SUSE-SU-2025:02984-1: moderate: Security update for python311
SUSE-SU-2025:02985-1: moderate: Security update for python-urllib3
SUSE-SU-2025:02978-1: important: Security update for tomcat10
SUSE-SU-2025:02979-1: important: Security update for tomcat11
SUSE-SU-2025:02982-1: moderate: Security update for python312
openSUSE-SU-2025:0318-1: important: Security update for minikube
SUSE-SU-2025:02976-1: low: Security update for cmake3
SUSE-SU-2025:02977-1: important: Security update for kubernetes1.18
SUSE-SU-2025:02984-1: moderate: Security update for python311
# Security update for python311
Announcement ID: SUSE-SU-2025:02984-1
Release Date: 2025-08-25T13:48:54Z
Rating: moderate
References:
* bsc#1247249
Cross-References:
* CVE-2025-8194
CVSS scores:
* CVE-2025-8194 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-8194 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-8194 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
* Public Cloud Module 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for python311 fixes the following issues:
* CVE-2025-8194: Fixed denial of service caused by tar archives with negative
offsets (bsc#1247249).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2984=1
* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2025-2984=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python311-testsuite-debuginfo-3.11.13-150400.9.66.1
* libpython3_11-1_0-3.11.13-150400.9.66.1
* python311-tk-debuginfo-3.11.13-150400.9.66.2
* python311-doc-devhelp-3.11.13-150400.9.66.1
* python311-tk-3.11.13-150400.9.66.2
* python311-3.11.13-150400.9.66.2
* python311-core-debugsource-3.11.13-150400.9.66.1
* python311-curses-debuginfo-3.11.13-150400.9.66.2
* python311-base-debuginfo-3.11.13-150400.9.66.1
* python311-tools-3.11.13-150400.9.66.1
* python311-curses-3.11.13-150400.9.66.2
* python311-testsuite-3.11.13-150400.9.66.1
* python311-idle-3.11.13-150400.9.66.2
* python311-dbm-3.11.13-150400.9.66.2
* python311-doc-3.11.13-150400.9.66.1
* python311-debuginfo-3.11.13-150400.9.66.2
* python311-base-3.11.13-150400.9.66.1
* libpython3_11-1_0-debuginfo-3.11.13-150400.9.66.1
* python311-debugsource-3.11.13-150400.9.66.2
* python311-dbm-debuginfo-3.11.13-150400.9.66.2
* python311-devel-3.11.13-150400.9.66.1
* openSUSE Leap 15.4 (x86_64)
* python311-base-32bit-3.11.13-150400.9.66.1
* libpython3_11-1_0-32bit-3.11.13-150400.9.66.1
* python311-32bit-debuginfo-3.11.13-150400.9.66.2
* python311-base-32bit-debuginfo-3.11.13-150400.9.66.1
* python311-32bit-3.11.13-150400.9.66.2
* libpython3_11-1_0-32bit-debuginfo-3.11.13-150400.9.66.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* python311-base-64bit-debuginfo-3.11.13-150400.9.66.1
* libpython3_11-1_0-64bit-3.11.13-150400.9.66.1
* python311-64bit-3.11.13-150400.9.66.2
* python311-64bit-debuginfo-3.11.13-150400.9.66.2
* libpython3_11-1_0-64bit-debuginfo-3.11.13-150400.9.66.1
* python311-base-64bit-3.11.13-150400.9.66.1
* Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* python311-base-3.11.13-150400.9.66.1
* libpython3_11-1_0-3.11.13-150400.9.66.1
* python311-3.11.13-150400.9.66.2
## References:
* https://www.suse.com/security/cve/CVE-2025-8194.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247249
SUSE-SU-2025:02985-1: moderate: Security update for python-urllib3
# Security update for python-urllib3
Announcement ID: SUSE-SU-2025:02985-1
Release Date: 2025-08-25T13:55:30Z
Rating: moderate
References:
* bsc#1244925
Cross-References:
* CVE-2025-50181
CVSS scores:
* CVE-2025-50181 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-50181 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-50181 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.3
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for python-urllib3 fixes the following issues:
* CVE-2025-50181: Pool managers now properly control redirects when retries is
passed. (bsc#1244925)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2985=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2985=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2985=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2985=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2985=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-2985=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2985=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2985=1
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-2985=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2985=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2985=1
## Package List:
* openSUSE Leap 15.3 (noarch)
* python3-urllib3-1.25.10-150300.4.18.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
* python3-urllib3-1.25.10-150300.4.18.1
* SUSE Linux Enterprise Micro 5.3 (noarch)
* python3-urllib3-1.25.10-150300.4.18.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
* python3-urllib3-1.25.10-150300.4.18.1
* SUSE Linux Enterprise Micro 5.4 (noarch)
* python3-urllib3-1.25.10-150300.4.18.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* python3-urllib3-1.25.10-150300.4.18.1
* Basesystem Module 15-SP6 (noarch)
* python3-urllib3-1.25.10-150300.4.18.1
* Basesystem Module 15-SP7 (noarch)
* python3-urllib3-1.25.10-150300.4.18.1
* SUSE Linux Enterprise Micro 5.1 (noarch)
* python3-urllib3-1.25.10-150300.4.18.1
* SUSE Linux Enterprise Micro 5.2 (noarch)
* python3-urllib3-1.25.10-150300.4.18.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (noarch)
* python3-urllib3-1.25.10-150300.4.18.1
## References:
* https://www.suse.com/security/cve/CVE-2025-50181.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244925
SUSE-SU-2025:02978-1: important: Security update for tomcat10
# Security update for tomcat10
Announcement ID: SUSE-SU-2025:02978-1
Release Date: 2025-08-25T13:46:06Z
Rating: important
References:
* bsc#1246318
* bsc#1246388
Cross-References:
* CVE-2025-49125
* CVE-2025-52520
* CVE-2025-53506
CVSS scores:
* CVE-2025-49125 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-49125 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-49125 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-52520 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-52520 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-52520 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-53506 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-53506 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-53506 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* Web and Scripting Module 15-SP6
* Web and Scripting Module 15-SP7
An update that solves three vulnerabilities can now be installed.
## Description:
This update for tomcat10 fixes the following issues:
Updated to Tomcat 10.1.43i: \- CVE-2025-52520: Fixed integer overflow can lead
to DoS for some unlikely configurations of multipart upload (bsc#1246388) \-
CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption
vulnerability (bsc#1246318)
Other: \- Correct a regression in the fix for CVE-2025-49125 that prevented
access to PreResources and PostResources when mounted below the web application
root with a path that was terminated with a file separator.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2978=1
* Web and Scripting Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP6-2025-2978=1
* Web and Scripting Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2025-2978=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2978=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2978=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2978=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2978=1
## Package List:
* openSUSE Leap 15.6 (noarch)
* tomcat10-doc-10.1.43-150200.5.48.1
* tomcat10-10.1.43-150200.5.48.1
* tomcat10-admin-webapps-10.1.43-150200.5.48.1
* tomcat10-jsp-3_1-api-10.1.43-150200.5.48.1
* tomcat10-embed-10.1.43-150200.5.48.1
* tomcat10-lib-10.1.43-150200.5.48.1
* tomcat10-el-5_0-api-10.1.43-150200.5.48.1
* tomcat10-jsvc-10.1.43-150200.5.48.1
* tomcat10-servlet-6_0-api-10.1.43-150200.5.48.1
* tomcat10-webapps-10.1.43-150200.5.48.1
* tomcat10-docs-webapp-10.1.43-150200.5.48.1
* Web and Scripting Module 15-SP6 (noarch)
* tomcat10-10.1.43-150200.5.48.1
* tomcat10-admin-webapps-10.1.43-150200.5.48.1
* tomcat10-lib-10.1.43-150200.5.48.1
* tomcat10-el-5_0-api-10.1.43-150200.5.48.1
* tomcat10-servlet-6_0-api-10.1.43-150200.5.48.1
* tomcat10-webapps-10.1.43-150200.5.48.1
* tomcat10-jsp-3_1-api-10.1.43-150200.5.48.1
* Web and Scripting Module 15-SP7 (noarch)
* tomcat10-10.1.43-150200.5.48.1
* tomcat10-admin-webapps-10.1.43-150200.5.48.1
* tomcat10-lib-10.1.43-150200.5.48.1
* tomcat10-el-5_0-api-10.1.43-150200.5.48.1
* tomcat10-servlet-6_0-api-10.1.43-150200.5.48.1
* tomcat10-webapps-10.1.43-150200.5.48.1
* tomcat10-jsp-3_1-api-10.1.43-150200.5.48.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* tomcat10-10.1.43-150200.5.48.1
* tomcat10-admin-webapps-10.1.43-150200.5.48.1
* tomcat10-lib-10.1.43-150200.5.48.1
* tomcat10-el-5_0-api-10.1.43-150200.5.48.1
* tomcat10-servlet-6_0-api-10.1.43-150200.5.48.1
* tomcat10-webapps-10.1.43-150200.5.48.1
* tomcat10-jsp-3_1-api-10.1.43-150200.5.48.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* tomcat10-10.1.43-150200.5.48.1
* tomcat10-admin-webapps-10.1.43-150200.5.48.1
* tomcat10-lib-10.1.43-150200.5.48.1
* tomcat10-el-5_0-api-10.1.43-150200.5.48.1
* tomcat10-servlet-6_0-api-10.1.43-150200.5.48.1
* tomcat10-webapps-10.1.43-150200.5.48.1
* tomcat10-jsp-3_1-api-10.1.43-150200.5.48.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* tomcat10-10.1.43-150200.5.48.1
* tomcat10-admin-webapps-10.1.43-150200.5.48.1
* tomcat10-lib-10.1.43-150200.5.48.1
* tomcat10-el-5_0-api-10.1.43-150200.5.48.1
* tomcat10-servlet-6_0-api-10.1.43-150200.5.48.1
* tomcat10-webapps-10.1.43-150200.5.48.1
* tomcat10-jsp-3_1-api-10.1.43-150200.5.48.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* tomcat10-10.1.43-150200.5.48.1
* tomcat10-admin-webapps-10.1.43-150200.5.48.1
* tomcat10-lib-10.1.43-150200.5.48.1
* tomcat10-el-5_0-api-10.1.43-150200.5.48.1
* tomcat10-servlet-6_0-api-10.1.43-150200.5.48.1
* tomcat10-webapps-10.1.43-150200.5.48.1
* tomcat10-jsp-3_1-api-10.1.43-150200.5.48.1
## References:
* https://www.suse.com/security/cve/CVE-2025-49125.html
* https://www.suse.com/security/cve/CVE-2025-52520.html
* https://www.suse.com/security/cve/CVE-2025-53506.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246318
* https://bugzilla.suse.com/show_bug.cgi?id=1246388
SUSE-SU-2025:02979-1: important: Security update for tomcat11
# Security update for tomcat11
Announcement ID: SUSE-SU-2025:02979-1
Release Date: 2025-08-25T13:46:33Z
Rating: important
References:
* bsc#1246318
* bsc#1246388
Cross-References:
* CVE-2025-49125
* CVE-2025-52520
* CVE-2025-53506
CVSS scores:
* CVE-2025-49125 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-49125 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-49125 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-52520 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-52520 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-52520 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-53506 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-53506 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-53506 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* Web and Scripting Module 15-SP6
* Web and Scripting Module 15-SP7
An update that solves three vulnerabilities can now be installed.
## Description:
This update for tomcat11 fixes the following issues:
Updated to Tomcat 11.0.9 \- CVE-2025-52520: Fixed integer overflow can lead to
DoS for some unlikely configurations of multipart upload (bsc#1246388) \-
CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption
vulnerability (bsc#1246318)
Other: \- Correct a regression in the fix for CVE-2025-49125 that prevented
access to PreResources and PostResources when mounted below the web application
root with a path that was terminated with a file separator.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2979=1 openSUSE-SLE-15.6-2025-2979=1
* Web and Scripting Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP6-2025-2979=1
* Web and Scripting Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2025-2979=1
## Package List:
* openSUSE Leap 15.6 (noarch)
* tomcat11-embed-11.0.9-150600.13.6.1
* tomcat11-el-6_0-api-11.0.9-150600.13.6.1
* tomcat11-admin-webapps-11.0.9-150600.13.6.1
* tomcat11-jsvc-11.0.9-150600.13.6.1
* tomcat11-doc-11.0.9-150600.13.6.1
* tomcat11-jsp-4_0-api-11.0.9-150600.13.6.1
* tomcat11-webapps-11.0.9-150600.13.6.1
* tomcat11-servlet-6_1-api-11.0.9-150600.13.6.1
* tomcat11-11.0.9-150600.13.6.1
* tomcat11-lib-11.0.9-150600.13.6.1
* tomcat11-docs-webapp-11.0.9-150600.13.6.1
* Web and Scripting Module 15-SP6 (noarch)
* tomcat11-el-6_0-api-11.0.9-150600.13.6.1
* tomcat11-admin-webapps-11.0.9-150600.13.6.1
* tomcat11-jsp-4_0-api-11.0.9-150600.13.6.1
* tomcat11-webapps-11.0.9-150600.13.6.1
* tomcat11-servlet-6_1-api-11.0.9-150600.13.6.1
* tomcat11-11.0.9-150600.13.6.1
* tomcat11-lib-11.0.9-150600.13.6.1
* Web and Scripting Module 15-SP7 (noarch)
* tomcat11-el-6_0-api-11.0.9-150600.13.6.1
* tomcat11-admin-webapps-11.0.9-150600.13.6.1
* tomcat11-jsp-4_0-api-11.0.9-150600.13.6.1
* tomcat11-webapps-11.0.9-150600.13.6.1
* tomcat11-servlet-6_1-api-11.0.9-150600.13.6.1
* tomcat11-11.0.9-150600.13.6.1
* tomcat11-lib-11.0.9-150600.13.6.1
## References:
* https://www.suse.com/security/cve/CVE-2025-49125.html
* https://www.suse.com/security/cve/CVE-2025-52520.html
* https://www.suse.com/security/cve/CVE-2025-53506.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246318
* https://bugzilla.suse.com/show_bug.cgi?id=1246388
SUSE-SU-2025:02982-1: moderate: Security update for python312
# Security update for python312
Announcement ID: SUSE-SU-2025:02982-1
Release Date: 2025-08-25T13:48:35Z
Rating: moderate
References:
* bsc#1247249
Cross-References:
* CVE-2025-8194
CVSS scores:
* CVE-2025-8194 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-8194 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-8194 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.6
* Python 3 Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability can now be installed.
## Description:
This update for python312 fixes the following issues:
* CVE-2025-8194: Fixed denial of service caused by tar archives with negative
offsets (bsc#1247249).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2982=1 openSUSE-SLE-15.6-2025-2982=1
* Python 3 Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-2982=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* python312-testsuite-3.12.11-150600.3.36.1
* python312-dbm-debuginfo-3.12.11-150600.3.36.1
* python312-debugsource-3.12.11-150600.3.36.1
* python312-core-debugsource-3.12.11-150600.3.36.1
* python312-curses-3.12.11-150600.3.36.1
* python312-curses-debuginfo-3.12.11-150600.3.36.1
* python312-base-3.12.11-150600.3.36.1
* python312-testsuite-debuginfo-3.12.11-150600.3.36.1
* python312-devel-3.12.11-150600.3.36.1
* python312-base-debuginfo-3.12.11-150600.3.36.1
* python312-tk-debuginfo-3.12.11-150600.3.36.1
* python312-tools-3.12.11-150600.3.36.1
* libpython3_12-1_0-3.12.11-150600.3.36.1
* python312-dbm-3.12.11-150600.3.36.1
* python312-doc-3.12.11-150600.3.36.1
* python312-doc-devhelp-3.12.11-150600.3.36.1
* python312-idle-3.12.11-150600.3.36.1
* libpython3_12-1_0-debuginfo-3.12.11-150600.3.36.1
* python312-tk-3.12.11-150600.3.36.1
* python312-3.12.11-150600.3.36.1
* python312-debuginfo-3.12.11-150600.3.36.1
* openSUSE Leap 15.6 (x86_64)
* python312-base-32bit-3.12.11-150600.3.36.1
* python312-base-32bit-debuginfo-3.12.11-150600.3.36.1
* python312-32bit-3.12.11-150600.3.36.1
* libpython3_12-1_0-32bit-debuginfo-3.12.11-150600.3.36.1
* libpython3_12-1_0-32bit-3.12.11-150600.3.36.1
* python312-32bit-debuginfo-3.12.11-150600.3.36.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libpython3_12-1_0-64bit-debuginfo-3.12.11-150600.3.36.1
* python312-64bit-debuginfo-3.12.11-150600.3.36.1
* libpython3_12-1_0-64bit-3.12.11-150600.3.36.1
* python312-base-64bit-debuginfo-3.12.11-150600.3.36.1
* python312-64bit-3.12.11-150600.3.36.1
* python312-base-64bit-3.12.11-150600.3.36.1
* Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* python312-base-3.12.11-150600.3.36.1
* python312-3.12.11-150600.3.36.1
* python312-devel-3.12.11-150600.3.36.1
* python312-tk-debuginfo-3.12.11-150600.3.36.1
* libpython3_12-1_0-3.12.11-150600.3.36.1
* python312-dbm-debuginfo-3.12.11-150600.3.36.1
* python312-tools-3.12.11-150600.3.36.1
* python312-dbm-3.12.11-150600.3.36.1
* python312-tk-3.12.11-150600.3.36.1
* python312-debugsource-3.12.11-150600.3.36.1
* python312-debuginfo-3.12.11-150600.3.36.1
* python312-core-debugsource-3.12.11-150600.3.36.1
* python312-base-debuginfo-3.12.11-150600.3.36.1
* python312-curses-3.12.11-150600.3.36.1
* python312-idle-3.12.11-150600.3.36.1
* python312-curses-debuginfo-3.12.11-150600.3.36.1
* libpython3_12-1_0-debuginfo-3.12.11-150600.3.36.1
## References:
* https://www.suse.com/security/cve/CVE-2025-8194.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247249
openSUSE-SU-2025:0318-1: important: Security update for minikube
openSUSE Security Update: Security update for minikube
_______________________________
Announcement ID: openSUSE-SU-2025:0318-1
Rating: important
References: #1234528
Cross-References: CVE-2024-45337
CVSS scores:
CVE-2024-45337 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________
An update that fixes one vulnerability is now available.
Description:
This update for minikube fixes the following issues:
- Update to version 1.36.0:
* Features
- Support Kubernetes version v1.33.1 #20784
- New flag "-f" to allow passing a config file for addon configure
command. #20255
- vfkit: bump to Preferred driver on macOs #20808
- vfkit: new network option "--network vment-shared' for vfkit driver
#20501
* Bug Fixes:
- fix bootpd check on macOS >= 15 #20400
- fix bug in parsing proxies with dashes #20648
- fix waiting for all pods having specified labels to be Ready #20315
- fix: incorrect finalImg affecting downloading kic form github assets
#20316
- fix: reference missing files in schema (Closes #20752) #20761
- Improvements:
- Additional checks for 9p support #20288
- vfkit: Graceful shutdown on stop #20504
- vfkit: More robust state management #20506
- vfkit vmnet: support running without sudoers configuration #20719
- Revert "fix --wait's failure to work on coredns pods" #20313
* Languages:
- Add Indonesian translation #20494
- Add more french translation #20361
- Add more Korean translations #20634
- Add more Chinese translations #20543#20543
- fixed minor typo in german translation #20546
- Version Updates:
- Addon cloud-spanner: Update cloud-spanner-emulator/emulator image
from 1.5.28 to 1.5.34 #20451 #20539 #20602#20623 #20670 #20704 #20795
- Addon headlamp: Update headlamp-k8s/headlamp image from v0.26.0 to
v0.28.0 #20311
- Addon ingress: Update ingress-nginx/controller image from v1.11.3 to
v1.12.2 #20789
- Addon inspektor-gadget: Update inspektor-gadget image from v0.36.0
to v0.40.0 #20325#20354#20512 #20736
- Addon kong: Update kong image from 3.8.0 to 3.9.0 #20151 #20384
#20728
- Addon kong: Update kong/kubernetes-ingress-controller image from
3.3.1 to 3.4.5 #20319#20446#20788
- Addon kubevirt: Update bitnami/kubectl image from 1.31.3 to 1.33.1
#20321#20349#20665#20731#20790
- Addon nvidia-device-plugin: Update nvidia/k8s-device-plugin image
from v0.17.0 to v0.17.2 #20786#20534
- Addon registry: Update kube-registry-proxy image from 0.0.8 to 0.0.9
#20717
- Addon registry: Update registry image from 2.8.3 to 3.0.0 #20242
#20425
- Addon Volcano: Update volcano images from v1.10.0 to v1.11.2 #20318
#20616 #20697
- CNI: Update cilium from v1.17.0 to v3.30.0 #20419 #20390 #20584
#20734 #20317 #20383 #20535 #20637 #20787
- CNI: Update flannel from v0.26.2 to v0.26.7 #20385#20617 #20639
- CNI: Update kindnetd from v20241108-5c6d2daf to v20250512-df8de77b
#20327#20427 #20797
- HA (multi-control plane): Update kube-vip from v0.8.10 to v0.9.1
#20638#20238#20598 #20699
- Kicbase: Bump ubuntu:jammy from 20240911.1 to 20250126 #20387 #20718
- Kicbase/ISO: Update buildroot from 2023.02.9 to 2025.2 #20720
- Kicbase/ISO: Update cni-plugins from v1.6.2 to v1.7.1 #20771
- Kicbase/ISO: Update cri-dockerd from v0.3.15 to v0.4.0 #20747
- Kicbase/ISO: Update docker from 27.4.0 to 28.0.4 #20436 #20523 #20591
- Kicbase/ISO: Update runc from v1.2.3 to v1.3.0#20433#20604 #20764
- update to 1.35.0 (boo#1234528, CVE-2024-45337):
* Features:
- Add support for AMD GPUs via --gpus=amd #19749
- publish & download kicbase image in github release assets #19464
- Support latest Kubernetes v1.32.0 #20091
- Adds support for kubeadm.k8s.io/v1beta4 available since k8s v1.31
#19790
* Improvements:
- Merge nvidia-gpu-device-plugin and nvidia-device-plugin. #19545
- cilium: remove appArmorProfile for k8s
