#1243804)
* CVE-2025-32023: Fixed out-of-bounds write when working with HyperLogLog
commands can lead to remote code execution. (bsc#1246059)
* CVE-2025-48367: Fixed unauthenticated connection causing repeated IP
protocol erros can lead to client starvation and DoS. (bsc#1246058)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2681=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2681=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2681=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2681=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2681=1

## Package List:

* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* redis7-debuginfo-7.0.8-150500.3.21.1
* redis7-7.0.8-150500.3.21.1
* redis7-debugsource-7.0.8-150500.3.21.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* redis7-debuginfo-7.0.8-150500.3.21.1
* redis7-7.0.8-150500.3.21.1
* redis7-debugsource-7.0.8-150500.3.21.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* redis7-debuginfo-7.0.8-150500.3.21.1
* redis7-7.0.8-150500.3.21.1
* redis7-debugsource-7.0.8-150500.3.21.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* redis7-debuginfo-7.0.8-150500.3.21.1
* redis7-7.0.8-150500.3.21.1
* redis7-debugsource-7.0.8-150500.3.21.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* redis7-debuginfo-7.0.8-150500.3.21.1
* redis7-7.0.8-150500.3.21.1
* redis7-debugsource-7.0.8-150500.3.21.1

## References:

* https://www.suse.com/security/cve/CVE-2025-27151.html
* https://www.suse.com/security/cve/CVE-2025-32023.html
* https://www.suse.com/security/cve/CVE-2025-48367.html
* https://bugzilla.suse.com/show_bug.cgi?id=1243804
* https://bugzilla.suse.com/show_bug.cgi?id=1246058
* https://bugzilla.suse.com/show_bug.cgi?id=1246059

SUSE-SU-2025:02680-1: important: Security update for redis

# Security update for redis

Announcement ID: SUSE-SU-2025:02680-1
Release Date: 2025-08-04T15:04:10Z
Rating: important
References:

* bsc#1246058
* bsc#1246059

Cross-References:

* CVE-2025-32023
* CVE-2025-48367

CVSS scores:

* CVE-2025-32023 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32023 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-32023 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-48367 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-48367 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-48367 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves two vulnerabilities can now be installed.

## Description:

This update for redis fixes the following issues:

* CVE-2025-32023: Fixed out-of-bounds write when working with HyperLogLog
commands can lead to remote code execution. (bsc#1246059)
* CVE-2025-48367: Fixed unauthenticated connection causing repeated IP
protocol erros can lead to client starvation and DoS. (bsc#1246058)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2680=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2680=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2680=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2680=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2680=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2680=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2680=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2680=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2680=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-2680=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-2680=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2680=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* redis-debugsource-6.2.6-150400.3.37.1
* redis-debuginfo-6.2.6-150400.3.37.1
* redis-6.2.6-150400.3.37.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* redis-debugsource-6.2.6-150400.3.37.1
* redis-debuginfo-6.2.6-150400.3.37.1
* redis-6.2.6-150400.3.37.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* redis-debugsource-6.2.6-150400.3.37.1
* redis-debuginfo-6.2.6-150400.3.37.1
* redis-6.2.6-150400.3.37.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* redis-debugsource-6.2.6-150400.3.37.1
* redis-debuginfo-6.2.6-150400.3.37.1
* redis-6.2.6-150400.3.37.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* redis-debugsource-6.2.6-150400.3.37.1
* redis-debuginfo-6.2.6-150400.3.37.1
* redis-6.2.6-150400.3.37.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* redis-debugsource-6.2.6-150400.3.37.1
* redis-debuginfo-6.2.6-150400.3.37.1
* redis-6.2.6-150400.3.37.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* redis-debugsource-6.2.6-150400.3.37.1
* redis-debuginfo-6.2.6-150400.3.37.1
* redis-6.2.6-150400.3.37.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* redis-debugsource-6.2.6-150400.3.37.1
* redis-debuginfo-6.2.6-150400.3.37.1
* redis-6.2.6-150400.3.37.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* redis-debugsource-6.2.6-150400.3.37.1
* redis-debuginfo-6.2.6-150400.3.37.1
* redis-6.2.6-150400.3.37.1
* SUSE Manager Proxy 4.3 (x86_64)
* redis-debugsource-6.2.6-150400.3.37.1
* redis-debuginfo-6.2.6-150400.3.37.1
* redis-6.2.6-150400.3.37.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* redis-debugsource-6.2.6-150400.3.37.1
* redis-debuginfo-6.2.6-150400.3.37.1
* redis-6.2.6-150400.3.37.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* redis-debugsource-6.2.6-150400.3.37.1
* redis-debuginfo-6.2.6-150400.3.37.1
* redis-6.2.6-150400.3.37.1

## References:

* https://www.suse.com/security/cve/CVE-2025-32023.html
* https://www.suse.com/security/cve/CVE-2025-48367.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246058
* https://bugzilla.suse.com/show_bug.cgi?id=1246059

SUSE-SU-2025:02671-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5)

# Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:02671-1
Release Date: 2025-08-04T12:38:45Z
Rating: important
References:

* bsc#1245793

Cross-References:

* CVE-2025-37797

CVSS scores:

* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_113 fixes one issue.

The following security issue was fixed:

* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2671=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2671=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_113-default-2-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-2-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-2-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_113-default-2-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-2-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-2-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245793

SUSE-SU-2025:02682-1: important: Security update for apache2

# Security update for apache2

Announcement ID: SUSE-SU-2025:02682-1
Release Date: 2025-08-04T15:06:33Z
Rating: important
References:

* bsc#1246169
* bsc#1246302
* bsc#1246303
* bsc#1246305
* bsc#1246306
* bsc#1246307
* bsc#1246477

Cross-References:

* CVE-2024-42516
* CVE-2024-43204
* CVE-2024-47252
* CVE-2025-23048
* CVE-2025-49630
* CVE-2025-49812
* CVE-2025-53020

CVSS scores:

* CVE-2024-42516 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-42516 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
* CVE-2024-42516 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-43204 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-43204 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-43204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-47252 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-47252 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-47252 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-23048 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-23048 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-23048 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-49630 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-49630 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-49630 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-49812 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-49812 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
* CVE-2025-49812 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-53020 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-53020 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-53020 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* Server Applications Module 15-SP6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for apache2 fixes the following issues:

* CVE-2024-42516: Fixed HTTP response splitting. (bsc#1246477)
* CVE-2024-43204: Fixed a SSRF when mod_proxy is loaded that allows an
attacker to send outbound proxy requests to a URL controlled by them.
(bsc#1246305)
* CVE-2024-47252: Fixed insufficient escaping of user-supplied data in mod_ssl
allows an untrusted SSL/TLS client to insert escape characters into log
file. (bsc#1246303)
* CVE-2025-23048: Fixed access control bypass by trusted clients through TLS
1.3 session resumption in some mod_ssl configurations. (bsc#1246302)
* CVE-2025-49630: Fixed denial of service can be triggered by untrusted
clients causing an assertion in mod_proxy_http2. (bsc#1246307)
* CVE-2025-49812: Fixed Opossum Attack Application Layer Desynchronization
using Opportunistic TLS. (bsc#1246169)
* CVE-2025-53020: Fixed HTTP/2 denial of service due to late release of memory
after effective lifetime. (bsc#1246306)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2682=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-2682=1

* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-2682=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2682=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2682=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2682=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2682=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2682=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2682=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2682=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2682=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-2682=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-2682=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2682=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* apache2-event-debuginfo-2.4.51-150400.6.46.1
* apache2-worker-debuginfo-2.4.51-150400.6.46.1
* apache2-utils-debuginfo-2.4.51-150400.6.46.1
* apache2-devel-2.4.51-150400.6.46.1
* apache2-example-pages-2.4.51-150400.6.46.1
* apache2-prefork-2.4.51-150400.6.46.1
* apache2-2.4.51-150400.6.46.1
* apache2-worker-2.4.51-150400.6.46.1
* apache2-prefork-debuginfo-2.4.51-150400.6.46.1
* apache2-utils-2.4.51-150400.6.46.1
* apache2-event-2.4.51-150400.6.46.1
* apache2-debuginfo-2.4.51-150400.6.46.1
* apache2-debugsource-2.4.51-150400.6.46.1
* openSUSE Leap 15.4 (noarch)
* apache2-doc-2.4.51-150400.6.46.1
* Server Applications Module 15-SP6 (noarch)
* apache2-doc-2.4.51-150400.6.46.1
* Server Applications Module 15-SP7 (noarch)
* apache2-doc-2.4.51-150400.6.46.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* apache2-utils-debuginfo-2.4.51-150400.6.46.1
* apache2-devel-2.4.51-150400.6.46.1
* apache2-prefork-2.4.51-150400.6.46.1
* apache2-2.4.51-150400.6.46.1
* apache2-worker-2.4.51-150400.6.46.1
* apache2-prefork-debuginfo-2.4.51-150400.6.46.1
* apache2-utils-2.4.51-150400.6.46.1
* apache2-worker-debuginfo-2.4.51-150400.6.46.1
* apache2-debuginfo-2.4.51-150400.6.46.1
* apache2-debugsource-2.4.51-150400.6.46.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* apache2-doc-2.4.51-150400.6.46.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* apache2-utils-debuginfo-2.4.51-150400.6.46.1
* apache2-devel-2.4.51-150400.6.46.1
* apache2-prefork-2.4.51-150400.6.46.1
* apache2-2.4.51-150400.6.46.1
* apache2-worker-2.4.51-150400.6.46.1
* apache2-prefork-debuginfo-2.4.51-150400.6.46.1
* apache2-utils-2.4.51-150400.6.46.1
* apache2-worker-debuginfo-2.4.51-150400.6.46.1
* apache2-debuginfo-2.4.51-150400.6.46.1
* apache2-debugsource-2.4.51-150400.6.46.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* apache2-doc-2.4.51-150400.6.46.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* apache2-utils-debuginfo-2.4.51-150400.6.46.1
* apache2-devel-2.4.51-150400.6.46.1
* apache2-prefork-2.4.51-150400.6.46.1
* apache2-2.4.51-150400.6.46.1
* apache2-worker-2.4.51-150400.6.46.1
* apache2-prefork-debuginfo-2.4.51-150400.6.46.1
* apache2-utils-2.4.51-150400.6.46.1
* apache2-worker-debuginfo-2.4.51-150400.6.46.1
* apache2-debuginfo-2.4.51-150400.6.46.1
* apache2-debugsource-2.4.51-150400.6.46.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* apache2-doc-2.4.51-150400.6.46.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* apache2-utils-debuginfo-2.4.51-150400.6.46.1
* apache2-devel-2.4.51-150400.6.46.1
* apache2-prefork-2.4.51-150400.6.46.1
* apache2-2.4.51-150400.6.46.1
* apache2-worker-2.4.51-150400.6.46.1
* apache2-prefork-debuginfo-2.4.51-150400.6.46.1
* apache2-utils-2.4.51-150400.6.46.1
* apache2-worker-debuginfo-2.4.51-150400.6.46.1
* apache2-debuginfo-2.4.51-150400.6.46.1
* apache2-debugsource-2.4.51-150400.6.46.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* apache2-doc-2.4.51-150400.6.46.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* apache2-utils-debuginfo-2.4.51-150400.6.46.1
* apache2-devel-2.4.51-150400.6.46.1
* apache2-prefork-2.4.51-150400.6.46.1
* apache2-2.4.51-150400.6.46.1
* apache2-worker-2.4.51-150400.6.46.1
* apache2-prefork-debuginfo-2.4.51-150400.6.46.1
* apache2-utils-2.4.51-150400.6.46.1
* apache2-worker-debuginfo-2.4.51-150400.6.46.1
* apache2-debuginfo-2.4.51-150400.6.46.1
* apache2-debugsource-2.4.51-150400.6.46.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* apache2-doc-2.4.51-150400.6.46.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* apache2-utils-debuginfo-2.4.51-150400.6.46.1
* apache2-devel-2.4.51-150400.6.46.1
* apache2-prefork-2.4.51-150400.6.46.1
* apache2-2.4.51-150400.6.46.1
* apache2-worker-2.4.51-150400.6.46.1
* apache2-prefork-debuginfo-2.4.51-150400.6.46.1
* apache2-utils-2.4.51-150400.6.46.1
* apache2-worker-debuginfo-2.4.51-150400.6.46.1
* apache2-debuginfo-2.4.51-150400.6.46.1
* apache2-debugsource-2.4.51-150400.6.46.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* apache2-doc-2.4.51-150400.6.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* apache2-utils-debuginfo-2.4.51-150400.6.46.1
* apache2-devel-2.4.51-150400.6.46.1
* apache2-prefork-2.4.51-150400.6.46.1
* apache2-2.4.51-150400.6.46.1
* apache2-worker-2.4.51-150400.6.46.1
* apache2-prefork-debuginfo-2.4.51-150400.6.46.1
* apache2-utils-2.4.51-150400.6.46.1
* apache2-worker-debuginfo-2.4.51-150400.6.46.1
* apache2-debuginfo-2.4.51-150400.6.46.1
* apache2-debugsource-2.4.51-150400.6.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* apache2-doc-2.4.51-150400.6.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* apache2-utils-debuginfo-2.4.51-150400.6.46.1
* apache2-devel-2.4.51-150400.6.46.1
* apache2-prefork-2.4.51-150400.6.46.1
* apache2-2.4.51-150400.6.46.1
* apache2-worker-2.4.51-150400.6.46.1
* apache2-prefork-debuginfo-2.4.51-150400.6.46.1
* apache2-utils-2.4.51-150400.6.46.1
* apache2-worker-debuginfo-2.4.51-150400.6.46.1
* apache2-debuginfo-2.4.51-150400.6.46.1
* apache2-debugsource-2.4.51-150400.6.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* apache2-doc-2.4.51-150400.6.46.1
* SUSE Manager Proxy 4.3 (x86_64)
* apache2-utils-debuginfo-2.4.51-150400.6.46.1
* apache2-devel-2.4.51-150400.6.46.1
* apache2-prefork-2.4.51-150400.6.46.1
* apache2-2.4.51-150400.6.46.1
* apache2-worker-2.4.51-150400.6.46.1
* apache2-prefork-debuginfo-2.4.51-150400.6.46.1
* apache2-utils-2.4.51-150400.6.46.1
* apache2-worker-debuginfo-2.4.51-150400.6.46.1
* apache2-debuginfo-2.4.51-150400.6.46.1
* apache2-debugsource-2.4.51-150400.6.46.1
* SUSE Manager Proxy 4.3 (noarch)
* apache2-doc-2.4.51-150400.6.46.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* apache2-utils-debuginfo-2.4.51-150400.6.46.1
* apache2-devel-2.4.51-150400.6.46.1
* apache2-prefork-2.4.51-150400.6.46.1
* apache2-2.4.51-150400.6.46.1
* apache2-worker-2.4.51-150400.6.46.1
* apache2-prefork-debuginfo-2.4.51-150400.6.46.1
* apache2-utils-2.4.51-150400.6.46.1
* apache2-worker-debuginfo-2.4.51-150400.6.46.1
* apache2-debuginfo-2.4.51-150400.6.46.1
* apache2-debugsource-2.4.51-150400.6.46.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* apache2-doc-2.4.51-150400.6.46.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* apache2-utils-debuginfo-2.4.51-150400.6.46.1
* apache2-devel-2.4.51-150400.6.46.1
* apache2-prefork-2.4.51-150400.6.46.1
* apache2-2.4.51-150400.6.46.1
* apache2-worker-2.4.51-150400.6.46.1
* apache2-prefork-debuginfo-2.4.51-150400.6.46.1
* apache2-utils-2.4.51-150400.6.46.1
* apache2-worker-debuginfo-2.4.51-150400.6.46.1
* apache2-debuginfo-2.4.51-150400.6.46.1
* apache2-debugsource-2.4.51-150400.6.46.1
* SUSE Manager Server 4.3 (noarch)
* apache2-doc-2.4.51-150400.6.46.1

## References:

* https://www.suse.com/security/cve/CVE-2024-42516.html
* https://www.suse.com/security/cve/CVE-2024-43204.html
* https://www.suse.com/security/cve/CVE-2024-47252.html
* https://www.suse.com/security/cve/CVE-2025-23048.html
* https://www.suse.com/security/cve/CVE-2025-49630.html
* https://www.suse.com/security/cve/CVE-2025-49812.html
* https://www.suse.com/security/cve/CVE-2025-53020.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246169
* https://bugzilla.suse.com/show_bug.cgi?id=1246302
* https://bugzilla.suse.com/show_bug.cgi?id=1246303
* https://bugzilla.suse.com/show_bug.cgi?id=1246305
* https://bugzilla.suse.com/show_bug.cgi?id=1246306
* https://bugzilla.suse.com/show_bug.cgi?id=1246307
* https://bugzilla.suse.com/show_bug.cgi?id=1246477

SUSE-SU-2025:02676-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP5)

# Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:02676-1
Release Date: 2025-08-04T14:09:09Z
Rating: important
References:

* bsc#1245776
* bsc#1245793
* bsc#1245797

Cross-References:

* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 12-SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_110 fixes several issues.

The following security issues were fixed:

* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2669=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-2670=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2025-2668=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2670=1 SUSE-2025-2668=1 SUSE-2025-2669=1

* SUSE Linux Enterprise Live Patching 12-SP5
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2025-2676=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_27-debugsource-2-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_25-debugsource-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-2-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-2-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-3-150500.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_27-debugsource-2-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_25-debugsource-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-2-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-2-150500.2.1
* SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
* kgraft-patch-4_12_14-122_258-default-2-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797

SUSE-SU-2025:02684-1: important: Security update for apache2

# Security update for apache2

Announcement ID: SUSE-SU-2025:02684-1
Release Date: 2025-08-04T15:07:40Z
Rating: important
References:

* bsc#1246169
* bsc#1246302
* bsc#1246303
* bsc#1246305
* bsc#1246306
* bsc#1246307
* bsc#1246477

Cross-References:

* CVE-2024-42516
* CVE-2024-43204
* CVE-2024-47252
* CVE-2025-23048
* CVE-2025-49630
* CVE-2025-49812
* CVE-2025-53020

CVSS scores:

* CVE-2024-42516 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-42516 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
* CVE-2024-42516 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-43204 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-43204 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-43204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-47252 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-47252 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-47252 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-23048 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-23048 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-23048 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-49630 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-49630 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-49630 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-49812 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-49812 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
* CVE-2025-49812 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-53020 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-53020 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-53020 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for apache2 fixes the following issues:

* CVE-2024-42516: Fixed HTTP response splitting. (bsc#1246477)
* CVE-2024-43204: Fixed a SSRF when mod_proxy is loaded that allows an
attacker to send outbound proxy requests to a URL controlled by them.
(bsc#1246305)
* CVE-2024-47252: Fixed insufficient escaping of user-supplied data in mod_ssl
allows an untrusted SSL/TLS client to insert escape characters into log
file. (bsc#1246303)
* CVE-2025-23048: Fixed access control bypass by trusted clients through TLS
1.3 session resumption in some mod_ssl configurations. (bsc#1246302)
* CVE-2025-49630: Fixed denial of service can be triggered by untrusted
clients causing an assertion in mod_proxy_http2. (bsc#1246307)
* CVE-2025-49812: Fixed Opossum Attack Application Layer Desynchronization
using Opportunistic TLS. (bsc#1246169)
* CVE-2025-53020: Fixed HTTP/2 denial of service due to late release of memory
after effective lifetime. (bsc#1246306)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2684=1 openSUSE-SLE-15.6-2025-2684=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2684=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2684=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-2684=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* apache2-event-debugsource-2.4.58-150600.5.35.1
* apache2-event-debuginfo-2.4.58-150600.5.35.1
* apache2-utils-debugsource-2.4.58-150600.5.35.1
* apache2-debugsource-2.4.58-150600.5.35.1
* apache2-prefork-debuginfo-2.4.58-150600.5.35.1
* apache2-utils-2.4.58-150600.5.35.1
* apache2-utils-debuginfo-2.4.58-150600.5.35.1
* apache2-event-2.4.58-150600.5.35.1
* apache2-devel-2.4.58-150600.5.35.1
* apache2-2.4.58-150600.5.35.1
* apache2-prefork-2.4.58-150600.5.35.1
* apache2-prefork-debugsource-2.4.58-150600.5.35.1
* apache2-worker-debugsource-2.4.58-150600.5.35.1
* apache2-worker-2.4.58-150600.5.35.1
* apache2-worker-debuginfo-2.4.58-150600.5.35.1
* apache2-debuginfo-2.4.58-150600.5.35.1
* openSUSE Leap 15.6 (noarch)
* apache2-manual-2.4.58-150600.5.35.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* apache2-debugsource-2.4.58-150600.5.35.1
* apache2-prefork-debuginfo-2.4.58-150600.5.35.1
* apache2-prefork-2.4.58-150600.5.35.1
* apache2-2.4.58-150600.5.35.1
* apache2-prefork-debugsource-2.4.58-150600.5.35.1
* apache2-debuginfo-2.4.58-150600.5.35.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* apache2-event-debugsource-2.4.58-150600.5.35.1
* apache2-event-debuginfo-2.4.58-150600.5.35.1
* apache2-debugsource-2.4.58-150600.5.35.1
* apache2-event-2.4.58-150600.5.35.1
* apache2-debuginfo-2.4.58-150600.5.35.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* apache2-utils-debugsource-2.4.58-150600.5.35.1
* apache2-utils-debuginfo-2.4.58-150600.5.35.1
* apache2-utils-2.4.58-150600.5.35.1
* apache2-devel-2.4.58-150600.5.35.1
* apache2-worker-debugsource-2.4.58-150600.5.35.1
* apache2-worker-2.4.58-150600.5.35.1
* apache2-worker-debuginfo-2.4.58-150600.5.35.1

## References:

* https://www.suse.com/security/cve/CVE-2024-42516.html
* https://www.suse.com/security/cve/CVE-2024-43204.html
* https://www.suse.com/security/cve/CVE-2024-47252.html
* https://www.suse.com/security/cve/CVE-2025-23048.html
* https://www.suse.com/security/cve/CVE-2025-49630.html
* https://www.suse.com/security/cve/CVE-2025-49812.html
* https://www.suse.com/security/cve/CVE-2025-53020.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246169
* https://bugzilla.suse.com/show_bug.cgi?id=1246302
* https://bugzilla.suse.com/show_bug.cgi?id=1246303
* https://bugzilla.suse.com/show_bug.cgi?id=1246305
* https://bugzilla.suse.com/show_bug.cgi?id=1246306
* https://bugzilla.suse.com/show_bug.cgi?id=1246307
* https://bugzilla.suse.com/show_bug.cgi?id=1246477

SUSE-SU-2025:02673-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)

# Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:02673-1
Release Date: 2025-08-04T13:34:07Z
Rating: important
References:

* bsc#1235250
* bsc#1245776
* bsc#1245793
* bsc#1245797

Cross-References:

* CVE-2024-56664
* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2024-56664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_33 fixes several issues.

The following security issues were fixed:

* CVE-2024-56664: bpf, sockmap: Fix race between element replace and close()
(bsc#1235250).
* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2673=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2673=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-9-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_7-debugsource-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-9-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_7-debugsource-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-56664.html
* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235250
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797

openSUSE-SU-2025:0284-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2025:0284-1
Rating: important
References: #1247365
Cross-References: CVE-2025-8292
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for chromium fixes the following issues:

Chromium 138.0.7204.183 (boo#1247365):

- CVE-2025-8292: Use after free in Media Stream

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-284=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le x86_64):

chromedriver-138.0.7204.183-bp156.2.147.1
chromium-138.0.7204.183-bp156.2.147.1

References:

https://www.suse.com/security/cve/CVE-2025-8292.html
https://bugzilla.suse.com/1247365

SUSE-SU-2025:02687-1: important: Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)

# Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:02687-1
Release Date: 2025-08-04T17:04:20Z
Rating: important
References:

* bsc#1245776
* bsc#1245793
* bsc#1245797

Cross-References:

* CVE-2025-21702
* CVE-2025-37752
* CVE-2025-37797

CVSS scores:

* CVE-2025-21702 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37752 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_195 fixes several issues.

The following security issues were fixed:

* CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling
(bsc#1245793).
* CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
* CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(bsc#1245797).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2687=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2687=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_195-default-5-150300.2.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_54-debugsource-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-default-debuginfo-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-default-5-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_195-preempt-debuginfo-5-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-preempt-5-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21702.html
* https://www.suse.com/security/cve/CVE-2025-37752.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245776
* https://bugzilla.suse.com/show_bug.cgi?id=1245793
* https://bugzilla.suse.com/show_bug.cgi?id=1245797

Python-requests update for AlmaLinux 9

Apport and Kernel updates for Ubuntu

openSUSE-SU-2025:15404-1: moderate: python39-3.9.23-4.1 on GA media

openSUSE-SU-2025:15403-1: moderate: python314-3.14.0~rc1-2.1 on GA media

openSUSE-SU-2025:15400-1: moderate: grub2-2.12-56.1 on GA media

openSUSE-SU-2025:15402-1: moderate: python310-3.10.18-4.1 on GA media

openSUSE-SU-2025:15401-1: moderate: liblua5_5-5-5.5.0~beta1-1.1 on GA media

SUSE-SU-2025:02657-1: important: Security update for java-21-openjdk

SUSE-SU-2025:02632-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)

SUSE-SU-2025:02637-1: important: Security update for the Linux Kernel RT (Live Patch 10 for SLE 15 SP6)

SUSE-SU-2025:02648-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP6)

SUSE-SU-2025:02652-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)

SUSE-SU-2025:02627-1: important: Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)

SUSE-SU-2025:02638-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)

SUSE-SU-2025:02636-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)

SUSE-SU-2025:02647-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP4)

SUSE-SU-2025:02600-1: important: Security update for nvidia-open-driver-G06-signed

SUSE-SU-2025:02608-1: important: Security update for the Linux Kernel (Live Patch 57 for SLE 15 SP3)

SUSE-SU-2025:02610-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)

SUSE-SU-2025:02607-1: important: Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)

SUSE-SU-2025:02611-1: important: Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP4)

SUSE-SU-2025:02619-1: important: Security update for the Linux Kernel (Live Patch 56 for SLE 15 SP3)

SUSE-SU-2025:02620-1: important: Security update for libxml2

SUSE-SU-2025:02621-1: important: Security update for libxml2

SUSE-SU-2025:02675-1: moderate: Security update for systemd

SUSE-SU-2025:02667-1: important: Security update for java-17-openjdk

SUSE-SU-2025:02672-1: important: Security update for sqlite3

SUSE-SU-2025:02677-1: low: Security update for cairo

SUSE-SU-2025:02666-1: important: Security update for java-11-openjdk

SUSE-SU-2025:02679-1: important: Security update for redis

SUSE-SU-2025:02681-1: important: Security update for redis

SUSE-SU-2025:02680-1: important: Security update for redis

SUSE-SU-2025:02671-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5)

SUSE-SU-2025:02682-1: important: Security update for apache2

SUSE-SU-2025:02676-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP5)

SUSE-SU-2025:02684-1: important: Security update for apache2

SUSE-SU-2025:02673-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)

openSUSE-SU-2025:0284-1: important: Security update for chromium

SUSE-SU-2025:02687-1: important: Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)

Windows

Linux

macOS

Community