openSUSE-SU-2025-20115-1: moderate: Security update for pnpm
openSUSE-SU-2025-20121-1: critical: Security update for redis
openSUSE-SU-2025-20114-1: important: Security update for himmelblau
openSUSE-SU-2025-20116-1: moderate: Security update for rnp
openSUSE-SU-2025-20106-1: important: Security update for tomcat11
openSUSE-SU-2025-20099-1: important: Security update for xwayland
openSUSE-SU-2025-20113-1: moderate: Security update for dovecot24
SUSE-SU-2025:4285-1: important: Security update for the Linux Kernel (Live Patch 62 for SUSE Linux Enterprise 15 SP3)
SUSE-SU-2025:4288-1: important: Security update for containerd
SUSE-SU-2025:4291-1: important: Security update for libmicrohttpd
SUSE-SU-2025:4290-1: moderate: Security update for cups
SUSE-SU-2025:4297-1: low: Security update for python311
openSUSE-SU-2025:0446-1: important: Security update for cpp-httplib
SUSE-SU-2025:4308-1: moderate: Security update for glib2
SUSE-SU-2025:4310-1: moderate: Security update for libcryptopp
SUSE-SU-2025:4301-1: important: Security update for the Linux Kernel
SUSE-SU-2025:4309-1: moderate: Security update for curl
openSUSE-SU-2025:15778-1: moderate: libwireshark19-4.6.1-2.1 on GA media
openSUSE-SU-2025-20115-1: moderate: Security update for pnpm
openSUSE security update: security update for pnpm
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2025-20115-1
Rating: moderate
Cross-References:
* CVE-2021-1234
* CVE-2021-5678
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 2 vulnerabilities can now be installed.
Description:
This update for pnpm fixes the following issues:
Changes in pnpm:
- update to 10.22.0:
* Minor Changes
- Added support for trustPolicyExclude #10164.
You can now list one or more specific packages or versions
that pnpm should allow to install, even if those packages
don't satisfy the trust policy requirement. For example:
trustPolicy: no-downgrade
trustPolicyExclude:
- chokidar@4.0.3
- webpack@4.47.0 || 5.102.1
- Allow to override the engines field on publish by the
publishConfig.engines field.
* Patch Changes
- Don't crash when two processes of pnpm are hardlinking the
contents of a directory to the same destination
simultaneously #10179.
- update to 10.21.0:
* Minor Changes
- Node.js Runtime Installation for Dependencies. Added support
for automatic Node.js runtime installation for dependencies.
pnpm will now install the Node.js version required by a
dependency if that dependency declares a Node.js runtime in
the "engines" field. For example:
{
"engines": {
"runtime": {
"name": "node",
"version": "^24.11.0",
"onFail": "download"
}
}
}
If the package with the Node.js runtime dependency is a CLI
app, pnpm will bind the CLI app to the required Node.js
version. This ensures that, regardless of the globally
installed Node.js instance, the CLI will use the compatible
version of Node.js.
If the package has a postinstall script, that script will be
executed using the specified Node.js version.
Related PR: #10141
- Added a new setting: trustPolicy.
When set to no-downgrade, pnpm will fail installation if a
package???s trust level has decreased compared to previous
releases ??? for example, if it was previously published by a
trusted publisher but now only has provenance or no trust
evidence.
This helps prevent installing potentially compromised
versions of a package.
Related issue: #8889.
- Added support for pnpm config get globalconfig to retrieve
the global config file path #9977.
* Patch Changes
- When a user runs pnpm update on a dependency that is not
directly listed in package.json, none of the direct
dependencies should be updated #10155.
- Don't crash when two processes of pnpm are hardlinking the
contents of a directory to the same destination
simultaneously #10160.
- Setting gitBranchLockfile and related settings via
pnpm-workspace.yaml should work #9651.
- update to 10.20.0:
* Minor Changes
- Support --all option in pnpm --help to list all commands
#8628.
* Patch Changes
- When the latest version doesn't satisfy the maturity
requirement configured by minimumReleaseAge, pick the highest
version that is mature enough, even if it has a different
major version #10100.
- create command should not verify patch info.
- Set managePackageManagerVersions to false, when switching to
a different version of pnpm CLI, in order to avoid subsequent
switches #10063.
- update to 10.19.0:
* Minor Changes
- You can now allow specific versions of dependencies to run
postinstall scripts. onlyBuiltDependencies now accepts
package names with lists of trusted versions. For example:
Related PR: #10104.
onlyBuiltDependencies:
- nx@21.6.4 || 21.6.5
- esbuild@0.25.1
- Added support for exact versions in minimumReleaseAgeExclude
#9985.
You can now list one or more specific versions that pnpm
should allow to install, even if those versions don???t satisfy
the maturity requirement set by minimumReleaseAge. For
example:
minimumReleaseAge: 1440
minimumReleaseAgeExclude:
- nx@21.6.5
- webpack@4.47.0 || 5.102.1
- update to 10.18.3:
* Patch Changes
- Fix a bug where pnpm would infinitely recurse when using
verifyDepsBeforeInstall: install and pre/post install scripts
that called other pnpm scripts #10060.
- Fixed scoped registry keys (e.g., @scope:registry) being
parsed as property paths in pnpm config get when
--location=project is used #9362.
- Remove pnpm-specific CLI options before passing to npm
publish to prevent "Unknown cli config" warnings #9646.
- Fixed EISDIR error when bin field points to a directory
#9441.
- Preserve version and hasBin for variations packages #10022.
- Fixed pnpm config set --location=project incorrectly handling
keys with slashes (auth tokens, registry settings) #9884.
- When both pnpm-workspace.yaml and .npmrc exist, pnpm config
set --location=project now writes to pnpm-workspace.yaml
(matching read priority) #10072.
- Prevent a table width error in pnpm outdated --long #10040.
- Sync bin links after injected dependencies are updated by
build scripts. This ensures that binaries created during
build processes are properly linked and accessible to
consuming projects #10057.
- update to 10.18.2:
* Patch Changes
- pnpm outdated --long should work #10040.
- Replace ndjson with split2. Reduce the bundle size of pnpm
CLI #10054.
- pnpm dlx should request the full metadata of packages, when
minimumReleaseAge is set #9963.
- pnpm version switching should work when the pnpm home
directory is in a symlinked directory #9715.
- Fix EPIPE errors when piping output to other commands #10027.
- update to 10.18.1:
* Patch Changes
- Don't print a warning, when --lockfile-only is used #8320.
- pnpm setup creates a command shim to the pnpm executable.
This is needed to be able to run pnpm self-update on Windows
#5700.
- When using pnpm catalogs and running a normal pnpm install,
pnpm produced false positive warnings for "skip adding to the
default catalog because it already exists". This warning now
only prints when using pnpm add --save-catalog as originally
intended.
- update to 10.18.0:
* Minor Changes
- Added network performance monitoring to pnpm by implementing
warnings for slow network requests, including both metadata
fetches and tarball downloads.
Added configuration options for warning thresholds:
fetchWarnTimeoutMs and fetchMinSpeedKiBps.
Warning messages are displayed when requests exceed time
thresholds or fall below speed minimums
Related PR: #10025.
* Patch Changes
- Retry filesystem operations on EAGAIN errors #9959.
- Outdated command respects minimumReleaseAge configuration
#10030.
- Correctly apply the cleanupUnusedCatalogs configuration when
removing dependent packages.
- Don't fail with a meaningless error when scriptShell is set
to false #8748.
- pnpm dlx should not fail when minimumReleaseAge is set
#10037.
- update to 10.17.1:
* Patch Changes
- When a version specifier cannot be resolved because the versions
don't satisfy the minimumReleaseAge setting, print this
information out in the error message #9974.
- Fix state.json creation path when executing pnpm patch in a
workspace project #9733.
- When minimumReleaseAge is set and the latest tag is not mature
enough, prefer a non-deprecated version as the new latest #9987.
- update to 10.17:
* Minor Changes
- The minimumReleaseAgeExclude setting now supports patterns.
For instance:
minimumReleaseAge: 1440
minimumReleaseAgeExclude:
- "@eslint/*"
* Patch Changes
- Don't ignore the minimumReleaseAge check, when the package is
requested by exact version and the packument is loaded from
cache #9978.
- When minimumReleaseAge is set and the active version under a
dist-tag is not mature enough, do not downgrade to a
prerelease version in case the original version wasn't a
prerelease one #9979.
- update to 10.16.1:
* Patch Changes
- The full metadata cache should be stored not at the same
location as the abbreviated metadata. This fixes a bug where
pnpm was loading the abbreviated metadata from cache and
couldn't find the "time" field as a result #9963.
- Forcibly disable ANSI color codes when generating patch diff
#9914.
- update to 10.16:
* Minor Changes
- There have been several incidents recently where popular
packages were successfully attacked. To reduce the risk of
installing a compromised version, we are introducing a new
setting that delays the installation of newly released
dependencies. In most cases, such attacks are discovered
quickly and the malicious versions are removed from the
registry within an hour.
- The new setting is called minimumReleaseAge. It specifies the
number of minutes that must pass after a version is published
before pnpm will install it. For example, setting
minimumReleaseAge: 1440 ensures that only packages released
at least one day ago can be installed.
- If you set minimumReleaseAge but need to disable this
restriction for certain dependencies, you can list them under
the minimumReleaseAgeExclude setting. For instance, with the
following configuration pnpm will always install the latest
version of webpack, regardless of its release time:
minimumReleaseAgeExclude:
- webpack
- Added support for finders #9946.
In the past, pnpm list and pnpm why could only search for
dependencies by name (and optionally version). For example:
pnpm why minimist
prints the chain of dependencies to any installed instance of
minimist:
verdaccio 5.20.1
????????? handlebars 4.7.7
??? ????????? minimist 1.2.8
????????? mv 2.1.1
????????? mkdirp 0.5.6
????????? minimist 1.2.8
What if we want to search by other properties of a
dependency, not just its name? For instance, find all
packages that have react@17 in their peer dependencies?
This is now possible with "finder functions". Finder
functions can be declared in .pnpmfile.cjs and invoked with
the --find-by= flag when running pnpm list or
pnpm why.
Let's say we want to find any dependencies that have React 17
in peer dependencies. We can add this finder to our
.pnpmfile.cjs:
module.exports = {
finders: {
react17: (ctx) => {
return ctx.readManifest().peerDependencies?.react === "^17.0.0";
},
},
};
Now we can use this finder function by running:
pnpm why --find-by=react17
pnpm will find all dependencies that have this React in peer
dependencies and print their exact locations in the
dependency graph.
@apollo/client 4.0.4
????????? @graphql-typed-document-node/core 3.2.0
????????? graphql-tag 2.12.6
It is also possible to print out some additional information
in the output by returning a string from the finder. For
example, with the following finder:
module.exports = {
finders: {
react17: (ctx) => {
const manifest = ctx.readManifest();
if (manifest.peerDependencies?.react === "^17.0.0") {
return `license: ${manifest.license}`;
}
return false;
},
},
};
Every matched package will also print out the license from
its package.json:
@apollo/client 4.0.4
????????? @graphql-typed-document-node/core 3.2.0
??? license: MIT
????????? graphql-tag 2.12.6
license: MIT
* Patch Changes
- Fix deprecation warning printed when executing pnpm with
Node.js 24 #9529.
- Throw an error if nodeVersion is not set to an exact semver
version #9934.
- pnpm publish should be able to publish a .tar.gz file #9927.
- Canceling a running process with Ctrl-C should make pnpm run
return a non-zero exit code #9626.
- update to 10.15.1:
* Patch Changes
- Fix .pnp.cjs crash when importing subpath #9904.
- When resolving peer dependencies, pnpm looks whether the peer
dependency is present in the root workspace project's
dependencies. This change makes it so that the peer
dependency is correctly resolved even from aliased npm-hosted
dependencies or other types of dependencies #9913.
- update to 10.15.0:
* Minor Changes
- Added the cleanupUnusedCatalogs configuration. When set to
true, pnpm will remove unused catalog entries during
installation #9793.
- Automatically load pnpmfiles from config dependencies that
are named @*/pnpm-plugin-* #9780.
- pnpm config get now prints an INI string for an object value
#9797.
- pnpm config get now accepts property paths (e.g. pnpm config
get catalog.react, pnpm config get .catalog.react, pnpm
config get
'packageExtensions["@babel/parser"].peerDependencies["@babel/types"]'),
and pnpm config set now accepts dot-leading or subscripted
keys (e.g. pnpm config set .ignoreScripts true).
- pnpm config get --json now prints a JSON serialization of
config value, and pnpm config set --json now parses the input
value as JSON.
* Patch Changes
- Semi-breaking. When automatically installing missing peer
dependencies, prefer versions that are already present in the
direct dependencies of the root workspace package #9835.
- When executing the pnpm create command, must verify whether
the node version is supported even if a cache already exists
#9775.
- When making requests for the non-abbreviated packument, add
*/* to the Accept header to avoid getting a 406 error on AWS
CodeArtifact #9862.
- The standalone exe version of pnpm works with glibc 2.26
again #9734.
- Fix a regression in which pnpm dlx pkg --help doesn't pass
--help to pkg #9823.
- update to 10.14.0:
* Minor Changes
- Added support for JavaScript runtime installation
(Related PR: #9755.)
Declare Node.js, Deno, or Bun in devEngines.runtime (inside
package.json) and let pnpm download and pin it automatically.
Usage example:
{
"devEngines": {
"runtime": {
"name": "node",
"version": "^24.4.0",
"onFail": "download" // we only support the "download" value for now
}
}
}
How it works:
- pnpm install resolves your specified range to the latest
matching runtime version.
- The exact version (and checksum) is saved in the lockfile.
- Scripts use the local runtime, ensuring consistency across
environments.
Why this is better:
- This new setting supports also Deno and Bun (vs. our
Node-only settings useNodeVersion and
executionEnv.nodeVersion)
- Supports version ranges (not just a fixed version).
- The resolved version is stored in the pnpm lockfile, along
with an integrity checksum for future validation of the
Node.js content's validity.
- It can be used on any workspace project (like
executionEnv.nodeVersion). So, different projects in a
workspace can use different runtimes.
- For now devEngines.runtime setting will install the runtime
locally, which we will improve in future versions of pnpm
by using a shared location on the computer.
- Add --cpu, --libc, and --os to pnpm install, pnpm add, and
pnpm dlx to customize supportedArchitectures via the CLI
#7510.
* Patch Changes
- Fix a bug in which pnpm add downloads packages whose libc
differ from pnpm.supportedArchitectures.libc.
- The integrities of the downloaded Node.js artifacts are
verified #9750.
- Allow dlx to parse CLI flags and options between the dlx
command and the command to run or between the dlx command and
-- #9719.
- pnpm install --prod should removing hoisted dev dependencies
#9782.
- Fix an edge case bug causing local tarballs to not re-link
into the virtual store. This bug would happen when changing
the contents of the tarball without renaming the file and
running a filtered install.
- Fix a bug causing pnpm install to incorrectly assume the
lockfile is up to date after changing a local tarball that
has peers dependencies.
- update to 10.13.1:
* Patch Changes
- Run user defined pnpmfiles after pnpmfiles of plugins.
- update to 10.13.0:
* Minor Changes
- Added the possibility to load multiple pnpmfiles. The pnpmfile
setting can now accept a list of pnpmfile locations #9702.
- pnpm will now automatically load the pnpmfile.cjs file from any
config dependency named @pnpm/plugin-* or pnpm-plugin-* #9729.
- The order in which config dependencies are initialized should
not matter ??? they are initialized in alphabetical order. If a
specific order is needed, the paths to the pnpmfile.cjs files in
the config dependencies can be explicitly listed using the
pnpmfile setting in pnpm-workspace.yaml.
* Patch Changes
- When patching dependencies installed via pkg.pr.new, treat them
as Git tarball URLs #9694.
- Prevent conflicts between local projects' config and the global
config in dangerouslyAllowAllBuilds, onlyBuiltDependencies,
onlyBuiltDependenciesFile, and neverBuiltDependencies #9628.
- Sort keys in pnpm-workspace.yaml with deep #9701.
- The pnpm rebuild command should not add pkgs included in
ignoredBuiltDependencies to ignoredBuilds in
node_modules/.modules.yaml #9338.
- Replaced shell-quote with shlex for quoting command arguments
#9381.
- update to 10.12.4:
* Patch Changes
- Fix pnpm licenses command for local dependencies #9583.
- Fix a bug in which pnpm ls --filter=not-exist --json prints
nothing instead of an empty array #9672.
- Fix a deadlock that sometimes happens during peer dependency
resolution #9673.
- Running pnpm install after pnpm fetch should hoist all
dependencies that need to be hoisted.
- Fixes a regression introduced in v10.12.2 by #9648; resolves
#9689.
- update to 10.12.3:
* Patch Changes
- Restore hoisting of optional peer dependencies when installing
with an outdated lockfile. Regression introduced in v10.12.2 by
#9648; resolves #9685.
- update to 10.12.2:
* Patch Changes
- Fixed hoisting with enableGlobalVirtualStore set to true #9648.
- Fix the --help and -h flags not working as expected for the pnpm
create command.
- The dependency package path output by the pnpm licenses list
--json command is incorrect.
- Fix a bug in which pnpm deploy fails due to overridden
dependencies having peer dependencies causing
ERR_PNPM_OUTDATED_LOCKFILE #9595.
- update to 10.12.1 (10.2.0 was yanked):
* Minor Changes
- Experimental. Added support for global virtual stores. When
enabled, node_modules contains only symlinks to a central
virtual store, rather to node_modules/.pnpm. By default, this
central store is located at /links (you can find
the store path by running pnpm store path).
In the central virtual store, each package is hard linked
into a directory whose name is the hash of its dependency
graph. This allows multiple projects on the system to symlink
shared dependencies from this central location, significantly
improving installation speed when a warm cache is available.
This is conceptually similar to how NixOS manages packages,
using dependency graph hashes to create isolated and
reusable package directories.
To enable the global virtual store, set
enableGlobalVirtualStore: true in your root
pnpm-workspace.yaml, or globally via:
pnpm config -g set enable-global-virtual-store true
NOTE: In CI environments, where caches are typically cold,
this setting may slow down installation. pnpm automatically
disables the global virtual store when running in CI.
Related PR: #8190
- The pnpm update command now supports updating catalog:
protocol dependencies and writes new specifiers to
pnpm-workspace.yaml.
- A new catalogMode setting is available for controlling if and
how dependencies are added to the default catalog. It can be
configured to several modes:
- strict: Only allows dependency versions from the catalog.
Adding a dependency outside the catalog's version range
will cause an error.
- prefer: Prefers catalog versions, but will fall back to
direct dependencies if no compatible version is found.
- manual (default): Does not automatically add dependencies
to the catalog.
- Added two new CLI options (--save-catalog and
--save-catalog-name=) to pnpm add to save new
dependencies as catalog entries. catalog: or catalog:
will be added to package.json and the package specifier will
be added to the catalogs or catalog[] object in
pnpm-workspace.yaml #9425.
- Semi-breaking. The keys used for side-effects caches have
changed. If you have a side-effects cache generated by a
previous version of pnpm, the new version will not use it and
will create a new cache instead #9605.
- Added a new setting called ci for explicitly telling pnpm if
the current environment is a CI or not.
* Patch Changes
- Sort versions printed by pnpm patch using semantic versioning
rules.
- Improve the way the error message displays mismatched
specifiers. Show differences instead of 2 whole objects
#9598.
- Revert #9574 to fix a regression #9596.
- update to 10.11.1:
* Patch Changes
- Fix an issue in which pnpm deploy --legacy creates unexpected
directories when the root package.json has a workspace
package as a peer dependency #9550.
- Dependencies specified via a URL that redirects will only be
locked to the target if it is immutable, fixing a regression
when installing from GitHub releases. (#9531)
- Installation should not exit with an error if
strictPeerDependencies is true but all issues are ignored by
peerDependencyRules #9505.
- Use pnpm_config_ env variables instead of npm_config_ #9571.
- Fix a regression (in v10.9.0) causing the --lockfile-only
flag on pnpm update to produce a different pnpm-lock.yaml
than an update without the flag.
- Let pnpm deploy work in repos with overrides when
inject-workspace-packages=true #9283.
- Fixed the problem of path loss caused by parsing URL address.
Fixes a regression shipped in pnpm v10.11 via #9502.
- pnpm -r --silent run should not print out section #9563.
- update to 10.11.0:
* Minor Changes
- A new setting added for pnpm init to create a package.json
with type=module, when init-type is module. Works as a flag
for the init command too #9463.
- Added support for Nushell to pnpm setup #6476.
- Added two new flags to the pnpm audit command, --ignore and
--ignore-unfixable #8474.
Ignore all vulnerabilities that have no solution:
> pnpm audit --ignore-unfixable
Provide a list of CVE's to ignore those specifically, even if
they have a resolution.
> pnpm audit --ignore=CVE-2021-1234 --ignore=CVE-2021-5678
- Added support for recursively running pack in every project
of a workspace #4351.
Now you can run pnpm -r pack to pack all packages in the
workspace.
* Patch Changes
- pnpm version management should work, when
dangerouslyAllowAllBuilds is set to true #9472.
- pnpm link should work from inside a workspace #9506.
- Set the default workspaceConcurrency to
Math.min(os.availableParallelism(), 4) #9493.
- Installation should not exit with an error if
strictPeerDependencies is true but all issues are ignored by
peerDependencyRules #9505.
- Read updateConfig from pnpm-workspace.yaml #9500.
- Add support for recursive pack
- Remove url.parse usage to fix warning on Node.js 24 #9492.
- pnpm run should be able to run commands from the workspace
root, if ignoreScripts is set tot true #4858.
- update to 10.10.0:
* Allow loading the preResolution, importPackage, and fetchers
hooks from local pnpmfile.
* Fix cd command, when shellEmulator is true #7838.
* Sort keys in pnpm-workspace.yaml #9453.
* Pass the npm_package_json environment variable to the
executed scripts #9452.
* Fixed a mistake in the description of the --reporter=silent
option.
- update to 10.9.0:
* Minor Changes
- Added support for installing JSR packages. You can now
install JSR packages using the following syntax:
add jsr:
or with a version range:
pnpm add jsr:[pkg_name>@=2.0.0 2.8.0': 'patches/foo.gte2.patch
In most cases, however, it's sufficient to just define an
exact version to override the range.
- pnpm config set --location=project saves the setting to a
pnpm-workspace.yaml file if no .npmrc file is present in the
directory #9316.
- Rename pnpm.allowNonAppliedPatches to
pnpm.allowUnusedPatches. The old name is still supported but
it would print a deprecation warning message.
- Add pnpm.ignorePatchFailures to manage whether pnpm would
ignore patch application failures.
- If ignorePatchFailures is not set, pnpm would throw an
error when patches with exact versions or version ranges
fail to apply, and it would ignore failures from name-only
patches.
- If ignorePatchFailures is explicitly set to false, pnpm
would throw an error when any type of patch fails to apply.
- If ignorePatchFailures is explicitly set to true, pnpm
would print a warning when any type of patch fails to
apply.
* Patch Changes
- Remove dependency paths from audit output to prevent
out-of-memory errors #9280.
- update to 10.6.5:
* Patch Changes
- Remove warnings after having explicitly approved no builds
#9296.
- When installing different dependency packages, should retain
the ignoredBuilds field in the .modules.yaml file #9240.
- Fix usages of the catalog: protocol in injected local
workspace packages. This previously errored with
ERR_PNPM_SPEC_NOT_SUPPORTED_BY_ANY_RESOLVER. #8715
- Setting workspace-concurrency to less than or equal to 0
should work #9297.
- update to 10.6.4:
* Patch Changes
- Fix pnpm dlx with --allow-build flag #9263.
- Invalid Node.js version in use-node-version should not cause
pnpm itself to break #9276.
- The max amount of workers running for linking packages from
the store has been reduced to 4 to achieve optimal results
#9286. The workers are performing many file system
operations, so increasing the number of CPUs doesn't help
performance after some point.
- update to 10.6.3:
* Patch Changes
- pnpm install --prod=false should not crash, when executed in
a project with a pnpm-workspace.yaml file #9233. This fixes
regression introduced via #9211.
- Add the missing node-options config to recursive run #9180.
- Removed a branching code path that only executed when
dedupe-peer-dependents=false. We believe this internal
refactor will not result in behavior changes, but we expect
it to make future pnpm versions behave more consistently for
projects that override dedupe-peer-dependents to false. There
should be less unique bugs from turning off
dedupe-peer-dependents.
See details in #9259.
- update to 10.6.2:
* Patch Changes
- pnpm self-update should always update the version in the
packageManager field of package.json.
- Fix running pnpm CLI from pnpm CLI on Windows when the CLI is
bundled to an executable #8971.
- pnpm patch-commit will now use the same filesystem as the
store directory to compare and create patch files.
- Don't show info output when --loglevel=error is used.
- peerDependencyRules should be set in pnpm-workspace.yaml to
take effect.
- update to 10.6.1:
* Patch Changes
- The pnpm CLI process should not stay hanging, when --silent
reporting is used.
- When --loglevel is set to error, don't show installation
summary, execution time, and big tarball download progress.
- Don't ignore pnpm.patchedDependencies from package.json
#9226.
- When executing the approve-builds command, if package.json
contains onlyBuiltDependencies or ignoredBuiltDependencies,
the selected dependency package will continue to be written
into package.json.
- When a package version cannot be found in the package
metadata, print the registry from which the package was
fetched.
- update to 10.6.0:
* Minor Changes
- pnpm-workspace.yaml can now hold all the settings that .npmrc
accepts. The settings should use camelCase #9211.
pnpm-workspace.yaml example:
verifyDepsBeforeRun: install
optimisticRepeatInstall: true
publicHoistPattern:
- "*types*"
- "!@types/react"
- Projects using a file: dependency on a local tarball file
(i.e. .tgz, .tar.gz, .tar) will see a performance improvement
during installation. Previously, using a file: dependency on
a tarball caused the lockfile resolution step to always run.
The lockfile will now be considered up-to-date if the tarball
is unchanged.
* Patch Changes
- pnpm self-update should not leave a directory with a broken
pnpm installation if the installation fails.
- fast-glob replace with tinyglobby to reduce the size of the
pnpm CLI dependencies #9169.
- pnpm deploy should not remove fields from the deployed
package's package.json file #9215.
- pnpm self-update should not read the pnpm settings from the
package.json file in the current working directory.
- Fix pnpm deploy creating a package.json without the imports
and license field #9193.
- pnpm update -i should list only packages that have newer
versions #9206.
- Fix a bug causing entries in the catalogs section of the
pnpm-lock.yaml file to be removed when
dedupe-peer-dependents=false on a filtered install. #9112
- update to 10.5.2:
* The pnpm config set command should change the global .npmrc
file by default.
This was a regression introduced by #9151 and shipped in pnpm
v10.5.0.
- update to 10.5.1:
* Throw an error message if a pnpm-workspaces.yaml or
pnpm-workspaces.yml file is found instead of a
pnpm-workspace.yaml #9170.
* Fix the update of pnpm-workspace.yaml by the pnpm
approve-builds command #9168.
* Normalize generated link paths in package.json #9163
* Specifying overrides in pnpm-workspace.yaml should work.
* pnpm dlx should ignore settings from the package.json file in
the current working directory #9178.
- update to 10.5.0:
* The pnpm.* settings from package.json can now be specified in
the pnpm-workspace.yaml file instead #9121.
* Added support for automatically syncing files of injected
workspace packages after pnpm run #9081. Use the sync-injected
-deps-after-scripts setting to specify which scripts build
the workspace package. This tells pnpm when syncing is needed.
The setting should be defined in a .npmrc file at the root of
the workspace.
* The packages field in pnpm-workspace.yaml became optional.
* pnpm link with no parameters should work as if --global is
specified #9151
* Allow scope registry CLI option without --config. prefix such
as --@scope:registry= https://scope.example.com/npm #9089
* pnpm link should calculate relative path from the root
of the workspace directory #9132
* Fix a bug causing catalog snapshots to be removed from the
pnpm-lock.yaml file when using --fix-lockfile and --filter. #8639
* Fix a bug causing catalog protocol dependencies to not re-
resolve on a filtered install #8638
- update to 10.4.1:
* Throws an error when the value provided by the --allow-build
option overlaps with the pnpm.ignoredBuildDependencies list #9105.
* Print pnpm's version after the execution time at the end of the console output.
* Print warning about ignored builds of dependencies on repeat install #9106.
* Setting init-package-manager should work.
- includes 10.4.0:
* pnpm approve-builds --global works now for allowing
dependencies of globally installed packages to run
postinstall scripts.
* The pnpm add command now supports a new flag, --allow-build,
which allows building the specified dependencies.
* pnpm approve-builds should work after two consecutive pnpm install runs #9083.
* Fix instruction for updating pnpm with corepack #9101.
* The pnpm version specified by packageManager cannot start with v.
- update to 10.3.0:
* Added a new setting called strict-dep-builds. When enabled,
the installation will exit with a non-zero exit code if any
dependencies have unreviewed build scripts (aka postinstall scripts) #9071.
* Fix a false negative of verify-deps-before-run after pnpm
install --production|--no-optional #9019.
* Print the warning about blocked installation scripts at the
end of the installation output and make it more prominent.
- update to 10.2.1:
* Don't read a package from side-effects cache if it isn't
allowed to be built #9042.
* pnpm approve-builds should work, when executed from a
subdirectory of a workspace #9042.
* pnpm deploy --legacy should work without injected dependencies
* Add information about how to deploy without "injected
dependencies" to the "pnpm deploy" error message.
- includes 10.2.0:
* Packages executed via pnpm dlx and pnpm create are allowed to
be built (run postinstall scripts) by default.
* Quote args for scripts with shell-quote to support new lines
(on POSIX only) #8980.
* Fix a bug in which pnpm deploy fails to read the correct
projectId when the deploy source is the same as the workspace directory #9001.
* Proxy settings should be respected, when resolving Git-hosted
dependencies #6530.
* Prevent overrides from adding invalid version ranges to
peerDependencies by keeping the peerDependencies and
overriding them with prod dependencies #8978.
* Sort the package names in the "pnpm.onlyBuiltDependencies"
list saved by pnpm approve-builds.
- update to 10.1.0:
* Added a new command for printing the list of dependencies
with ignored build scripts: pnpm ignored-builds #8963.
* Added a new command for approving dependencies for running
scripts during installation: pnpm approve-builds #8963.
* Added a new setting called optimistic-repeat-install. When
enabled, a fast check will be performed before proceeding to
installation. This way a repeat install or an install on a
project with everything up-to-date becomes a lot faster. But
some edge cases might arise, so we keep it disabled by
default for now #8977.
* Added a new field "pnpm.ignoredBuiltDependencies" for
explicitly listing packages that should not be built. When a
package is in the list, pnpm will not print an info message
about that package not being built #8935.
* Verify that the package name is valid when executing the
publish command.
* When running pnpm install, the preprepare and postprepare
scripts of the project should be executed #8989.
* Allow workspace: and catalog: to be part of wider version
range in peerDependencies.
* pnpm deploy should inherit the pnpm object from the root
package.json #8991.
* Make sure that the deletion of a node_modules in a sub-
project of a monorepo is detected as out-of-date #8959.
* Fix infinite loop caused by lifecycle scripts using pnpm to
execute other scripts during pnpm install with
verify-deps-before-run=install #8954.
* Replace strip-ansi with the built-in util.
stripVTControlCharacters #9009.
* Do not print patched dependencies as ignored dependencies
that require a build #8952.
- update to 10.0.0:
* Lifecycle scripts of dependencies are not executed during
installation by default! This is a breaking change aimed at
increasing security. In order to allow lifecycle scripts of
specific dependencies, they should be listed in the pnpm
onlyBuiltDependencies field of package.json #8897
* The pnpm link command now adds overrides to the root package.json. #8653
* Secure hashing with SHA256
* Configuration updates
* Changes to the global store
* The # character is now escaped in directory names within
node_modules/.pnpm. #8557
* Running pnpm add --global pnpm or pnpm add --global @pnpm/exe
now fails with an error message, directing you to use pnpm
self-update instead. #8728
* Dependencies added via a URL now record the final resolved
URL in the lockfile, ensuring that any redirects are fully
captured. #8833
* The pnpm deploy command now only works in workspaces that
have inject-workspace-packages=true. This limitation is
introduced to allow us to create a proper lockfile for the
deployed project using the workspace lockfile.
* Removed conversion from lockfile v6 to v9. If you need v6-to-
v9 conversion, use pnpm CLI v9.
* pnpm test now passes all parameters after the test keyword
directly to the underlying script. This matches the behavior
of pnpm run test. Previously you needed to use the -- prefix. #8619
* node-gyp updated to version 11.
* pnpm deploy now tries creating a dedicated lockfile from a
shared lockfile for deployment. It will fallback to
deployment without a lockfile if there is no shared lockfile
or force-legacy-deploy is set to true.
* Added support for a new type of dependencies called
"configurational dependencies". These dependencies are
installed before all the other types of dependencies (befor
"dependencies", "devDependencies", "optionalDependencies").
* New verify-deps-before-run setting. This setting controls how
pnpm checks node_modules before running scripts #8836
* On repeated installs, pnpm performs a quick check to ensure
node_modules is up to date. #8838
* pnpm add integrates with default workspace catalog: #8640
* pnpm dlx now resolves packages to their exact versions and
uses these exact versions for cache keys. This ensures pnpm
dlx always installs the latest requested packages #8811
* No node_modules validation on certain commands. Commands that
should not modify node_modules (e.g., pnpm install --lockfile-
only) no longer validate or purge node_modules. #8657
* for full changes, see https://github.com/pnpm/pnpm/releases/tag/v10.0.0
- update to 9.15.3:
* Fixed the Regex used to find the package manifest during
packing #8938.
* pnpm update --filter --latest should only
change the specified package for the specified workspace, when
dedupe-peer-dependents is set to true #8877.
* Exclude .DS_Store file at patch-commit #8922.
* Fix a bug in which pnpm patch is unable to bring back old patch
without specifying @version suffix #8919.
- update to 9.15.2:
* Fixed publish/pack error with workspace dependencies with
relative paths #8904. It was broken in v9.4.0 (398472c).
* Use double quotes in the command suggestion by pnpm patch on
Windows #7546.
* Do not fall back to SSH, when resolving a git-hosted package if
git ls-remote works via HTTPS #8906.
* Improve how packages with blocked lifecycle scripts are
reported during installation. Always print the list of ignored
scripts at the end of the output. Include a hint about how to
allow the execution of those packages.
- update to version 9.15.1:
* pnpm remove should not link dependencies from the workspace,
when link-workspace-packages is set to false #7674
* Installation with hoisted node_modules should not fail, when
a dependency has itself in its own peer dependencies #8854
- update to version 9.15.0:
* Metadata directory version bumped to force fresh cache after
we shipped a fix to the metadata write function. This change
is backward compatible as install doesn't require a metadata cache
* pnpm update --global should not crash if there are no any
global packages installed #7898
* Fix an exception when running pnpm update --interactive if
catalogs are used.
- update to version 9.14.4:
* Don't ever save mutated metadata to the metadata cache
- includes 9.14.3:
* Some commands should ignore the packageManager field check of
package.json #7959
- update to version 9.14.2:
pnpm publish --json should work #8788
- includes 9.14.1:
* Added support for pnpm pack --json to print packed tarball
and contents in JSON format #8765
* pnpm exec should print a meaningful error message when no
command is provided #8752
* pnpm setup should remove the CLI from the target location
before moving the new binary #8173
* Fix ERR_PNPM_TARBALL_EXTRACT error while installing a
dependency from GitHub having a slash in branch name #7697
* Don't crash if the use-node-version setting is used and the
system has no Node.js installed #8769
* Convert settings in local .npmrc files to their correct types.
For instance, child-concurrency should be a number, not a string #5075
* pnpm should fail if a project requires a different package
manager even if manage-package-manager-versions is set to true
* pnpm init should respect the --dir option #8768
- includes 9.14.0:
* chore: use verify-deps-before-run
* fix(init): --dir option should be respected (#8768)
* feat: support json format output in pnpm pack (#8765)
* fix: pnpm exec should specify command (#8774)
* fix: proper types of settings in local .npmrc files (#8775)
* fix: ERR_PNPM_TARBALL_EXTRACT when the URL's hash contains a slash
* fix: the CLI should fail if a different package manager is
required by the project
* fix: ETXTBSY error on running setup (#8780)
* feat: add linux-riscv64 build (#8779)
* fix: remove link to X from update notifier (#8773)
* docs: update sponsors
* fix: upgrade cross-sapwn (#8782)
* fix: don't crash when use-node-version is set and there is no node.js
* docs: update changesets
- update to version 9.13.2:
* Detection of circular peer dependencies should not crash with
aliased dependencies #8759. Fixes a regression introduced in
the previous version.
* Fix race condition of symlink creations caused by multiple
parallel dlx processes.
- update to version 9.13.1:
* Fixed some edge cases where resolving circular peer
dependencies caused a dead lock #8720
- update to version 9.13.0:
* The self-update now accepts a version specifier to install a
specific version of pnpm.
* Fix Cannot read properties of undefined (reading 'name') that
is printed while trying to render the missing peer
dependencies warning message #8538
- update to version 9.12.3:
* Don't purge node_modules, when typing "n" in the prompt that
asks whether to remove node_modules before installation #8655
* Fix a bug causing pnpm to infinitely spawn itself when manage-
package-manager-versions=true is set and the .tools directory is corrupt
* Use crypto.hash, when available, for improved performance #8629
* Fixed a race condition in temporary file creation in the
store by including worker thread ID in filename. Previously,
multiple worker threads could attempt to use the same
temporary file. Temporary files now include both process ID
and thread ID for uniqueness #8703
* All commands should read settings from the package.json at
the root of the workspace #8667
* When manage-package-manager-versions is set to true, errors
spawning a self-managed version of pnpm will now be shown
(instead of being silent)
* Pass the find command to npm, it is an alias for npm search
- includes 9.12.2:
* When checking whether a file in the store has executable
permissions, the new approach checks if at least one of the
executable bits (owner, group, and others) is set to 1.
Previously, a file was incorrectly considered executable only
when all the executable bits were set to 1. This fix ensures
that files with any executable permission, regardless of the
user class, are now correctly identified as executable #8546
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-packagehub-31=1
Package List:
- openSUSE Leap 16.0:
pnpm-10.22.0-bp160.1.1
pnpm-bash-completion-10.22.0-bp160.1.1
pnpm-fish-completion-10.22.0-bp160.1.1
pnpm-zsh-completion-10.22.0-bp160.1.1
References:
* https://www.suse.com/security/cve/CVE-2021-1234.html
* https://www.suse.com/security/cve/CVE-2021-5678.html
openSUSE-SU-2025-20121-1: critical: Security update for redis
openSUSE security update: security update for redis
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2025-20121-1
Rating: critical
References:
* bsc#1250995
* bsc#1252996
Cross-References:
* CVE-2025-46817
* CVE-2025-46818
* CVE-2025-46819
* CVE-2025-49844
* CVE-2025-62507
CVSS scores:
* CVE-2025-46817 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-46817 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-46818 ( SUSE ): 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-46818 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-46819 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-46819 ( SUSE ): 7.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-49844 ( SUSE ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-49844 ( SUSE ): 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-62507 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-62507 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 5 vulnerabilities and has 2 bug fixes can now be installed.
Description:
This update for redis fixes the following issues:
- Updated to 8.2.3 (boo#1252996 CVE-2025-62507)
* https://github.com/redis/redis/releases/tag/8.2.3
- Security fixes
- (CVE-2025-62507) Bug in `XACKDEL` may lead to stack overflow
and potential RCE
- Bug fixes
- `HGETEX`: A missing `numfields` argument when `FIELDS` is
used can lead to Redis crash
- An overflow in `HyperLogLog` with 2GB+ entries may result in
a Redis crash
- Cuckoo filter - Division by zero in Cuckoo filter insertion
- Cuckoo filter - Counter overflow
- Bloom filter - Arbitrary memory read/write with invalid
filter
- Bloom filter - Out-of-bounds access with empty chain
- Top-k - Out-of-bounds access
- Bloom filter - Restore invalid filter [We thank AWS security
for responsibly disclosing the security bug]
- Updated to 8.2.2 (boo#1250995)
* https://github.com/redis/redis/releases/tag/8.2.2
* Fixed Lua script may lead to remote code execution (CVE-2025-49844).
* Fixed Lua script may lead to integer overflow (CVE-2025-46817).
* Fixed Lua script can be executed in the context of another user
(CVE-2025-46818).
* Fixed LUA out-of-bound read (CVE-2025-46819).
* Fixed potential crash on Lua script or streams and HFE defrag.
* Fixed potential crash when using ACL rules.
* Added VSIM: new EPSILON argument to specify maximum distance.
* Added SVS-VAMANA: allow use of BUILD_INTEL_SVS_OPT flag.
* Added RESP3 serialization performance.
* Added INFO SEARCH: new SVS-VAMANA metrics.
- Updated to 8.2.1
* https://github.com/redis/redis/releases/tag/8.2.1
- Bug fixes
* #14240 INFO KEYSIZES - potential incorrect histogram updates
on cluster mode with modules
* #14274 Disable Active Defrag during flushing replica
* #14276 XADD or XTRIM can crash the server after loading RDB
* #Q6601 Potential crash when running FLUSHDB (MOD-10681)
* Performance and resource utilization
* Query Engine - LeanVec and LVQ proprietary Intel
optimizations were removed from Redis Open Source
* #Q6621 Fix regression in INFO (MOD-10779)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-packagehub-37=1
Package List:
- openSUSE Leap 16.0:
redis-8.2.0-bp160.1.3
References:
* https://www.suse.com/security/cve/CVE-2025-46817.html
* https://www.suse.com/security/cve/CVE-2025-46818.html
* https://www.suse.com/security/cve/CVE-2025-46819.html
* https://www.suse.com/security/cve/CVE-2025-49844.html
* https://www.suse.com/security/cve/CVE-2025-62507.html
openSUSE-SU-2025-20114-1: important: Security update for himmelblau
openSUSE security update: security update for himmelblau
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2025-20114-1
Rating: important
References:
* bsc#1249013
* bsc#1250687
Cross-References:
* CVE-2025-58160
* CVE-2025-59044
CVSS scores:
* CVE-2025-58160 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2025-58160 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-59044 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.
Description:
This update for himmelblau fixes the following issues:
- Update to version 0.9.23+git.0.9776141:
* CVE-2025-59044: Fixed GID collision of same-name groups allowing privilege escalation (bsc#1250687)
* deps(rust): bump the all-cargo-updates group
* CVE-2025-58160: tracing-subscriber: Fixed log pollution (bsc#1249013)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-80=1
Package List:
- openSUSE Leap 16.0:
himmelblau-0.9.23+git.0.9776141-160000.1.1
himmelblau-qr-greeter-0.9.23+git.0.9776141-160000.1.1
himmelblau-sshd-config-0.9.23+git.0.9776141-160000.1.1
himmelblau-sso-0.9.23+git.0.9776141-160000.1.1
libnss_himmelblau2-0.9.23+git.0.9776141-160000.1.1
pam-himmelblau-0.9.23+git.0.9776141-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2025-58160.html
* https://www.suse.com/security/cve/CVE-2025-59044.html
openSUSE-SU-2025-20116-1: moderate: Security update for rnp
openSUSE security update: security update for rnp
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2025-20116-1
Rating: moderate
References:
* bsc#1253957
Cross-References:
* CVE-2025-13402
* CVE-2025-13470
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 2 vulnerabilities and has one bug fix can now be installed.
Description:
This update for rnp fixes the following issues:
- update to 0.18.1:
* CVE-2025-13470: PKESK (public-key encrypted) session keys were
generated as all-zero, allowing trivial decryption of messages
encrypted with public keys only (boo#1253957, CVE-2025-13402)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-packagehub-32=1
Package List:
- openSUSE Leap 16.0:
librnp0-0.18.1-bp160.1.1
rnp-0.18.1-bp160.1.1
rnp-devel-0.18.1-bp160.1.1
References:
* https://www.suse.com/security/cve/CVE-2025-13402.html
* https://www.suse.com/security/cve/CVE-2025-13470.html
openSUSE-SU-2025-20106-1: important: Security update for tomcat11
openSUSE security update: security update for tomcat11
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2025-20106-1
Rating: important
References:
* bsc#1252753
* bsc#1252756
* bsc#1252905
Cross-References:
* CVE-2025-55752
* CVE-2025-55754
* CVE-2025-61795
CVSS scores:
* CVE-2025-55752 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-55752 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55754 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-55754 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-61795 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61795 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.
Description:
This update for tomcat11 fixes the following issues:
Update to Tomcat 11.0.13:
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).
- CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905).
- CVE-2025-61795: Fixed temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-72=1
Package List:
- openSUSE Leap 16.0:
tomcat11-11.0.13-160000.1.1
tomcat11-admin-webapps-11.0.13-160000.1.1
tomcat11-doc-11.0.13-160000.1.1
tomcat11-docs-webapp-11.0.13-160000.1.1
tomcat11-el-6_0-api-11.0.13-160000.1.1
tomcat11-embed-11.0.13-160000.1.1
tomcat11-jsp-4_0-api-11.0.13-160000.1.1
tomcat11-jsvc-11.0.13-160000.1.1
tomcat11-lib-11.0.13-160000.1.1
tomcat11-servlet-6_1-api-11.0.13-160000.1.1
tomcat11-webapps-11.0.13-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2025-55752.html
* https://www.suse.com/security/cve/CVE-2025-55754.html
* https://www.suse.com/security/cve/CVE-2025-61795.html
openSUSE-SU-2025-20099-1: important: Security update for xwayland
openSUSE security update: security update for xwayland
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2025-20099-1
Rating: important
References:
* bsc#1251958
* bsc#1251959
* bsc#1251960
Cross-References:
* CVE-2025-62229
* CVE-2025-62230
* CVE-2025-62231
CVSS scores:
* CVE-2025-62229 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-62229 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-62230 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-62230 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-62231 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-62231 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.
Description:
This update for xwayland fixes the following issues:
- CVE-2025-62229: Fixed use-after-free in XPresentNotify structures creation (bsc#1251958).
- CVE-2025-62230: Fixed use-after-free in Xkb client resource removal (bsc#1251959).
- CVE-2025-62231: Fixed value overflow in Xkb extension XkbSetCompatMap() (bsc#1251960).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-65=1
Package List:
- openSUSE Leap 16.0:
xwayland-24.1.6-160000.3.1
xwayland-devel-24.1.6-160000.3.1
References:
* https://www.suse.com/security/cve/CVE-2025-62229.html
* https://www.suse.com/security/cve/CVE-2025-62230.html
* https://www.suse.com/security/cve/CVE-2025-62231.html
openSUSE-SU-2025-20113-1: moderate: Security update for dovecot24
openSUSE security update: security update for dovecot24
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2025-20113-1
Rating: moderate
References:
* bsc#1252839
Cross-References:
* CVE-2025-30189
CVSS scores:
* CVE-2025-30189 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
* CVE-2025-30189 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves one vulnerability and has one bug fix can now be installed.
Description:
This update for dovecot24 fixes the following issues:
- Update dovecot to 2.4.2:
- CVE-2025-30189: Fixed users cached with same cache key when
auth cache was enabled (bsc#1252839)
- Changes
- auth: Remove proxy_always field.
- config: Change settings history parsing to use python3.
- doveadm: Print table formatter - Print empty values as "-".
- imapc: Propagate remote error codes properly.
- lda: Default mail_home=$HOME environment if not using userdb
lookup
- lib-dcrypt: Salt for new version 2 keys has been increased to
16 bytes.
- lib-dregex: Add libpcre2 based regular expression support to
Dovecot, if the library is missing, disable all regular
expressions. This adds libpcre2-32 as build dependency.
- lib-oauth2: jwt - Allow nbf and iat to point 1 second into
future.
- lib: Replace libicu with our own unicode library. Removes
libicu as build dependency.
- login-common: If proxying fails due to remote having invalid
SSL cert, don't reconnect.
- New features
- auth: Add ssl_client_cert_fp and ssl_client_cert_pubkey_fp
fields
- config: Add support for $SET:filter/path/setting.
- config: Improve @group includes to work with overwriting
their settings.
- doveadm kick: Add support for kicking multiple usernames
- doveadm mailbox status: Add support for deleted status item.
- imap, imap-client: Add experimental partial IMAP4rev2
support.
- imap: Implement support for UTF8=ACCEPT for APPEND
- lib-oauth2, oauth2: Add oauth2_token_expire_grace setting.
- lmtp: lmtp-client - Support command pipelining.
- login-common: Support local/remote blocks better.
- master: accept() unix/inet connections before creating child
process to handle it. This reduces timeouts when child
processes are slow to spawn themselves.
- Bug fixes
- SMTPUTF8 was accepted even when it wasn't enabled.
- auth, *-login: Direct logging with -L parameter was not
working.
- auth: Crash occured when OAUTH token validation failed with
oauth2_use_worker_with_mech=yes.
- auth: Invalid field handling crashes were fixed.
- auth: ldap - Potential crash could happen at deinit.
- auth: mech-gssapi - Server sending empty initial response
would cause errors.
- auth: mech-winbind - GSS-SPNEGO mechanism was erroneously
marked as
- not accepting NUL.
- config: Multiple issues with $SET handling has been fixed.
- configure: Building without LDAP didn't work.
- doveadm: If source user didn't exist, a crash would occur.
- imap, pop3, submission, imap-urlauth: USER environment usage
was broken when running standalone.
- imap-hibernate: Statistics would get truncated on
unhibernation.
- imap: "SEARCH MIMEPART FILENAME ENDS" command could have
accessed memory outside allocated buffer, resulting in a
crash.
- imapc: Fetching partial headers would cause other cached
headers to be cached empty, breaking e.g. imap envelope
responses when caching to disk.
- imapc: Shared namespace's INBOX mailbox was not always
uppercased.
- imapc: imapc_features=guid-forced GUID generation was not
working correctly.
- lda: USER environment was not accepted if -d hasn't been
specified.
- lib-http: http-url - Significant path percent encoding
through parse and create was not preserved. This is mainly
important for Dovecot's Lua bindings for lib-http.
- lib-settings: Crash would occur when using %variables in
SET_FILE type settings.
- lib-storage: Attachment flags were attempted to be added for
readonly mailboxes with mail_attachment_flags=add-flags.
- lib-storage: Root directory for unusable shared namespaces
was unnecessarily attempted to be created.
- lib: Crash would occur when config was reloaded and logging
to syslog.
- login-common: Crash might have occured when login proxy was
destroyed.
- sqlite: The sqlite_journal_mode=wal setting didn't actually
do anything.
- Many other bugs have been fixed.
- Update pigeonhole to 2.4.2
- Changes
- lib-sieve: Use new regular expression library in core.
- managesieve: Add default
service_extra_groups=$SET:default_internal_group.
- New features
- lib-sieve: Add support for "extlists" extension.
- lib-sieve: regex - Allow unicode comparator.
- Bug fixes
- lib-sieve-tool: sieve-tool - All sieve_script settings were
overriden.
- lib-sieve: storage: dict: sieve_script_dict filter was
missing from settings.
- sieve-ldap-storage: Fix compile without LDAP.
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-79=1
Package List:
- openSUSE Leap 16.0:
dovecot24-2.4.2-160000.1.1
dovecot24-backend-mysql-2.4.2-160000.1.1
dovecot24-backend-pgsql-2.4.2-160000.1.1
dovecot24-backend-sqlite-2.4.2-160000.1.1
dovecot24-devel-2.4.2-160000.1.1
dovecot24-fts-2.4.2-160000.1.1
dovecot24-fts-flatcurve-2.4.2-160000.1.1
dovecot24-fts-solr-2.4.2-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2025-30189.html
SUSE-SU-2025:4285-1: important: Security update for the Linux Kernel (Live Patch 62 for SUSE Linux Enterprise 15 SP3)
# Security update for the Linux Kernel (Live Patch 62 for SUSE Linux Enterprise
15 SP3)
Announcement ID: SUSE-SU-2025:4285-1
Release Date: 2025-11-27T22:34:36Z
Rating: important
References:
* bsc#1250295
* bsc#1251228
* bsc#1251983
Cross-References:
* CVE-2022-50388
* CVE-2022-50432
* CVE-2023-53673
CVSS scores:
* CVE-2022-50388 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50388 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-50432 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50432 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53673 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53673 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves three vulnerabilities can now be installed.
## Description:
This update for the SUSE Linux Enterprise kernel 5.3.18-150300.59.221 fixes
various security issues
The following security issues were fixed:
* CVE-2022-50388: nvme: fix multipath crash caused by flush request when
blktrace is enabled (bsc#1250295).
* CVE-2022-50432: kernfs: fix use-after-free in __kernfs_remove (bsc#1251228).
* CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before
deleting conn (bsc#1251983).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-4285=1
* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-4285=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_221-default-debuginfo-2-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_62-debugsource-2-150300.2.1
* kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_221-preempt-2-150300.2.1
* kernel-livepatch-5_3_18-150300_59_221-preempt-debuginfo-2-150300.2.1
## References:
* https://www.suse.com/security/cve/CVE-2022-50388.html
* https://www.suse.com/security/cve/CVE-2022-50432.html
* https://www.suse.com/security/cve/CVE-2023-53673.html
* https://bugzilla.suse.com/show_bug.cgi?id=1250295
* https://bugzilla.suse.com/show_bug.cgi?id=1251228
* https://bugzilla.suse.com/show_bug.cgi?id=1251983
SUSE-SU-2025:4288-1: important: Security update for containerd
# Security update for containerd
Announcement ID: SUSE-SU-2025:4288-1
Release Date: 2025-11-28T08:26:39Z
Rating: important
References:
* bsc#1253126
* bsc#1253132
Cross-References:
* CVE-2024-25621
* CVE-2025-64329
CVSS scores:
* CVE-2024-25621 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-25621 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-25621 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-64329 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-64329 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-64329 ( NVD ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products:
* Basesystem Module 15-SP7
* Containers Module 15-SP6
* Containers Module 15-SP7
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves two vulnerabilities can now be installed.
## Description:
This update for containerd fixes the following issues:
* Update to containerd v1.7.29
* CVE-2024-25621: Fixed an overly broad default permission vulnerability.
(bsc#1253126)
* CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion
on the host. (bsc#1253132)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4288=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4288=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-4288=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-4288=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-4288=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4288=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-4288=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-4288=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-4288=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-4288=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-4288=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4288=1
* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-4288=1
* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2025-4288=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4288=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4288=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4288=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4288=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4288=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4288=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4288=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4288=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4288=1
## Package List:
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* containerd-ctr-1.7.29-150000.128.1
* containerd-1.7.29-150000.128.1
* containerd-devel-1.7.29-150000.128.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* containerd-ctr-1.7.29-150000.128.1
* containerd-1.7.29-150000.128.1
* containerd-devel-1.7.29-150000.128.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* containerd-ctr-1.7.29-150000.128.1
* containerd-1.7.29-150000.128.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* containerd-1.7.29-150000.128.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* containerd-1.7.29-150000.128.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* containerd-ctr-1.7.29-150000.128.1
* containerd-1.7.29-150000.128.1
* containerd-devel-1.7.29-150000.128.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* containerd-1.7.29-150000.128.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* containerd-1.7.29-150000.128.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* containerd-1.7.29-150000.128.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* containerd-1.7.29-150000.128.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* containerd-1.7.29-150000.128.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* containerd-1.7.29-150000.128.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* containerd-ctr-1.7.29-150000.128.1
* containerd-1.7.29-150000.128.1
* containerd-devel-1.7.29-150000.128.1
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* containerd-ctr-1.7.29-150000.128.1
* containerd-devel-1.7.29-150000.128.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* containerd-ctr-1.7.29-150000.128.1
* containerd-1.7.29-150000.128.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* containerd-ctr-1.7.29-150000.128.1
* containerd-1.7.29-150000.128.1
* containerd-devel-1.7.29-150000.128.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* containerd-ctr-1.7.29-150000.128.1
* containerd-1.7.29-150000.128.1
* containerd-devel-1.7.29-150000.128.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* containerd-ctr-1.7.29-150000.128.1
* containerd-1.7.29-150000.128.1
* containerd-devel-1.7.29-150000.128.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* containerd-ctr-1.7.29-150000.128.1
* containerd-1.7.29-150000.128.1
* containerd-devel-1.7.29-150000.128.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* containerd-ctr-1.7.29-150000.128.1
* containerd-1.7.29-150000.128.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* containerd-ctr-1.7.29-150000.128.1
* containerd-1.7.29-150000.128.1
* containerd-devel-1.7.29-150000.128.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* containerd-ctr-1.7.29-150000.128.1
* containerd-1.7.29-150000.128.1
* containerd-devel-1.7.29-150000.128.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* containerd-ctr-1.7.29-150000.128.1
* containerd-1.7.29-150000.128.1
## References:
* https://www.suse.com/security/cve/CVE-2024-25621.html
* https://www.suse.com/security/cve/CVE-2025-64329.html
* https://bugzilla.suse.com/show_bug.cgi?id=1253126
* https://bugzilla.suse.com/show_bug.cgi?id=1253132
SUSE-SU-2025:4291-1: important: Security update for libmicrohttpd
# Security update for libmicrohttpd
Announcement ID: SUSE-SU-2025:4291-1
Release Date: 2025-11-28T09:07:02Z
Rating: important
References:
* bsc#1253177
* bsc#1253178
Cross-References:
* CVE-2025-59777
* CVE-2025-62689
CVSS scores:
* CVE-2025-59777 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-59777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-59777 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-59777 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-62689 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-62689 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-62689 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-62689 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* Desktop Applications Module 15-SP6
* Desktop Applications Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves two vulnerabilities can now be installed.
## Description:
This update for libmicrohttpd fixes the following issues:
* CVE-2025-59777: Fixed NULL pointer dereference via specially crafted packet
sent by an attacker (bsc#1253177)
* CVE-2025-62689: Fixed heap-based buffer overflow via specially crafted
packet sent by an attacker (bsc#1253178)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-4291=1 openSUSE-SLE-15.6-2025-4291=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4291=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4291=1
* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-4291=1
* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-4291=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libmicrohttpd12-debuginfo-0.9.77-150600.3.3.1
* libmicrohttpd12-0.9.77-150600.3.3.1
* libmicrohttpd-devel-0.9.77-150600.3.3.1
* libmicrohttpd-debugsource-0.9.77-150600.3.3.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libmicrohttpd12-debuginfo-0.9.77-150600.3.3.1
* libmicrohttpd12-0.9.77-150600.3.3.1
* libmicrohttpd-debugsource-0.9.77-150600.3.3.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libmicrohttpd12-debuginfo-0.9.77-150600.3.3.1
* libmicrohttpd12-0.9.77-150600.3.3.1
* libmicrohttpd-debugsource-0.9.77-150600.3.3.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libmicrohttpd-devel-0.9.77-150600.3.3.1
* libmicrohttpd-debugsource-0.9.77-150600.3.3.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libmicrohttpd-devel-0.9.77-150600.3.3.1
* libmicrohttpd-debugsource-0.9.77-150600.3.3.1
## References:
* https://www.suse.com/security/cve/CVE-2025-59777.html
* https://www.suse.com/security/cve/CVE-2025-62689.html
* https://bugzilla.suse.com/show_bug.cgi?id=1253177
* https://bugzilla.suse.com/show_bug.cgi?id=1253178
SUSE-SU-2025:4290-1: moderate: Security update for cups
# Security update for cups
Announcement ID: SUSE-SU-2025:4290-1
Release Date: 2025-11-28T09:05:22Z
Rating: moderate
References:
* bsc#1234225
* bsc#1244057
* bsc#1253783
Cross-References:
* CVE-2025-58436
* CVE-2025-61915
CVSS scores:
* CVE-2025-58436 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-58436 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61915 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61915 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* Desktop Applications Module 15-SP6
* Desktop Applications Module 15-SP7
* Development Tools Module 15-SP6
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves two vulnerabilities and has one security fix can now be
installed.
## Description:
This update for cups fixes the following issues:
* CVE-2025-61915: Fixed a local denial-of-service via cupsd.conf update and
related issues. (bsc#1253783)
* CVE-2025-58436: Fixed an issue where a slow client communication leads to a
possible DoS attack. (bsc#1244057)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4290=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-4290=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-4290=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-4290=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-4290=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-4290=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4290=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4290=1
* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-4290=1
* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-4290=1
* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-4290=1
* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-4290=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-4290=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-4290=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* cups-debugsource-2.2.7-150000.3.77.1
* cups-client-debuginfo-2.2.7-150000.3.77.1
* cups-ddk-debuginfo-2.2.7-150000.3.77.1
* libcups2-2.2.7-150000.3.77.1
* libcupsimage2-2.2.7-150000.3.77.1
* libcupsimage2-debuginfo-2.2.7-150000.3.77.1
* libcupsmime1-debuginfo-2.2.7-150000.3.77.1
* libcupsppdc1-2.2.7-150000.3.77.1
* cups-debuginfo-2.2.7-150000.3.77.1
* cups-devel-2.2.7-150000.3.77.1
* libcups2-debuginfo-2.2.7-150000.3.77.1
* libcupscgi1-2.2.7-150000.3.77.1
* libcupsppdc1-debuginfo-2.2.7-150000.3.77.1
* cups-config-2.2.7-150000.3.77.1
* cups-client-2.2.7-150000.3.77.1
* libcupsmime1-2.2.7-150000.3.77.1
* cups-2.2.7-150000.3.77.1
* libcupscgi1-debuginfo-2.2.7-150000.3.77.1
* cups-ddk-2.2.7-150000.3.77.1
* openSUSE Leap 15.6 (x86_64)
* cups-devel-32bit-2.2.7-150000.3.77.1
* libcupsppdc1-32bit-debuginfo-2.2.7-150000.3.77.1
* libcupscgi1-32bit-2.2.7-150000.3.77.1
* libcupsimage2-32bit-2.2.7-150000.3.77.1
* libcupscgi1-32bit-debuginfo-2.2.7-150000.3.77.1
* libcups2-32bit-debuginfo-2.2.7-150000.3.77.1
* libcupsmime1-32bit-2.2.7-150000.3.77.1
* libcupsmime1-32bit-debuginfo-2.2.7-150000.3.77.1
* libcups2-32bit-2.2.7-150000.3.77.1
* libcupsimage2-32bit-debuginfo-2.2.7-150000.3.77.1
* libcupsppdc1-32bit-2.2.7-150000.3.77.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* cups-debugsource-2.2.7-150000.3.77.1
* libcups2-2.2.7-150000.3.77.1
* libcups2-debuginfo-2.2.7-150000.3.77.1
* cups-config-2.2.7-150000.3.77.1
* cups-debuginfo-2.2.7-150000.3.77.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* cups-debugsource-2.2.7-150000.3.77.1
* libcups2-2.2.7-150000.3.77.1
* libcups2-debuginfo-2.2.7-150000.3.77.1
* cups-config-2.2.7-150000.3.77.1
* cups-debuginfo-2.2.7-150000.3.77.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* cups-debugsource-2.2.7-150000.3.77.1
* libcups2-2.2.7-150000.3.77.1
* libcups2-debuginfo-2.2.7-150000.3.77.1
* cups-config-2.2.7-150000.3.77.1
* cups-debuginfo-2.2.7-150000.3.77.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* cups-debugsource-2.2.7-150000.3.77.1
* libcups2-2.2.7-150000.3.77.1
* libcups2-debuginfo-2.2.7-150000.3.77.1
* cups-config-2.2.7-150000.3.77.1
* cups-debuginfo-2.2.7-150000.3.77.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* cups-debugsource-2.2.7-150000.3.77.1
* libcups2-2.2.7-150000.3.77.1
* libcups2-debuginfo-2.2.7-150000.3.77.1
* cups-config-2.2.7-150000.3.77.1
* cups-debuginfo-2.2.7-150000.3.77.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* cups-debugsource-2.2.7-150000.3.77.1
* cups-client-debuginfo-2.2.7-150000.3.77.1
* libcups2-2.2.7-150000.3.77.1
* libcupsimage2-2.2.7-150000.3.77.1
* libcupsimage2-debuginfo-2.2.7-150000.3.77.1
* libcupsmime1-debuginfo-2.2.7-150000.3.77.1
* libcupsppdc1-2.2.7-150000.3.77.1
* libcups2-debuginfo-2.2.7-150000.3.77.1
* cups-devel-2.2.7-150000.3.77.1
* libcupscgi1-2.2.7-150000.3.77.1
* libcupsppdc1-debuginfo-2.2.7-150000.3.77.1
* cups-config-2.2.7-150000.3.77.1
* cups-client-2.2.7-150000.3.77.1
* libcupsmime1-2.2.7-150000.3.77.1
* cups-2.2.7-150000.3.77.1
* libcupscgi1-debuginfo-2.2.7-150000.3.77.1
* cups-debuginfo-2.2.7-150000.3.77.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* cups-debugsource-2.2.7-150000.3.77.1
* cups-client-debuginfo-2.2.7-150000.3.77.1
* libcups2-2.2.7-150000.3.77.1
* libcupsimage2-2.2.7-150000.3.77.1
* libcupsimage2-debuginfo-2.2.7-150000.3.77.1
* libcupsmime1-debuginfo-2.2.7-150000.3.77.1
* libcupsppdc1-2.2.7-150000.3.77.1
* libcups2-debuginfo-2.2.7-150000.3.77.1
* cups-devel-2.2.7-150000.3.77.1
* libcupscgi1-2.2.7-150000.3.77.1
* libcupsppdc1-debuginfo-2.2.7-150000.3.77.1
* cups-config-2.2.7-150000.3.77.1
* cups-client-2.2.7-150000.3.77.1
* libcupsmime1-2.2.7-150000.3.77.1
* cups-2.2.7-150000.3.77.1
* libcupscgi1-debuginfo-2.2.7-150000.3.77.1
* cups-debuginfo-2.2.7-150000.3.77.1
* Desktop Applications Module 15-SP6 (x86_64)
* libcups2-32bit-debuginfo-2.2.7-150000.3.77.1
* libcups2-32bit-2.2.7-150000.3.77.1
* Desktop Applications Module 15-SP7 (x86_64)
* libcups2-32bit-debuginfo-2.2.7-150000.3.77.1
* libcups2-32bit-2.2.7-150000.3.77.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* cups-debugsource-2.2.7-150000.3.77.1
* cups-debuginfo-2.2.7-150000.3.77.1
* cups-ddk-debuginfo-2.2.7-150000.3.77.1
* cups-ddk-2.2.7-150000.3.77.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* cups-debugsource-2.2.7-150000.3.77.1
* cups-debuginfo-2.2.7-150000.3.77.1
* cups-ddk-debuginfo-2.2.7-150000.3.77.1
* cups-ddk-2.2.7-150000.3.77.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* cups-debugsource-2.2.7-150000.3.77.1
* libcups2-2.2.7-150000.3.77.1
* libcups2-debuginfo-2.2.7-150000.3.77.1
* cups-config-2.2.7-150000.3.77.1
* cups-debuginfo-2.2.7-150000.3.77.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* cups-debugsource-2.2.7-150000.3.77.1
* libcups2-2.2.7-150000.3.77.1
* libcups2-debuginfo-2.2.7-150000.3.77.1
* cups-config-2.2.7-150000.3.77.1
* cups-debuginfo-2.2.7-150000.3.77.1
## References:
* https://www.suse.com/security/cve/CVE-2025-58436.html
* https://www.suse.com/security/cve/CVE-2025-61915.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234225
* https://bugzilla.suse.com/show_bug.cgi?id=1244057
* https://bugzilla.suse.com/show_bug.cgi?id=1253783
SUSE-SU-2025:4297-1: low: Security update for python311
# Security update for python311
Announcement ID: SUSE-SU-2025:4297-1
Release Date: 2025-11-28T10:03:44Z
Rating: low
References:
* bsc#1251305
* bsc#1252974
Cross-References:
* CVE-2025-6075
* CVE-2025-8291
CVSS scores:
* CVE-2025-6075 ( SUSE ): 1.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-6075 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-6075 ( NVD ): 1.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-8291 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-8291 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2025-8291 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Affected Products:
* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* Python 3 Module 15-SP6
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves two vulnerabilities can now be installed.
## Description:
This update for python311 fixes the following issues:
Update to 3.11.14:
* CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of
os.path.expandvars() (bsc#1252974)
* CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD)
not checked by the 'zipfile' module (bsc#1251305)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-4297=1 openSUSE-SLE-15.6-2025-4297=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4297=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4297=1
* Python 3 Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-4297=1
* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2025-4297=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libpython3_11-1_0-3.11.14-150600.3.38.1
* python311-curses-debuginfo-3.11.14-150600.3.38.1
* python311-tk-3.11.14-150600.3.38.1
* python311-doc-3.11.14-150600.3.38.1
* python311-doc-devhelp-3.11.14-150600.3.38.1
* python311-tk-debuginfo-3.11.14-150600.3.38.1
* python311-curses-3.11.14-150600.3.38.1
* python311-idle-3.11.14-150600.3.38.1
* python311-tools-3.11.14-150600.3.38.1
* python311-devel-3.11.14-150600.3.38.1
* python311-base-3.11.14-150600.3.38.1
* python311-testsuite-3.11.14-150600.3.38.1
* python311-dbm-3.11.14-150600.3.38.1
* libpython3_11-1_0-debuginfo-3.11.14-150600.3.38.1
* python311-base-debuginfo-3.11.14-150600.3.38.1
* python311-debuginfo-3.11.14-150600.3.38.1
* python311-3.11.14-150600.3.38.1
* python311-dbm-debuginfo-3.11.14-150600.3.38.1
* python311-testsuite-debuginfo-3.11.14-150600.3.38.1
* python311-core-debugsource-3.11.14-150600.3.38.1
* python311-debugsource-3.11.14-150600.3.38.1
* openSUSE Leap 15.6 (x86_64)
* python311-base-32bit-3.11.14-150600.3.38.1
* libpython3_11-1_0-32bit-debuginfo-3.11.14-150600.3.38.1
* python311-32bit-3.11.14-150600.3.38.1
* python311-base-32bit-debuginfo-3.11.14-150600.3.38.1
* libpython3_11-1_0-32bit-3.11.14-150600.3.38.1
* python311-32bit-debuginfo-3.11.14-150600.3.38.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* python311-base-64bit-debuginfo-3.11.14-150600.3.38.1
* python311-64bit-3.11.14-150600.3.38.1
* libpython3_11-1_0-64bit-3.11.14-150600.3.38.1
* python311-base-64bit-3.11.14-150600.3.38.1
* libpython3_11-1_0-64bit-debuginfo-3.11.14-150600.3.38.1
* python311-64bit-debuginfo-3.11.14-150600.3.38.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libpython3_11-1_0-3.11.14-150600.3.38.1
* libpython3_11-1_0-debuginfo-3.11.14-150600.3.38.1
* python311-base-debuginfo-3.11.14-150600.3.38.1
* python311-core-debugsource-3.11.14-150600.3.38.1
* python311-base-3.11.14-150600.3.38.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libpython3_11-1_0-3.11.14-150600.3.38.1
* libpython3_11-1_0-debuginfo-3.11.14-150600.3.38.1
* python311-base-debuginfo-3.11.14-150600.3.38.1
* python311-core-debugsource-3.11.14-150600.3.38.1
* python311-base-3.11.14-150600.3.38.1
* Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* python311-curses-3.11.14-150600.3.38.1
* python311-idle-3.11.14-150600.3.38.1
* python311-dbm-3.11.14-150600.3.38.1
* python311-curses-debuginfo-3.11.14-150600.3.38.1
* python311-devel-3.11.14-150600.3.38.1
* python311-debuginfo-3.11.14-150600.3.38.1
* python311-tools-3.11.14-150600.3.38.1
* python311-3.11.14-150600.3.38.1
* python311-dbm-debuginfo-3.11.14-150600.3.38.1
* python311-core-debugsource-3.11.14-150600.3.38.1
* python311-debugsource-3.11.14-150600.3.38.1
* python311-tk-3.11.14-150600.3.38.1
* python311-tk-debuginfo-3.11.14-150600.3.38.1
* Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* python311-curses-3.11.14-150600.3.38.1
* python311-idle-3.11.14-150600.3.38.1
* python311-dbm-3.11.14-150600.3.38.1
* python311-curses-debuginfo-3.11.14-150600.3.38.1
* python311-devel-3.11.14-150600.3.38.1
* python311-debuginfo-3.11.14-150600.3.38.1
* python311-tools-3.11.14-150600.3.38.1
* python311-3.11.14-150600.3.38.1
* python311-dbm-debuginfo-3.11.14-150600.3.38.1
* python311-core-debugsource-3.11.14-150600.3.38.1
* python311-debugsource-3.11.14-150600.3.38.1
* python311-tk-3.11.14-150600.3.38.1
* python311-tk-debuginfo-3.11.14-150600.3.38.1
## References:
* https://www.suse.com/security/cve/CVE-2025-6075.html
* https://www.suse.com/security/cve/CVE-2025-8291.html
* https://bugzilla.suse.com/show_bug.cgi?id=1251305
* https://bugzilla.suse.com/show_bug.cgi?id=1252974
openSUSE-SU-2025:0446-1: important: Security update for cpp-httplib
openSUSE Security Update: Security update for cpp-httplib
_______________________________
Announcement ID: openSUSE-SU-2025:0446-1
Rating: important
References: #1242777 #1245414 #1246468 #1246471
Cross-References: CVE-2025-46728 CVE-2025-52887 CVE-2025-53628
CVE-2025-53629
CVSS scores:
CVE-2025-46728 (SUSE): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2025-52887 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2025-53628 (SUSE): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
CVE-2025-53629 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for cpp-httplib fixes the following issues:
- CVE-2025-53629: header can allocate memory arbitrarily in the server,
potentially leading to its exhaustion (CVE-2025-53628, boo#1246471)
- CVE-2025-53628: HTTP header smuggling due to insecure trailers merge
(CVE-2025-53628, boo#1246468)
- CVE-2025-52887: number of HTTP header fields not limited, which can lead
to potential exhaustion of system memory (CVE-2025-52887, boo#1245414)
- version update to 0.20.1 0.20.1 (CVE-2025-46728 [boo#1242777])
* Add AF_UNIX support on windows #2115
* Support zstd also via pkg-config #2121
* Fix #2113
* Fix "Unbounded Memory Allocation in Chunked/No-Length Requests" 0.20.0
* server_certificate_verifier extended to reuse built-in verifier #2064
* Assertion failed when destroying httplib::Client
* #2068
* Spaces incorrectly allowed in header field names #2096
* build(meson): copy MountTest.MultibytesPathName files #2098
* Remove SSLInit #2102
* Add zstd support #2088
* Question the behavior of method read_content_without_length #2109
* Crash when calling std::exit while server running or client requests
in flight #2097 0.19.0
* Global timeout feature (same as "--max-time" curl option) #2034
* Fix check for URI length to prevent incorrect HTTP 414 errors 0.18.7
* Potential memory corruption in stream_line_reader #2028
- version update to 0.18.6
* Resolve #2033
* Port/Address re-use #2011
* Invalid Content-Length values should be rejected #2014
* Feature request: ability to check if the connection is still alive
#2017
* Changed to use non-blocking socket in is_ssl_peer_could_be_closed
(258992a)
* Treat out-of-range last_pos as the end of the content #2009
* fix:set_file_content with range request return 416. #2010
* Fix HTTP Response Splitting Vulnerability (9c36aae)
- Update to 0.18.3:
* Bug fixes:
- Regression: Client keep-alive subsequent requests very slow #1997
- 304 Not Modified response stalls until timeout #1998
- Update to 0.18.2:
* Bug fixes:
- Fix the problem that CreateFile2 in mmap::open fails to... #1973
- Default Accept-Encoding header for the client #1975
- SSLClientReconnection fails on Windows #1980
- delay in keep_alive due to sleep #1969
- missing query pararm in httplib::Client::send #1985
- Update to 0.18.1:
* SSLClientServerTest.* tests fail with OpenSSL 3.2.1 (#1798)
* Feat: add CPack support (#1950)
* Keep alive is slowing down shutdown (#1959)
* Allow empty header values (#1965)
- update to 0.18.0:
* httplib.h: support LibreSSL
* Nice way to call "handle_file_request" from user code
* How to diagnose the infamous read error 4
* Made default server and client read/write timeout settings separately
* Slow performance caused by get_remote_ip_and_port and
get_local_ip_and_port
* Provides a way to ignore host verify
* add API support for verify certificate manually
- update to 0.17.3:
* Accessing Directory
* constexpr error
* Only match path params that span full path segment
* Fix KeepAliveTest.SSLClientReconnectionPost problem
- update to 0.17.2:
* Fix incorrect handling of Expect: 100-continue
* Peformance improvement by removing tolower function call
- update to 0.17.1:
* Header parser incorrectly accepts NUL and CR within header values
* Fix problem with Abstract Namespace Unix Domain
* Fix SIGINT problem in Docker image
- update to 0.17.0:
* Changed CPPHTTPLIB_KEEPALIVE_MAX_COUNT to 100
* Add Dockerfile for static file server
* Breaking Change!: get_header_ methods on Request and Response now take
* Add sleep in handle_EINTR
* Added set_ipv6_v6only method
* impossible to shut down the server safely
* Performance: reserve body to avoid frequent reallocations and copies
- update to 0.16.3:
* Fixed set_connection_timeout() unexpected results
* Fix KeepAliveTest.SSLClientReconnectionPost
- update to 0.16.2:
* threadsafe CLOEXEC on platforms that support it
* BoringSSL compatibility fixes
- update to 0.16.1:
* detail::is_socket_alive() is not work for https connection
* avoid memory leaks if linked with static openssl libs
* Allow hex for ipv6 literal addr in redirect
* Fix build on Windows with no WINAPI_PARTITION_APP support
* test: fix GetRangeWithMaxLongLength on 32 bit machines
* Require a minimum of TLS 1.2
- update to 0.16.0:
* Use final keyword for devirtualization
* FindBrotli cleanup and fixes
* client can't open the encrypted private key
* build(meson): generate new test PEMs
* Fix range parser when parsing too many ranges
* fix: increase default receive buffer to 16kb
* Removed excess usage of std::move
* Merge branch 'HerrCai0907-fix'
* Highlight notes using markdown features
* Added progress to POST, PUT, PATCH and DELETE requests
* Tweak CI and fix macOS prefix
* New function SSLServer::update_certs. Allows to update certificates
while server is running
* Change library name to cpp-httplib
- update to 0.15.3:
* Breaking change in handling requests with Range in v0.15.1 and v0.15.2
- update to 0.15.2:
* Severe directory traversal vulnerability (dotdotslash)
- Update to version 0.15.1:
* Malicious requests for many overlapping byte ranges of large files
risk OOM #1766
* Add missing #include for strcasecmp #1744
* ThreadPool: optional limit for jobs queue (#1741)
* Fix #1628 (OpenSSL 1.1.1 End of Life on September 11, 2023)
* Fix Windows std::max macro problem #1750
* Fix select() return code for fd >= 1024 (#1757)
* Add a getter for a bearer token from a request (#1755)
* Support move semantics for Response::set_content() (#1764)
* Treat paths with embedded NUL bytes as invalid (#1765)
* Fix usage of rand() is not seeded and depends on seeding by parent
program #1747
* Fix check request range and fix response Content-Range. #1694
* Fix: Query parameter including query delimiter ('?') not being parsed
properly (#1713)
* Fix #1736
* Fix #1665
* Change some of status messages based on RFC 9110 (#1740)
* Add StatusCode enum (#1739)
* Fix #1738
* Fix #1685
* Fix #1724
* Add optional user defined header writer #1683
* Fix CPPHTTPLIB_ALLOW_LF_AS_LINE_TERMINATOR (#1634)
* Avoid a -Warray-bounds false positive in GCC 13. (#1639)
* Fix #1638
* Removed unnecessary CRLF at the end of multipart ranges data
* Fix #1559
* Use memory mapped file for static file server (#1632)
* Fix #1519
* Fix #1590 (#1630)
* Fix #1619
* Fix #1624
* Compiler freezes on Debian 10 (buster) with GCC 8.3.0 #1613
* Don't overwrite the last redirected location (#1589) # This is a
breaking change.
* Fix #1607
* Add named path parameters parsing (Implements #1587) (#1608)
* Result: allow default constructor (#1609)
* Add support for zOS (#1581)
* Provide a CMake option to disable C++ exceptions (#1580)
* Load in-memory CA certificates (#1579)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2025-446=1
Package List:
- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le x86_64):
cpp-httplib-devel-0.20.1-bp156.2.9.1
libcpp-httplib0_20-0.20.1-bp156.2.9.1
References:
https://www.suse.com/security/cve/CVE-2025-46728.html
https://www.suse.com/security/cve/CVE-2025-52887.html
https://www.suse.com/security/cve/CVE-2025-53628.html
https://www.suse.com/security/cve/CVE-2025-53629.html
https://bugzilla.suse.com/1242777
https://bugzilla.suse.com/1245414
https://bugzilla.suse.com/1246468
https://bugzilla.suse.com/1246471
SUSE-SU-2025:4308-1: moderate: Security update for glib2
# Security update for glib2
Announcement ID: SUSE-SU-2025:4308-1
Release Date: 2025-11-28T15:39:04Z
Rating: moderate
References:
* bsc#1249055
Cross-References:
* CVE-2025-7039
CVSS scores:
* CVE-2025-7039 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-7039 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-7039 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products:
* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for glib2 fixes the following issues:
* CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via
get_tmp_file() (bsc#1249055)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4308=1 SUSE-2025-4308=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4308=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4308=1
## Package List:
* openSUSE Leap 15.6 (noarch)
* gio-branding-upstream-2.78.6-150600.4.22.1
* glib2-lang-2.78.6-150600.4.22.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* glib2-devel-debuginfo-2.78.6-150600.4.22.1
* libglib-2_0-0-2.78.6-150600.4.22.1
* glib2-debugsource-2.78.6-150600.4.22.1
* glib2-tools-2.78.6-150600.4.22.1
* libgmodule-2_0-0-2.78.6-150600.4.22.1
* libgio-2_0-0-debuginfo-2.78.6-150600.4.22.1
* glib2-tools-debuginfo-2.78.6-150600.4.22.1
* glib2-devel-static-2.78.6-150600.4.22.1
* glib2-devel-2.78.6-150600.4.22.1
* libgobject-2_0-0-2.78.6-150600.4.22.1
* glib2-doc-2.78.6-150600.4.22.1
* libgmodule-2_0-0-debuginfo-2.78.6-150600.4.22.1
* libgio-2_0-0-2.78.6-150600.4.22.1
* libgthread-2_0-0-2.78.6-150600.4.22.1
* libglib-2_0-0-debuginfo-2.78.6-150600.4.22.1
* libgobject-2_0-0-debuginfo-2.78.6-150600.4.22.1
* glib2-tests-devel-2.78.6-150600.4.22.1
* libgthread-2_0-0-debuginfo-2.78.6-150600.4.22.1
* glib2-tests-devel-debuginfo-2.78.6-150600.4.22.1
* openSUSE Leap 15.6 (x86_64)
* libgmodule-2_0-0-32bit-2.78.6-150600.4.22.1
* libgthread-2_0-0-32bit-debuginfo-2.78.6-150600.4.22.1
* glib2-devel-32bit-2.78.6-150600.4.22.1
* libgobject-2_0-0-32bit-2.78.6-150600.4.22.1
* libgio-2_0-0-32bit-debuginfo-2.78.6-150600.4.22.1
* glib2-devel-32bit-debuginfo-2.78.6-150600.4.22.1
* libgio-2_0-0-32bit-2.78.6-150600.4.22.1
* glib2-tools-32bit-2.78.6-150600.4.22.1
* libglib-2_0-0-32bit-2.78.6-150600.4.22.1
* libgmodule-2_0-0-32bit-debuginfo-2.78.6-150600.4.22.1
* libgobject-2_0-0-32bit-debuginfo-2.78.6-150600.4.22.1
* glib2-tools-32bit-debuginfo-2.78.6-150600.4.22.1
* libglib-2_0-0-32bit-debuginfo-2.78.6-150600.4.22.1
* libgthread-2_0-0-32bit-2.78.6-150600.4.22.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libglib-2_0-0-64bit-2.78.6-150600.4.22.1
* libgio-2_0-0-64bit-debuginfo-2.78.6-150600.4.22.1
* libgmodule-2_0-0-64bit-debuginfo-2.78.6-150600.4.22.1
* libgobject-2_0-0-64bit-2.78.6-150600.4.22.1
* libgobject-2_0-0-64bit-debuginfo-2.78.6-150600.4.22.1
* glib2-devel-64bit-2.78.6-150600.4.22.1
* libgthread-2_0-0-64bit-debuginfo-2.78.6-150600.4.22.1
* libgmodule-2_0-0-64bit-2.78.6-150600.4.22.1
* glib2-devel-64bit-debuginfo-2.78.6-150600.4.22.1
* libglib-2_0-0-64bit-debuginfo-2.78.6-150600.4.22.1
* glib2-tools-64bit-debuginfo-2.78.6-150600.4.22.1
* libgthread-2_0-0-64bit-2.78.6-150600.4.22.1
* glib2-tools-64bit-2.78.6-150600.4.22.1
* libgio-2_0-0-64bit-2.78.6-150600.4.22.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* glib2-devel-debuginfo-2.78.6-150600.4.22.1
* libgmodule-2_0-0-2.78.6-150600.4.22.1
* glib2-tools-2.78.6-150600.4.22.1
* glib2-debugsource-2.78.6-150600.4.22.1
* libgio-2_0-0-debuginfo-2.78.6-150600.4.22.1
* glib2-tools-debuginfo-2.78.6-150600.4.22.1
* glib2-devel-2.78.6-150600.4.22.1
* libgobject-2_0-0-2.78.6-150600.4.22.1
* libgmodule-2_0-0-debuginfo-2.78.6-150600.4.22.1
* libgio-2_0-0-2.78.6-150600.4.22.1
* libgthread-2_0-0-2.78.6-150600.4.22.1
* libglib-2_0-0-debuginfo-2.78.6-150600.4.22.1
* libgobject-2_0-0-debuginfo-2.78.6-150600.4.22.1
* libgthread-2_0-0-debuginfo-2.78.6-150600.4.22.1
* libglib-2_0-0-2.78.6-150600.4.22.1
* Basesystem Module 15-SP6 (noarch)
* glib2-lang-2.78.6-150600.4.22.1
* Basesystem Module 15-SP6 (x86_64)
* libgmodule-2_0-0-32bit-2.78.6-150600.4.22.1
* libgobject-2_0-0-32bit-2.78.6-150600.4.22.1
* libgio-2_0-0-32bit-debuginfo-2.78.6-150600.4.22.1
* libglib-2_0-0-32bit-2.78.6-150600.4.22.1
* libgio-2_0-0-32bit-2.78.6-150600.4.22.1
* libgmodule-2_0-0-32bit-debuginfo-2.78.6-150600.4.22.1
* libgobject-2_0-0-32bit-debuginfo-2.78.6-150600.4.22.1
* libglib-2_0-0-32bit-debuginfo-2.78.6-150600.4.22.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* glib2-devel-debuginfo-2.78.6-150600.4.22.1
* libgmodule-2_0-0-2.78.6-150600.4.22.1
* glib2-tools-2.78.6-150600.4.22.1
* glib2-debugsource-2.78.6-150600.4.22.1
* libgio-2_0-0-debuginfo-2.78.6-150600.4.22.1
* glib2-tools-debuginfo-2.78.6-150600.4.22.1
* glib2-devel-2.78.6-150600.4.22.1
* libgobject-2_0-0-2.78.6-150600.4.22.1
* libgmodule-2_0-0-debuginfo-2.78.6-150600.4.22.1
* libgio-2_0-0-2.78.6-150600.4.22.1
* libgthread-2_0-0-2.78.6-150600.4.22.1
* libglib-2_0-0-debuginfo-2.78.6-150600.4.22.1
* libgobject-2_0-0-debuginfo-2.78.6-150600.4.22.1
* libgthread-2_0-0-debuginfo-2.78.6-150600.4.22.1
* libglib-2_0-0-2.78.6-150600.4.22.1
* Basesystem Module 15-SP7 (noarch)
* glib2-lang-2.78.6-150600.4.22.1
* Basesystem Module 15-SP7 (x86_64)
* libgmodule-2_0-0-32bit-2.78.6-150600.4.22.1
* libgobject-2_0-0-32bit-2.78.6-150600.4.22.1
* libgio-2_0-0-32bit-debuginfo-2.78.6-150600.4.22.1
* libglib-2_0-0-32bit-2.78.6-150600.4.22.1
* libgio-2_0-0-32bit-2.78.6-150600.4.22.1
* libgmodule-2_0-0-32bit-debuginfo-2.78.6-150600.4.22.1
* libgobject-2_0-0-32bit-debuginfo-2.78.6-150600.4.22.1
* libglib-2_0-0-32bit-debuginfo-2.78.6-150600.4.22.1
## References:
* https://www.suse.com/security/cve/CVE-2025-7039.html
* https://bugzilla.suse.com/show_bug.cgi?id=1249055
SUSE-SU-2025:4310-1: moderate: Security update for libcryptopp
# Security update for libcryptopp
Announcement ID: SUSE-SU-2025:4310-1
Release Date: 2025-11-28T15:54:51Z
Rating: moderate
References:
* bsc#1218217
Cross-References:
* CVE-2023-50979
CVSS scores:
* CVE-2023-50979 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-50979 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for libcryptopp fixes the following issues:
* CVE-2023-50979: Fixed side-channel leakage during decryption with PKCS#1v1.5
padding. (bsc#1218217)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4310=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4310=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4310=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4310=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libcryptopp-devel-8.6.0-150400.3.12.1
* libcryptopp8_6_0-8.6.0-150400.3.12.1
* libcryptopp-debugsource-8.6.0-150400.3.12.1
* libcryptopp8_6_0-debuginfo-8.6.0-150400.3.12.1
* openSUSE Leap 15.6 (x86_64)
* libcryptopp8_6_0-32bit-debuginfo-8.6.0-150400.3.12.1
* libcryptopp8_6_0-32bit-8.6.0-150400.3.12.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libcryptopp-devel-8.6.0-150400.3.12.1
* libcryptopp8_6_0-8.6.0-150400.3.12.1
* libcryptopp-debugsource-8.6.0-150400.3.12.1
* libcryptopp8_6_0-debuginfo-8.6.0-150400.3.12.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libcryptopp-devel-8.6.0-150400.3.12.1
* libcryptopp8_6_0-8.6.0-150400.3.12.1
* libcryptopp-debugsource-8.6.0-150400.3.12.1
* libcryptopp8_6_0-debuginfo-8.6.0-150400.3.12.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libcryptopp-devel-8.6.0-150400.3.12.1
* libcryptopp8_6_0-8.6.0-150400.3.12.1
* libcryptopp-debugsource-8.6.0-150400.3.12.1
* libcryptopp8_6_0-debuginfo-8.6.0-150400.3.12.1
* openSUSE Leap 15.4 (x86_64)
* libcryptopp8_6_0-32bit-debuginfo-8.6.0-150400.3.12.1
* libcryptopp8_6_0-32bit-8.6.0-150400.3.12.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libcryptopp8_6_0-64bit-8.6.0-150400.3.12.1
* libcryptopp8_6_0-64bit-debuginfo-8.6.0-150400.3.12.1
## References:
* https://www.suse.com/security/cve/CVE-2023-50979.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218217
SUSE-SU-2025:4301-1: important: Security update for the Linux Kernel
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2025:4301-1
Release Date: 2025-11-28T12:59:12Z
Rating: important
References:
* bsc#1012628
* bsc#1214954
* bsc#1215143
* bsc#1215199
* bsc#1216396
* bsc#1220419
* bsc#1236743
* bsc#1239206
* bsc#1244939
* bsc#1246244
* bsc#1248211
* bsc#1248230
* bsc#1248517
* bsc#1248630
* bsc#1248754
* bsc#1248886
* bsc#1249161
* bsc#1249182
* bsc#1249224
* bsc#1249286
* bsc#1249302
* bsc#1249317
* bsc#1249319
* bsc#1249320
* bsc#1249512
* bsc#1249595
* bsc#1249608
* bsc#1250032
* bsc#1250119
* bsc#1250202
* bsc#1250205
* bsc#1250237
* bsc#1250274
* bsc#1250296
* bsc#1250379
* bsc#1250400
* bsc#1250455
* bsc#1250491
* bsc#1250519
* bsc#1250650
* bsc#1250702
* bsc#1250704
* bsc#1250721
* bsc#1250742
* bsc#1250946
* bsc#1251024
* bsc#1251027
* bsc#1251028
* bsc#1251031
* bsc#1251035
* bsc#1251038
* bsc#1251043
* bsc#1251045
* bsc#1251052
* bsc#1251053
* bsc#1251054
* bsc#1251056
* bsc#1251057
* bsc#1251059
* bsc#1251060
* bsc#1251065
* bsc#1251066
* bsc#1251067
* bsc#1251068
* bsc#1251071
* bsc#1251076
* bsc#1251079
* bsc#1251081
* bsc#1251083
* bsc#1251084
* bsc#1251100
* bsc#1251105
* bsc#1251106
* bsc#1251108
* bsc#1251113
* bsc#1251114
* bsc#1251119
* bsc#1251123
* bsc#1251126
* bsc#1251132
* bsc#1251134
* bsc#1251143
* bsc#1251146
* bsc#1251150
* bsc#1251152
* bsc#1251153
* bsc#1251159
* bsc#1251161
* bsc#1251170
* bsc#1251177
* bsc#1251180
* bsc#1251206
* bsc#1251215
* bsc#1251216
* bsc#1251222
* bsc#1251230
* bsc#1251232
* bsc#1251233
* bsc#1251247
* bsc#1251268
* bsc#1251269
* bsc#1251270
* bsc#1251282
* bsc#1251283
* bsc#1251286
* bsc#1251290
* bsc#1251319
* bsc#1251321
* bsc#1251323
* bsc#1251328
* bsc#1251529
* bsc#1251721
* bsc#1251732
* bsc#1251742
* bsc#1251743
* bsc#1251746
* bsc#1251748
* bsc#1251749
* bsc#1251750
* bsc#1251754
* bsc#1251755
* bsc#1251756
* bsc#1251758
* bsc#1251759
* bsc#1251760
* bsc#1251762
* bsc#1251763
* bsc#1251764
* bsc#1251769
* bsc#1251771
* bsc#1251772
* bsc#1251777
* bsc#1251780
* bsc#1251804
* bsc#1251810
* bsc#1251930
* bsc#1251967
* bsc#1252033
* bsc#1252035
* bsc#1252039
* bsc#1252044
* bsc#1252047
* bsc#1252051
* bsc#1252052
* bsc#1252056
* bsc#1252060
* bsc#1252062
* bsc#1252064
* bsc#1252065
* bsc#1252069
* bsc#1252070
* bsc#1252072
* bsc#1252074
* bsc#1252075
* bsc#1252078
* bsc#1252079
* bsc#1252082
* bsc#1252083
* bsc#1252236
* bsc#1252265
* bsc#1252269
* bsc#1252332
* bsc#1252336
* bsc#1252346
* bsc#1252348
* bsc#1252349
* bsc#1252364
* bsc#1252479
* bsc#1252481
* bsc#1252489
* bsc#1252490
* bsc#1252492
* bsc#1252495
* bsc#1252496
* bsc#1252499
* bsc#1252534
* bsc#1252536
* bsc#1252537
* bsc#1252550
* bsc#1252553
* bsc#1252559
* bsc#1252561
* bsc#1252564
* bsc#1252565
* bsc#1252566
* bsc#1252632
* bsc#1252668
* bsc#1252678
* bsc#1252679
* bsc#1252685
* bsc#1252688
* bsc#1252772
* bsc#1252774
* bsc#1252775
* bsc#1252785
* bsc#1252787
* bsc#1252789
* bsc#1252797
* bsc#1252822
* bsc#1252826
* bsc#1252841
* bsc#1252848
* bsc#1252849
* bsc#1252850
* bsc#1252851
* bsc#1252854
* bsc#1252858
* bsc#1252865
* bsc#1252866
* bsc#1252873
* bsc#1252902
* bsc#1252904
* bsc#1252909
* bsc#1252918
* bsc#1252939
* jsc#PED-3527
* jsc#PED-4593
* jsc#PED-4876
* jsc#PED-5065
* jsc#PED-5475
* jsc#PED-5477
* jsc#PED-5511
* jsc#PED-5853
* jsc#PED-6012
* jsc#PED-6041
* jsc#PED-6054
* jsc#PED-6068
* jsc#PED-6069
* jsc#PED-6070
* jsc#PED-6071
* jsc#PED-6116
* jsc#PED-6120
* jsc#PED-6121
* jsc#PED-6811
* jsc#PED-7542
Cross-References:
* CVE-2023-53538
* CVE-2023-53539
* CVE-2023-53540
* CVE-2023-53541
* CVE-2023-53543
* CVE-2023-53545
* CVE-2023-53546
* CVE-2023-53548
* CVE-2023-53550
* CVE-2023-53552
* CVE-2023-53553
* CVE-2023-53554
* CVE-2023-53555
* CVE-2023-53556
* CVE-2023-53557
* CVE-2023-53558
* CVE-2023-53559
* CVE-2023-53560
* CVE-2023-53563
* CVE-2023-53568
* CVE-2023-53570
* CVE-2023-53572
* CVE-2023-53574
* CVE-2023-53575
* CVE-2023-53577
* CVE-2023-53579
* CVE-2023-53580
* CVE-2023-53581
* CVE-2023-53583
* CVE-2023-53585
* CVE-2023-53588
* CVE-2023-53593
* CVE-2023-53596
* CVE-2023-53597
* CVE-2023-53599
* CVE-2023-53600
* CVE-2023-53601
* CVE-2023-53602
* CVE-2023-53603
* CVE-2023-53611
* CVE-2023-53613
* CVE-2023-53615
* CVE-2023-53616
* CVE-2023-53617
* CVE-2023-53618
* CVE-2023-53619
* CVE-2023-53621
* CVE-2023-53622
* CVE-2023-53631
* CVE-2023-53632
* CVE-2023-53633
* CVE-2023-53638
* CVE-2023-53645
* CVE-2023-53646
* CVE-2023-53647
* CVE-2023-53648
* CVE-2023-53649
* CVE-2023-53650
* CVE-2023-53652
* CVE-2023-53653
* CVE-2023-53654
* CVE-2023-53656
* CVE-2023-53657
* CVE-2023-53658
* CVE-2023-53659
* CVE-2023-53660
* CVE-2023-53662
* CVE-2023-53663
* CVE-2023-53665
* CVE-2023-53666
* CVE-2023-53668
* CVE-2023-53670
* CVE-2023-53672
* CVE-2023-53673
* CVE-2023-53674
* CVE-2023-53681
* CVE-2023-53686
* CVE-2023-53687
* CVE-2023-53693
* CVE-2023-53697
* CVE-2023-53698
* CVE-2023-53699
* CVE-2023-53703
* CVE-2023-53704
* CVE-2023-53707
* CVE-2023-53708
* CVE-2023-53711
* CVE-2023-53713
* CVE-2023-53718
* CVE-2023-53721
* CVE-2023-53722
* CVE-2023-53725
* CVE-2023-53726
* CVE-2023-53727
* CVE-2023-53728
* CVE-2023-53729
* CVE-2023-53730
* CVE-2023-53731
* CVE-2023-53733
* CVE-2025-38008
* CVE-2025-38539
* CVE-2025-38552
* CVE-2025-38653
* CVE-2025-38699
* CVE-2025-38700
* CVE-2025-38718
* CVE-2025-39673
* CVE-2025-39676
* CVE-2025-39683
* CVE-2025-39697
* CVE-2025-39702
* CVE-2025-39756
* CVE-2025-39794
* CVE-2025-39797
* CVE-2025-39812
* CVE-2025-39813
* CVE-2025-39828
* CVE-2025-39841
* CVE-2025-39851
* CVE-2025-39866
* CVE-2025-39876
* CVE-2025-39881
* CVE-2025-39895
* CVE-2025-39902
* CVE-2025-39911
* CVE-2025-39931
* CVE-2025-39934
* CVE-2025-39937
* CVE-2025-39938
* CVE-2025-39945
* CVE-2025-39946
* CVE-2025-39947
* CVE-2025-39948
* CVE-2025-39949
* CVE-2025-39952
* CVE-2025-39955
* CVE-2025-39957
* CVE-2025-39965
* CVE-2025-39967
* CVE-2025-39968
* CVE-2025-39969
* CVE-2025-39970
* CVE-2025-39971
* CVE-2025-39972
* CVE-2025-39973
* CVE-2025-39978
* CVE-2025-39981
* CVE-2025-39982
* CVE-2025-39985
* CVE-2025-39986
* CVE-2025-39987
* CVE-2025-39988
* CVE-2025-39991
* CVE-2025-39993
* CVE-2025-39994
* CVE-2025-39995
* CVE-2025-39996
* CVE-2025-39997
* CVE-2025-40000
* CVE-2025-40005
* CVE-2025-40010
* CVE-2025-40011
* CVE-2025-40013
* CVE-2025-40016
* CVE-2025-40018
* CVE-2025-40019
* CVE-2025-40020
* CVE-2025-40029
* CVE-2025-40032
* CVE-2025-40035
* CVE-2025-40036
* CVE-2025-40043
* CVE-2025-40044
* CVE-2025-40049
* CVE-2025-40051
* CVE-2025-40052
* CVE-2025-40056
* CVE-2025-40058
* CVE-2025-40060
* CVE-2025-40061
* CVE-2025-40062
* CVE-2025-40071
* CVE-2025-40078
* CVE-2025-40080
* CVE-2025-40082
* CVE-2025-40085
* CVE-2025-40087
* CVE-2025-40088
* CVE-2025-40096
* CVE-2025-40100
CVSS scores:
* CVE-2023-53538 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53538 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53539 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53539 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2023-53540 ( SUSE ): 7.1
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53540 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53541 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53541 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2023-53543 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53545 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2023-53545 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53546 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53548 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53548 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53550 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53552 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53553 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53554 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53555 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53556 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53557 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53558 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53559 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53560 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53563 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53568 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53570 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53572 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53574 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53574 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53575 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53575 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2023-53577 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53579 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53580 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53580 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53581 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53581 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53583 ( SUSE ): 0.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2023-53583 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N
* CVE-2023-53585 ( SUSE ): 4.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2023-53585 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-53588 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2023-53588 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-53593 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53593 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53596 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53599 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53600 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53601 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53602 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53602 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53603 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53603 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53611 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53613 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53616 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53616 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2023-53617 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53618 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53618 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53619 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53619 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53621 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53621 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53622 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53622 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2023-53631 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53632 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53633 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2023-53633 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-53638 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53638 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53645 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53646 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53647 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53648 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53648 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53649 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-53650 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53650 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53652 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2023-53652 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-53653 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53653 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53654 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53654 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53656 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53656 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53657 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53657 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53658 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53658 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53659 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53659 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53660 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53662 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53662 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53663 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53663 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
* CVE-2023-53665 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53665 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2023-53666 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53666 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53668 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2023-53668 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-53670 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2023-53670 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-53672 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53672 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53673 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53673 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53674 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2023-53674 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-53681 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53681 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53686 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53686 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53687 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2023-53687 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-53693 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53693 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53697 ( SUSE ): 4.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2023-53697 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-53698 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2023-53698 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-53699 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53699 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53703 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2023-53703 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-53704 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2023-53704 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-53707 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53707 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53708 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2023-53708 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-53711 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2023-53711 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-53713 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53713 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53718 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53718 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2023-53721 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53721 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2023-53722 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53722 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53725 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2023-53725 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-53726 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2023-53726 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-53727 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53727 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53728 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53728 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2023-53729 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53729 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2023-53730 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53730 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53731 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53731 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53733 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2023-53733 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-38008 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38008 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-38008 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38539 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38539 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-38552 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38552 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-38653 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38653 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-38699 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-38700 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38700 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-38718 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39673 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39676 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39683 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39697 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39702 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39756 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39794 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39794 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39797 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39797 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39797 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39812 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-39812 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-39813 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39828 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-39828 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-39841 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39851 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39866 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39866 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39876 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39881 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39895 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39895 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39902 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39902 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39911 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39931 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39934 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39937 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39938 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39945 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39945 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39946 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39947 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39947 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39948 ( SUSE ): 5.3
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-39948 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-39949 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39949 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-39952 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39952 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-39955 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39955 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-39957 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-39957 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-39965 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39965 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-39967 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39967 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-39968 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-39968 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-39969 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-39969 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2025-39970 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39970 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-39971 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39971 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-39972 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39972 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-39973 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39978 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39978 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39981 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39981 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39985 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39986 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39987 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39988 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39991 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39993 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39994 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39995 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39996 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39997 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40000 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40005 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40005 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-40010 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40010 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40011 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40011 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40013 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40016 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-40016 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-40018 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40019 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40019 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40020 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40020 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40029 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40029 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40032 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40032 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40035 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40036 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40043 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40043 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-40044 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40044 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-40049 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40049 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-40051 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40052 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40056 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40056 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40058 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40060 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40061 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40062 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40071 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40078 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40080 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40085 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40085 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40087 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40088 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40088 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-40096 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40096 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-40100 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40100 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Real Time Module 15-SP6
An update that solves 190 vulnerabilities, contains 20 features and has 25
security fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP6 RT kernel was updated to fix various security
issues
The following security issues were fixed:
* CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory
handling (bsc#1244939).
* CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister
notifier (bsc#1248211).
* CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation
(bsc#1248230).
* CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for
proc_read_iter et.al (bsc#1248630).
* CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).
* CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if
memory is allocated (bsc#1249182).
* CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv
(bsc#1249161).
* CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path
(bsc#1249320).
* CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference
(bsc#1249302).
* CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user
failed (bsc#1249286).
* CVE-2025-39697: nfs: remove dead code for the old swap over NFS
implementation (bsc#1249319 bsc#1252236).
* CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time
(bsc#1249317).
* CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding
INT_MAX (bsc#1249512).
* CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).
* CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk()
(bsc#1250202).
* CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during
ftrace_dump (bsc#1250032).
* CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in
atmtcp_recv_control() (bsc#1250205).
* CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop
object (bsc#1250296).
* CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty()
(bsc#1250455).
* CVE-2025-39876: net: fec: Fix possible NPD in
fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
* CVE-2025-39881: kernfs: Fix UAF in polling when open file is released
(bsc#1250379).
* CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline
(bsc#1250721).
* CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in
object_err() (bsc#1250702).
* CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error
path (bsc#1250704).
* CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task
(bsc#1251230).
* CVE-2025-39946: tls: make sure to abort the stream if headers are bogus
(bsc#1251114).
* CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind
(bsc#1251232).
* CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
* CVE-2025-39949: qed: Don't collect too many protection override GRC elements
(bsc#1251177).
* CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect()
(bsc#1251804).
* CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
* CVE-2025-39969: i40e: fix validation of VF state in get resources
(bsc#1252044).
* CVE-2025-39970: i40e: fix input validation logic for action_meta
(bsc#1252051).
* CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
* CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map
(bsc#1252039).
* CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
* CVE-2025-39978: octeontx2-pf: Fix potential use after free in
otx2_tc_add_flow() (bsc#1252069).
* CVE-2025-40000: wifi: rtw89: fix use-after-free in
rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
* CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind
during busy (bsc#1252349).
* CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup
(bsc#1252688).
* CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
* CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check
(bsc#1252826).
* CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures
(bsc#1252848).
* CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr
(bsc#1252789).
* CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
* CVE-2025-40100: btrfs: do not assert we found block group item when creating
free space tree (bsc#1252918).
The following non security issues were fixed:
* ACPI: battery: Add synchronization between interface updates (git-fixes).
* KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter()
(bsc#1215199).
* KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).
* KVM: x86: Process "guest stopped request" once per guest time update (git-
fixes).
* bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types
(bsc#1252364).
* cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()
(stable-fixes git-fixes).
* drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table()
(git-fixes).
* ext4: fix checks for orphan inodes (bsc#1250119).
* hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).
* kdb: Replace deprecated strcpy() with memmove() in vkdb_printf()
(bsc#1252939).
* module: Prevent silent truncation of module name in delete_module(2) (git-
fixes).
* net: mana: Use page pool fragments for RX buffers instead of full pages to
improve memory efficiency (bsc#1248754).
* netfilter: nft_objref: validate objref and objrefmap expressions
(bsc#1250237). No CVE available yet, please see the bugzilla ticket
referenced.
* perf/x86/intel: Allow to update user space GPRs from PEBS records (git-
fixes).
* perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).
* phy: cadence: cdns-dphy: Update calibration wait time for startup state
machine (git-fixes).
* powerpc/boot: Fix build with gcc 15 (bsc#1215199).
* powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
* powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
* powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
* powerpc: export MIN RMA size (bsc#1236743 ltc#211409).
* powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
* powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409
bsc#1252269 ltc#215957).
* proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
* proc: fix type confusion in pde_set_flags() (bsc#1248630)
* sched/idle: Conditionally handle tick broadcast in default_idle_call()
(bsc#1248517).
* serial: jsm: fix NPE during jsm_uart_port_init (git fixes, bsc#1246244).
* skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).
* smb: client: fix crypto buffers in non-linear memory (bsc#1250491,
bsc#1239206).
* smb: client: fix potential cfid UAF in smb2_query_info_compound
(bsc#1248886).
* tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
* tracing: Remove unneeded goto out logic (bsc#1249286).
* x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Real Time Module 15-SP6
zypper in -t patch SUSE-SLE-Module-RT-15-SP6-2025-4301=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4301=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-4301=1
## Package List:
* SUSE Real Time Module 15-SP6 (x86_64)
* dlm-kmp-rt-6.4.0-150600.10.58.1
* gfs2-kmp-rt-debuginfo-6.4.0-150600.10.58.1
* kernel-rt-debuginfo-6.4.0-150600.10.58.1
* kernel-rt-debugsource-6.4.0-150600.10.58.1
* kernel-rt_debug-devel-debuginfo-6.4.0-150600.10.58.1
* dlm-kmp-rt-debuginfo-6.4.0-150600.10.58.1
* kernel-syms-rt-6.4.0-150600.10.58.1
* cluster-md-kmp-rt-debuginfo-6.4.0-150600.10.58.1
* kernel-rt-devel-debuginfo-6.4.0-150600.10.58.1
* ocfs2-kmp-rt-6.4.0-150600.10.58.1
* kernel-rt-devel-6.4.0-150600.10.58.1
* gfs2-kmp-rt-6.4.0-150600.10.58.1
* kernel-rt_debug-debuginfo-6.4.0-150600.10.58.1
* cluster-md-kmp-rt-6.4.0-150600.10.58.1
* kernel-rt_debug-debugsource-6.4.0-150600.10.58.1
* kernel-rt_debug-devel-6.4.0-150600.10.58.1
* ocfs2-kmp-rt-debuginfo-6.4.0-150600.10.58.1
* SUSE Real Time Module 15-SP6 (noarch)
* kernel-devel-rt-6.4.0-150600.10.58.1
* kernel-source-rt-6.4.0-150600.10.58.1
* SUSE Real Time Module 15-SP6 (nosrc x86_64)
* kernel-rt_debug-6.4.0-150600.10.58.1
* kernel-rt-6.4.0-150600.10.58.1
* openSUSE Leap 15.6 (x86_64)
* kernel-rt-debugsource-6.4.0-150600.10.58.1
* kernel-rt-livepatch-devel-6.4.0-150600.10.58.1
* kernel-rt-optional-debuginfo-6.4.0-150600.10.58.1
* kselftests-kmp-rt-6.4.0-150600.10.58.1
* dlm-kmp-rt-debuginfo-6.4.0-150600.10.58.1
* reiserfs-kmp-rt-6.4.0-150600.10.58.1
* kernel-rt_debug-vdso-debuginfo-6.4.0-150600.10.58.1
* cluster-md-kmp-rt-debuginfo-6.4.0-150600.10.58.1
* ocfs2-kmp-rt-6.4.0-150600.10.58.1
* kselftests-kmp-rt-debuginfo-6.4.0-150600.10.58.1
* gfs2-kmp-rt-debuginfo-6.4.0-150600.10.58.1
* kernel-rt_debug-devel-debuginfo-6.4.0-150600.10.58.1
* kernel-rt_debug-vdso-6.4.0-150600.10.58.1
* gfs2-kmp-rt-6.4.0-150600.10.58.1
* kernel-rt-vdso-debuginfo-6.4.0-150600.10.58.1
* kernel-rt-extra-debuginfo-6.4.0-150600.10.58.1
* kernel-syms-rt-6.4.0-150600.10.58.1
* kernel-rt-devel-debuginfo-6.4.0-150600.10.58.1
* kernel-rt_debug-devel-6.4.0-150600.10.58.1
* kernel-rt_debug-debugsource-6.4.0-150600.10.58.1
* kernel-rt-optional-6.4.0-150600.10.58.1
* ocfs2-kmp-rt-debuginfo-6.4.0-150600.10.58.1
* dlm-kmp-rt-6.4.0-150600.10.58.1
* kernel-rt-debuginfo-6.4.0-150600.10.58.1
* kernel-rt-devel-6.4.0-150600.10.58.1
* reiserfs-kmp-rt-debuginfo-6.4.0-150600.10.58.1
* kernel-rt_debug-debuginfo-6.4.0-150600.10.58.1
* cluster-md-kmp-rt-6.4.0-150600.10.58.1
* kernel-rt-extra-6.4.0-150600.10.58.1
* kernel-rt-vdso-6.4.0-150600.10.58.1
* openSUSE Leap 15.6 (noarch)
* kernel-devel-rt-6.4.0-150600.10.58.1
* kernel-source-rt-6.4.0-150600.10.58.1
* openSUSE Leap 15.6 (nosrc x86_64)
* kernel-rt_debug-6.4.0-150600.10.58.1
* kernel-rt-6.4.0-150600.10.58.1
* SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
* kernel-livepatch-6_4_0-150600_10_58-rt-1-150600.1.3.1
* kernel-livepatch-6_4_0-150600_10_58-rt-debuginfo-1-150600.1.3.1
## References:
* https://www.suse.com/security/cve/CVE-2023-53538.html
* https://www.suse.com/security/cve/CVE-2023-53539.html
* https://www.suse.com/security/cve/CVE-2023-53540.html
* https://www.suse.com/security/cve/CVE-2023-53541.html
* https://www.suse.com/security/cve/CVE-2023-53543.html
* https://www.suse.com/security/cve/CVE-2023-53545.html
* https://www.suse.com/security/cve/CVE-2023-53546.html
* https://www.suse.com/security/cve/CVE-2023-53548.html
* https://www.suse.com/security/cve/CVE-2023-53550.html
* https://www.suse.com/security/cve/CVE-2023-53552.html
* https://www.suse.com/security/cve/CVE-2023-53553.html
* https://www.suse.com/security/cve/CVE-2023-53554.html
* https://www.suse.com/security/cve/CVE-2023-53555.html
* https://www.suse.com/security/cve/CVE-2023-53556.html
* https://www.suse.com/security/cve/CVE-2023-53557.html
* https://www.suse.com/security/cve/CVE-2023-53558.html
* https://www.suse.com/security/cve/CVE-2023-53559.html
* https://www.suse.com/security/cve/CVE-2023-53560.html
* https://www.suse.com/security/cve/CVE-2023-53563.html
* https://www.suse.com/security/cve/CVE-2023-53568.html
* https://www.suse.com/security/cve/CVE-2023-53570.html
* https://www.suse.com/security/cve/CVE-2023-53572.html
* https://www.suse.com/security/cve/CVE-2023-53574.html
* https://www.suse.com/security/cve/CVE-2023-53575.html
* https://www.suse.com/security/cve/CVE-2023-53577.html
* https://www.suse.com/security/cve/CVE-2023-53579.html
* https://www.suse.com/security/cve/CVE-2023-53580.html
* https://www.suse.com/security/cve/CVE-2023-53581.html
* https://www.suse.com/security/cve/CVE-2023-53583.html
* https://www.suse.com/security/cve/CVE-2023-53585.html
* https://www.suse.com/security/cve/CVE-2023-53588.html
* https://www.suse.com/security/cve/CVE-2023-53593.html
* https://www.suse.com/security/cve/CVE-2023-53596.html
* https://www.suse.com/security/cve/CVE-2023-53597.html
* https://www.suse.com/security/cve/CVE-2023-53599.html
* https://www.suse.com/security/cve/CVE-2023-53600.html
* https://www.suse.com/security/cve/CVE-2023-53601.html
* https://www.suse.com/security/cve/CVE-2023-53602.html
* https://www.suse.com/security/cve/CVE-2023-53603.html
* https://www.suse.com/security/cve/CVE-2023-53611.html
* https://www.suse.com/security/cve/CVE-2023-53613.html
* https://www.suse.com/security/cve/CVE-2023-53615.html
* https://www.suse.com/security/cve/CVE-2023-53616.html
* https://www.suse.com/security/cve/CVE-2023-53617.html
* https://www.suse.com/security/cve/CVE-2023-53618.html
* https://www.suse.com/security/cve/CVE-2023-53619.html
* https://www.suse.com/security/cve/CVE-2023-53621.html
* https://www.suse.com/security/cve/CVE-2023-53622.html
* https://www.suse.com/security/cve/CVE-2023-53631.html
* https://www.suse.com/security/cve/CVE-2023-53632.html
* https://www.suse.com/security/cve/CVE-2023-53633.html
* https://www.suse.com/security/cve/CVE-2023-53638.html
* https://www.suse.com/security/cve/CVE-2023-53645.html
* https://www.suse.com/security/cve/CVE-2023-53646.html
* https://www.suse.com/security/cve/CVE-2023-53647.html
* https://www.suse.com/security/cve/CVE-2023-53648.html
* https://www.suse.com/security/cve/CVE-2023-53649.html
* https://www.suse.com/security/cve/CVE-2023-53650.html
* https://www.suse.com/security/cve/CVE-2023-53652.html
* https://www.suse.com/security/cve/CVE-2023-53653.html
* https://www.suse.com/security/cve/CVE-2023-53654.html
* https://www.suse.com/security/cve/CVE-2023-53656.html
* https://www.suse.com/security/cve/CVE-2023-53657.html
* https://www.suse.com/security/cve/CVE-2023-53658.html
* https://www.suse.com/security/cve/CVE-2023-53659.html
* https://www.suse.com/security/cve/CVE-2023-53660.html
* https://www.suse.com/security/cve/CVE-2023-53662.html
* https://www.suse.com/security/cve/CVE-2023-53663.html
* https://www.suse.com/security/cve/CVE-2023-53665.html
* https://www.suse.com/security/cve/CVE-2023-53666.html
* https://www.suse.com/security/cve/CVE-2023-53668.html
* https://www.suse.com/security/cve/CVE-2023-53670.html
* https://www.suse.com/security/cve/CVE-2023-53672.html
* https://www.suse.com/security/cve/CVE-2023-53673.html
* https://www.suse.com/security/cve/CVE-2023-53674.html
* https://www.suse.com/security/cve/CVE-2023-53681.html
* https://www.suse.com/security/cve/CVE-2023-53686.html
* https://www.suse.com/security/cve/CVE-2023-53687.html
* https://www.suse.com/security/cve/CVE-2023-53693.html
* https://www.suse.com/security/cve/CVE-2023-53697.html
* https://www.suse.com/security/cve/CVE-2023-53698.html
* https://www.suse.com/security/cve/CVE-2023-53699.html
* https://www.suse.com/security/cve/CVE-2023-53703.html
* https://www.suse.com/security/cve/CVE-2023-53704.html
* https://www.suse.com/security/cve/CVE-2023-53707.html
* https://www.suse.com/security/cve/CVE-2023-53708.html
* https://www.suse.com/security/cve/CVE-2023-53711.html
* https://www.suse.com/security/cve/CVE-2023-53713.html
* https://www.suse.com/security/cve/CVE-2023-53718.html
* https://www.suse.com/security/cve/CVE-2023-53721.html
* https://www.suse.com/security/cve/CVE-2023-53722.html
* https://www.suse.com/security/cve/CVE-2023-53725.html
* https://www.suse.com/security/cve/CVE-2023-53726.html
* https://www.suse.com/security/cve/CVE-2023-53727.html
* https://www.suse.com/security/cve/CVE-2023-53728.html
* https://www.suse.com/security/cve/CVE-2023-53729.html
* https://www.suse.com/security/cve/CVE-2023-53730.html
* https://www.suse.com/security/cve/CVE-2023-53731.html
* https://www.suse.com/security/cve/CVE-2023-53733.html
* https://www.suse.com/security/cve/CVE-2025-38008.html
* https://www.suse.com/security/cve/CVE-2025-38539.html
* https://www.suse.com/security/cve/CVE-2025-38552.html
* https://www.suse.com/security/cve/CVE-2025-38653.html
* https://www.suse.com/security/cve/CVE-2025-38699.html
* https://www.suse.com/security/cve/CVE-2025-38700.html
* https://www.suse.com/security/cve/CVE-2025-38718.html
* https://www.suse.com/security/cve/CVE-2025-39673.html
* https://www.suse.com/security/cve/CVE-2025-39676.html
* https://www.suse.com/security/cve/CVE-2025-39683.html
* https://www.suse.com/security/cve/CVE-2025-39697.html
* https://www.suse.com/security/cve/CVE-2025-39702.html
* https://www.suse.com/security/cve/CVE-2025-39756.html
* https://www.suse.com/security/cve/CVE-2025-39794.html
* https://www.suse.com/security/cve/CVE-2025-39797.html
* https://www.suse.com/security/cve/CVE-2025-39812.html
* https://www.suse.com/security/cve/CVE-2025-39813.html
* https://www.suse.com/security/cve/CVE-2025-39828.html
* https://www.suse.com/security/cve/CVE-2025-39841.html
* https://www.suse.com/security/cve/CVE-2025-39851.html
* https://www.suse.com/security/cve/CVE-2025-39866.html
* https://www.suse.com/security/cve/CVE-2025-39876.html
* https://www.suse.com/security/cve/CVE-2025-39881.html
* https://www.suse.com/security/cve/CVE-2025-39895.html
* https://www.suse.com/security/cve/CVE-2025-39902.html
* https://www.suse.com/security/cve/CVE-2025-39911.html
* https://www.suse.com/security/cve/CVE-2025-39931.html
* https://www.suse.com/security/cve/CVE-2025-39934.html
* https://www.suse.com/security/cve/CVE-2025-39937.html
* https://www.suse.com/security/cve/CVE-2025-39938.html
* https://www.suse.com/security/cve/CVE-2025-39945.html
* https://www.suse.com/security/cve/CVE-2025-39946.html
* https://www.suse.com/security/cve/CVE-2025-39947.html
* https://www.suse.com/security/cve/CVE-2025-39948.html
* https://www.suse.com/security/cve/CVE-2025-39949.html
* https://www.suse.com/security/cve/CVE-2025-39952.html
* https://www.suse.com/security/cve/CVE-2025-39955.html
* https://www.suse.com/security/cve/CVE-2025-39957.html
* https://www.suse.com/security/cve/CVE-2025-39965.html
* https://www.suse.com/security/cve/CVE-2025-39967.html
* https://www.suse.com/security/cve/CVE-2025-39968.html
* https://www.suse.com/security/cve/CVE-2025-39969.html
* https://www.suse.com/security/cve/CVE-2025-39970.html
* https://www.suse.com/security/cve/CVE-2025-39971.html
* https://www.suse.com/security/cve/CVE-2025-39972.html
* https://www.suse.com/security/cve/CVE-2025-39973.html
* https://www.suse.com/security/cve/CVE-2025-39978.html
* https://www.suse.com/security/cve/CVE-2025-39981.html
* https://www.suse.com/security/cve/CVE-2025-39982.html
* https://www.suse.com/security/cve/CVE-2025-39985.html
* https://www.suse.com/security/cve/CVE-2025-39986.html
* https://www.suse.com/security/cve/CVE-2025-39987.html
* https://www.suse.com/security/cve/CVE-2025-39988.html
* https://www.suse.com/security/cve/CVE-2025-39991.html
* https://www.suse.com/security/cve/CVE-2025-39993.html
* https://www.suse.com/security/cve/CVE-2025-39994.html
* https://www.suse.com/security/cve/CVE-2025-39995.html
* https://www.suse.com/security/cve/CVE-2025-39996.html
* https://www.suse.com/security/cve/CVE-2025-39997.html
* https://www.suse.com/security/cve/CVE-2025-40000.html
* https://www.suse.com/security/cve/CVE-2025-40005.html
* https://www.suse.com/security/cve/CVE-2025-40010.html
* https://www.suse.com/security/cve/CVE-2025-40011.html
* https://www.suse.com/security/cve/CVE-2025-40013.html
* https://www.suse.com/security/cve/CVE-2025-40016.html
* https://www.suse.com/security/cve/CVE-2025-40018.html
* https://www.suse.com/security/cve/CVE-2025-40019.html
* https://www.suse.com/security/cve/CVE-2025-40020.html
* https://www.suse.com/security/cve/CVE-2025-40029.html
* https://www.suse.com/security/cve/CVE-2025-40032.html
* https://www.suse.com/security/cve/CVE-2025-40035.html
* https://www.suse.com/security/cve/CVE-2025-40036.html
* https://www.suse.com/security/cve/CVE-2025-40043.html
* https://www.suse.com/security/cve/CVE-2025-40044.html
* https://www.suse.com/security/cve/CVE-2025-40049.html
* https://www.suse.com/security/cve/CVE-2025-40051.html
* https://www.suse.com/security/cve/CVE-2025-40052.html
* https://www.suse.com/security/cve/CVE-2025-40056.html
* https://www.suse.com/security/cve/CVE-2025-40058.html
* https://www.suse.com/security/cve/CVE-2025-40060.html
* https://www.suse.com/security/cve/CVE-2025-40061.html
* https://www.suse.com/security/cve/CVE-2025-40062.html
* https://www.suse.com/security/cve/CVE-2025-40071.html
* https://www.suse.com/security/cve/CVE-2025-40078.html
* https://www.suse.com/security/cve/CVE-2025-40080.html
* https://www.suse.com/security/cve/CVE-2025-40082.html
* https://www.suse.com/security/cve/CVE-2025-40085.html
* https://www.suse.com/security/cve/CVE-2025-40087.html
* https://www.suse.com/security/cve/CVE-2025-40088.html
* https://www.suse.com/security/cve/CVE-2025-40096.html
* https://www.suse.com/security/cve/CVE-2025-40100.html
* https://bugzilla.suse.com/show_bug.cgi?id=1012628
* https://bugzilla.suse.com/show_bug.cgi?id=1214954
* https://bugzilla.suse.com/show_bug.cgi?id=1215143
* https://bugzilla.suse.com/show_bug.cgi?id=1215199
* https://bugzilla.suse.com/show_bug.cgi?id=1216396
* https://bugzilla.suse.com/show_bug.cgi?id=1220419
* https://bugzilla.suse.com/show_bug.cgi?id=1236743
* https://bugzilla.suse.com/show_bug.cgi?id=1239206
* https://bugzilla.suse.com/show_bug.cgi?id=1244939
* https://bugzilla.suse.com/show_bug.cgi?id=1246244
* https://bugzilla.suse.com/show_bug.cgi?id=1248211
* https://bugzilla.suse.com/show_bug.cgi?id=1248230
* https://bugzilla.suse.com/show_bug.cgi?id=1248517
* https://bugzilla.suse.com/show_bug.cgi?id=1248630
* https://bugzilla.suse.com/show_bug.cgi?id=1248754
* https://bugzilla.suse.com/show_bug.cgi?id=1248886
* https://bugzilla.suse.com/show_bug.cgi?id=1249161
* https://bugzilla.suse.com/show_bug.cgi?id=1249182
* https://bugzilla.suse.com/show_bug.cgi?id=1249224
* https://bugzilla.suse.com/show_bug.cgi?id=1249286
* https://bugzilla.suse.com/show_bug.cgi?id=1249302
* https://bugzilla.suse.com/show_bug.cgi?id=1249317
* https://bugzilla.suse.com/show_bug.cgi?id=1249319
* https://bugzilla.suse.com/show_bug.cgi?id=1249320
* https://bugzilla.suse.com/show_bug.cgi?id=1249512
* https://bugzilla.suse.com/show_bug.cgi?id=1249595
* https://bugzilla.suse.com/show_bug.cgi?id=1249608
* https://bugzilla.suse.com/show_bug.cgi?id=1250032
* https://bugzilla.suse.com/show_bug.cgi?id=1250119
* https://bugzilla.suse.com/show_bug.cgi?id=1250202
* https://bugzilla.suse.com/show_bug.cgi?id=1250205
* https://bugzilla.suse.com/show_bug.cgi?id=1250237
* https://bugzilla.suse.com/show_bug.cgi?id=1250274
* https://bugzilla.suse.com/show_bug.cgi?id=1250296
* https://bugzilla.suse.com/show_bug.cgi?id=1250379
* https://bugzilla.suse.com/show_bug.cgi?id=1250400
* https://bugzilla.suse.com/show_bug.cgi?id=1250455
* https://bugzilla.suse.com/show_bug.cgi?id=1250491
* https://bugzilla.suse.com/show_bug.cgi?id=1250519
* https://bugzilla.suse.com/show_bug.cgi?id=1250650
* https://bugzilla.suse.com/show_bug.cgi?id=1250702
* https://bugzilla.suse.com/show_bug.cgi?id=1250704
* https://bugzilla.suse.com/show_bug.cgi?id=1250721
* https://bugzilla.suse.com/show_bug.cgi?id=1250742
* https://bugzilla.suse.com/show_bug.cgi?id=1250946
* https://bugzilla.suse.com/show_bug.cgi?id=1251024
* https://bugzilla.suse.com/show_bug.cgi?id=1251027
* https://bugzilla.suse.com/show_bug.cgi?id=1251028
* https://bugzilla.suse.com/show_bug.cgi?id=1251031
* https://bugzilla.suse.com/show_bug.cgi?id=1251035
* https://bugzilla.suse.com/show_bug.cgi?id=1251038
* https://bugzilla.suse.com/show_bug.cgi?id=1251043
* https://bugzilla.suse.com/show_bug.cgi?id=1251045
* https://bugzilla.suse.com/show_bug.cgi?id=1251052
* https://bugzilla.suse.com/show_bug.cgi?id=1251053
* https://bugzilla.suse.com/show_bug.cgi?id=1251054
* https://bugzilla.suse.com/show_bug.cgi?id=1251056
* https://bugzilla.suse.com/show_bug.cgi?id=1251057
* https://bugzilla.suse.com/show_bug.cgi?id=1251059
* https://bugzilla.suse.com/show_bug.cgi?id=1251060
* https://bugzilla.suse.com/show_bug.cgi?id=1251065
* https://bugzilla.suse.com/show_bug.cgi?id=1251066
* https://bugzilla.suse.com/show_bug.cgi?id=1251067
* https://bugzilla.suse.com/show_bug.cgi?id=1251068
* https://bugzilla.suse.com/show_bug.cgi?id=1251071
* https://bugzilla.suse.com/show_bug.cgi?id=1251076
* https://bugzilla.suse.com/show_bug.cgi?id=1251079
* https://bugzilla.suse.com/show_bug.cgi?id=1251081
* https://bugzilla.suse.com/show_bug.cgi?id=1251083
* https://bugzilla.suse.com/show_bug.cgi?id=1251084
* https://bugzilla.suse.com/show_bug.cgi?id=1251100
* https://bugzilla.suse.com/show_bug.cgi?id=1251105
* https://bugzilla.suse.com/show_bug.cgi?id=1251106
* https://bugzilla.suse.com/show_bug.cgi?id=1251108
* https://bugzilla.suse.com/show_bug.cgi?id=1251113
* https://bugzilla.suse.com/show_bug.cgi?id=1251114
* https://bugzilla.suse.com/show_bug.cgi?id=1251119
* https://bugzilla.suse.com/show_bug.cgi?id=1251123
* https://bugzilla.suse.com/show_bug.cgi?id=1251126
* https://bugzilla.suse.com/show_bug.cgi?id=1251132
* https://bugzilla.suse.com/show_bug.cgi?id=1251134
* https://bugzilla.suse.com/show_bug.cgi?id=1251143
* https://bugzilla.suse.com/show_bug.cgi?id=1251146
* https://bugzilla.suse.com/show_bug.cgi?id=1251150
* https://bugzilla.suse.com/show_bug.cgi?id=1251152
* https://bugzilla.suse.com/show_bug.cgi?id=1251153
* https://bugzilla.suse.com/show_bug.cgi?id=1251159
* https://bugzilla.suse.com/show_bug.cgi?id=1251161
* https://bugzilla.suse.com/show_bug.cgi?id=1251170
* https://bugzilla.suse.com/show_bug.cgi?id=1251177
* https://bugzilla.suse.com/show_bug.cgi?id=1251180
* https://bugzilla.suse.com/show_bug.cgi?id=1251206
* https://bugzilla.suse.com/show_bug.cgi?id=1251215
* https://bugzilla.suse.com/show_bug.cgi?id=1251216
* https://bugzilla.suse.com/show_bug.cgi?id=1251222
* https://bugzilla.suse.com/show_bug.cgi?id=1251230
* https://bugzilla.suse.com/show_bug.cgi?id=1251232
* https://bugzilla.suse.com/show_bug.cgi?id=1251233
* https://bugzilla.suse.com/show_bug.cgi?id=1251247
* https://bugzilla.suse.com/show_bug.cgi?id=1251268
* https://bugzilla.suse.com/show_bug.cgi?id=1251269
* https://bugzilla.suse.com/show_bug.cgi?id=1251270
* https://bugzilla.suse.com/show_bug.cgi?id=1251282
* https://bugzilla.suse.com/show_bug.cgi?id=1251283
* https://bugzilla.suse.com/show_bug.cgi?id=1251286
* https://bugzilla.suse.com/show_bug.cgi?id=1251290
* https://bugzilla.suse.com/show_bug.cgi?id=1251319
* https://bugzilla.suse.com/show_bug.cgi?id=1251321
* https://bugzilla.suse.com/show_bug.cgi?id=1251323
* https://bugzilla.suse.com/show_bug.cgi?id=1251328
* https://bugzilla.suse.com/show_bug.cgi?id=1251529
* https://bugzilla.suse.com/show_bug.cgi?id=1251721
* https://bugzilla.suse.com/show_bug.cgi?id=1251732
* https://bugzilla.suse.com/show_bug.cgi?id=1251742
* https://bugzilla.suse.com/show_bug.cgi?id=1251743
* https://bugzilla.suse.com/show_bug.cgi?id=1251746
* https://bugzilla.suse.com/show_bug.cgi?id=1251748
* https://bugzilla.suse.com/show_bug.cgi?id=1251749
* https://bugzilla.suse.com/show_bug.cgi?id=1251750
* https://bugzilla.suse.com/show_bug.cgi?id=1251754
* https://bugzilla.suse.com/show_bug.cgi?id=1251755
* https://bugzilla.suse.com/show_bug.cgi?id=1251756
* https://bugzilla.suse.com/show_bug.cgi?id=1251758
* https://bugzilla.suse.com/show_bug.cgi?id=1251759
* https://bugzilla.suse.com/show_bug.cgi?id=1251760
* https://bugzilla.suse.com/show_bug.cgi?id=1251762
* https://bugzilla.suse.com/show_bug.cgi?id=1251763
* https://bugzilla.suse.com/show_bug.cgi?id=1251764
* https://bugzilla.suse.com/show_bug.cgi?id=1251769
* https://bugzilla.suse.com/show_bug.cgi?id=1251771
* https://bugzilla.suse.com/show_bug.cgi?id=1251772
* https://bugzilla.suse.com/show_bug.cgi?id=1251777
* https://bugzilla.suse.com/show_bug.cgi?id=1251780
* https://bugzilla.suse.com/show_bug.cgi?id=1251804
* https://bugzilla.suse.com/show_bug.cgi?id=1251810
* https://bugzilla.suse.com/show_bug.cgi?id=1251930
* https://bugzilla.suse.com/show_bug.cgi?id=1251967
* https://bugzilla.suse.com/show_bug.cgi?id=1252033
* https://bugzilla.suse.com/show_bug.cgi?id=1252035
* https://bugzilla.suse.com/show_bug.cgi?id=1252039
* https://bugzilla.suse.com/show_bug.cgi?id=1252044
* https://bugzilla.suse.com/show_bug.cgi?id=1252047
* https://bugzilla.suse.com/show_bug.cgi?id=1252051
* https://bugzilla.suse.com/show_bug.cgi?id=1252052
* https://bugzilla.suse.com/show_bug.cgi?id=1252056
* https://bugzilla.suse.com/show_bug.cgi?id=1252060
* https://bugzilla.suse.com/show_bug.cgi?id=1252062
* https://bugzilla.suse.com/show_bug.cgi?id=1252064
* https://bugzilla.suse.com/show_bug.cgi?id=1252065
* https://bugzilla.suse.com/show_bug.cgi?id=1252069
* https://bugzilla.suse.com/show_bug.cgi?id=1252070
* https://bugzilla.suse.com/show_bug.cgi?id=1252072
* https://bugzilla.suse.com/show_bug.cgi?id=1252074
* https://bugzilla.suse.com/show_bug.cgi?id=1252075
* https://bugzilla.suse.com/show_bug.cgi?id=1252078
* https://bugzilla.suse.com/show_bug.cgi?id=1252079
* https://bugzilla.suse.com/show_bug.cgi?id=1252082
* https://bugzilla.suse.com/show_bug.cgi?id=1252083
* https://bugzilla.suse.com/show_bug.cgi?id=1252236
* https://bugzilla.suse.com/show_bug.cgi?id=1252265
* https://bugzilla.suse.com/show_bug.cgi?id=1252269
* https://bugzilla.suse.com/show_bug.cgi?id=1252332
* https://bugzilla.suse.com/show_bug.cgi?id=1252336
* https://bugzilla.suse.com/show_bug.cgi?id=1252346
* https://bugzilla.suse.com/show_bug.cgi?id=1252348
* https://bugzilla.suse.com/show_bug.cgi?id=1252349
* https://bugzilla.suse.com/show_bug.cgi?id=1252364
* https://bugzilla.suse.com/show_bug.cgi?id=1252479
* https://bugzilla.suse.com/show_bug.cgi?id=1252481
* https://bugzilla.suse.com/show_bug.cgi?id=1252489
* https://bugzilla.suse.com/show_bug.cgi?id=1252490
* https://bugzilla.suse.com/show_bug.cgi?id=1252492
* https://bugzilla.suse.com/show_bug.cgi?id=1252495
* https://bugzilla.suse.com/show_bug.cgi?id=1252496
* https://bugzilla.suse.com/show_bug.cgi?id=1252499
* https://bugzilla.suse.com/show_bug.cgi?id=1252534
* https://bugzilla.suse.com/show_bug.cgi?id=1252536
* https://bugzilla.suse.com/show_bug.cgi?id=1252537
* https://bugzilla.suse.com/show_bug.cgi?id=1252550
* https://bugzilla.suse.com/show_bug.cgi?id=1252553
* https://bugzilla.suse.com/show_bug.cgi?id=1252559
* https://bugzilla.suse.com/show_bug.cgi?id=1252561
* https://bugzilla.suse.com/show_bug.cgi?id=1252564
* https://bugzilla.suse.com/show_bug.cgi?id=1252565
* https://bugzilla.suse.com/show_bug.cgi?id=1252566
* https://bugzilla.suse.com/show_bug.cgi?id=1252632
* https://bugzilla.suse.com/show_bug.cgi?id=1252668
* https://bugzilla.suse.com/show_bug.cgi?id=1252678
* https://bugzilla.suse.com/show_bug.cgi?id=1252679
* https://bugzilla.suse.com/show_bug.cgi?id=1252685
* https://bugzilla.suse.com/show_bug.cgi?id=1252688
* https://bugzilla.suse.com/show_bug.cgi?id=1252772
* https://bugzilla.suse.com/show_bug.cgi?id=1252774
* https://bugzilla.suse.com/show_bug.cgi?id=1252775
* https://bugzilla.suse.com/show_bug.cgi?id=1252785
* https://bugzilla.suse.com/show_bug.cgi?id=1252787
* https://bugzilla.suse.com/show_bug.cgi?id=1252789
* https://bugzilla.suse.com/show_bug.cgi?id=1252797
* https://bugzilla.suse.com/show_bug.cgi?id=1252822
* https://bugzilla.suse.com/show_bug.cgi?id=1252826
* https://bugzilla.suse.com/show_bug.cgi?id=1252841
* https://bugzilla.suse.com/show_bug.cgi?id=1252848
* https://bugzilla.suse.com/show_bug.cgi?id=1252849
* https://bugzilla.suse.com/show_bug.cgi?id=1252850
* https://bugzilla.suse.com/show_bug.cgi?id=1252851
* https://bugzilla.suse.com/show_bug.cgi?id=1252854
* https://bugzilla.suse.com/show_bug.cgi?id=1252858
* https://bugzilla.suse.com/show_bug.cgi?id=1252865
* https://bugzilla.suse.com/show_bug.cgi?id=1252866
* https://bugzilla.suse.com/show_bug.cgi?id=1252873
* https://bugzilla.suse.com/show_bug.cgi?id=1252902
* https://bugzilla.suse.com/show_bug.cgi?id=1252904
* https://bugzilla.suse.com/show_bug.cgi?id=1252909
* https://bugzilla.suse.com/show_bug.cgi?id=1252918
* https://bugzilla.suse.com/show_bug.cgi?id=1252939
* https://jira.suse.com/browse/PED-3527
* https://jira.suse.com/browse/PED-4593
* https://jira.suse.com/browse/PED-4876
* https://jira.suse.com/browse/PED-5065
* https://jira.suse.com/browse/PED-5475
* https://jira.suse.com/browse/PED-5477
* https://jira.suse.com/browse/PED-5511
* https://jira.suse.com/browse/PED-5853
* https://jira.suse.com/browse/PED-6012
* https://jira.suse.com/browse/PED-6041
* https://jira.suse.com/browse/PED-6054
* https://jira.suse.com/browse/PED-6068
* https://jira.suse.com/browse/PED-6069
* https://jira.suse.com/browse/PED-6070
* https://jira.suse.com/browse/PED-6071
* https://jira.suse.com/browse/PED-6116
* https://jira.suse.com/browse/PED-6120
* https://jira.suse.com/browse/PED-6121
* https://jira.suse.com/browse/PED-6811
* https://jira.suse.com/browse/PED-7542
SUSE-SU-2025:4309-1: moderate: Security update for curl
# Security update for curl
Announcement ID: SUSE-SU-2025:4309-1
Release Date: 2025-11-28T15:40:08Z
Rating: moderate
References:
* bsc#1253757
Cross-References:
* CVE-2025-11563
CVSS scores:
* CVE-2025-11563 ( SUSE ): 4.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-11563 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
An update that solves one vulnerability can now be installed.
## Description:
This update for curl fixes the following issues:
* CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes
(bsc#1253757)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4309=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-4309=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-4309=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-4309=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-4309=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-4309=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libcurl-devel-8.14.1-150400.5.72.1
* curl-debuginfo-8.14.1-150400.5.72.1
* curl-mini-debugsource-8.14.1-150400.5.72.1
* curl-8.14.1-150400.5.72.1
* libcurl4-debuginfo-8.14.1-150400.5.72.1
* libcurl-mini4-8.14.1-150400.5.72.1
* curl-debugsource-8.14.1-150400.5.72.1
* libcurl-mini4-debuginfo-8.14.1-150400.5.72.1
* libcurl4-8.14.1-150400.5.72.1
* openSUSE Leap 15.4 (noarch)
* curl-zsh-completion-8.14.1-150400.5.72.1
* libcurl-devel-doc-8.14.1-150400.5.72.1
* curl-fish-completion-8.14.1-150400.5.72.1
* openSUSE Leap 15.4 (x86_64)
* libcurl4-32bit-debuginfo-8.14.1-150400.5.72.1
* libcurl4-32bit-8.14.1-150400.5.72.1
* libcurl-devel-32bit-8.14.1-150400.5.72.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libcurl4-64bit-debuginfo-8.14.1-150400.5.72.1
* libcurl4-64bit-8.14.1-150400.5.72.1
* libcurl-devel-64bit-8.14.1-150400.5.72.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* curl-debuginfo-8.14.1-150400.5.72.1
* libcurl4-debuginfo-8.14.1-150400.5.72.1
* curl-8.14.1-150400.5.72.1
* curl-debugsource-8.14.1-150400.5.72.1
* libcurl4-8.14.1-150400.5.72.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* curl-debuginfo-8.14.1-150400.5.72.1
* libcurl4-debuginfo-8.14.1-150400.5.72.1
* curl-8.14.1-150400.5.72.1
* curl-debugsource-8.14.1-150400.5.72.1
* libcurl4-8.14.1-150400.5.72.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* curl-debuginfo-8.14.1-150400.5.72.1
* libcurl4-debuginfo-8.14.1-150400.5.72.1
* curl-8.14.1-150400.5.72.1
* curl-debugsource-8.14.1-150400.5.72.1
* libcurl4-8.14.1-150400.5.72.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* curl-debuginfo-8.14.1-150400.5.72.1
* libcurl4-debuginfo-8.14.1-150400.5.72.1
* curl-8.14.1-150400.5.72.1
* curl-debugsource-8.14.1-150400.5.72.1
* libcurl4-8.14.1-150400.5.72.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* curl-debuginfo-8.14.1-150400.5.72.1
* libcurl4-debuginfo-8.14.1-150400.5.72.1
* curl-8.14.1-150400.5.72.1
* curl-debugsource-8.14.1-150400.5.72.1
* libcurl4-8.14.1-150400.5.72.1
## References:
* https://www.suse.com/security/cve/CVE-2025-11563.html
* https://bugzilla.suse.com/show_bug.cgi?id=1253757
openSUSE-SU-2025:15778-1: moderate: libwireshark19-4.6.1-2.1 on GA media
# libwireshark19-4.6.1-2.1 on GA media
Announcement ID: openSUSE-SU-2025:15778-1
Rating: moderate
Cross-References:
* CVE-2025-13674
CVSS scores:
* CVE-2025-13674 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-13674 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the libwireshark19-4.6.1-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* libwireshark19 4.6.1-2.1
* libwiretap16 4.6.1-2.1
* libwsutil17 4.6.1-2.1
* wireshark 4.6.1-2.1
* wireshark-devel 4.6.1-2.1
* wireshark-ui-qt 4.6.1-2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-13674.html
