Rav1e, Sccache, Chromium and more updates for SUSE

SUSE 5495 Published by

SUSE Linux has received several security updates, including moderate updates for rav1e, sccache, chromium, gnutls, valkey, Linux Kernel, tgt, cosign, gnutls, python310, kwctl, and gdk-pixbuf-devel:

SUSE-SU-2025:02586-1: moderate: Security update for rav1e
SUSE-SU-2025:02587-1: moderate: Security update for sccache
openSUSE-SU-2025:0277-1: important: Security update for chromium
SUSE-SU-2025:02589-1: important: Security update for gnutls
SUSE-SU-2025:02593-1: important: Security update for valkey
SUSE-SU-2025:02588-1: important: Security update for the Linux Kernel
SUSE-SU-2025:02591-1: moderate: Security update for tgt
SUSE-SU-2025:02592-1: important: Security update for cosign
SUSE-SU-2025:02595-1: important: Security update for gnutls
SUSE-SU-2025:02597-1: moderate: Security update for python310
openSUSE-SU-2025:15398-1: moderate: kwctl-1.27.1-1.1 on GA media
openSUSE-SU-2025:15397-1: moderate: gdk-pixbuf-devel-2.42.12-4.1 on GA media



SUSE-SU-2025:02586-1: moderate: Security update for rav1e


# Security update for rav1e

Announcement ID: SUSE-SU-2025:02586-1
Release Date: 2025-08-01T08:49:19Z
Rating: moderate
References:

* bsc#1243855

Cross-References:

* CVE-2024-12224

CVSS scores:

* CVE-2024-12224 ( SUSE ): 2.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-12224 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2024-12224 ( NVD ): 5.1
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for rav1e fixes the following issues:

* CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode.
(bsc#1243855)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2586=1 openSUSE-SLE-15.6-2025-2586=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2586=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2586=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* librav1e0_6-0.6.6-150600.3.3.1
* rav1e-devel-0.6.6-150600.3.3.1
* rav1e-debuginfo-0.6.6-150600.3.3.1
* librav1e0_6-debuginfo-0.6.6-150600.3.3.1
* rav1e-debugsource-0.6.6-150600.3.3.1
* rav1e-0.6.6-150600.3.3.1
* openSUSE Leap 15.6 (x86_64)
* librav1e0_6-32bit-debuginfo-0.6.6-150600.3.3.1
* librav1e0_6-32bit-0.6.6-150600.3.3.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* librav1e0_6-64bit-debuginfo-0.6.6-150600.3.3.1
* librav1e0_6-64bit-0.6.6-150600.3.3.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* librav1e0_6-debuginfo-0.6.6-150600.3.3.1
* librav1e0_6-0.6.6-150600.3.3.1
* rav1e-debugsource-0.6.6-150600.3.3.1
* rav1e-debuginfo-0.6.6-150600.3.3.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* librav1e0_6-debuginfo-0.6.6-150600.3.3.1
* librav1e0_6-0.6.6-150600.3.3.1
* rav1e-debugsource-0.6.6-150600.3.3.1
* rav1e-debuginfo-0.6.6-150600.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2024-12224.html
* https://bugzilla.suse.com/show_bug.cgi?id=1243855



SUSE-SU-2025:02587-1: moderate: Security update for sccache


# Security update for sccache

Announcement ID: SUSE-SU-2025:02587-1
Release Date: 2025-08-01T08:49:26Z
Rating: moderate
References:

* bsc#1243868

Cross-References:

* CVE-2024-12224

CVSS scores:

* CVE-2024-12224 ( SUSE ): 2.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-12224 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2024-12224 ( NVD ): 5.1
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.4

An update that solves one vulnerability can now be installed.

## Description:

This update for sccache fixes the following issues:

* Update to version 0.4.2~4:
* CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode.
(bsc#1243868)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2587=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* sccache-debugsource-0.4.2~4-150400.3.6.1
* sccache-0.4.2~4-150400.3.6.1
* sccache-debuginfo-0.4.2~4-150400.3.6.1

## References:

* https://www.suse.com/security/cve/CVE-2024-12224.html
* https://bugzilla.suse.com/show_bug.cgi?id=1243868



openSUSE-SU-2025:0277-1: important: Security update for chromium


openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2025:0277-1
Rating: important
References: #1247365
Cross-References: CVE-2025-8292
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for chromium fixes the following issues:

Chromium 138.0.7204.183 (boo#1247365):

- CVE-2025-8292: Use after free in Media Stream

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2025-277=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 x86_64):

chromedriver-138.0.7204.183-bp157.2.28.1
chromium-138.0.7204.183-bp157.2.28.1

References:

https://www.suse.com/security/cve/CVE-2025-8292.html
https://bugzilla.suse.com/1247365



SUSE-SU-2025:02589-1: important: Security update for gnutls


# Security update for gnutls

Announcement ID: SUSE-SU-2025:02589-1
Release Date: 2025-08-01T13:06:32Z
Rating: important
References:

* bsc#1246232
* bsc#1246233
* bsc#1246267
* bsc#1246299

Cross-References:

* CVE-2025-32988
* CVE-2025-32989
* CVE-2025-32990
* CVE-2025-6395

CVSS scores:

* CVE-2025-32988 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32988 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-32988 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-32989 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32989 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-32989 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-32990 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-32990 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
* CVE-2025-32990 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2025-6395 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-6395 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-6395 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for gnutls fixes the following issues:

* CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK
(bsc#1246299)
* CVE-2025-32988: Fix double-free due to incorrect ownership handling in the
export logic of SAN entries containing an otherName (bsc#1246232)
* CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension
during X.509 certificate parsing (bsc#1246233)
* CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with
certtool (bsc#1246267)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2589=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2589=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2589=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-2589=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2589=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2589=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2589=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2589=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2589=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2589=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2589=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2589=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-2589=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-2589=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2589=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* gnutls-debugsource-3.7.3-150400.4.50.1
* libgnutls30-hmac-3.7.3-150400.4.50.1
* libgnutls30-debuginfo-3.7.3-150400.4.50.1
* gnutls-guile-debuginfo-3.7.3-150400.4.50.1
* libgnutls-devel-3.7.3-150400.4.50.1
* libgnutlsxx-devel-3.7.3-150400.4.50.1
* libgnutlsxx28-3.7.3-150400.4.50.1
* gnutls-debuginfo-3.7.3-150400.4.50.1
* gnutls-guile-3.7.3-150400.4.50.1
* libgnutls30-3.7.3-150400.4.50.1
* gnutls-3.7.3-150400.4.50.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.50.1
* openSUSE Leap 15.4 (x86_64)
* libgnutls-devel-32bit-3.7.3-150400.4.50.1
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.50.1
* libgnutls30-32bit-3.7.3-150400.4.50.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libgnutls30-64bit-debuginfo-3.7.3-150400.4.50.1
* libgnutls-devel-64bit-3.7.3-150400.4.50.1
* libgnutls30-hmac-64bit-3.7.3-150400.4.50.1
* libgnutls30-64bit-3.7.3-150400.4.50.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* gnutls-debugsource-3.7.3-150400.4.50.1
* libgnutls30-hmac-3.7.3-150400.4.50.1
* libgnutls30-debuginfo-3.7.3-150400.4.50.1
* gnutls-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-3.7.3-150400.4.50.1
* gnutls-3.7.3-150400.4.50.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* gnutls-debugsource-3.7.3-150400.4.50.1
* libgnutls30-hmac-3.7.3-150400.4.50.1
* libgnutls30-debuginfo-3.7.3-150400.4.50.1
* gnutls-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-3.7.3-150400.4.50.1
* gnutls-3.7.3-150400.4.50.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* gnutls-debugsource-3.7.3-150400.4.50.1
* libgnutls30-hmac-3.7.3-150400.4.50.1
* libgnutls30-debuginfo-3.7.3-150400.4.50.1
* gnutls-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-3.7.3-150400.4.50.1
* gnutls-3.7.3-150400.4.50.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* gnutls-debugsource-3.7.3-150400.4.50.1
* libgnutls30-hmac-3.7.3-150400.4.50.1
* libgnutls30-debuginfo-3.7.3-150400.4.50.1
* libgnutls-devel-3.7.3-150400.4.50.1
* libgnutlsxx-devel-3.7.3-150400.4.50.1
* libgnutlsxx28-3.7.3-150400.4.50.1
* gnutls-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-3.7.3-150400.4.50.1
* gnutls-3.7.3-150400.4.50.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.50.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.50.1
* libgnutls30-32bit-3.7.3-150400.4.50.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* gnutls-debugsource-3.7.3-150400.4.50.1
* libgnutls30-hmac-3.7.3-150400.4.50.1
* libgnutls30-debuginfo-3.7.3-150400.4.50.1
* libgnutls-devel-3.7.3-150400.4.50.1
* libgnutlsxx-devel-3.7.3-150400.4.50.1
* libgnutlsxx28-3.7.3-150400.4.50.1
* gnutls-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-3.7.3-150400.4.50.1
* gnutls-3.7.3-150400.4.50.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.50.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.50.1
* libgnutls30-32bit-3.7.3-150400.4.50.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* gnutls-debugsource-3.7.3-150400.4.50.1
* libgnutls30-hmac-3.7.3-150400.4.50.1
* libgnutls30-debuginfo-3.7.3-150400.4.50.1
* gnutls-guile-debuginfo-3.7.3-150400.4.50.1
* libgnutls-devel-3.7.3-150400.4.50.1
* libgnutlsxx-devel-3.7.3-150400.4.50.1
* libgnutlsxx28-3.7.3-150400.4.50.1
* gnutls-debuginfo-3.7.3-150400.4.50.1
* gnutls-guile-3.7.3-150400.4.50.1
* libgnutls30-3.7.3-150400.4.50.1
* gnutls-3.7.3-150400.4.50.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.50.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.50.1
* libgnutls30-32bit-3.7.3-150400.4.50.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* gnutls-debugsource-3.7.3-150400.4.50.1
* libgnutls30-hmac-3.7.3-150400.4.50.1
* libgnutls30-debuginfo-3.7.3-150400.4.50.1
* gnutls-guile-debuginfo-3.7.3-150400.4.50.1
* libgnutls-devel-3.7.3-150400.4.50.1
* libgnutlsxx-devel-3.7.3-150400.4.50.1
* libgnutlsxx28-3.7.3-150400.4.50.1
* gnutls-debuginfo-3.7.3-150400.4.50.1
* gnutls-guile-3.7.3-150400.4.50.1
* libgnutls30-3.7.3-150400.4.50.1
* gnutls-3.7.3-150400.4.50.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.50.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.50.1
* libgnutls30-32bit-3.7.3-150400.4.50.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* gnutls-debugsource-3.7.3-150400.4.50.1
* libgnutls30-hmac-3.7.3-150400.4.50.1
* libgnutls30-debuginfo-3.7.3-150400.4.50.1
* libgnutls-devel-3.7.3-150400.4.50.1
* libgnutlsxx-devel-3.7.3-150400.4.50.1
* libgnutlsxx28-3.7.3-150400.4.50.1
* gnutls-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-3.7.3-150400.4.50.1
* gnutls-3.7.3-150400.4.50.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.50.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.50.1
* libgnutls30-32bit-3.7.3-150400.4.50.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* gnutls-debugsource-3.7.3-150400.4.50.1
* libgnutls30-hmac-3.7.3-150400.4.50.1
* libgnutls30-debuginfo-3.7.3-150400.4.50.1
* gnutls-guile-debuginfo-3.7.3-150400.4.50.1
* libgnutls-devel-3.7.3-150400.4.50.1
* libgnutlsxx-devel-3.7.3-150400.4.50.1
* libgnutlsxx28-3.7.3-150400.4.50.1
* gnutls-debuginfo-3.7.3-150400.4.50.1
* gnutls-guile-3.7.3-150400.4.50.1
* libgnutls30-3.7.3-150400.4.50.1
* gnutls-3.7.3-150400.4.50.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.50.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.50.1
* libgnutls30-32bit-3.7.3-150400.4.50.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* gnutls-debugsource-3.7.3-150400.4.50.1
* libgnutls30-hmac-3.7.3-150400.4.50.1
* libgnutls30-debuginfo-3.7.3-150400.4.50.1
* libgnutls-devel-3.7.3-150400.4.50.1
* libgnutlsxx-devel-3.7.3-150400.4.50.1
* libgnutlsxx28-3.7.3-150400.4.50.1
* gnutls-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-3.7.3-150400.4.50.1
* gnutls-3.7.3-150400.4.50.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.50.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.50.1
* libgnutls30-32bit-3.7.3-150400.4.50.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* gnutls-debugsource-3.7.3-150400.4.50.1
* libgnutls30-hmac-3.7.3-150400.4.50.1
* libgnutls30-debuginfo-3.7.3-150400.4.50.1
* gnutls-guile-debuginfo-3.7.3-150400.4.50.1
* libgnutls-devel-3.7.3-150400.4.50.1
* libgnutlsxx-devel-3.7.3-150400.4.50.1
* libgnutlsxx28-3.7.3-150400.4.50.1
* gnutls-debuginfo-3.7.3-150400.4.50.1
* gnutls-guile-3.7.3-150400.4.50.1
* libgnutls30-3.7.3-150400.4.50.1
* gnutls-3.7.3-150400.4.50.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.50.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.50.1
* libgnutls30-32bit-3.7.3-150400.4.50.1
* SUSE Manager Proxy 4.3 (x86_64)
* gnutls-debugsource-3.7.3-150400.4.50.1
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-hmac-3.7.3-150400.4.50.1
* libgnutls30-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.50.1
* libgnutls-devel-3.7.3-150400.4.50.1
* libgnutls30-32bit-3.7.3-150400.4.50.1
* libgnutlsxx-devel-3.7.3-150400.4.50.1
* libgnutlsxx28-3.7.3-150400.4.50.1
* gnutls-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-3.7.3-150400.4.50.1
* gnutls-3.7.3-150400.4.50.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.50.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* gnutls-debugsource-3.7.3-150400.4.50.1
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-hmac-3.7.3-150400.4.50.1
* libgnutls30-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.50.1
* libgnutls-devel-3.7.3-150400.4.50.1
* libgnutls30-32bit-3.7.3-150400.4.50.1
* libgnutlsxx-devel-3.7.3-150400.4.50.1
* libgnutlsxx28-3.7.3-150400.4.50.1
* gnutls-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-3.7.3-150400.4.50.1
* gnutls-3.7.3-150400.4.50.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.50.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* gnutls-debugsource-3.7.3-150400.4.50.1
* libgnutls30-hmac-3.7.3-150400.4.50.1
* libgnutls30-debuginfo-3.7.3-150400.4.50.1
* libgnutls-devel-3.7.3-150400.4.50.1
* libgnutlsxx-devel-3.7.3-150400.4.50.1
* libgnutlsxx28-3.7.3-150400.4.50.1
* gnutls-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-3.7.3-150400.4.50.1
* gnutls-3.7.3-150400.4.50.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.50.1
* SUSE Manager Server 4.3 (x86_64)
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.50.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.50.1
* libgnutls30-32bit-3.7.3-150400.4.50.1

## References:

* https://www.suse.com/security/cve/CVE-2025-32988.html
* https://www.suse.com/security/cve/CVE-2025-32989.html
* https://www.suse.com/security/cve/CVE-2025-32990.html
* https://www.suse.com/security/cve/CVE-2025-6395.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246232
* https://bugzilla.suse.com/show_bug.cgi?id=1246233
* https://bugzilla.suse.com/show_bug.cgi?id=1246267
* https://bugzilla.suse.com/show_bug.cgi?id=1246299



SUSE-SU-2025:02593-1: important: Security update for valkey


# Security update for valkey

Announcement ID: SUSE-SU-2025:02593-1
Release Date: 2025-08-01T15:13:11Z
Rating: important
References:

* bsc#1246058
* bsc#1246059

Cross-References:

* CVE-2025-32023
* CVE-2025-48367

CVSS scores:

* CVE-2025-32023 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32023 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-32023 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-48367 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-48367 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-48367 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for valkey fixes the following issues:

* CVE-2025-32023: Fixed an out-of-bounds write when working with HyperLogLog
commands that can lead to remote code execution. (bsc#1246059)
* CVE-2025-48367: Fixed unauthenticated connection causing repeated IP
protocol erros that can lead to client starvation and DoS. (bsc#1246058)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2593=1 openSUSE-SLE-15.6-2025-2593=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-2593=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* valkey-devel-8.0.2-150600.13.14.1
* valkey-debugsource-8.0.2-150600.13.14.1
* valkey-debuginfo-8.0.2-150600.13.14.1
* valkey-8.0.2-150600.13.14.1
* openSUSE Leap 15.6 (noarch)
* valkey-compat-redis-8.0.2-150600.13.14.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* valkey-devel-8.0.2-150600.13.14.1
* valkey-debugsource-8.0.2-150600.13.14.1
* valkey-debuginfo-8.0.2-150600.13.14.1
* valkey-8.0.2-150600.13.14.1
* Server Applications Module 15-SP6 (noarch)
* valkey-compat-redis-8.0.2-150600.13.14.1

## References:

* https://www.suse.com/security/cve/CVE-2025-32023.html
* https://www.suse.com/security/cve/CVE-2025-48367.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246058
* https://bugzilla.suse.com/show_bug.cgi?id=1246059



SUSE-SU-2025:02588-1: important: Security update for the Linux Kernel


# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2025:02588-1
Release Date: 2025-08-01T12:35:30Z
Rating: important
References:

* bsc#1206051
* bsc#1221829
* bsc#1233551
* bsc#1234480
* bsc#1234863
* bsc#1236104
* bsc#1236333
* bsc#1238160
* bsc#1239644
* bsc#1242417
* bsc#1244523
* bsc#1245217
* bsc#1245431
* bsc#1246000
* bsc#1246029
* bsc#1246037
* bsc#1246045
* bsc#1246073
* bsc#1246186
* bsc#1246287
* bsc#1246555

Cross-References:

* CVE-2022-49138
* CVE-2022-49770
* CVE-2023-52923
* CVE-2023-52927
* CVE-2024-26643
* CVE-2024-53057
* CVE-2024-53164
* CVE-2024-57947
* CVE-2025-37797
* CVE-2025-38079
* CVE-2025-38181
* CVE-2025-38200
* CVE-2025-38206
* CVE-2025-38212
* CVE-2025-38213
* CVE-2025-38257
* CVE-2025-38289

CVSS scores:

* CVE-2022-49138 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2022-49138 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2022-49770 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52923 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-52923 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52927 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-52927 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52927 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26643 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26643 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53057 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53057 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53057 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53164 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53164 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57947 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57947 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37797 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38079 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38200 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38200 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-38206 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38206 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38212 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38213 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38213 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38257 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38257 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38289 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38289 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves 17 vulnerabilities and has four security fixes can now be
installed.

## Description:

This update provides the initial livepatch for this kernel update. This update
does not contain any fixes and will be updated with livepatches later.

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2588=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2588=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2588=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2588=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2588=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2588=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-2588=1

## Package List:

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* kernel-default-debugsource-5.14.21-150500.55.116.1
* kernel-default-devel-5.14.21-150500.55.116.1
* dlm-kmp-default-5.14.21-150500.55.116.1
* kernel-default-debuginfo-5.14.21-150500.55.116.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.116.1
* kernel-obs-build-5.14.21-150500.55.116.1
* ocfs2-kmp-default-5.14.21-150500.55.116.1
* gfs2-kmp-default-5.14.21-150500.55.116.1
* kernel-syms-5.14.21-150500.55.116.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.116.1
* kernel-default-base-5.14.21-150500.55.116.1.150500.6.55.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.116.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.116.1
* cluster-md-kmp-default-5.14.21-150500.55.116.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.116.1
* kernel-obs-build-debugsource-5.14.21-150500.55.116.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
nosrc)
* kernel-64kb-5.14.21-150500.55.116.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64)
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.116.1
* kernel-64kb-debuginfo-5.14.21-150500.55.116.1
* kernel-64kb-devel-5.14.21-150500.55.116.1
* kernel-64kb-debugsource-5.14.21-150500.55.116.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 nosrc
x86_64)
* kernel-default-5.14.21-150500.55.116.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* kernel-devel-5.14.21-150500.55.116.1
* kernel-macros-5.14.21-150500.55.116.1
* kernel-source-5.14.21-150500.55.116.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.116.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* kernel-default-debugsource-5.14.21-150500.55.116.1
* kernel-default-devel-5.14.21-150500.55.116.1
* dlm-kmp-default-5.14.21-150500.55.116.1
* kernel-default-debuginfo-5.14.21-150500.55.116.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.116.1
* kernel-obs-build-5.14.21-150500.55.116.1
* ocfs2-kmp-default-5.14.21-150500.55.116.1
* gfs2-kmp-default-5.14.21-150500.55.116.1
* kernel-syms-5.14.21-150500.55.116.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.116.1
* kernel-default-base-5.14.21-150500.55.116.1.150500.6.55.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.116.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.116.1
* cluster-md-kmp-default-5.14.21-150500.55.116.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.116.1
* kernel-obs-build-debugsource-5.14.21-150500.55.116.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.116.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64)
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.116.1
* kernel-64kb-debuginfo-5.14.21-150500.55.116.1
* kernel-64kb-devel-5.14.21-150500.55.116.1
* kernel-64kb-debugsource-5.14.21-150500.55.116.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 nosrc
x86_64)
* kernel-default-5.14.21-150500.55.116.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* kernel-devel-5.14.21-150500.55.116.1
* kernel-macros-5.14.21-150500.55.116.1
* kernel-source-5.14.21-150500.55.116.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.116.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* kernel-default-debugsource-5.14.21-150500.55.116.1
* kernel-default-devel-5.14.21-150500.55.116.1
* dlm-kmp-default-5.14.21-150500.55.116.1
* kernel-default-debuginfo-5.14.21-150500.55.116.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.116.1
* kernel-obs-build-5.14.21-150500.55.116.1
* ocfs2-kmp-default-5.14.21-150500.55.116.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.116.1
* gfs2-kmp-default-5.14.21-150500.55.116.1
* kernel-syms-5.14.21-150500.55.116.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.116.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.116.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.116.1
* reiserfs-kmp-default-5.14.21-150500.55.116.1
* cluster-md-kmp-default-5.14.21-150500.55.116.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.116.1
* kernel-obs-build-debugsource-5.14.21-150500.55.116.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.116.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64)
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.116.1
* kernel-64kb-debuginfo-5.14.21-150500.55.116.1
* kernel-64kb-devel-5.14.21-150500.55.116.1
* kernel-64kb-debugsource-5.14.21-150500.55.116.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64
nosrc)
* kernel-default-5.14.21-150500.55.116.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150500.55.116.1.150500.6.55.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* kernel-devel-5.14.21-150500.55.116.1
* kernel-macros-5.14.21-150500.55.116.1
* kernel-source-5.14.21-150500.55.116.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch nosrc)
* kernel-docs-5.14.21-150500.55.116.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.116.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150500.55.116.1
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.116.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* kernel-default-debugsource-5.14.21-150500.55.116.1
* kernel-default-devel-5.14.21-150500.55.116.1
* dlm-kmp-default-5.14.21-150500.55.116.1
* kernel-default-debuginfo-5.14.21-150500.55.116.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.116.1
* kernel-obs-build-5.14.21-150500.55.116.1
* ocfs2-kmp-default-5.14.21-150500.55.116.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.116.1
* gfs2-kmp-default-5.14.21-150500.55.116.1
* kernel-syms-5.14.21-150500.55.116.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.116.1
* kernel-default-base-5.14.21-150500.55.116.1.150500.6.55.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.116.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.116.1
* reiserfs-kmp-default-5.14.21-150500.55.116.1
* cluster-md-kmp-default-5.14.21-150500.55.116.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.116.1
* kernel-obs-build-debugsource-5.14.21-150500.55.116.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (nosrc ppc64le
x86_64)
* kernel-default-5.14.21-150500.55.116.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* kernel-devel-5.14.21-150500.55.116.1
* kernel-macros-5.14.21-150500.55.116.1
* kernel-source-5.14.21-150500.55.116.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.116.1
* SUSE Linux Enterprise Live Patching 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.116.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-default-debugsource-5.14.21-150500.55.116.1
* kernel-default-debuginfo-5.14.21-150500.55.116.1
* kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-1-150500.11.3.1
* kernel-default-livepatch-5.14.21-150500.55.116.1
* kernel-default-livepatch-devel-5.14.21-150500.55.116.1
* kernel-livepatch-5_14_21-150500_55_116-default-1-150500.11.3.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x)
* kernel-livepatch-SLE15-SP5_Update_29-debugsource-1-150500.11.3.1
* openSUSE Leap 15.5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.116.1
* openSUSE Leap 15.5 (noarch)
* kernel-source-5.14.21-150500.55.116.1
* kernel-source-vanilla-5.14.21-150500.55.116.1
* kernel-macros-5.14.21-150500.55.116.1
* kernel-devel-5.14.21-150500.55.116.1
* kernel-docs-html-5.14.21-150500.55.116.1
* openSUSE Leap 15.5 (aarch64 ppc64le x86_64)
* kernel-kvmsmall-devel-5.14.21-150500.55.116.1
* kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.116.1
* kernel-default-base-5.14.21-150500.55.116.1.150500.6.55.1
* kernel-kvmsmall-debuginfo-5.14.21-150500.55.116.1
* kernel-default-base-rebuild-5.14.21-150500.55.116.1.150500.6.55.1
* kernel-kvmsmall-debugsource-5.14.21-150500.55.116.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kernel-default-debugsource-5.14.21-150500.55.116.1
* kernel-default-devel-5.14.21-150500.55.116.1
* cluster-md-kmp-default-5.14.21-150500.55.116.1
* kernel-default-livepatch-5.14.21-150500.55.116.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.116.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.116.1
* kernel-default-optional-5.14.21-150500.55.116.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.116.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.116.1
* kernel-obs-build-debugsource-5.14.21-150500.55.116.1
* ocfs2-kmp-default-5.14.21-150500.55.116.1
* kernel-obs-build-5.14.21-150500.55.116.1
* gfs2-kmp-default-5.14.21-150500.55.116.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.116.1
* reiserfs-kmp-default-5.14.21-150500.55.116.1
* kernel-syms-5.14.21-150500.55.116.1
* kselftests-kmp-default-5.14.21-150500.55.116.1
* kernel-obs-qa-5.14.21-150500.55.116.1
* kernel-default-debuginfo-5.14.21-150500.55.116.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.116.1
* kernel-default-optional-debuginfo-5.14.21-150500.55.116.1
* kselftests-kmp-default-debuginfo-5.14.21-150500.55.116.1
* dlm-kmp-default-5.14.21-150500.55.116.1
* kernel-default-extra-5.14.21-150500.55.116.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.116.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.116.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-1-150500.11.3.1
* kernel-livepatch-5_14_21-150500_55_116-default-1-150500.11.3.1
* kernel-default-livepatch-devel-5.14.21-150500.55.116.1
* kernel-livepatch-SLE15-SP5_Update_29-debugsource-1-150500.11.3.1
* openSUSE Leap 15.5 (x86_64)
* kernel-kvmsmall-vdso-5.14.21-150500.55.116.1
* kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.116.1
* kernel-default-vdso-debuginfo-5.14.21-150500.55.116.1
* kernel-default-vdso-5.14.21-150500.55.116.1
* openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150500.55.116.1
* openSUSE Leap 15.5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.116.1
* openSUSE Leap 15.5 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150500.55.116.1
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.116.1
* openSUSE Leap 15.5 (nosrc)
* dtb-aarch64-5.14.21-150500.55.116.1
* openSUSE Leap 15.5 (aarch64)
* dtb-broadcom-5.14.21-150500.55.116.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.116.1
* dtb-amlogic-5.14.21-150500.55.116.1
* dtb-renesas-5.14.21-150500.55.116.1
* dtb-amazon-5.14.21-150500.55.116.1
* kernel-64kb-extra-5.14.21-150500.55.116.1
* dtb-altera-5.14.21-150500.55.116.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.116.1
* dtb-qcom-5.14.21-150500.55.116.1
* dtb-apple-5.14.21-150500.55.116.1
* dlm-kmp-64kb-5.14.21-150500.55.116.1
* dtb-lg-5.14.21-150500.55.116.1
* cluster-md-kmp-64kb-5.14.21-150500.55.116.1
* kernel-64kb-debugsource-5.14.21-150500.55.116.1
* dtb-xilinx-5.14.21-150500.55.116.1
* ocfs2-kmp-64kb-5.14.21-150500.55.116.1
* dtb-rockchip-5.14.21-150500.55.116.1
* dtb-freescale-5.14.21-150500.55.116.1
* dtb-hisilicon-5.14.21-150500.55.116.1
* kernel-64kb-devel-5.14.21-150500.55.116.1
* reiserfs-kmp-64kb-5.14.21-150500.55.116.1
* dtb-marvell-5.14.21-150500.55.116.1
* dtb-apm-5.14.21-150500.55.116.1
* dtb-mediatek-5.14.21-150500.55.116.1
* dtb-sprd-5.14.21-150500.55.116.1
* kernel-64kb-optional-5.14.21-150500.55.116.1
* dtb-cavium-5.14.21-150500.55.116.1
* dtb-allwinner-5.14.21-150500.55.116.1
* dtb-exynos-5.14.21-150500.55.116.1
* kselftests-kmp-64kb-5.14.21-150500.55.116.1
* kernel-64kb-optional-debuginfo-5.14.21-150500.55.116.1
* gfs2-kmp-64kb-5.14.21-150500.55.116.1
* dtb-amd-5.14.21-150500.55.116.1
* kernel-64kb-debuginfo-5.14.21-150500.55.116.1
* dtb-nvidia-5.14.21-150500.55.116.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.116.1
* dlm-kmp-64kb-debuginfo-5.14.21-150500.55.116.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.116.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.116.1
* dtb-arm-5.14.21-150500.55.116.1
* dtb-socionext-5.14.21-150500.55.116.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.116.1
* kernel-64kb-extra-debuginfo-5.14.21-150500.55.116.1
* openSUSE Leap 15.5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.116.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.116.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64)
* kernel-default-base-5.14.21-150500.55.116.1.150500.6.55.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* kernel-default-debugsource-5.14.21-150500.55.116.1
* kernel-default-debuginfo-5.14.21-150500.55.116.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* kernel-macros-5.14.21-150500.55.116.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49138.html
* https://www.suse.com/security/cve/CVE-2022-49770.html
* https://www.suse.com/security/cve/CVE-2023-52923.html
* https://www.suse.com/security/cve/CVE-2023-52927.html
* https://www.suse.com/security/cve/CVE-2024-26643.html
* https://www.suse.com/security/cve/CVE-2024-53057.html
* https://www.suse.com/security/cve/CVE-2024-53164.html
* https://www.suse.com/security/cve/CVE-2024-57947.html
* https://www.suse.com/security/cve/CVE-2025-37797.html
* https://www.suse.com/security/cve/CVE-2025-38079.html
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38200.html
* https://www.suse.com/security/cve/CVE-2025-38206.html
* https://www.suse.com/security/cve/CVE-2025-38212.html
* https://www.suse.com/security/cve/CVE-2025-38213.html
* https://www.suse.com/security/cve/CVE-2025-38257.html
* https://www.suse.com/security/cve/CVE-2025-38289.html
* https://bugzilla.suse.com/show_bug.cgi?id=1206051
* https://bugzilla.suse.com/show_bug.cgi?id=1221829
* https://bugzilla.suse.com/show_bug.cgi?id=1233551
* https://bugzilla.suse.com/show_bug.cgi?id=1234480
* https://bugzilla.suse.com/show_bug.cgi?id=1234863
* https://bugzilla.suse.com/show_bug.cgi?id=1236104
* https://bugzilla.suse.com/show_bug.cgi?id=1236333
* https://bugzilla.suse.com/show_bug.cgi?id=1238160
* https://bugzilla.suse.com/show_bug.cgi?id=1239644
* https://bugzilla.suse.com/show_bug.cgi?id=1242417
* https://bugzilla.suse.com/show_bug.cgi?id=1244523
* https://bugzilla.suse.com/show_bug.cgi?id=1245217
* https://bugzilla.suse.com/show_bug.cgi?id=1245431
* https://bugzilla.suse.com/show_bug.cgi?id=1246000
* https://bugzilla.suse.com/show_bug.cgi?id=1246029
* https://bugzilla.suse.com/show_bug.cgi?id=1246037
* https://bugzilla.suse.com/show_bug.cgi?id=1246045
* https://bugzilla.suse.com/show_bug.cgi?id=1246073
* https://bugzilla.suse.com/show_bug.cgi?id=1246186
* https://bugzilla.suse.com/show_bug.cgi?id=1246287
* https://bugzilla.suse.com/show_bug.cgi?id=1246555



SUSE-SU-2025:02591-1: moderate: Security update for tgt


# Security update for tgt

Announcement ID: SUSE-SU-2025:02591-1
Release Date: 2025-08-01T14:08:43Z
Rating: moderate
References:

* bsc#1230360

Cross-References:

* CVE-2024-45751

CVSS scores:

* CVE-2024-45751 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-45751 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products:

* openSUSE Leap 15.4

An update that solves one vulnerability can now be installed.

## Description:

This update for tgt fixes the following issues:

* CVE-2024-45751: Fixed CHAP authentication bypass in user-space Linux target
framework (bsc#1230360)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2591=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* tgt-debuginfo-1.0.85-150400.3.6.1
* tgt-debugsource-1.0.85-150400.3.6.1
* tgt-1.0.85-150400.3.6.1

## References:

* https://www.suse.com/security/cve/CVE-2024-45751.html
* https://bugzilla.suse.com/show_bug.cgi?id=1230360



SUSE-SU-2025:02592-1: important: Security update for cosign


# Security update for cosign

Announcement ID: SUSE-SU-2025:02592-1
Release Date: 2025-08-01T14:44:33Z
Rating: important
References:

* bsc#1246725
* jsc#SLE-23879

Cross-References:

* CVE-2025-46569

CVSS scores:

* CVE-2025-46569 ( SUSE ): 7.6
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-46569 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
* CVE-2025-46569 ( NVD ): 7.4
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability and contains one feature can now be
installed.

## Description:

This update for cosign fixes the following issues:

Update to version 2.5.3 (jsc#SLE-23879):

* CVE-2025-46569: Fixed OPA server Data API HTTP path injection of Rego
(bsc#1246725)

Changelog:

Update to 2.5.3:

* Add signing-config create command (#4280)
* Allow multiple services to be specified for trusted-root create (#4285)
* force when copying the latest image to overwrite (#4298)
* Fix cert verification logic for trusted-root/SCTs (#4294)
* Fix lint error for types package (#4295)
* feat: Add OCI 1.1+ experimental support to tree (#4205)
* Add validity period end for trusted-root create (#4271)
* avoid double-loading trustedroot from file (#4264)

Update to 2.5.2:

* Do not load trusted root when CT env key is set
* docs: improve doc for --no-upload option (#4206)

Update to 2.5.1:

* Add Rekor v2 support for trusted-root create (#4242)
* Add baseUrl and Uri to trusted-root create command
* Upgrade to TUF v2 client with trusted root
* Don't verify SCT for a private PKI cert (#4225)
* Bump TSA library to relax EKU chain validation rules (#4219)
* Bump sigstore-go to pick up log index=0 fix (#4162)
* remove unused recursive flag on attest command (#4187)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2592=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-2592=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-2592=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2592=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2592=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2592=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2592=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2592=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2592=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2592=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2592=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2592=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2592=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2592=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2592=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* cosign-2.5.3-150400.3.30.1
* SUSE Manager Proxy 4.3 (x86_64)
* cosign-2.5.3-150400.3.30.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* cosign-2.5.3-150400.3.30.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* cosign-2.5.3-150400.3.30.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* cosign-debuginfo-2.5.3-150400.3.30.1
* cosign-2.5.3-150400.3.30.1
* openSUSE Leap 15.4 (noarch)
* cosign-zsh-completion-2.5.3-150400.3.30.1
* cosign-fish-completion-2.5.3-150400.3.30.1
* cosign-bash-completion-2.5.3-150400.3.30.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* cosign-debuginfo-2.5.3-150400.3.30.1
* cosign-2.5.3-150400.3.30.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* cosign-debuginfo-2.5.3-150400.3.30.1
* cosign-2.5.3-150400.3.30.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* cosign-debuginfo-2.5.3-150400.3.30.1
* cosign-2.5.3-150400.3.30.1
* Basesystem Module 15-SP7 (noarch)
* cosign-zsh-completion-2.5.3-150400.3.30.1
* cosign-bash-completion-2.5.3-150400.3.30.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* cosign-2.5.3-150400.3.30.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* cosign-2.5.3-150400.3.30.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* cosign-2.5.3-150400.3.30.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* cosign-2.5.3-150400.3.30.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* cosign-2.5.3-150400.3.30.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* cosign-2.5.3-150400.3.30.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* cosign-2.5.3-150400.3.30.1

## References:

* https://www.suse.com/security/cve/CVE-2025-46569.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246725
* https://jira.suse.com/browse/SLE-23879



SUSE-SU-2025:02595-1: important: Security update for gnutls


# Security update for gnutls

Announcement ID: SUSE-SU-2025:02595-1
Release Date: 2025-08-01T15:14:08Z
Rating: important
References:

* bsc#1246232
* bsc#1246233
* bsc#1246267
* bsc#1246299

Cross-References:

* CVE-2025-32988
* CVE-2025-32989
* CVE-2025-32990
* CVE-2025-6395

CVSS scores:

* CVE-2025-32988 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32988 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-32988 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-32989 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-32989 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-32989 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-32990 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-32990 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
* CVE-2025-32990 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2025-6395 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-6395 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-6395 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves four vulnerabilities can now be installed.

## Description:

This update for gnutls fixes the following issues:

* CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK
(bsc#1246299)
* CVE-2025-32988: Fix double-free due to incorrect ownership handling in the
export logic of SAN entries containing an otherName (bsc#1246232)
* CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension
during X.509 certificate parsing (bsc#1246233)
* CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with
certtool (bsc#1246267)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2595=1 openSUSE-SLE-15.6-2025-2595=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2595=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2595=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libgnutlsxx30-3.8.3-150600.4.9.1
* gnutls-debugsource-3.8.3-150600.4.9.1
* libgnutls-devel-3.8.3-150600.4.9.1
* libgnutlsxx-devel-3.8.3-150600.4.9.1
* gnutls-debuginfo-3.8.3-150600.4.9.1
* libgnutls30-debuginfo-3.8.3-150600.4.9.1
* libgnutls30-3.8.3-150600.4.9.1
* gnutls-3.8.3-150600.4.9.1
* libgnutlsxx30-debuginfo-3.8.3-150600.4.9.1
* openSUSE Leap 15.6 (x86_64)
* libgnutls30-32bit-3.8.3-150600.4.9.1
* libgnutls-devel-32bit-3.8.3-150600.4.9.1
* libgnutls30-32bit-debuginfo-3.8.3-150600.4.9.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libgnutls30-64bit-3.8.3-150600.4.9.1
* libgnutls30-64bit-debuginfo-3.8.3-150600.4.9.1
* libgnutls-devel-64bit-3.8.3-150600.4.9.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libgnutlsxx30-3.8.3-150600.4.9.1
* gnutls-debugsource-3.8.3-150600.4.9.1
* libgnutls-devel-3.8.3-150600.4.9.1
* libgnutlsxx-devel-3.8.3-150600.4.9.1
* gnutls-debuginfo-3.8.3-150600.4.9.1
* libgnutls30-debuginfo-3.8.3-150600.4.9.1
* libgnutls30-3.8.3-150600.4.9.1
* gnutls-3.8.3-150600.4.9.1
* libgnutlsxx30-debuginfo-3.8.3-150600.4.9.1
* Basesystem Module 15-SP6 (x86_64)
* libgnutls30-32bit-3.8.3-150600.4.9.1
* libgnutls30-32bit-debuginfo-3.8.3-150600.4.9.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libgnutlsxx30-3.8.3-150600.4.9.1
* gnutls-debugsource-3.8.3-150600.4.9.1
* libgnutls-devel-3.8.3-150600.4.9.1
* libgnutlsxx-devel-3.8.3-150600.4.9.1
* gnutls-debuginfo-3.8.3-150600.4.9.1
* libgnutls30-debuginfo-3.8.3-150600.4.9.1
* libgnutls30-3.8.3-150600.4.9.1
* gnutls-3.8.3-150600.4.9.1
* libgnutlsxx30-debuginfo-3.8.3-150600.4.9.1
* Basesystem Module 15-SP7 (x86_64)
* libgnutls30-32bit-3.8.3-150600.4.9.1
* libgnutls30-32bit-debuginfo-3.8.3-150600.4.9.1

## References:

* https://www.suse.com/security/cve/CVE-2025-32988.html
* https://www.suse.com/security/cve/CVE-2025-32989.html
* https://www.suse.com/security/cve/CVE-2025-32990.html
* https://www.suse.com/security/cve/CVE-2025-6395.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246232
* https://bugzilla.suse.com/show_bug.cgi?id=1246233
* https://bugzilla.suse.com/show_bug.cgi?id=1246267
* https://bugzilla.suse.com/show_bug.cgi?id=1246299



SUSE-SU-2025:02597-1: moderate: Security update for python310


# Security update for python310

Announcement ID: SUSE-SU-2025:02597-1
Release Date: 2025-08-01T15:14:37Z
Rating: moderate
References:

* bsc#1244705

Cross-References:

* CVE-2025-6069

CVSS scores:

* CVE-2025-6069 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H
* CVE-2025-6069 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
* CVE-2025-6069 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6

An update that solves one vulnerability can now be installed.

## Description:

This update for python310 fixes the following issues:

* CVE-2025-6069: Avoid worst case quadratic complexity when processing certain
crafted malformed inputs with HTMLParser (bsc#1244705).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2597=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2597=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python310-3.10.18-150400.4.85.1
* python310-dbm-debuginfo-3.10.18-150400.4.85.1
* python310-curses-3.10.18-150400.4.85.1
* python310-testsuite-debuginfo-3.10.18-150400.4.85.1
* python310-dbm-3.10.18-150400.4.85.1
* python310-doc-devhelp-3.10.18-150400.4.85.1
* libpython3_10-1_0-3.10.18-150400.4.85.1
* python310-base-3.10.18-150400.4.85.1
* python310-core-debugsource-3.10.18-150400.4.85.1
* python310-curses-debuginfo-3.10.18-150400.4.85.1
* python310-debuginfo-3.10.18-150400.4.85.1
* python310-debugsource-3.10.18-150400.4.85.1
* python310-devel-3.10.18-150400.4.85.1
* python310-doc-3.10.18-150400.4.85.1
* python310-tk-debuginfo-3.10.18-150400.4.85.1
* python310-testsuite-3.10.18-150400.4.85.1
* python310-idle-3.10.18-150400.4.85.1
* python310-base-debuginfo-3.10.18-150400.4.85.1
* libpython3_10-1_0-debuginfo-3.10.18-150400.4.85.1
* python310-tk-3.10.18-150400.4.85.1
* python310-tools-3.10.18-150400.4.85.1
* openSUSE Leap 15.4 (x86_64)
* python310-32bit-3.10.18-150400.4.85.1
* libpython3_10-1_0-32bit-3.10.18-150400.4.85.1
* python310-base-32bit-3.10.18-150400.4.85.1
* python310-32bit-debuginfo-3.10.18-150400.4.85.1
* python310-base-32bit-debuginfo-3.10.18-150400.4.85.1
* libpython3_10-1_0-32bit-debuginfo-3.10.18-150400.4.85.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* python310-base-64bit-debuginfo-3.10.18-150400.4.85.1
* libpython3_10-1_0-64bit-debuginfo-3.10.18-150400.4.85.1
* libpython3_10-1_0-64bit-3.10.18-150400.4.85.1
* python310-base-64bit-3.10.18-150400.4.85.1
* python310-64bit-debuginfo-3.10.18-150400.4.85.1
* python310-64bit-3.10.18-150400.4.85.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python310-3.10.18-150400.4.85.1
* python310-dbm-debuginfo-3.10.18-150400.4.85.1
* python310-curses-3.10.18-150400.4.85.1
* python310-testsuite-debuginfo-3.10.18-150400.4.85.1
* python310-dbm-3.10.18-150400.4.85.1
* python310-doc-devhelp-3.10.18-150400.4.85.1
* libpython3_10-1_0-3.10.18-150400.4.85.1
* python310-base-3.10.18-150400.4.85.1
* python310-core-debugsource-3.10.18-150400.4.85.1
* python310-curses-debuginfo-3.10.18-150400.4.85.1
* python310-debuginfo-3.10.18-150400.4.85.1
* python310-debugsource-3.10.18-150400.4.85.1
* python310-devel-3.10.18-150400.4.85.1
* python310-doc-3.10.18-150400.4.85.1
* python310-testsuite-3.10.18-150400.4.85.1
* python310-tk-debuginfo-3.10.18-150400.4.85.1
* python310-idle-3.10.18-150400.4.85.1
* python310-base-debuginfo-3.10.18-150400.4.85.1
* libpython3_10-1_0-debuginfo-3.10.18-150400.4.85.1
* python310-tk-3.10.18-150400.4.85.1
* python310-tools-3.10.18-150400.4.85.1
* openSUSE Leap 15.6 (x86_64)
* python310-32bit-3.10.18-150400.4.85.1
* libpython3_10-1_0-32bit-3.10.18-150400.4.85.1
* python310-base-32bit-3.10.18-150400.4.85.1
* python310-32bit-debuginfo-3.10.18-150400.4.85.1
* python310-base-32bit-debuginfo-3.10.18-150400.4.85.1
* libpython3_10-1_0-32bit-debuginfo-3.10.18-150400.4.85.1

## References:

* https://www.suse.com/security/cve/CVE-2025-6069.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244705



openSUSE-SU-2025:15398-1: moderate: kwctl-1.27.1-1.1 on GA media


# kwctl-1.27.1-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15398-1
Rating: moderate

Cross-References:

* CVE-2025-53901

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the kwctl-1.27.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* kwctl 1.27.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-53901.html



openSUSE-SU-2025:15397-1: moderate: gdk-pixbuf-devel-2.42.12-4.1 on GA media


# gdk-pixbuf-devel-2.42.12-4.1 on GA media

Announcement ID: openSUSE-SU-2025:15397-1
Rating: moderate

Cross-References:

* CVE-2025-6199

CVSS scores:

* CVE-2025-6199 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2025-6199 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the gdk-pixbuf-devel-2.42.12-4.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* gdk-pixbuf-devel 2.42.12-4.1
* gdk-pixbuf-devel-32bit 2.42.12-4.1
* gdk-pixbuf-lang 2.42.12-4.1
* gdk-pixbuf-query-loaders 2.42.12-4.1
* gdk-pixbuf-query-loaders-32bit 2.42.12-4.1
* gdk-pixbuf-thumbnailer 2.42.12-4.1
* libgdk_pixbuf-2_0-0 2.42.12-4.1
* libgdk_pixbuf-2_0-0-32bit 2.42.12-4.1
* typelib-1_0-GdkPixbuf-2_0 2.42.12-4.1
* typelib-1_0-GdkPixdata-2_0 2.42.12-4.1

## References:

* https://www.suse.com/security/cve/CVE-2025-6199.html


Kernel updates for AlmaLinux 9

Linux Kernel update for Ubuntu

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...