V2Ray-Core, PostgreSQL, Tomcat, and more updates for SUSE

SUSE 5494 Published by

Several security updates are available for openSUSE and SUSE products, including v2ray-core, postgresql17, tomcat11, tomcat10, govulncheck-vulndb, ucode-intel-20250812, and cheat. These updates fix various vulnerabilities, with some rated as high or moderate severity. The affected products include openSUSE Tumbleweed, openSUSE Leap 15.6, SUSE Linux Enterprise Desktop 15 SP6, SUSE Linux Enterprise Real Time 15 SP6, and more.

openSUSE-SU-2025:0322-1: important: Security update for v2ray-core
openSUSE-SU-2025:0323-1: important: Security update for v2ray-core
SUSE-SU-2025:02986-1: important: Security update for postgresql17
openSUSE-SU-2025:15492-1: moderate: ucode-intel-20250812-1.1 on GA media
openSUSE-SU-2025:15491-1: moderate: tomcat11-11.0.10-1.1 on GA media
openSUSE-SU-2025:15489-1: moderate: tomcat-9.0.108-1.1 on GA media
openSUSE-SU-2025:15488-1: moderate: cheat-4.4.2-2.1 on GA media
openSUSE-SU-2025:15490-1: moderate: tomcat10-10.1.44-1.1 on GA media
SUSE-SU-2025:02988-1: moderate: Security update for govulncheck-vulndb




openSUSE-SU-2025:0322-1: important: Security update for v2ray-core


openSUSE Security Update: Security update for v2ray-core
_______________________________

Announcement ID: openSUSE-SU-2025:0322-1
Rating: important
References: #1222488 #1235164 #1243946
Cross-References: CVE-2024-22189 CVE-2025-297850
CVSS scores:
CVE-2024-22189 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that solves two vulnerabilities and has one
errata is now available.

Description:

This update for v2ray-core fixes the following issues:

- Update version to 5.33.0
* bump github.com/quic-go/quic-go from 0.51.0 to 0.52.0(boo#1243946 and
CVE-2025-297850)
* Update other vendor source

- Update version to 5.31.0
* Add Dns Proxy Response TTL Control
* Fix call newError Base with a nil value error
* Update vendor (boo#1235164)

- Update version to 5.29.3
* Enable restricted mode load for http protocol client
* Correctly implement QUIC sniffer when handling multiple initial packets
* Fix unreleased cache buffer in QUIC sniffing
* A temporary testing fix for the buffer corruption issue
* QUIC Sniffer Restructure

- Update version to 5.22.0
* Add packetEncoding for Hysteria
* Add ECH Client Support
* Add support for parsing some shadowsocks links
* Add Mekya Transport
* Fix bugs

- Update version to 5.18.0
* Add timeout for http request roundtripper
* Fix ss2022 auth reader size overflow
* Add pie build mode to all binary builds
* Support "services" root config in cfgv4
* packet_encoding for config v4
* add MPTCP support
* Add (Experimental) Meyka Building Blocks to request Transport
* Add timeout for http request roundtripper
* Hysteria2: Add Hysteria2 Protocol
* Add AllowInsecureIfPinnedPeerCertificate option to tls security
* Add tls certChainHash command
* add support for socket activation
* Add pprof flag for debugging
* Fix bugs

- Update version to 5.16.1
* Add Keep-Alive to removed headers

- Update version to 5.15.1
* feat: RandomStrategy AliveOnly
* Improve container image tags and timestamp
* Add delay_auth_write to Socks5 Client Advanced Config
* Add MaxMin TLS version support in TLS Setting
* feat: RandomStrategy AliveOnly
* Improve container image tags and timestamp
* Fixed an encrypted traffic's malleable vulnerability that allow
integrity corruption by an attacker with a privileged network
position to silently drop segments of traffic from an encrypted
traffic stream.
* Update documents
* Fix bugs
- Update vendor, fix CVE-2024-22189 boo#1222488

- Update version to 5.12.1
* Shadowsocks2022 Client Support
* Apply DomainStrategy to outbound target
* Add DomainStrategy to JSONv5 outbound
* Add sniffing for TUN
* Add HTTPUpgrade transport
* It is a reduced version of WebSocket Transport that can pass many
reverse proxies and CDNs without running a WebSocket protocol stack
* TUN Support
* Add uTLS support for h2 transport
* Fix bugs

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-322=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

v2ray-core-5.33.0-bp156.2.3.1

- openSUSE Backports SLE-15-SP6 (noarch):

golang-github-v2fly-v2ray-core-5.33.0-bp156.2.3.1

References:

https://www.suse.com/security/cve/CVE-2024-22189.html
https://www.suse.com/security/cve/CVE-2025-297850.html
https://bugzilla.suse.com/1222488
https://bugzilla.suse.com/1235164
https://bugzilla.suse.com/1243946



openSUSE-SU-2025:0323-1: important: Security update for v2ray-core


openSUSE Security Update: Security update for v2ray-core
_______________________________

Announcement ID: openSUSE-SU-2025:0323-1
Rating: important
References: #1222488 #1235164 #1243946
Cross-References: CVE-2024-22189 CVE-2025-297850
CVSS scores:
CVE-2024-22189 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that solves two vulnerabilities and has one
errata is now available.

Description:

This update for v2ray-core fixes the following issues:

- Update version to 5.33.0
* bump github.com/quic-go/quic-go from 0.51.0 to 0.52.0(boo#1243946 and
CVE-2025-297850)
* Update other vendor source

- Update version to 5.31.0
* Add Dns Proxy Response TTL Control
* Fix call newError Base with a nil value error
* Update vendor (boo#1235164)

- Update version to 5.29.3
* Enable restricted mode load for http protocol client
* Correctly implement QUIC sniffer when handling multiple initial packets
* Fix unreleased cache buffer in QUIC sniffing
* A temporary testing fix for the buffer corruption issue
* QUIC Sniffer Restructure

- Update version to 5.22.0
* Add packetEncoding for Hysteria
* Add ECH Client Support
* Add support for parsing some shadowsocks links
* Add Mekya Transport
* Fix bugs

- Update version to 5.18.0
* Add timeout for http request roundtripper
* Fix ss2022 auth reader size overflow
* Add pie build mode to all binary builds
* Support "services" root config in cfgv4
* packet_encoding for config v4
* add MPTCP support
* Add (Experimental) Meyka Building Blocks to request Transport
* Add timeout for http request roundtripper
* Hysteria2: Add Hysteria2 Protocol
* Add AllowInsecureIfPinnedPeerCertificate option to tls security
* Add tls certChainHash command
* add support for socket activation
* Add pprof flag for debugging
* Fix bugs

- Update version to 5.16.1
* Add Keep-Alive to removed headers

- Update version to 5.15.1
* feat: RandomStrategy AliveOnly
* Improve container image tags and timestamp
* Add delay_auth_write to Socks5 Client Advanced Config
* Add MaxMin TLS version support in TLS Setting
* feat: RandomStrategy AliveOnly
* Improve container image tags and timestamp
* Fixed an encrypted traffic's malleable vulnerability that allow
integrity corruption by an attacker with a privileged network
position to silently drop segments of traffic from an encrypted
traffic stream.
* Update documents
* Fix bugs
- Update vendor, fix CVE-2024-22189 boo#1222488

- Update version to 5.12.1
* Shadowsocks2022 Client Support
* Apply DomainStrategy to outbound target
* Add DomainStrategy to JSONv5 outbound
* Add sniffing for TUN
* Add HTTPUpgrade transport
* It is a reduced version of WebSocket Transport that can pass many
reverse proxies and CDNs without running a WebSocket protocol stack
* TUN Support
* Add uTLS support for h2 transport
* Fix bugs

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2025-323=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

v2ray-core-5.33.0-bp157.2.3.1

- openSUSE Backports SLE-15-SP7 (noarch):

golang-github-v2fly-v2ray-core-5.33.0-bp157.2.3.1

References:

https://www.suse.com/security/cve/CVE-2024-22189.html
https://www.suse.com/security/cve/CVE-2025-297850.html
https://bugzilla.suse.com/1222488
https://bugzilla.suse.com/1235164
https://bugzilla.suse.com/1243946



SUSE-SU-2025:02986-1: important: Security update for postgresql17


# Security update for postgresql17

Announcement ID: SUSE-SU-2025:02986-1
Release Date: 2025-08-26T10:41:37Z
Rating: important
References:

* bsc#1248119
* bsc#1248120
* bsc#1248122

Cross-References:

* CVE-2025-8713
* CVE-2025-8714
* CVE-2025-8715

CVSS scores:

* CVE-2025-8713 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-8713 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-8713 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-8714 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-8714 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-8714 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-8715 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-8715 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-8715 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves three vulnerabilities can now be installed.

## Description:

This update for postgresql17 fixes the following issues:

Updated to 17.6: * CVE-2025-8713: Fixed optimizer statistics exposing sampled
data within a view, partition, or child table (bsc#1248120) * CVE-2025-8714:
Fixed untrusted data inclusion in pg_dump allows superuser of origin server to
execute arbitrary code in psql client (bsc#1248122) * CVE-2025-8715: Fixed
improper neutralization of newlines in pg_dump leading to arbitrary code
execution in the psql client and in the restore target server (bsc#1248119)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2986=1 openSUSE-SLE-15.6-2025-2986=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2986=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2986=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2986=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2986=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-2986=1

* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-2986=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* postgresql17-devel-mini-17.6-150600.13.16.1
* postgresql17-plpython-17.6-150600.13.16.1
* postgresql17-llvmjit-debuginfo-17.6-150600.13.16.1
* postgresql17-plperl-17.6-150600.13.16.1
* postgresql17-debugsource-17.6-150600.13.16.1
* postgresql17-contrib-debuginfo-17.6-150600.13.16.1
* postgresql17-17.6-150600.13.16.1
* postgresql17-mini-debugsource-17.6-150600.13.16.1
* postgresql17-pltcl-17.6-150600.13.16.1
* libpq5-17.6-150600.13.16.1
* postgresql17-contrib-17.6-150600.13.16.1
* postgresql17-devel-17.6-150600.13.16.1
* postgresql17-devel-debuginfo-17.6-150600.13.16.1
* postgresql17-pltcl-debuginfo-17.6-150600.13.16.1
* postgresql17-test-17.6-150600.13.16.1
* postgresql17-plperl-debuginfo-17.6-150600.13.16.1
* postgresql17-llvmjit-17.6-150600.13.16.1
* postgresql17-plpython-debuginfo-17.6-150600.13.16.1
* postgresql17-server-17.6-150600.13.16.1
* libecpg6-debuginfo-17.6-150600.13.16.1
* postgresql17-llvmjit-devel-17.6-150600.13.16.1
* libecpg6-17.6-150600.13.16.1
* postgresql17-server-devel-17.6-150600.13.16.1
* postgresql17-server-debuginfo-17.6-150600.13.16.1
* postgresql17-devel-mini-debuginfo-17.6-150600.13.16.1
* libpq5-debuginfo-17.6-150600.13.16.1
* postgresql17-debuginfo-17.6-150600.13.16.1
* postgresql17-server-devel-debuginfo-17.6-150600.13.16.1
* openSUSE Leap 15.6 (x86_64)
* libecpg6-32bit-17.6-150600.13.16.1
* libpq5-32bit-17.6-150600.13.16.1
* libpq5-32bit-debuginfo-17.6-150600.13.16.1
* libecpg6-32bit-debuginfo-17.6-150600.13.16.1
* openSUSE Leap 15.6 (noarch)
* postgresql17-docs-17.6-150600.13.16.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libecpg6-64bit-debuginfo-17.6-150600.13.16.1
* libpq5-64bit-debuginfo-17.6-150600.13.16.1
* libpq5-64bit-17.6-150600.13.16.1
* libecpg6-64bit-17.6-150600.13.16.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql17-17.6-150600.13.16.1
* libpq5-17.6-150600.13.16.1
* libpq5-debuginfo-17.6-150600.13.16.1
* postgresql17-debuginfo-17.6-150600.13.16.1
* postgresql17-debugsource-17.6-150600.13.16.1
* Basesystem Module 15-SP6 (x86_64)
* libpq5-32bit-17.6-150600.13.16.1
* libpq5-32bit-debuginfo-17.6-150600.13.16.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* postgresql17-17.6-150600.13.16.1
* libpq5-17.6-150600.13.16.1
* libpq5-debuginfo-17.6-150600.13.16.1
* postgresql17-debuginfo-17.6-150600.13.16.1
* postgresql17-debugsource-17.6-150600.13.16.1
* Basesystem Module 15-SP7 (x86_64)
* libpq5-32bit-17.6-150600.13.16.1
* libpq5-32bit-debuginfo-17.6-150600.13.16.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql17-test-17.6-150600.13.16.1
* postgresql17-llvmjit-17.6-150600.13.16.1
* postgresql17-llvmjit-debuginfo-17.6-150600.13.16.1
* postgresql17-debuginfo-17.6-150600.13.16.1
* postgresql17-debugsource-17.6-150600.13.16.1
* postgresql17-llvmjit-devel-17.6-150600.13.16.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* postgresql17-test-17.6-150600.13.16.1
* postgresql17-llvmjit-17.6-150600.13.16.1
* postgresql17-llvmjit-debuginfo-17.6-150600.13.16.1
* postgresql17-debuginfo-17.6-150600.13.16.1
* postgresql17-debugsource-17.6-150600.13.16.1
* postgresql17-llvmjit-devel-17.6-150600.13.16.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql17-server-debuginfo-17.6-150600.13.16.1
* postgresql17-pltcl-debuginfo-17.6-150600.13.16.1
* postgresql17-plperl-debuginfo-17.6-150600.13.16.1
* postgresql17-plpython-17.6-150600.13.16.1
* postgresql17-pltcl-17.6-150600.13.16.1
* postgresql17-plperl-17.6-150600.13.16.1
* postgresql17-debuginfo-17.6-150600.13.16.1
* postgresql17-contrib-17.6-150600.13.16.1
* postgresql17-devel-17.6-150600.13.16.1
* postgresql17-plpython-debuginfo-17.6-150600.13.16.1
* postgresql17-debugsource-17.6-150600.13.16.1
* postgresql17-devel-debuginfo-17.6-150600.13.16.1
* postgresql17-server-17.6-150600.13.16.1
* postgresql17-server-devel-debuginfo-17.6-150600.13.16.1
* libecpg6-debuginfo-17.6-150600.13.16.1
* postgresql17-contrib-debuginfo-17.6-150600.13.16.1
* libecpg6-17.6-150600.13.16.1
* postgresql17-server-devel-17.6-150600.13.16.1
* Server Applications Module 15-SP6 (noarch)
* postgresql17-docs-17.6-150600.13.16.1
* Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* postgresql17-server-debuginfo-17.6-150600.13.16.1
* postgresql17-pltcl-debuginfo-17.6-150600.13.16.1
* postgresql17-plperl-debuginfo-17.6-150600.13.16.1
* postgresql17-plpython-17.6-150600.13.16.1
* postgresql17-pltcl-17.6-150600.13.16.1
* postgresql17-plperl-17.6-150600.13.16.1
* postgresql17-debuginfo-17.6-150600.13.16.1
* postgresql17-contrib-17.6-150600.13.16.1
* postgresql17-devel-17.6-150600.13.16.1
* postgresql17-plpython-debuginfo-17.6-150600.13.16.1
* postgresql17-debugsource-17.6-150600.13.16.1
* postgresql17-devel-debuginfo-17.6-150600.13.16.1
* postgresql17-server-17.6-150600.13.16.1
* postgresql17-server-devel-debuginfo-17.6-150600.13.16.1
* libecpg6-debuginfo-17.6-150600.13.16.1
* postgresql17-contrib-debuginfo-17.6-150600.13.16.1
* libecpg6-17.6-150600.13.16.1
* postgresql17-server-devel-17.6-150600.13.16.1
* Server Applications Module 15-SP7 (noarch)
* postgresql17-docs-17.6-150600.13.16.1

## References:

* https://www.suse.com/security/cve/CVE-2025-8713.html
* https://www.suse.com/security/cve/CVE-2025-8714.html
* https://www.suse.com/security/cve/CVE-2025-8715.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248119
* https://bugzilla.suse.com/show_bug.cgi?id=1248120
* https://bugzilla.suse.com/show_bug.cgi?id=1248122



openSUSE-SU-2025:15492-1: moderate: ucode-intel-20250812-1.1 on GA media


# ucode-intel-20250812-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15492-1
Rating: moderate

Cross-References:

* CVE-2025-20053
* CVE-2025-20109
* CVE-2025-22839
* CVE-2025-22840
* CVE-2025-22889
* CVE-2025-26403
* CVE-2025-32086

CVSS scores:

* CVE-2025-20053 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
* CVE-2025-20053 ( SUSE ): 7 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-20109 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-20109 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-22839 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
* CVE-2025-22839 ( SUSE ): 7.3 CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-22840 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
* CVE-2025-22840 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-22889 ( SUSE ): 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
* CVE-2025-22889 ( SUSE ): 7 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-26403 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
* CVE-2025-26403 ( SUSE ): 4.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-32086 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
* CVE-2025-32086 ( SUSE ): 4.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Tumbleweed

An update that solves 7 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the ucode-intel-20250812-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ucode-intel 20250812-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-20053.html
* https://www.suse.com/security/cve/CVE-2025-20109.html
* https://www.suse.com/security/cve/CVE-2025-22839.html
* https://www.suse.com/security/cve/CVE-2025-22840.html
* https://www.suse.com/security/cve/CVE-2025-22889.html
* https://www.suse.com/security/cve/CVE-2025-26403.html
* https://www.suse.com/security/cve/CVE-2025-32086.html



openSUSE-SU-2025:15491-1: moderate: tomcat11-11.0.10-1.1 on GA media


# tomcat11-11.0.10-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15491-1
Rating: moderate

Cross-References:

* CVE-2025-48989

CVSS scores:

* CVE-2025-48989 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-48989 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the tomcat11-11.0.10-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* tomcat11 11.0.10-1.1
* tomcat11-admin-webapps 11.0.10-1.1
* tomcat11-doc 11.0.10-1.1
* tomcat11-docs-webapp 11.0.10-1.1
* tomcat11-el-6_0-api 11.0.10-1.1
* tomcat11-embed 11.0.10-1.1
* tomcat11-jsp-4_0-api 11.0.10-1.1
* tomcat11-jsvc 11.0.10-1.1
* tomcat11-lib 11.0.10-1.1
* tomcat11-servlet-6_1-api 11.0.10-1.1
* tomcat11-webapps 11.0.10-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-48989.html



openSUSE-SU-2025:15489-1: moderate: tomcat-9.0.108-1.1 on GA media


# tomcat-9.0.108-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15489-1
Rating: moderate

Cross-References:

* CVE-2025-48989

CVSS scores:

* CVE-2025-48989 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-48989 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the tomcat-9.0.108-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* tomcat 9.0.108-1.1
* tomcat-admin-webapps 9.0.108-1.1
* tomcat-docs-webapp 9.0.108-1.1
* tomcat-el-3_0-api 9.0.108-1.1
* tomcat-embed 9.0.108-1.1
* tomcat-javadoc 9.0.108-1.1
* tomcat-jsp-2_3-api 9.0.108-1.1
* tomcat-jsvc 9.0.108-1.1
* tomcat-lib 9.0.108-1.1
* tomcat-servlet-4_0-api 9.0.108-1.1
* tomcat-webapps 9.0.108-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-48989.html



openSUSE-SU-2025:15488-1: moderate: cheat-4.4.2-2.1 on GA media


# cheat-4.4.2-2.1 on GA media

Announcement ID: openSUSE-SU-2025:15488-1
Rating: moderate

Cross-References:

* CVE-2023-48795
* CVE-2025-21613
* CVE-2025-21614
* CVE-2025-22869
* CVE-2025-22870

CVSS scores:

* CVE-2023-48795 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-21613 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22869 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22870 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-22870 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 5 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the cheat-4.4.2-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* cheat 4.4.2-2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-48795.html
* https://www.suse.com/security/cve/CVE-2025-21613.html
* https://www.suse.com/security/cve/CVE-2025-21614.html
* https://www.suse.com/security/cve/CVE-2025-22869.html
* https://www.suse.com/security/cve/CVE-2025-22870.html



openSUSE-SU-2025:15490-1: moderate: tomcat10-10.1.44-1.1 on GA media


# tomcat10-10.1.44-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15490-1
Rating: moderate

Cross-References:

* CVE-2025-48989

CVSS scores:

* CVE-2025-48989 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-48989 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the tomcat10-10.1.44-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* tomcat10 10.1.44-1.1
* tomcat10-admin-webapps 10.1.44-1.1
* tomcat10-doc 10.1.44-1.1
* tomcat10-docs-webapp 10.1.44-1.1
* tomcat10-el-5_0-api 10.1.44-1.1
* tomcat10-embed 10.1.44-1.1
* tomcat10-jsp-3_1-api 10.1.44-1.1
* tomcat10-jsvc 10.1.44-1.1
* tomcat10-lib 10.1.44-1.1
* tomcat10-servlet-6_0-api 10.1.44-1.1
* tomcat10-webapps 10.1.44-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-48989.html



SUSE-SU-2025:02988-1: moderate: Security update for govulncheck-vulndb


# Security update for govulncheck-vulndb

Announcement ID: SUSE-SU-2025:02988-1
Release Date: 2025-08-26T15:48:17Z
Rating: moderate
References:

* jsc#PED-11136

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that contains one feature can now be installed.

## Description:

This update for govulncheck-vulndb fixes the following issues:

* Update to version 0.0.20250820T174735 2025-08-20T17:47:35Z. (jsc#PED-11136)
* GO-2025-3783 GHSA-prpj-rchp-9j5h
* GO-2023-2385 GHSA-5844-q3fc-56rh
* GO-2025-3861 GHSA-cmpr-8prq-w5p5
* GO-2025-3862 GHSA-rfg4-2m63-fw2q
* GO-2025-3863 GHSA-vpcr-fqpc-386h
* GO-2025-3864 GHSA-42m6-5vm7-fjv2
* GO-2025-3865 GHSA-6ff3-jgxh-vffj
* GO-2025-3866 GHSA-gjpm-6w34-ppvf
* GO-2025-3867 GHSA-j66h-xhpr-7q5g
* GO-2025-3868 GHSA-qjrx-j8wm-xf83
* GO-2025-3869 GHSA-v6c8-g53h-mc2h
* GO-2025-3870 GHSA-vc77-c2hx-h5x2
* GO-2025-3871 GHSA-w92j-c6gr-hj8r
* GO-2025-3872 GHSA-3cg3-3mmr-w8hj
* GO-2025-3873 GHSA-jhmr-57cj-q6g9
* GO-2025-3874 GHSA-q355-h244-969h
* GO-2025-3875 GHSA-qpjq-c5hr-7925
* GO-2025-3885 GHSA-fcxq-v2r3-cc8h
* GO-2025-3886 GHSA-p3qf-84rg-jxfc
* GO-2025-3887 GHSA-9h84-qmv7-982p
* GO-2025-3888 GHSA-f9f8-9pmf-xv68
* GO-2025-3891 GHSA-wm7x-ww72-r77q

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2988=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2988=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* govulncheck-vulndb-0.0.20250820T174735-150000.1.101.1
* SUSE Package Hub 15 15-SP6 (noarch)
* govulncheck-vulndb-0.0.20250820T174735-150000.1.101.1

## References:

* https://jira.suse.com/browse/PED-11136


AIDE, Kernel, Python, and more updates for Oracle Linux

Linux Kernel, Binutils, GStreamer updates for Ubuntu

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...