SUSE-SU-2025:02261-1: important: Security update for tomcat10
SUSE-SU-2025:02259-1: low: Recommended update for gpg2
openSUSE-SU-2025:15324-1: moderate: python311-pycares-4.9.0-1.1 on GA media
openSUSE-SU-2025:15323-1: moderate: libpoppler-cpp2-25.06.0-1.1 on GA media
openSUSE-SU-2025:15320-1: moderate: avif-tools-1.3.0-2.1 on GA media
openSUSE-SU-2025:15321-1: moderate: libxml2-2-2.13.8-2.1 on GA media
openSUSE-SU-2025:15319-1: moderate: djvulibre-3.5.29-1.1 on GA media
SUSE-SU-2025:02261-1: important: Security update for tomcat10
# Security update for tomcat10
Announcement ID: SUSE-SU-2025:02261-1
Release Date: 2025-07-09T17:40:51Z
Rating: important
References:
* bsc#1242722
* bsc#1243815
* bsc#1244649
* bsc#1244656
Cross-References:
* CVE-2025-46701
* CVE-2025-48988
* CVE-2025-49125
CVSS scores:
* CVE-2025-46701 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-46701 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-46701 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-48988 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-48988 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-48988 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-49125 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-49125 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-49125 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* Web and Scripting Module 15-SP6
* Web and Scripting Module 15-SP7
An update that solves three vulnerabilities and has one security fix can now be
installed.
## Description:
This update for tomcat10 fixes the following issues:
* Fixed refactor CGI servlet to access resources via WebResources
(bsc#1243815).
* Fixed limits the total number of parts in a multi-part request and limits
the size of the headers provided with each part (bsc#1244656).
* Fixed expand checks for webAppMount (bsc#1244649).
* Hardening permissions (bsc#1242722)
Update to Tomcat 10.1.42:
* Fixed CVEs:
* CVE-2025-46701: refactor CGI servlet to access resources via WebResources (bsc#1243815)
* CVE-2025-48988: limits the total number of parts in a multi-part request and limits the size of the headers provided with each part (bsc#1244656)
* CVE-2025-49125: Expand checks for webAppMount (bsc#1244649)
* Catalina:
* Add: Support for the java:module namespace which mirrors the java:comp namespace.
* Add: Support parsing of multiple path parameters separated by ; in a single URL segment. Based on pull request #860 by Chenjp.
* Add: Support for limiting the number of parameters in HTTP requests through the new ParameterLimitValve. The valve allows configurable URL-specific limits on the number of parameters.
* Fix: 69699: Encode redirect URL used by the rewrite valve with the session id if appropriate, and handle cross context with different session configuration when using rewrite.
* Add: #863: Support for comments at the end of lines in text rewrite map files to align behaviour with Apache httpd. Pull request provided by Chenjp.
* Fix: 69706: Saved request serialization issue in FORM introduced when allowing infinite session timeouts.
* Fix: Expand the path checks for Pre-Resources and Post-Resources mounted at a path within the web application.
* Fix: Use of SSS in SimpleDateFormat pattern for AccessLogValve.
* Fix: Process possible path parameters rewrite production in the rewrite valve.
* Fix: 69588: Enable allowLinking to be set on PreResources, JarResources and PostResources. If not set explicitly, the setting will be inherited from the Resources.
* Add: 69633: Support for Filters using context root mappings.
* Fix: 69643: Optimize directory listing for large amount of files. Patch submitted by Loic de l'Eprevier.
* Fix: #843: Off by one validation logic for partial PUT ranges and associated test case. Submitted by Chenjp.
* Refactor: Replace the unused buffer in org.apache.catalina.connector.InputBuffer with a static, zero length buffer.
* Refactor: GCI servlet to access resources via the WebResource API.
* Fix: 69662: Report name in exception message when a naming lookup failure occurs. Based on code submitted by Donald Smith.
* Fix: Ensure that the FORM authentication attribute authenticationSessionTimeout works correctly when sessions have an infinite timeout when authentication starts.
* Add: Provide a content type based on file extension when web application resources are accessed via a URL.
* Coyote
* Refactor: #861: TaskQueue to use the new interface RetryableQueue which enables better integration of custom Executors which provide their own BlockingQueue implementation. Pull request provided by Paulo Almeida.
* Add: Finer grained control of multi-part request processing via two new attributes on the Connector element. maxPartCount limits the total number of parts in a multi-part request and maxPartHeaderSize limits the size of the headers provided with each part. Add support for these new attributes to the ParameterLimitValve.
* Refactor: The SavedRequestInputFilter so the buffered data is used directly rather than copied.
* Jasper:
* Fix: 69696: Mark the JSP wrapper for reload after a failed compilation.
* Fix: 69635: Add support to jakarta.el.ImportHandler for resolving inner classes.
* Add: #842: Support for optimized execution of c:set and c:remove tags, when activated via JSP servlet param useNonstandardTagOptimizations.
* Fix: An edge case compilation bug for JSP and tag files on case insensitive file systems that was exposed by the test case for 69635.
* Web applications:
* Fix: 69694: Improve error reporting of deployment tasks done using the manager webapp when a copy operation fails.
* Add: 68876: Documentation. Update the UML diagrams for server start-up, request processing and authentication using PlantUML and include the source files for each diagram.
* Other:
* Add: Thread name to webappClassLoader.stackTraceRequestThread message. Patch provided by Felix Zhang.
* Update: Tomcat Native to 2.0.9.
* Update: The internal fork of Apache Commons FileUpload to 1.6.0-RC1 (2025-06-05).
* Update: EasyMock to 5.6.0.
* Update: Checkstyle to 10.25.0.
* Fix: Use the full path when the installer for Windows sets calls icacls.exe to set file permissions.
* Update: Improvements to Japanese translations provided by tak7iji.
* Fix: Set sun.io.useCanonCaches in service.bat Based on pull request #841 by Paul Lodge.
* Update: Jacoco to 0.8.13.
* Code: Explicitly set the locale to be used for Javadoc. For official releases, this locale will be English (US) to support reproducible builds.
* Update: Byte Buddy to 1.17.5.
* Update: Checkstyle to 10.23.1.
* Update: File extension to media type mappings to align with the current list used by the Apache Web Server (httpd).
* Update: Improvements to French translations.
* Update: Improvements to Japanese translations provided by tak7iji.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2261=1
* Web and Scripting Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP6-2025-2261=1
* Web and Scripting Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2025-2261=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2261=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2261=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2261=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2261=1
## Package List:
* openSUSE Leap 15.6 (noarch)
* tomcat10-admin-webapps-10.1.42-150200.5.45.1
* tomcat10-jsvc-10.1.42-150200.5.45.1
* tomcat10-webapps-10.1.42-150200.5.45.1
* tomcat10-jsp-3_1-api-10.1.42-150200.5.45.1
* tomcat10-10.1.42-150200.5.45.1
* tomcat10-docs-webapp-10.1.42-150200.5.45.1
* tomcat10-lib-10.1.42-150200.5.45.1
* tomcat10-servlet-6_0-api-10.1.42-150200.5.45.1
* tomcat10-embed-10.1.42-150200.5.45.1
* tomcat10-doc-10.1.42-150200.5.45.1
* tomcat10-el-5_0-api-10.1.42-150200.5.45.1
* Web and Scripting Module 15-SP6 (noarch)
* tomcat10-admin-webapps-10.1.42-150200.5.45.1
* tomcat10-webapps-10.1.42-150200.5.45.1
* tomcat10-jsp-3_1-api-10.1.42-150200.5.45.1
* tomcat10-10.1.42-150200.5.45.1
* tomcat10-lib-10.1.42-150200.5.45.1
* tomcat10-servlet-6_0-api-10.1.42-150200.5.45.1
* tomcat10-el-5_0-api-10.1.42-150200.5.45.1
* Web and Scripting Module 15-SP7 (noarch)
* tomcat10-admin-webapps-10.1.42-150200.5.45.1
* tomcat10-webapps-10.1.42-150200.5.45.1
* tomcat10-jsp-3_1-api-10.1.42-150200.5.45.1
* tomcat10-10.1.42-150200.5.45.1
* tomcat10-lib-10.1.42-150200.5.45.1
* tomcat10-servlet-6_0-api-10.1.42-150200.5.45.1
* tomcat10-el-5_0-api-10.1.42-150200.5.45.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* tomcat10-admin-webapps-10.1.42-150200.5.45.1
* tomcat10-webapps-10.1.42-150200.5.45.1
* tomcat10-jsp-3_1-api-10.1.42-150200.5.45.1
* tomcat10-10.1.42-150200.5.45.1
* tomcat10-lib-10.1.42-150200.5.45.1
* tomcat10-servlet-6_0-api-10.1.42-150200.5.45.1
* tomcat10-el-5_0-api-10.1.42-150200.5.45.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* tomcat10-admin-webapps-10.1.42-150200.5.45.1
* tomcat10-webapps-10.1.42-150200.5.45.1
* tomcat10-jsp-3_1-api-10.1.42-150200.5.45.1
* tomcat10-10.1.42-150200.5.45.1
* tomcat10-lib-10.1.42-150200.5.45.1
* tomcat10-servlet-6_0-api-10.1.42-150200.5.45.1
* tomcat10-el-5_0-api-10.1.42-150200.5.45.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* tomcat10-admin-webapps-10.1.42-150200.5.45.1
* tomcat10-webapps-10.1.42-150200.5.45.1
* tomcat10-jsp-3_1-api-10.1.42-150200.5.45.1
* tomcat10-10.1.42-150200.5.45.1
* tomcat10-lib-10.1.42-150200.5.45.1
* tomcat10-servlet-6_0-api-10.1.42-150200.5.45.1
* tomcat10-el-5_0-api-10.1.42-150200.5.45.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* tomcat10-admin-webapps-10.1.42-150200.5.45.1
* tomcat10-webapps-10.1.42-150200.5.45.1
* tomcat10-jsp-3_1-api-10.1.42-150200.5.45.1
* tomcat10-10.1.42-150200.5.45.1
* tomcat10-lib-10.1.42-150200.5.45.1
* tomcat10-servlet-6_0-api-10.1.42-150200.5.45.1
* tomcat10-el-5_0-api-10.1.42-150200.5.45.1
## References:
* https://www.suse.com/security/cve/CVE-2025-46701.html
* https://www.suse.com/security/cve/CVE-2025-48988.html
* https://www.suse.com/security/cve/CVE-2025-49125.html
* https://bugzilla.suse.com/show_bug.cgi?id=1242722
* https://bugzilla.suse.com/show_bug.cgi?id=1243815
* https://bugzilla.suse.com/show_bug.cgi?id=1244649
* https://bugzilla.suse.com/show_bug.cgi?id=1244656
SUSE-SU-2025:02259-1: low: Recommended update for gpg2
# Recommended update for gpg2
Announcement ID: SUSE-SU-2025:02259-1
Release Date: 2025-07-09T15:18:15Z
Rating: low
References:
* bsc#1236931
* bsc#1239119
* bsc#1239817
Cross-References:
* CVE-2025-30258
CVSS scores:
* CVE-2025-30258 ( SUSE ): 1.8
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-30258 ( SUSE ): 2.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L
* CVE-2025-30258 ( NVD ): 2.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L
Affected Products:
* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability and has two security fixes can now be
installed.
## Description:
This update for gpg2 fixes the following issues:
* CVE-2025-30258: Fixed DoS due to a malicious subkey in the keyring
(bsc#1239119).
Other bugfixes:
* Do not install expired sks certificate (bsc#1243069).
* gpg hangs when importing a key (bsc#1236931).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2259=1 openSUSE-SLE-15.6-2025-2259=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2259=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2259=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* gpg2-tpm-2.4.4-150600.3.9.1
* gpg2-debuginfo-2.4.4-150600.3.9.1
* gpg2-2.4.4-150600.3.9.1
* gpg2-debugsource-2.4.4-150600.3.9.1
* dirmngr-debuginfo-2.4.4-150600.3.9.1
* gpg2-tpm-debuginfo-2.4.4-150600.3.9.1
* dirmngr-2.4.4-150600.3.9.1
* openSUSE Leap 15.6 (noarch)
* gpg2-lang-2.4.4-150600.3.9.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* gpg2-debuginfo-2.4.4-150600.3.9.1
* gpg2-2.4.4-150600.3.9.1
* gpg2-debugsource-2.4.4-150600.3.9.1
* dirmngr-debuginfo-2.4.4-150600.3.9.1
* dirmngr-2.4.4-150600.3.9.1
* Basesystem Module 15-SP6 (noarch)
* gpg2-lang-2.4.4-150600.3.9.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* gpg2-debuginfo-2.4.4-150600.3.9.1
* gpg2-2.4.4-150600.3.9.1
* gpg2-debugsource-2.4.4-150600.3.9.1
* dirmngr-debuginfo-2.4.4-150600.3.9.1
* dirmngr-2.4.4-150600.3.9.1
* Basesystem Module 15-SP7 (noarch)
* gpg2-lang-2.4.4-150600.3.9.1
## References:
* https://www.suse.com/security/cve/CVE-2025-30258.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236931
* https://bugzilla.suse.com/show_bug.cgi?id=1239119
* https://bugzilla.suse.com/show_bug.cgi?id=1239817
openSUSE-SU-2025:15324-1: moderate: python311-pycares-4.9.0-1.1 on GA media
# python311-pycares-4.9.0-1.1 on GA media
Announcement ID: openSUSE-SU-2025:15324-1
Rating: moderate
Cross-References:
* CVE-2025-48945
CVSS scores:
* CVE-2025-48945 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-48945 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the python311-pycares-4.9.0-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* python311-pycares 4.9.0-1.1
* python312-pycares 4.9.0-1.1
* python313-pycares 4.9.0-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-48945.html
openSUSE-SU-2025:15323-1: moderate: libpoppler-cpp2-25.06.0-1.1 on GA media
# libpoppler-cpp2-25.06.0-1.1 on GA media
Announcement ID: openSUSE-SU-2025:15323-1
Rating: moderate
Cross-References:
* CVE-2025-52886
CVSS scores:
* CVE-2025-52886 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52886 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the libpoppler-cpp2-25.06.0-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* libpoppler-cpp2 25.06.0-1.1
* libpoppler-cpp2-32bit 25.06.0-1.1
* libpoppler-devel 25.06.0-1.1
* libpoppler-glib-devel 25.06.0-1.1
* libpoppler-glib8 25.06.0-1.1
* libpoppler-glib8-32bit 25.06.0-1.1
* libpoppler150 25.06.0-1.1
* libpoppler150-32bit 25.06.0-1.1
* poppler-tools 25.06.0-1.1
* typelib-1_0-Poppler-0_18 25.06.0-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-52886.html
openSUSE-SU-2025:15320-1: moderate: avif-tools-1.3.0-2.1 on GA media
# avif-tools-1.3.0-2.1 on GA media
Announcement ID: openSUSE-SU-2025:15320-1
Rating: moderate
Cross-References:
* CVE-2025-48174
CVSS scores:
* CVE-2025-48174 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
* CVE-2025-48174 ( SUSE ): 7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the avif-tools-1.3.0-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* avif-tools 1.3.0-2.1
* gdk-pixbuf-loader-libavif 1.3.0-2.1
* libavif-devel 1.3.0-2.1
* libavif16 1.3.0-2.1
* libavif16-32bit 1.3.0-2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-48174.html
openSUSE-SU-2025:15321-1: moderate: libxml2-2-2.13.8-2.1 on GA media
# libxml2-2-2.13.8-2.1 on GA media
Announcement ID: openSUSE-SU-2025:15321-1
Rating: moderate
Cross-References:
* CVE-2025-49794
* CVE-2025-49795
* CVE-2025-49796
* CVE-2025-6021
* CVE-2025-6170
CVSS scores:
* CVE-2025-49794 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-49795 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-49795 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-49796 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-6021 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-6021 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-6170 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-6170 ( SUSE ): 2 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 5 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the libxml2-2-2.13.8-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* libxml2-2 2.13.8-2.1
* libxml2-2-32bit 2.13.8-2.1
* libxml2-devel 2.13.8-2.1
* libxml2-devel-32bit 2.13.8-2.1
* libxml2-doc 2.13.8-2.1
* libxml2-tools 2.13.8-2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-49794.html
* https://www.suse.com/security/cve/CVE-2025-49795.html
* https://www.suse.com/security/cve/CVE-2025-49796.html
* https://www.suse.com/security/cve/CVE-2025-6021.html
* https://www.suse.com/security/cve/CVE-2025-6170.html
openSUSE-SU-2025:15319-1: moderate: djvulibre-3.5.29-1.1 on GA media
# djvulibre-3.5.29-1.1 on GA media
Announcement ID: openSUSE-SU-2025:15319-1
Rating: moderate
Cross-References:
* CVE-2025-53367
CVSS scores:
* CVE-2025-53367 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2025-53367 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the djvulibre-3.5.29-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* djvulibre 3.5.29-1.1
* djvulibre-doc 3.5.29-1.1
* libdjvulibre-devel 3.5.29-1.1
* libdjvulibre21 3.5.29-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-53367.html
