Chromium, Emacs, Brise, and more updates for SUSE

SUSE 5269 Published by

SUSE Linux has issued multiple security updates, which include chromium, emacs, brise, helm, ovmf, grub2, openssh, grafana, radare2, proftpd, dcmtk, luanti, postgresql16, postgresql14, and webkit2gtk3:

openSUSE-SU-2025:0070-1: important: Security update for chromium
SUSE-SU-2025:0599-1: important: Security update for emacs
SUSE-SU-2025:0601-1: important: Security update for brise
SUSE-SU-2025:0602-1: important: Security update for helm
SUSE-SU-2025:0517-2: important: Security update for the Linux Kernel
SUSE-SU-2025:0607-1: important: Security update for grub2
SUSE-SU-2025:0605-1: moderate: Security update for openssh
SUSE-SU-2025:0609-1: important: Security update for ovmf
SUSE-SU-2025:0611-1: important: Security update for google-osconfig-agent
SUSE-SU-2025:0613-1: moderate: Security update for openssl-1_1
SUSE-SU-2025:0608-1: important: Security update for ovmf
SUSE-SU-2025:0616-1: important: Security update for postgresql17
SUSE-SU-2025:0614-1: important: Security update for postgresql15
SUSE-SU-2025:0623-1: important: Security update for grafana
openSUSE-SU-2025:0072-1: moderate: Security update for radare2
openSUSE-SU-2025:14824-1: moderate: java-23-openjdk-23.0.2.0-1.1 on GA media
openSUSE-SU-2025:14827-1: moderate: proftpd-1.3.8c-2.1 on GA media
openSUSE-SU-2025:14828-1: moderate: radare2-5.9.8-2.1 on GA media
openSUSE-SU-2025:14823-1: moderate: dcmtk-3.6.9-2.1 on GA media
openSUSE-SU-2025:14825-1: moderate: luanti-5.11.0-1.1 on GA media
SUSE-SU-2025:0635-1: important: Security update for postgresql16
SUSE-SU-2025:0631-1: important: Security update for postgresql14
SUSE-SU-2025:0638-1: important: Security update for webkit2gtk3




openSUSE-SU-2025:0070-1: important: Security update for chromium


openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2025:0070-1
Rating: important
References: #1237071 #1237343
Cross-References: CVE-2025-0999 CVE-2025-1006 CVE-2025-1426

Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Chromium 133.0.6943.126 (boo#1237343)

- CVE-2025-0999: Heap buffer overflow in V8
- CVE-2025-1426: Heap buffer overflow in GPU
- CVE-2025-1006: Use after free in Network

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-70=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 x86_64):

chromedriver-133.0.6943.126-bp156.2.84.1
chromium-133.0.6943.126-bp156.2.84.1

References:

https://www.suse.com/security/cve/CVE-2025-0999.html
https://www.suse.com/security/cve/CVE-2025-1006.html
https://www.suse.com/security/cve/CVE-2025-1426.html
https://bugzilla.suse.com/1237071
https://bugzilla.suse.com/1237343



SUSE-SU-2025:0599-1: important: Security update for emacs


# Security update for emacs

Announcement ID: SUSE-SU-2025:0599-1
Release Date: 2025-02-19T16:09:36Z
Rating: important
References:

* bsc#1237091

Cross-References:

* CVE-2025-1244

CVSS scores:

* CVE-2025-1244 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-1244 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1244 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* Desktop Applications Module 15-SP6
* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for emacs fixes the following issues:

* CVE-2025-1244: improper handling of custom "man" URI schemes allow for shell
command injections. (bsc#1237091)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-599=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-599=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-599=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-599=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-599=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-599=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-599=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-599=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-599=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-599=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-599=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-599=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-599=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-599=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-599=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* emacs-nox-debuginfo-27.2-150400.3.23.2
* emacs-x11-27.2-150400.3.23.2
* emacs-debugsource-27.2-150400.3.23.2
* etags-27.2-150400.3.23.2
* emacs-x11-debuginfo-27.2-150400.3.23.2
* emacs-debuginfo-27.2-150400.3.23.2
* etags-debuginfo-27.2-150400.3.23.2
* emacs-27.2-150400.3.23.2
* emacs-nox-27.2-150400.3.23.2
* openSUSE Leap 15.4 (noarch)
* emacs-el-27.2-150400.3.23.2
* emacs-info-27.2-150400.3.23.2
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* emacs-nox-debuginfo-27.2-150400.3.23.2
* emacs-x11-27.2-150400.3.23.2
* emacs-debugsource-27.2-150400.3.23.2
* etags-27.2-150400.3.23.2
* emacs-x11-debuginfo-27.2-150400.3.23.2
* emacs-debuginfo-27.2-150400.3.23.2
* etags-debuginfo-27.2-150400.3.23.2
* emacs-27.2-150400.3.23.2
* emacs-nox-27.2-150400.3.23.2
* openSUSE Leap 15.6 (noarch)
* emacs-el-27.2-150400.3.23.2
* emacs-info-27.2-150400.3.23.2
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* emacs-nox-debuginfo-27.2-150400.3.23.2
* emacs-debugsource-27.2-150400.3.23.2
* etags-27.2-150400.3.23.2
* emacs-debuginfo-27.2-150400.3.23.2
* etags-debuginfo-27.2-150400.3.23.2
* emacs-27.2-150400.3.23.2
* emacs-nox-27.2-150400.3.23.2
* Basesystem Module 15-SP6 (noarch)
* emacs-el-27.2-150400.3.23.2
* emacs-info-27.2-150400.3.23.2
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* emacs-x11-27.2-150400.3.23.2
* emacs-x11-debuginfo-27.2-150400.3.23.2
* emacs-debugsource-27.2-150400.3.23.2
* emacs-debuginfo-27.2-150400.3.23.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* emacs-nox-debuginfo-27.2-150400.3.23.2
* emacs-x11-27.2-150400.3.23.2
* emacs-debugsource-27.2-150400.3.23.2
* etags-27.2-150400.3.23.2
* emacs-x11-debuginfo-27.2-150400.3.23.2
* emacs-debuginfo-27.2-150400.3.23.2
* etags-debuginfo-27.2-150400.3.23.2
* emacs-27.2-150400.3.23.2
* emacs-nox-27.2-150400.3.23.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* emacs-el-27.2-150400.3.23.2
* emacs-info-27.2-150400.3.23.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* emacs-nox-debuginfo-27.2-150400.3.23.2
* emacs-x11-27.2-150400.3.23.2
* emacs-debugsource-27.2-150400.3.23.2
* etags-27.2-150400.3.23.2
* emacs-x11-debuginfo-27.2-150400.3.23.2
* emacs-debuginfo-27.2-150400.3.23.2
* etags-debuginfo-27.2-150400.3.23.2
* emacs-27.2-150400.3.23.2
* emacs-nox-27.2-150400.3.23.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* emacs-el-27.2-150400.3.23.2
* emacs-info-27.2-150400.3.23.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* emacs-nox-debuginfo-27.2-150400.3.23.2
* emacs-x11-27.2-150400.3.23.2
* emacs-debugsource-27.2-150400.3.23.2
* etags-27.2-150400.3.23.2
* emacs-x11-debuginfo-27.2-150400.3.23.2
* emacs-debuginfo-27.2-150400.3.23.2
* etags-debuginfo-27.2-150400.3.23.2
* emacs-27.2-150400.3.23.2
* emacs-nox-27.2-150400.3.23.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* emacs-el-27.2-150400.3.23.2
* emacs-info-27.2-150400.3.23.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* emacs-nox-debuginfo-27.2-150400.3.23.2
* emacs-x11-27.2-150400.3.23.2
* emacs-debugsource-27.2-150400.3.23.2
* etags-27.2-150400.3.23.2
* emacs-x11-debuginfo-27.2-150400.3.23.2
* emacs-debuginfo-27.2-150400.3.23.2
* etags-debuginfo-27.2-150400.3.23.2
* emacs-27.2-150400.3.23.2
* emacs-nox-27.2-150400.3.23.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* emacs-el-27.2-150400.3.23.2
* emacs-info-27.2-150400.3.23.2
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* emacs-nox-debuginfo-27.2-150400.3.23.2
* emacs-x11-27.2-150400.3.23.2
* emacs-debugsource-27.2-150400.3.23.2
* etags-27.2-150400.3.23.2
* emacs-x11-debuginfo-27.2-150400.3.23.2
* emacs-debuginfo-27.2-150400.3.23.2
* etags-debuginfo-27.2-150400.3.23.2
* emacs-27.2-150400.3.23.2
* emacs-nox-27.2-150400.3.23.2
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* emacs-el-27.2-150400.3.23.2
* emacs-info-27.2-150400.3.23.2
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* emacs-nox-debuginfo-27.2-150400.3.23.2
* emacs-x11-27.2-150400.3.23.2
* emacs-debugsource-27.2-150400.3.23.2
* etags-27.2-150400.3.23.2
* emacs-x11-debuginfo-27.2-150400.3.23.2
* emacs-debuginfo-27.2-150400.3.23.2
* etags-debuginfo-27.2-150400.3.23.2
* emacs-27.2-150400.3.23.2
* emacs-nox-27.2-150400.3.23.2
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* emacs-el-27.2-150400.3.23.2
* emacs-info-27.2-150400.3.23.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* emacs-nox-debuginfo-27.2-150400.3.23.2
* emacs-x11-27.2-150400.3.23.2
* emacs-debugsource-27.2-150400.3.23.2
* etags-27.2-150400.3.23.2
* emacs-x11-debuginfo-27.2-150400.3.23.2
* emacs-debuginfo-27.2-150400.3.23.2
* etags-debuginfo-27.2-150400.3.23.2
* emacs-27.2-150400.3.23.2
* emacs-nox-27.2-150400.3.23.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* emacs-el-27.2-150400.3.23.2
* emacs-info-27.2-150400.3.23.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* emacs-nox-debuginfo-27.2-150400.3.23.2
* emacs-x11-27.2-150400.3.23.2
* emacs-debugsource-27.2-150400.3.23.2
* etags-27.2-150400.3.23.2
* emacs-x11-debuginfo-27.2-150400.3.23.2
* emacs-debuginfo-27.2-150400.3.23.2
* etags-debuginfo-27.2-150400.3.23.2
* emacs-27.2-150400.3.23.2
* emacs-nox-27.2-150400.3.23.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* emacs-el-27.2-150400.3.23.2
* emacs-info-27.2-150400.3.23.2
* SUSE Manager Proxy 4.3 (x86_64)
* emacs-nox-debuginfo-27.2-150400.3.23.2
* emacs-debugsource-27.2-150400.3.23.2
* etags-27.2-150400.3.23.2
* emacs-debuginfo-27.2-150400.3.23.2
* etags-debuginfo-27.2-150400.3.23.2
* emacs-27.2-150400.3.23.2
* emacs-nox-27.2-150400.3.23.2
* SUSE Manager Proxy 4.3 (noarch)
* emacs-el-27.2-150400.3.23.2
* emacs-info-27.2-150400.3.23.2
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* emacs-nox-debuginfo-27.2-150400.3.23.2
* emacs-debugsource-27.2-150400.3.23.2
* etags-27.2-150400.3.23.2
* emacs-debuginfo-27.2-150400.3.23.2
* etags-debuginfo-27.2-150400.3.23.2
* emacs-27.2-150400.3.23.2
* emacs-nox-27.2-150400.3.23.2
* SUSE Manager Retail Branch Server 4.3 (noarch)
* emacs-el-27.2-150400.3.23.2
* emacs-info-27.2-150400.3.23.2
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* emacs-nox-debuginfo-27.2-150400.3.23.2
* emacs-debugsource-27.2-150400.3.23.2
* etags-27.2-150400.3.23.2
* emacs-debuginfo-27.2-150400.3.23.2
* etags-debuginfo-27.2-150400.3.23.2
* emacs-27.2-150400.3.23.2
* emacs-nox-27.2-150400.3.23.2
* SUSE Manager Server 4.3 (noarch)
* emacs-el-27.2-150400.3.23.2
* emacs-info-27.2-150400.3.23.2

## References:

* https://www.suse.com/security/cve/CVE-2025-1244.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237091



SUSE-SU-2025:0601-1: important: Security update for brise


# Security update for brise

Announcement ID: SUSE-SU-2025:0601-1
Release Date: 2025-02-20T09:14:15Z
Rating: important
References:

* bsc#1234597
* bsc#1235573

Cross-References:

* CVE-2024-45337
* CVE-2025-21613

CVSS scores:

* CVE-2024-45337 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45337 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-21613 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21613 ( NVD ): 9.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear
* CVE-2025-21613 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Desktop Applications Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for brise fixes the following issues:

* CVE-2025-21613: Fixed argument injection via the URL field (bsc#1235573).
* CVE-2024-45337: Fixed authorization bypass in golang.org/x/crypto via the
ServerConfig.PublicKeyCallback callback (bsc#1234597).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-601=1 SUSE-2025-601=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-601=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* rime-schema-soutzoe-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-emoji-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-bopomofo-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-wugniu-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-luna-pinyin-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-wubi-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-stenotype-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-pinyin-simp-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-terra-pinyin-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-cantonese-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-default-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-quick-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-custom-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-essay-simp-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-essay-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-ipa-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-scj-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-all-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-double-pinyin-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-array-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-combo-pinyin-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-middle-chinese-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-prelude-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-cangjie-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-stroke-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-extra-20230603+git.5fdd2d6-150600.3.8.1
* Desktop Applications Module 15-SP6 (noarch)
* rime-schema-soutzoe-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-emoji-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-bopomofo-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-wugniu-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-luna-pinyin-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-wubi-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-stenotype-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-pinyin-simp-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-terra-pinyin-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-cantonese-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-default-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-quick-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-custom-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-essay-simp-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-essay-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-ipa-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-scj-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-all-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-double-pinyin-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-array-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-combo-pinyin-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-middle-chinese-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-prelude-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-cangjie-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-stroke-20230603+git.5fdd2d6-150600.3.8.1
* rime-schema-extra-20230603+git.5fdd2d6-150600.3.8.1

## References:

* https://www.suse.com/security/cve/CVE-2024-45337.html
* https://www.suse.com/security/cve/CVE-2025-21613.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234597
* https://bugzilla.suse.com/show_bug.cgi?id=1235573



SUSE-SU-2025:0602-1: important: Security update for helm


# Security update for helm

Announcement ID: SUSE-SU-2025:0602-1
Release Date: 2025-02-20T09:16:12Z
Rating: important
References:

* bsc#1234482
* bsc#1235318

Cross-References:

* CVE-2024-45337
* CVE-2024-45338

CVSS scores:

* CVE-2024-45337 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45337 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-45338 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-45338 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-45338 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* Containers Module 15-SP6
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for helm fixes the following issues:

Update to version 3.17.1:

* CVE-2024-45338: Fixed denial of service due to non-linear parsing of case-
insensitive content (bsc#1235318).
* CVE-2024-45337: Fixed misuse of ServerConfig.PublicKeyCallback to prevent
authorization bypass in golang.org/x/crypto (bsc#1234482).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-602=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-602=1

* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-602=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-602=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-602=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-602=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-602=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-602=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-602=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-602=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-602=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-602=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-602=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-602=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-602=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-602=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* helm-3.17.1-150000.1.41.1
* helm-debuginfo-3.17.1-150000.1.41.1
* openSUSE Leap 15.6 (noarch)
* helm-bash-completion-3.17.1-150000.1.41.1
* helm-fish-completion-3.17.1-150000.1.41.1
* helm-zsh-completion-3.17.1-150000.1.41.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* helm-3.17.1-150000.1.41.1
* helm-debuginfo-3.17.1-150000.1.41.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* helm-bash-completion-3.17.1-150000.1.41.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* helm-3.17.1-150000.1.41.1
* helm-debuginfo-3.17.1-150000.1.41.1
* Containers Module 15-SP6 (noarch)
* helm-bash-completion-3.17.1-150000.1.41.1
* helm-zsh-completion-3.17.1-150000.1.41.1
* SUSE Package Hub 15 15-SP6 (noarch)
* helm-fish-completion-3.17.1-150000.1.41.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* helm-3.17.1-150000.1.41.1
* helm-debuginfo-3.17.1-150000.1.41.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* helm-bash-completion-3.17.1-150000.1.41.1
* helm-zsh-completion-3.17.1-150000.1.41.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* helm-3.17.1-150000.1.41.1
* helm-debuginfo-3.17.1-150000.1.41.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* helm-bash-completion-3.17.1-150000.1.41.1
* helm-zsh-completion-3.17.1-150000.1.41.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* helm-3.17.1-150000.1.41.1
* helm-debuginfo-3.17.1-150000.1.41.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* helm-bash-completion-3.17.1-150000.1.41.1
* helm-zsh-completion-3.17.1-150000.1.41.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* helm-3.17.1-150000.1.41.1
* helm-debuginfo-3.17.1-150000.1.41.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* helm-bash-completion-3.17.1-150000.1.41.1
* helm-zsh-completion-3.17.1-150000.1.41.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* helm-3.17.1-150000.1.41.1
* helm-debuginfo-3.17.1-150000.1.41.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* helm-bash-completion-3.17.1-150000.1.41.1
* helm-zsh-completion-3.17.1-150000.1.41.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* helm-3.17.1-150000.1.41.1
* helm-debuginfo-3.17.1-150000.1.41.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* helm-bash-completion-3.17.1-150000.1.41.1
* helm-zsh-completion-3.17.1-150000.1.41.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* helm-3.17.1-150000.1.41.1
* helm-debuginfo-3.17.1-150000.1.41.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* helm-bash-completion-3.17.1-150000.1.41.1
* helm-zsh-completion-3.17.1-150000.1.41.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* helm-3.17.1-150000.1.41.1
* helm-debuginfo-3.17.1-150000.1.41.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* helm-bash-completion-3.17.1-150000.1.41.1
* helm-zsh-completion-3.17.1-150000.1.41.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* helm-3.17.1-150000.1.41.1
* helm-debuginfo-3.17.1-150000.1.41.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* helm-bash-completion-3.17.1-150000.1.41.1
* helm-zsh-completion-3.17.1-150000.1.41.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* helm-3.17.1-150000.1.41.1
* helm-debuginfo-3.17.1-150000.1.41.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* helm-bash-completion-3.17.1-150000.1.41.1
* helm-zsh-completion-3.17.1-150000.1.41.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* helm-3.17.1-150000.1.41.1
* helm-debuginfo-3.17.1-150000.1.41.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* helm-bash-completion-3.17.1-150000.1.41.1
* helm-zsh-completion-3.17.1-150000.1.41.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* helm-3.17.1-150000.1.41.1
* helm-debuginfo-3.17.1-150000.1.41.1
* SUSE Enterprise Storage 7.1 (noarch)
* helm-bash-completion-3.17.1-150000.1.41.1
* helm-zsh-completion-3.17.1-150000.1.41.1

## References:

* https://www.suse.com/security/cve/CVE-2024-45337.html
* https://www.suse.com/security/cve/CVE-2024-45338.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234482
* https://bugzilla.suse.com/show_bug.cgi?id=1235318



SUSE-SU-2025:0517-2: important: Security update for the Linux Kernel


# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2025:0517-2
Release Date: 2025-02-20T12:33:01Z
Rating: important
References:

* bsc#1215420
* bsc#1224763
* bsc#1231847
* bsc#1233112
* bsc#1234025
* bsc#1235217
* bsc#1235230
* bsc#1235249
* bsc#1235430
* bsc#1235441
* bsc#1235466
* bsc#1235645
* bsc#1235759
* bsc#1235814
* bsc#1235818
* bsc#1235920
* bsc#1236104

Cross-References:

* CVE-2023-4244
* CVE-2023-52923
* CVE-2024-35863
* CVE-2024-50199
* CVE-2024-53104
* CVE-2024-56600
* CVE-2024-56601
* CVE-2024-56623
* CVE-2024-56650
* CVE-2024-56658
* CVE-2024-56664
* CVE-2024-56759
* CVE-2024-57791
* CVE-2024-57798
* CVE-2024-57849
* CVE-2024-57893

CVSS scores:

* CVE-2023-4244 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52923 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-52923 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35863 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50199 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53104 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56600 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56600 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56600 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56600 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56601 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56601 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56601 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56601 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56623 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56623 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56623 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56650 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-56658 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56658 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56658 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56664 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56759 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56759 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56759 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56759 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57791 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57791 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-57798 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57798 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57798 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57849 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57849 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Availability Extension 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 Business Critical Linux
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Manager Proxy 4.2
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Server 4.2

An update that solves 16 vulnerabilities and has one security fix can now be
installed.

## Description:

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security
bugfixes.

NOTE: This update was retracted due to a regression in NFS.

The following security bugs were fixed:

* CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break()
(bsc#1224763).
* CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
* CVE-2024-53104: media: uvcvideo: Skip parsing frames of type
UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
* CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in
inet6_create() (bsc#1235217).
* CVE-2024-56601: net: inet: do not leave a dangling sk pointer in
inet_create() (bsc#1235230).
* CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466).
* CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check()
(bsc#1235430).
* CVE-2024-56658: net: defer final 'struct net' free in netns dismantle
(bsc#1235441).
* CVE-2024-56664: bpf, sockmap: Fix race between element replace and close()
(bsc#1235249).
* CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing
is enabled (bsc#1235645).
* CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining
clc data (bsc#1235759).
* CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in
drm_dp_mst_handle_up_req() (bsc#1235818).
* CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling
(bsc#1235814).
* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235920).

The following non-security bugs were fixed:

* NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847).
* NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847).
* NFS: Improve heuristic for readdirplus (bsc#1231847).
* NFS: Reduce readdir stack usage (bsc#1231847).
* NFS: Trigger the "ls -l" readdir heuristic sooner (bsc#1231847).
* NFS: Use kmemdup_nul() in nfs_readdir_make_qstr() (bsc#1231847).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-517=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-517=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-517=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-517=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-517=1

* SUSE Linux Enterprise High Availability Extension 15 SP3
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2025-517=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-517=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-517=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-517=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-517=1

## Package List:

* SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.3.18-150300.59.191.1
* kernel-default-base-5.3.18-150300.59.191.1.150300.18.113.1
* kernel-default-debugsource-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.191.1.150300.18.113.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.3.18-150300.59.191.1
* kernel-default-debugsource-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.191.1.150300.18.113.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.3.18-150300.59.191.1
* kernel-default-debugsource-5.3.18-150300.59.191.1
* openSUSE Leap 15.3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.191.1
* openSUSE Leap 15.3 (noarch)
* kernel-macros-5.3.18-150300.59.191.1
* kernel-source-5.3.18-150300.59.191.1
* kernel-docs-html-5.3.18-150300.59.191.1
* kernel-source-vanilla-5.3.18-150300.59.191.1
* kernel-devel-5.3.18-150300.59.191.1
* openSUSE Leap 15.3 (nosrc ppc64le x86_64)
* kernel-debug-5.3.18-150300.59.191.1
* kernel-kvmsmall-5.3.18-150300.59.191.1
* openSUSE Leap 15.3 (ppc64le x86_64)
* kernel-debug-devel-debuginfo-5.3.18-150300.59.191.1
* kernel-debug-debugsource-5.3.18-150300.59.191.1
* kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.191.1
* kernel-kvmsmall-devel-5.3.18-150300.59.191.1
* kernel-kvmsmall-debugsource-5.3.18-150300.59.191.1
* kernel-debug-devel-5.3.18-150300.59.191.1
* kernel-debug-debuginfo-5.3.18-150300.59.191.1
* kernel-kvmsmall-debuginfo-5.3.18-150300.59.191.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64)
* kernel-default-optional-5.3.18-150300.59.191.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.191.1
* cluster-md-kmp-default-debuginfo-5.3.18-150300.59.191.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.191.1
* kernel-default-livepatch-5.3.18-150300.59.191.1
* kernel-default-optional-debuginfo-5.3.18-150300.59.191.1
* kernel-syms-5.3.18-150300.59.191.1
* kernel-obs-build-5.3.18-150300.59.191.1
* ocfs2-kmp-default-5.3.18-150300.59.191.1
* gfs2-kmp-default-debuginfo-5.3.18-150300.59.191.1
* kernel-default-devel-5.3.18-150300.59.191.1
* kernel-obs-qa-5.3.18-150300.59.191.1
* kernel-default-base-5.3.18-150300.59.191.1.150300.18.113.1
* gfs2-kmp-default-5.3.18-150300.59.191.1
* dlm-kmp-default-5.3.18-150300.59.191.1
* kselftests-kmp-default-debuginfo-5.3.18-150300.59.191.1
* ocfs2-kmp-default-debuginfo-5.3.18-150300.59.191.1
* kernel-default-debuginfo-5.3.18-150300.59.191.1
* kernel-default-base-rebuild-5.3.18-150300.59.191.1.150300.18.113.1
* kernel-default-extra-debuginfo-5.3.18-150300.59.191.1
* reiserfs-kmp-default-5.3.18-150300.59.191.1
* kernel-default-debugsource-5.3.18-150300.59.191.1
* kernel-default-extra-5.3.18-150300.59.191.1
* dlm-kmp-default-debuginfo-5.3.18-150300.59.191.1
* cluster-md-kmp-default-5.3.18-150300.59.191.1
* kselftests-kmp-default-5.3.18-150300.59.191.1
* kernel-obs-build-debugsource-5.3.18-150300.59.191.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.3.18-150300.59.191.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-default-livepatch-devel-5.3.18-150300.59.191.1
* kernel-livepatch-5_3_18-150300_59_191-default-debuginfo-1-150300.7.3.1
* kernel-livepatch-SLE15-SP3_Update_53-debugsource-1-150300.7.3.1
* kernel-livepatch-5_3_18-150300_59_191-default-1-150300.7.3.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_191-preempt-1-150300.7.3.1
* kernel-livepatch-5_3_18-150300_59_191-preempt-debuginfo-1-150300.7.3.1
* openSUSE Leap 15.3 (aarch64 x86_64)
* cluster-md-kmp-preempt-5.3.18-150300.59.191.1
* dlm-kmp-preempt-5.3.18-150300.59.191.1
* reiserfs-kmp-preempt-5.3.18-150300.59.191.1
* kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.191.1
* kernel-preempt-optional-debuginfo-5.3.18-150300.59.191.1
* dlm-kmp-preempt-debuginfo-5.3.18-150300.59.191.1
* cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.191.1
* kernel-preempt-debugsource-5.3.18-150300.59.191.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.191.1
* kselftests-kmp-preempt-5.3.18-150300.59.191.1
* gfs2-kmp-preempt-5.3.18-150300.59.191.1
* kernel-preempt-extra-debuginfo-5.3.18-150300.59.191.1
* gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.191.1
* kernel-preempt-optional-5.3.18-150300.59.191.1
* ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.191.1
* ocfs2-kmp-preempt-5.3.18-150300.59.191.1
* reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.191.1
* kernel-preempt-debuginfo-5.3.18-150300.59.191.1
* kernel-preempt-extra-5.3.18-150300.59.191.1
* kernel-preempt-devel-5.3.18-150300.59.191.1
* openSUSE Leap 15.3 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.191.1
* openSUSE Leap 15.3 (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.191.1
* openSUSE Leap 15.3 (s390x)
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.191.1
* kernel-zfcpdump-debugsource-5.3.18-150300.59.191.1
* openSUSE Leap 15.3 (nosrc)
* dtb-aarch64-5.3.18-150300.59.191.1
* openSUSE Leap 15.3 (aarch64)
* dtb-lg-5.3.18-150300.59.191.1
* dtb-hisilicon-5.3.18-150300.59.191.1
* dtb-rockchip-5.3.18-150300.59.191.1
* dtb-cavium-5.3.18-150300.59.191.1
* reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.191.1
* kernel-64kb-extra-5.3.18-150300.59.191.1
* cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.191.1
* dtb-arm-5.3.18-150300.59.191.1
* dtb-allwinner-5.3.18-150300.59.191.1
* dtb-mediatek-5.3.18-150300.59.191.1
* dtb-amd-5.3.18-150300.59.191.1
* dtb-nvidia-5.3.18-150300.59.191.1
* kernel-64kb-debuginfo-5.3.18-150300.59.191.1
* reiserfs-kmp-64kb-5.3.18-150300.59.191.1
* dtb-exynos-5.3.18-150300.59.191.1
* ocfs2-kmp-64kb-5.3.18-150300.59.191.1
* dtb-freescale-5.3.18-150300.59.191.1
* dtb-sprd-5.3.18-150300.59.191.1
* dtb-zte-5.3.18-150300.59.191.1
* kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.191.1
* dtb-xilinx-5.3.18-150300.59.191.1
* dtb-broadcom-5.3.18-150300.59.191.1
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.191.1
* dlm-kmp-64kb-5.3.18-150300.59.191.1
* dlm-kmp-64kb-debuginfo-5.3.18-150300.59.191.1
* dtb-altera-5.3.18-150300.59.191.1
* kernel-64kb-optional-5.3.18-150300.59.191.1
* dtb-socionext-5.3.18-150300.59.191.1
* dtb-amlogic-5.3.18-150300.59.191.1
* dtb-apm-5.3.18-150300.59.191.1
* dtb-al-5.3.18-150300.59.191.1
* kernel-64kb-extra-debuginfo-5.3.18-150300.59.191.1
* gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.191.1
* kernel-64kb-optional-debuginfo-5.3.18-150300.59.191.1
* dtb-qcom-5.3.18-150300.59.191.1
* kernel-64kb-devel-5.3.18-150300.59.191.1
* dtb-marvell-5.3.18-150300.59.191.1
* kselftests-kmp-64kb-5.3.18-150300.59.191.1
* cluster-md-kmp-64kb-5.3.18-150300.59.191.1
* gfs2-kmp-64kb-5.3.18-150300.59.191.1
* kernel-64kb-debugsource-5.3.18-150300.59.191.1
* ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.191.1
* dtb-renesas-5.3.18-150300.59.191.1
* openSUSE Leap 15.3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Live Patching 15-SP3 (nosrc)
* kernel-default-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_191-default-1-150300.7.3.1
* kernel-default-debuginfo-5.3.18-150300.59.191.1
* kernel-default-livepatch-devel-5.3.18-150300.59.191.1
* kernel-default-debugsource-5.3.18-150300.59.191.1
* kernel-default-livepatch-5.3.18-150300.59.191.1
* SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le
s390x x86_64)
* ocfs2-kmp-default-5.3.18-150300.59.191.1
* ocfs2-kmp-default-debuginfo-5.3.18-150300.59.191.1
* gfs2-kmp-default-debuginfo-5.3.18-150300.59.191.1
* cluster-md-kmp-default-debuginfo-5.3.18-150300.59.191.1
* dlm-kmp-default-debuginfo-5.3.18-150300.59.191.1
* kernel-default-debuginfo-5.3.18-150300.59.191.1
* cluster-md-kmp-default-5.3.18-150300.59.191.1
* kernel-default-debugsource-5.3.18-150300.59.191.1
* gfs2-kmp-default-5.3.18-150300.59.191.1
* dlm-kmp-default-5.3.18-150300.59.191.1
* SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc)
* kernel-default-5.3.18-150300.59.191.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.191.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64)
* kernel-64kb-devel-5.3.18-150300.59.191.1
* kernel-64kb-debugsource-5.3.18-150300.59.191.1
* kernel-64kb-debuginfo-5.3.18-150300.59.191.1
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.191.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc
x86_64)
* kernel-default-5.3.18-150300.59.191.1
* kernel-preempt-5.3.18-150300.59.191.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.191.1
* kernel-default-debuginfo-5.3.18-150300.59.191.1
* kernel-preempt-debugsource-5.3.18-150300.59.191.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.191.1
* kernel-default-devel-5.3.18-150300.59.191.1
* reiserfs-kmp-default-5.3.18-150300.59.191.1
* kernel-default-debugsource-5.3.18-150300.59.191.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.191.1
* kernel-preempt-debuginfo-5.3.18-150300.59.191.1
* kernel-default-base-5.3.18-150300.59.191.1.150300.18.113.1
* kernel-obs-build-debugsource-5.3.18-150300.59.191.1
* kernel-syms-5.3.18-150300.59.191.1
* kernel-obs-build-5.3.18-150300.59.191.1
* kernel-preempt-devel-5.3.18-150300.59.191.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* kernel-devel-5.3.18-150300.59.191.1
* kernel-source-5.3.18-150300.59.191.1
* kernel-macros-5.3.18-150300.59.191.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64)
* kernel-64kb-devel-5.3.18-150300.59.191.1
* kernel-64kb-debugsource-5.3.18-150300.59.191.1
* kernel-64kb-debuginfo-5.3.18-150300.59.191.1
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64
nosrc)
* kernel-default-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.191.1
* kernel-default-debuginfo-5.3.18-150300.59.191.1
* kernel-default-devel-5.3.18-150300.59.191.1
* reiserfs-kmp-default-5.3.18-150300.59.191.1
* kernel-default-debugsource-5.3.18-150300.59.191.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.191.1
* kernel-default-base-5.3.18-150300.59.191.1.150300.18.113.1
* kernel-obs-build-debugsource-5.3.18-150300.59.191.1
* kernel-syms-5.3.18-150300.59.191.1
* kernel-obs-build-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* kernel-devel-5.3.18-150300.59.191.1
* kernel-source-5.3.18-150300.59.191.1
* kernel-macros-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch nosrc)
* kernel-docs-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 x86_64)
* kernel-preempt-debugsource-5.3.18-150300.59.191.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.191.1
* kernel-preempt-debuginfo-5.3.18-150300.59.191.1
* kernel-preempt-devel-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (s390x)
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.191.1
* kernel-zfcpdump-debugsource-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le
x86_64)
* kernel-default-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.191.1
* kernel-default-debuginfo-5.3.18-150300.59.191.1
* kernel-default-devel-5.3.18-150300.59.191.1
* reiserfs-kmp-default-5.3.18-150300.59.191.1
* kernel-default-debugsource-5.3.18-150300.59.191.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.191.1
* kernel-default-base-5.3.18-150300.59.191.1.150300.18.113.1
* kernel-obs-build-debugsource-5.3.18-150300.59.191.1
* kernel-syms-5.3.18-150300.59.191.1
* kernel-obs-build-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* kernel-devel-5.3.18-150300.59.191.1
* kernel-source-5.3.18-150300.59.191.1
* kernel-macros-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.191.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* kernel-preempt-debugsource-5.3.18-150300.59.191.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.191.1
* kernel-preempt-debuginfo-5.3.18-150300.59.191.1
* kernel-preempt-devel-5.3.18-150300.59.191.1
* SUSE Enterprise Storage 7.1 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.191.1
* SUSE Enterprise Storage 7.1 (aarch64)
* kernel-64kb-devel-5.3.18-150300.59.191.1
* kernel-64kb-debugsource-5.3.18-150300.59.191.1
* kernel-64kb-debuginfo-5.3.18-150300.59.191.1
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.191.1
* SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64)
* kernel-default-5.3.18-150300.59.191.1
* kernel-preempt-5.3.18-150300.59.191.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.191.1
* kernel-default-debuginfo-5.3.18-150300.59.191.1
* kernel-preempt-debugsource-5.3.18-150300.59.191.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.191.1
* kernel-default-devel-5.3.18-150300.59.191.1
* reiserfs-kmp-default-5.3.18-150300.59.191.1
* kernel-default-debugsource-5.3.18-150300.59.191.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.191.1
* kernel-preempt-debuginfo-5.3.18-150300.59.191.1
* kernel-default-base-5.3.18-150300.59.191.1.150300.18.113.1
* kernel-obs-build-debugsource-5.3.18-150300.59.191.1
* kernel-syms-5.3.18-150300.59.191.1
* kernel-obs-build-5.3.18-150300.59.191.1
* kernel-preempt-devel-5.3.18-150300.59.191.1
* SUSE Enterprise Storage 7.1 (noarch)
* kernel-devel-5.3.18-150300.59.191.1
* kernel-source-5.3.18-150300.59.191.1
* kernel-macros-5.3.18-150300.59.191.1
* SUSE Enterprise Storage 7.1 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.191.1

## References:

* https://www.suse.com/security/cve/CVE-2023-4244.html
* https://www.suse.com/security/cve/CVE-2023-52923.html
* https://www.suse.com/security/cve/CVE-2024-35863.html
* https://www.suse.com/security/cve/CVE-2024-50199.html
* https://www.suse.com/security/cve/CVE-2024-53104.html
* https://www.suse.com/security/cve/CVE-2024-56600.html
* https://www.suse.com/security/cve/CVE-2024-56601.html
* https://www.suse.com/security/cve/CVE-2024-56623.html
* https://www.suse.com/security/cve/CVE-2024-56650.html
* https://www.suse.com/security/cve/CVE-2024-56658.html
* https://www.suse.com/security/cve/CVE-2024-56664.html
* https://www.suse.com/security/cve/CVE-2024-56759.html
* https://www.suse.com/security/cve/CVE-2024-57791.html
* https://www.suse.com/security/cve/CVE-2024-57798.html
* https://www.suse.com/security/cve/CVE-2024-57849.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215420
* https://bugzilla.suse.com/show_bug.cgi?id=1224763
* https://bugzilla.suse.com/show_bug.cgi?id=1231847
* https://bugzilla.suse.com/show_bug.cgi?id=1233112
* https://bugzilla.suse.com/show_bug.cgi?id=1234025
* https://bugzilla.suse.com/show_bug.cgi?id=1235217
* https://bugzilla.suse.com/show_bug.cgi?id=1235230
* https://bugzilla.suse.com/show_bug.cgi?id=1235249
* https://bugzilla.suse.com/show_bug.cgi?id=1235430
* https://bugzilla.suse.com/show_bug.cgi?id=1235441
* https://bugzilla.suse.com/show_bug.cgi?id=1235466
* https://bugzilla.suse.com/show_bug.cgi?id=1235645
* https://bugzilla.suse.com/show_bug.cgi?id=1235759
* https://bugzilla.suse.com/show_bug.cgi?id=1235814
* https://bugzilla.suse.com/show_bug.cgi?id=1235818
* https://bugzilla.suse.com/show_bug.cgi?id=1235920
* https://bugzilla.suse.com/show_bug.cgi?id=1236104



SUSE-SU-2025:0607-1: important: Security update for grub2


# Security update for grub2

Announcement ID: SUSE-SU-2025:0607-1
Release Date: 2025-02-20T21:42:19Z
Rating: important
References:

* bsc#1233606
* bsc#1233608
* bsc#1233609
* bsc#1233610
* bsc#1233612
* bsc#1233613
* bsc#1233614
* bsc#1233615
* bsc#1233616
* bsc#1233617
* bsc#1234958
* bsc#1236316
* bsc#1236317
* bsc#1237002
* bsc#1237006
* bsc#1237008
* bsc#1237009
* bsc#1237010
* bsc#1237011
* bsc#1237012
* bsc#1237013
* bsc#1237014

Cross-References:

* CVE-2024-45774
* CVE-2024-45775
* CVE-2024-45776
* CVE-2024-45777
* CVE-2024-45778
* CVE-2024-45779
* CVE-2024-45780
* CVE-2024-45781
* CVE-2024-45782
* CVE-2024-45783
* CVE-2024-56737
* CVE-2025-0622
* CVE-2025-0624
* CVE-2025-0677
* CVE-2025-0678
* CVE-2025-0684
* CVE-2025-0685
* CVE-2025-0686
* CVE-2025-0689
* CVE-2025-0690
* CVE-2025-1118
* CVE-2025-1125

CVSS scores:

* CVE-2024-45774 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45774 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45775 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45775 ( NVD ): 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H
* CVE-2024-45776 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45776 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45777 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45777 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45778 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
* CVE-2024-45779 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45780 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45781 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45781 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45782 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45783 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45783 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56737 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56737 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-56737 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-0622 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-0622 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-0624 ( SUSE ): 7.6 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-0624 ( NVD ): 7.6 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-0677 ( SUSE ): 8.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-0677 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-0677 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-0678 ( SUSE ): 8.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-0678 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-0684 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-0685 ( SUSE ): 8.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-0685 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-0686 ( SUSE ): 8.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-0686 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-0689 ( SUSE ): 8.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-0689 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-0690 ( SUSE ): 7.3
CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-0690 ( SUSE ): 6.1 CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1118 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-1118 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-1118 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-1125 ( SUSE ): 8.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-1125 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves 22 vulnerabilities can now be installed.

## Description:

This update for grub2 fixes the following issues:

* CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617)
* CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958)
* CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615)
* CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614)
* CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616)
* CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609)
* CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610)
* CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612)
* CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613)
* CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable
modules. (bsc#1233606)
* CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608)
* CVE-2025-0624: Fixed an out-of-bounds write during the network boot process.
(bsc#1236316)
* CVE-2025-0622: Fixed a use-after-free when handling hooks during module
unload in command/gpg . (bsc#1236317)
* CVE-2025-0690: Fixed an integer overflow that may lead to an out-of-bounds
write through the read command. (bsc#1237012)
* CVE-2025-1118: Fixed an issue where the dump command was not being blocked
when grub was in lockdown mode. (bsc#1237013)
* CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds
write when handling symlinks in ufs. (bsc#1237002)
* CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds
write when handling symlinks in reiserfs. (bsc#1237008)
* CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds
write when handling symlinks in jfs. (bsc#1237009)
* CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds
write when handling symlinks in romfs. (bsc#1237010)
* CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to
arbitrary code execution. (bsc#1237011)
* CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds
write in hfs. (bsc#1237014)
* CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds
write in squash4. (bsc#1237006)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-607=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-607=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-607=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-607=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-607=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-607=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-607=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* grub2-branding-upstream-2.04-150300.22.52.3
* grub2-2.04-150300.22.52.3
* grub2-debuginfo-2.04-150300.22.52.3
* openSUSE Leap 15.3 (aarch64 s390x x86_64 i586)
* grub2-debugsource-2.04-150300.22.52.3
* openSUSE Leap 15.3 (noarch)
* grub2-arm64-efi-2.04-150300.22.52.3
* grub2-powerpc-ieee1275-extras-2.04-150300.22.52.3
* grub2-x86_64-efi-2.04-150300.22.52.3
* grub2-i386-xen-2.04-150300.22.52.3
* grub2-x86_64-efi-extras-2.04-150300.22.52.3
* grub2-i386-efi-2.04-150300.22.52.3
* grub2-arm64-efi-extras-2.04-150300.22.52.3
* grub2-i386-pc-extras-2.04-150300.22.52.3
* grub2-i386-pc-2.04-150300.22.52.3
* grub2-i386-pc-debug-2.04-150300.22.52.3
* grub2-x86_64-xen-extras-2.04-150300.22.52.3
* grub2-i386-xen-extras-2.04-150300.22.52.3
* grub2-x86_64-efi-debug-2.04-150300.22.52.3
* grub2-s390x-emu-extras-2.04-150300.22.52.3
* grub2-i386-efi-debug-2.04-150300.22.52.3
* grub2-arm64-efi-debug-2.04-150300.22.52.3
* grub2-powerpc-ieee1275-2.04-150300.22.52.3
* grub2-powerpc-ieee1275-debug-2.04-150300.22.52.3
* grub2-snapper-plugin-2.04-150300.22.52.3
* grub2-i386-efi-extras-2.04-150300.22.52.3
* grub2-systemd-sleep-plugin-2.04-150300.22.52.3
* grub2-x86_64-xen-2.04-150300.22.52.3
* openSUSE Leap 15.3 (s390x)
* grub2-s390x-emu-2.04-150300.22.52.3
* grub2-s390x-emu-debug-2.04-150300.22.52.3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* grub2-debugsource-2.04-150300.22.52.3
* grub2-2.04-150300.22.52.3
* grub2-debuginfo-2.04-150300.22.52.3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* grub2-arm64-efi-2.04-150300.22.52.3
* grub2-powerpc-ieee1275-2.04-150300.22.52.3
* grub2-snapper-plugin-2.04-150300.22.52.3
* grub2-i386-pc-2.04-150300.22.52.3
* grub2-x86_64-efi-2.04-150300.22.52.3
* grub2-systemd-sleep-plugin-2.04-150300.22.52.3
* grub2-x86_64-xen-2.04-150300.22.52.3
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* grub2-2.04-150300.22.52.3
* grub2-debuginfo-2.04-150300.22.52.3
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* grub2-arm64-efi-2.04-150300.22.52.3
* grub2-powerpc-ieee1275-2.04-150300.22.52.3
* grub2-snapper-plugin-2.04-150300.22.52.3
* grub2-i386-pc-2.04-150300.22.52.3
* grub2-x86_64-efi-2.04-150300.22.52.3
* grub2-systemd-sleep-plugin-2.04-150300.22.52.3
* grub2-x86_64-xen-2.04-150300.22.52.3
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 s390x x86_64)
* grub2-debugsource-2.04-150300.22.52.3
* SUSE Linux Enterprise Server 15 SP3 LTSS (s390x)
* grub2-s390x-emu-2.04-150300.22.52.3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* grub2-2.04-150300.22.52.3
* grub2-debuginfo-2.04-150300.22.52.3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* grub2-arm64-efi-2.04-150300.22.52.3
* grub2-powerpc-ieee1275-2.04-150300.22.52.3
* grub2-snapper-plugin-2.04-150300.22.52.3
* grub2-i386-pc-2.04-150300.22.52.3
* grub2-x86_64-efi-2.04-150300.22.52.3
* grub2-systemd-sleep-plugin-2.04-150300.22.52.3
* grub2-x86_64-xen-2.04-150300.22.52.3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* grub2-debugsource-2.04-150300.22.52.3
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* grub2-debugsource-2.04-150300.22.52.3
* grub2-2.04-150300.22.52.3
* grub2-debuginfo-2.04-150300.22.52.3
* SUSE Enterprise Storage 7.1 (noarch)
* grub2-arm64-efi-2.04-150300.22.52.3
* grub2-powerpc-ieee1275-2.04-150300.22.52.3
* grub2-snapper-plugin-2.04-150300.22.52.3
* grub2-i386-pc-2.04-150300.22.52.3
* grub2-x86_64-efi-2.04-150300.22.52.3
* grub2-systemd-sleep-plugin-2.04-150300.22.52.3
* grub2-x86_64-xen-2.04-150300.22.52.3
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* grub2-debugsource-2.04-150300.22.52.3
* grub2-2.04-150300.22.52.3
* grub2-debuginfo-2.04-150300.22.52.3
* SUSE Linux Enterprise Micro 5.2 (noarch)
* grub2-arm64-efi-2.04-150300.22.52.3
* grub2-snapper-plugin-2.04-150300.22.52.3
* grub2-i386-pc-2.04-150300.22.52.3
* grub2-x86_64-efi-2.04-150300.22.52.3
* grub2-x86_64-xen-2.04-150300.22.52.3
* SUSE Linux Enterprise Micro 5.2 (s390x)
* grub2-s390x-emu-2.04-150300.22.52.3
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* grub2-debugsource-2.04-150300.22.52.3
* grub2-2.04-150300.22.52.3
* grub2-debuginfo-2.04-150300.22.52.3
* SUSE Linux Enterprise Micro for Rancher 5.2 (noarch)
* grub2-arm64-efi-2.04-150300.22.52.3
* grub2-snapper-plugin-2.04-150300.22.52.3
* grub2-i386-pc-2.04-150300.22.52.3
* grub2-x86_64-efi-2.04-150300.22.52.3
* grub2-x86_64-xen-2.04-150300.22.52.3
* SUSE Linux Enterprise Micro for Rancher 5.2 (s390x)
* grub2-s390x-emu-2.04-150300.22.52.3

## References:

* https://www.suse.com/security/cve/CVE-2024-45774.html
* https://www.suse.com/security/cve/CVE-2024-45775.html
* https://www.suse.com/security/cve/CVE-2024-45776.html
* https://www.suse.com/security/cve/CVE-2024-45777.html
* https://www.suse.com/security/cve/CVE-2024-45778.html
* https://www.suse.com/security/cve/CVE-2024-45779.html
* https://www.suse.com/security/cve/CVE-2024-45780.html
* https://www.suse.com/security/cve/CVE-2024-45781.html
* https://www.suse.com/security/cve/CVE-2024-45782.html
* https://www.suse.com/security/cve/CVE-2024-45783.html
* https://www.suse.com/security/cve/CVE-2024-56737.html
* https://www.suse.com/security/cve/CVE-2025-0622.html
* https://www.suse.com/security/cve/CVE-2025-0624.html
* https://www.suse.com/security/cve/CVE-2025-0677.html
* https://www.suse.com/security/cve/CVE-2025-0678.html
* https://www.suse.com/security/cve/CVE-2025-0684.html
* https://www.suse.com/security/cve/CVE-2025-0685.html
* https://www.suse.com/security/cve/CVE-2025-0686.html
* https://www.suse.com/security/cve/CVE-2025-0689.html
* https://www.suse.com/security/cve/CVE-2025-0690.html
* https://www.suse.com/security/cve/CVE-2025-1118.html
* https://www.suse.com/security/cve/CVE-2025-1125.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233606
* https://bugzilla.suse.com/show_bug.cgi?id=1233608
* https://bugzilla.suse.com/show_bug.cgi?id=1233609
* https://bugzilla.suse.com/show_bug.cgi?id=1233610
* https://bugzilla.suse.com/show_bug.cgi?id=1233612
* https://bugzilla.suse.com/show_bug.cgi?id=1233613
* https://bugzilla.suse.com/show_bug.cgi?id=1233614
* https://bugzilla.suse.com/show_bug.cgi?id=1233615
* https://bugzilla.suse.com/show_bug.cgi?id=1233616
* https://bugzilla.suse.com/show_bug.cgi?id=1233617
* https://bugzilla.suse.com/show_bug.cgi?id=1234958
* https://bugzilla.suse.com/show_bug.cgi?id=1236316
* https://bugzilla.suse.com/show_bug.cgi?id=1236317
* https://bugzilla.suse.com/show_bug.cgi?id=1237002
* https://bugzilla.suse.com/show_bug.cgi?id=1237006
* https://bugzilla.suse.com/show_bug.cgi?id=1237008
* https://bugzilla.suse.com/show_bug.cgi?id=1237009
* https://bugzilla.suse.com/show_bug.cgi?id=1237010
* https://bugzilla.suse.com/show_bug.cgi?id=1237011
* https://bugzilla.suse.com/show_bug.cgi?id=1237012
* https://bugzilla.suse.com/show_bug.cgi?id=1237013
* https://bugzilla.suse.com/show_bug.cgi?id=1237014



SUSE-SU-2025:0605-1: moderate: Security update for openssh


# Security update for openssh

Announcement ID: SUSE-SU-2025:0605-1
Release Date: 2025-02-20T14:43:40Z
Rating: moderate
References:

* bsc#1237040

Cross-References:

* CVE-2025-26465

CVSS scores:

* CVE-2025-26465 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2025-26465 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for openssh fixes the following issues:

* CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled
client (bsc#1237040).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-605=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-605=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-605=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-605=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-605=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-605=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-605=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-605=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-605=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-605=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-605=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-605=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-605=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-605=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-605=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-605=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-605=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-605=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-605=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-605=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-605=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-605=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-605=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-605=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-cavs-debuginfo-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.42.1
* openssh-helpers-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-cavs-8.4p1-150300.3.42.1
* openssh-askpass-gnome-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-helpers-debuginfo-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.42.1
* openssh-helpers-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-askpass-gnome-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-helpers-debuginfo-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.42.1
* openssh-helpers-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-askpass-gnome-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-helpers-debuginfo-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.42.1
* openssh-helpers-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-askpass-gnome-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-helpers-debuginfo-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.42.1
* openssh-helpers-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-askpass-gnome-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-helpers-debuginfo-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.42.1
* openssh-helpers-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-askpass-gnome-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-helpers-debuginfo-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.42.1
* openssh-helpers-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-askpass-gnome-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-helpers-debuginfo-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.42.1
* openssh-helpers-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-askpass-gnome-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-helpers-debuginfo-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.42.1
* openssh-helpers-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-askpass-gnome-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-helpers-debuginfo-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.42.1
* openssh-helpers-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-askpass-gnome-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-helpers-debuginfo-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.42.1
* openssh-helpers-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-askpass-gnome-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-helpers-debuginfo-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.42.1
* openssh-helpers-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-askpass-gnome-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-helpers-debuginfo-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Manager Proxy 4.3 (x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-helpers-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-helpers-debuginfo-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-helpers-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-helpers-debuginfo-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-helpers-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-helpers-debuginfo-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.42.1
* openssh-helpers-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-askpass-gnome-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-helpers-debuginfo-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* openssh-debugsource-8.4p1-150300.3.42.1
* openssh-common-debuginfo-8.4p1-150300.3.42.1
* openssh-server-debuginfo-8.4p1-150300.3.42.1
* openssh-fips-8.4p1-150300.3.42.1
* openssh-debuginfo-8.4p1-150300.3.42.1
* openssh-clients-debuginfo-8.4p1-150300.3.42.1
* openssh-8.4p1-150300.3.42.1
* openssh-common-8.4p1-150300.3.42.1
* openssh-server-8.4p1-150300.3.42.1
* openssh-clients-8.4p1-150300.3.42.1

## References:

* https://www.suse.com/security/cve/CVE-2025-26465.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237040



SUSE-SU-2025:0609-1: important: Security update for ovmf


# Security update for ovmf

Announcement ID: SUSE-SU-2025:0609-1
Release Date: 2025-02-21T10:33:48Z
Rating: important
References:

* bsc#1237084

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that has one security fix can now be installed.

## Description:

This update for ovmf fixes the following issues:

* PXE boot is failing due to patches applied to fix CVE-2023-45236 and
CVE-2023-45237 (bsc#1237084).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-609=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-609=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-609=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-609=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-609=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-609=1

## Package List:

* openSUSE Leap 15.5 (aarch64 x86_64)
* ovmf-tools-202208-150500.6.9.1
* ovmf-202208-150500.6.9.1
* openSUSE Leap 15.5 (noarch)
* qemu-uefi-aarch32-202208-150500.6.9.1
* qemu-ovmf-ia32-202208-150500.6.9.1
* qemu-uefi-aarch64-202208-150500.6.9.1
* qemu-ovmf-x86_64-202208-150500.6.9.1
* openSUSE Leap 15.5 (x86_64)
* qemu-ovmf-x86_64-debug-202208-150500.6.9.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* qemu-uefi-aarch64-202208-150500.6.9.1
* qemu-ovmf-x86_64-202208-150500.6.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* ovmf-tools-202208-150500.6.9.1
* ovmf-202208-150500.6.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* qemu-uefi-aarch64-202208-150500.6.9.1
* qemu-ovmf-x86_64-202208-150500.6.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* ovmf-tools-202208-150500.6.9.1
* ovmf-202208-150500.6.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* qemu-uefi-aarch64-202208-150500.6.9.1
* qemu-ovmf-x86_64-202208-150500.6.9.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 x86_64)
* ovmf-tools-202208-150500.6.9.1
* ovmf-202208-150500.6.9.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* qemu-uefi-aarch64-202208-150500.6.9.1
* qemu-ovmf-x86_64-202208-150500.6.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* ovmf-tools-202208-150500.6.9.1
* ovmf-202208-150500.6.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* qemu-ovmf-x86_64-202208-150500.6.9.1

## References:

* https://bugzilla.suse.com/show_bug.cgi?id=1237084



SUSE-SU-2025:0611-1: important: Security update for google-osconfig-agent


# Security update for google-osconfig-agent

Announcement ID: SUSE-SU-2025:0611-1
Release Date: 2025-02-21T10:37:16Z
Rating: important
References:

* bsc#1236560

Cross-References:

* CVE-2024-45339

CVSS scores:

* CVE-2024-45339 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-45339 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-45339 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* openSUSE Leap 15.6
* Public Cloud Module 15-SP3
* Public Cloud Module 15-SP4
* Public Cloud Module 15-SP5
* Public Cloud Module 15-SP6
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.2
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for google-osconfig-agent fixes the following issues:

* CVE-2024-45339: github.com/golang/glog: a privileged process' log file path
can be easily predicted and used to overwrite other sensitive files in a
system. (bsc#1236560)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-611=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-611=1

* Public Cloud Module 15-SP3
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2025-611=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2025-611=1

* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2025-611=1

* Public Cloud Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2025-611=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* google-osconfig-agent-20250115.01-150000.1.44.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* google-osconfig-agent-20250115.01-150000.1.44.1
* Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64)
* google-osconfig-agent-20250115.01-150000.1.44.1
* Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* google-osconfig-agent-20250115.01-150000.1.44.1
* Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* google-osconfig-agent-20250115.01-150000.1.44.1
* Public Cloud Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* google-osconfig-agent-20250115.01-150000.1.44.1

## References:

* https://www.suse.com/security/cve/CVE-2024-45339.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236560



SUSE-SU-2025:0613-1: moderate: Security update for openssl-1_1


# Security update for openssl-1_1

Announcement ID: SUSE-SU-2025:0613-1
Release Date: 2025-02-21T10:38:08Z
Rating: moderate
References:

* bsc#1236136
* bsc#1236771

Cross-References:

* CVE-2024-13176

CVSS scores:

* CVE-2024-13176 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-13176 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-13176 ( NVD ): 4.1 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Affected Products:

* Basesystem Module 15-SP6
* Development Tools Module 15-SP6
* Legacy Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for openssl-1_1 fixes the following issues:

* CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation
(bsc#1236136).

Other bugfixes:

* Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-613=1 openSUSE-SLE-15.6-2025-613=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-613=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-613=1

* Legacy Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-613=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libopenssl1_1-1.1.1w-150600.5.12.2
* libopenssl1_1-debuginfo-1.1.1w-150600.5.12.2
* openssl-1_1-1.1.1w-150600.5.12.2
* openssl-1_1-debuginfo-1.1.1w-150600.5.12.2
* openssl-1_1-debugsource-1.1.1w-150600.5.12.2
* libopenssl-1_1-devel-1.1.1w-150600.5.12.2
* openSUSE Leap 15.6 (x86_64)
* libopenssl1_1-32bit-debuginfo-1.1.1w-150600.5.12.2
* libopenssl1_1-32bit-1.1.1w-150600.5.12.2
* libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2
* openSUSE Leap 15.6 (noarch)
* openssl-1_1-doc-1.1.1w-150600.5.12.2
* openSUSE Leap 15.6 (aarch64_ilp32)
* libopenssl1_1-64bit-debuginfo-1.1.1w-150600.5.12.2
* libopenssl1_1-64bit-1.1.1w-150600.5.12.2
* libopenssl-1_1-devel-64bit-1.1.1w-150600.5.12.2
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libopenssl1_1-debuginfo-1.1.1w-150600.5.12.2
* libopenssl1_1-1.1.1w-150600.5.12.2
* openssl-1_1-debuginfo-1.1.1w-150600.5.12.2
* openssl-1_1-debugsource-1.1.1w-150600.5.12.2
* Basesystem Module 15-SP6 (x86_64)
* libopenssl1_1-32bit-debuginfo-1.1.1w-150600.5.12.2
* libopenssl1_1-32bit-1.1.1w-150600.5.12.2
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* openssl-1_1-debuginfo-1.1.1w-150600.5.12.2
* openssl-1_1-debugsource-1.1.1w-150600.5.12.2
* libopenssl-1_1-devel-1.1.1w-150600.5.12.2
* Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* openssl-1_1-debugsource-1.1.1w-150600.5.12.2
* openssl-1_1-debuginfo-1.1.1w-150600.5.12.2
* openssl-1_1-1.1.1w-150600.5.12.2

## References:

* https://www.suse.com/security/cve/CVE-2024-13176.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236136
* https://bugzilla.suse.com/show_bug.cgi?id=1236771



SUSE-SU-2025:0608-1: important: Security update for ovmf


# Security update for ovmf

Announcement ID: SUSE-SU-2025:0608-1
Release Date: 2025-02-21T10:31:21Z
Rating: important
References:

* bsc#1237084

Affected Products:

* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that has one security fix can now be installed.

## Description:

This update for ovmf fixes the following issues:

* PXE boot is failing due to patches applied to fix CVE-2023-45236 and
CVE-2023-45237 (bsc#1237084).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-608=1 openSUSE-SLE-15.6-2025-608=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-608=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-608=1

## Package List:

* openSUSE Leap 15.6 (aarch64 x86_64)
* ovmf-tools-202308-150600.5.14.1
* ovmf-202308-150600.5.14.1
* openSUSE Leap 15.6 (noarch)
* qemu-uefi-aarch64-202308-150600.5.14.1
* qemu-ovmf-x86_64-202308-150600.5.14.1
* qemu-uefi-aarch32-202308-150600.5.14.1
* qemu-ovmf-ia32-202308-150600.5.14.1
* openSUSE Leap 15.6 (x86_64)
* qemu-ovmf-x86_64-debug-202308-150600.5.14.1
* SUSE Package Hub 15 15-SP6 (noarch)
* qemu-uefi-aarch64-202308-150600.5.14.1
* qemu-ovmf-x86_64-202308-150600.5.14.1
* qemu-uefi-aarch32-202308-150600.5.14.1
* SUSE Package Hub 15 15-SP6 (x86_64)
* qemu-ovmf-x86_64-debug-202308-150600.5.14.1
* Server Applications Module 15-SP6 (aarch64 x86_64)
* ovmf-tools-202308-150600.5.14.1
* ovmf-202308-150600.5.14.1
* Server Applications Module 15-SP6 (noarch)
* qemu-ovmf-x86_64-202308-150600.5.14.1
* qemu-uefi-aarch64-202308-150600.5.14.1

## References:

* https://bugzilla.suse.com/show_bug.cgi?id=1237084



SUSE-SU-2025:0616-1: important: Security update for postgresql17


# Security update for postgresql17

Announcement ID: SUSE-SU-2025:0616-1
Release Date: 2025-02-21T10:42:50Z
Rating: important
References:

* bsc#1237093

Cross-References:

* CVE-2025-1094

CVSS scores:

* CVE-2025-1094 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-1094 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-1094 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for postgresql17 fixes the following issues:

Upgrade to 17.4:

* CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-
encoded input strings (bsc#1237093).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-616=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-616=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-616=1 openSUSE-SLE-15.6-2025-616=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-616=1

## Package List:

* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql17-llvmjit-debuginfo-17.4-150600.13.10.1
* postgresql17-debugsource-17.4-150600.13.10.1
* postgresql17-llvmjit-devel-17.4-150600.13.10.1
* postgresql17-debuginfo-17.4-150600.13.10.1
* postgresql17-llvmjit-17.4-150600.13.10.1
* postgresql17-test-17.4-150600.13.10.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql17-plperl-17.4-150600.13.10.1
* postgresql17-debugsource-17.4-150600.13.10.1
* postgresql17-server-devel-debuginfo-17.4-150600.13.10.1
* postgresql17-plperl-debuginfo-17.4-150600.13.10.1
* postgresql17-pltcl-debuginfo-17.4-150600.13.10.1
* postgresql17-server-debuginfo-17.4-150600.13.10.1
* libecpg6-debuginfo-17.4-150600.13.10.1
* postgresql17-plpython-17.4-150600.13.10.1
* postgresql17-plpython-debuginfo-17.4-150600.13.10.1
* postgresql17-server-17.4-150600.13.10.1
* postgresql17-server-devel-17.4-150600.13.10.1
* postgresql17-debuginfo-17.4-150600.13.10.1
* postgresql17-contrib-17.4-150600.13.10.1
* postgresql17-devel-17.4-150600.13.10.1
* libecpg6-17.4-150600.13.10.1
* postgresql17-contrib-debuginfo-17.4-150600.13.10.1
* postgresql17-pltcl-17.4-150600.13.10.1
* postgresql17-devel-debuginfo-17.4-150600.13.10.1
* Server Applications Module 15-SP6 (noarch)
* postgresql17-docs-17.4-150600.13.10.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* postgresql17-llvmjit-debuginfo-17.4-150600.13.10.1
* postgresql17-devel-mini-debuginfo-17.4-150600.13.10.1
* postgresql17-server-devel-debuginfo-17.4-150600.13.10.1
* libpq5-17.4-150600.13.10.1
* libecpg6-debuginfo-17.4-150600.13.10.1
* postgresql17-server-17.4-150600.13.10.1
* postgresql17-test-17.4-150600.13.10.1
* postgresql17-mini-debugsource-17.4-150600.13.10.1
* postgresql17-contrib-17.4-150600.13.10.1
* postgresql17-plperl-17.4-150600.13.10.1
* postgresql17-17.4-150600.13.10.1
* libecpg6-17.4-150600.13.10.1
* postgresql17-server-debuginfo-17.4-150600.13.10.1
* libpq5-debuginfo-17.4-150600.13.10.1
* postgresql17-debuginfo-17.4-150600.13.10.1
* postgresql17-devel-17.4-150600.13.10.1
* postgresql17-contrib-debuginfo-17.4-150600.13.10.1
* postgresql17-devel-debuginfo-17.4-150600.13.10.1
* postgresql17-debugsource-17.4-150600.13.10.1
* postgresql17-plperl-debuginfo-17.4-150600.13.10.1
* postgresql17-pltcl-debuginfo-17.4-150600.13.10.1
* postgresql17-devel-mini-17.4-150600.13.10.1
* postgresql17-plpython-17.4-150600.13.10.1
* postgresql17-plpython-debuginfo-17.4-150600.13.10.1
* postgresql17-server-devel-17.4-150600.13.10.1
* postgresql17-llvmjit-devel-17.4-150600.13.10.1
* postgresql17-llvmjit-17.4-150600.13.10.1
* postgresql17-pltcl-17.4-150600.13.10.1
* openSUSE Leap 15.6 (x86_64)
* libecpg6-32bit-debuginfo-17.4-150600.13.10.1
* libpq5-32bit-17.4-150600.13.10.1
* libecpg6-32bit-17.4-150600.13.10.1
* libpq5-32bit-debuginfo-17.4-150600.13.10.1
* openSUSE Leap 15.6 (noarch)
* postgresql17-docs-17.4-150600.13.10.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libpq5-64bit-17.4-150600.13.10.1
* libecpg6-64bit-17.4-150600.13.10.1
* libecpg6-64bit-debuginfo-17.4-150600.13.10.1
* libpq5-64bit-debuginfo-17.4-150600.13.10.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql17-debugsource-17.4-150600.13.10.1
* libpq5-17.4-150600.13.10.1
* libpq5-debuginfo-17.4-150600.13.10.1
* postgresql17-debuginfo-17.4-150600.13.10.1
* postgresql17-17.4-150600.13.10.1
* Basesystem Module 15-SP6 (x86_64)
* libpq5-32bit-17.4-150600.13.10.1
* libpq5-32bit-debuginfo-17.4-150600.13.10.1

## References:

* https://www.suse.com/security/cve/CVE-2025-1094.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237093



SUSE-SU-2025:0614-1: important: Security update for postgresql15


# Security update for postgresql15

Announcement ID: SUSE-SU-2025:0614-1
Release Date: 2025-02-21T10:40:27Z
Rating: important
References:

* bsc#1237093

Cross-References:

* CVE-2025-1094

CVSS scores:

* CVE-2025-1094 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-1094 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-1094 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Legacy Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for postgresql15 fixes the following issues:

Upgrade to 15.12:

* CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-
encoded input strings (bsc#1237093).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-614=1 openSUSE-SLE-15.6-2025-614=1

* Legacy Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-614=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* postgresql15-15.12-150600.16.14.1
* postgresql15-devel-15.12-150600.16.14.1
* postgresql15-llvmjit-devel-15.12-150600.16.14.1
* postgresql15-server-15.12-150600.16.14.1
* postgresql15-llvmjit-15.12-150600.16.14.1
* postgresql15-pltcl-debuginfo-15.12-150600.16.14.1
* postgresql15-test-15.12-150600.16.14.1
* postgresql15-server-debuginfo-15.12-150600.16.14.1
* postgresql15-devel-debuginfo-15.12-150600.16.14.1
* postgresql15-debugsource-15.12-150600.16.14.1
* postgresql15-plperl-15.12-150600.16.14.1
* postgresql15-llvmjit-debuginfo-15.12-150600.16.14.1
* postgresql15-plperl-debuginfo-15.12-150600.16.14.1
* postgresql15-contrib-15.12-150600.16.14.1
* postgresql15-pltcl-15.12-150600.16.14.1
* postgresql15-server-devel-15.12-150600.16.14.1
* postgresql15-plpython-15.12-150600.16.14.1
* postgresql15-server-devel-debuginfo-15.12-150600.16.14.1
* postgresql15-contrib-debuginfo-15.12-150600.16.14.1
* postgresql15-plpython-debuginfo-15.12-150600.16.14.1
* postgresql15-debuginfo-15.12-150600.16.14.1
* openSUSE Leap 15.6 (noarch)
* postgresql15-docs-15.12-150600.16.14.1
* Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql15-15.12-150600.16.14.1
* postgresql15-devel-debuginfo-15.12-150600.16.14.1
* postgresql15-debugsource-15.12-150600.16.14.1
* postgresql15-plperl-15.12-150600.16.14.1
* postgresql15-devel-15.12-150600.16.14.1
* postgresql15-pltcl-15.12-150600.16.14.1
* postgresql15-server-devel-15.12-150600.16.14.1
* postgresql15-contrib-debuginfo-15.12-150600.16.14.1
* postgresql15-server-15.12-150600.16.14.1
* postgresql15-plperl-debuginfo-15.12-150600.16.14.1
* postgresql15-plpython-debuginfo-15.12-150600.16.14.1
* postgresql15-plpython-15.12-150600.16.14.1
* postgresql15-debuginfo-15.12-150600.16.14.1
* postgresql15-pltcl-debuginfo-15.12-150600.16.14.1
* postgresql15-server-devel-debuginfo-15.12-150600.16.14.1
* postgresql15-contrib-15.12-150600.16.14.1
* postgresql15-server-debuginfo-15.12-150600.16.14.1
* Legacy Module 15-SP6 (noarch)
* postgresql15-docs-15.12-150600.16.14.1

## References:

* https://www.suse.com/security/cve/CVE-2025-1094.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237093



SUSE-SU-2025:0623-1: important: Security update for grafana


# Security update for grafana

Announcement ID: SUSE-SU-2025:0623-1
Release Date: 2025-02-21T11:00:15Z
Rating: important
References:

* bsc#1235206
* bsc#1235574
* bsc#1236559
* bsc#1236734

Cross-References:

* CVE-2024-11741
* CVE-2024-28180
* CVE-2024-45339
* CVE-2025-21613

CVSS scores:

* CVE-2024-11741 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-11741 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-11741 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-28180 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-28180 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-28180 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-45339 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-45339 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-45339 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-21613 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21613 ( NVD ): 9.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear
* CVE-2025-21613 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves four vulnerabilities can now be installed.

## Description:

This update for grafana fixes the following issues:

grafana was updated from version 10.4.13 to 10.4.15:

* Security issues fixed:
* CVE-2024-45339: Fixed vulnerability when creating log files (bsc#1236559)
* CVE-2024-11741: Fixed the Grafana Alerting VictorOps integration (bsc#1236734)
* CVE-2025-21613: Removed vulnerable library github.com/go-git/go-git/v5 (bsc#1235574)
* CVE-2024-28180: Fixed improper handling of highly compressed data (bsc#1235206)
* Other bugs fixed and changes:
* Alerting: Do not fetch Orgs if the user is authenticated by apikey/sa or render key
* Added provisioning directories
* Use /bin/bash in wrapper scripts

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-623=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-623=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* grafana-debuginfo-10.4.15-150200.3.64.1
* grafana-10.4.15-150200.3.64.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* grafana-debuginfo-10.4.15-150200.3.64.1
* grafana-10.4.15-150200.3.64.1

## References:

* https://www.suse.com/security/cve/CVE-2024-11741.html
* https://www.suse.com/security/cve/CVE-2024-28180.html
* https://www.suse.com/security/cve/CVE-2024-45339.html
* https://www.suse.com/security/cve/CVE-2025-21613.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235206
* https://bugzilla.suse.com/show_bug.cgi?id=1235574
* https://bugzilla.suse.com/show_bug.cgi?id=1236559
* https://bugzilla.suse.com/show_bug.cgi?id=1236734



openSUSE-SU-2025:0072-1: moderate: Security update for radare2


openSUSE Security Update: Security update for radare2
_______________________________

Announcement ID: openSUSE-SU-2025:0072-1
Rating: moderate
References: #1237250
Cross-References: CVE-2025-1378
CVSS scores:
CVE-2025-1378 (SUSE): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for radare2 fixes the following issues:

- CVE-2025-1378: Fixed memory corruption (boo#1237250)

https://github.com/radareorg/radare2/releases/tag/5.9.0

Update to version 5.8.8:

For details, check full release notes
* Faster analysis, type matching, binary parsing (2-4x)
* Add assembler for riscv and disassemblers for PDP11, Alpha64 and
armv7.v35
* Improved integration with r2frida remote filesystems
* Cleaning debugger for windows (32 and 64) and macOS makes it more
reliable and stable
* Better build scripts for Windows (add asan and w32 profiles)
* AES key wrap algorithm support in rahash2
* Print and convert ternary values back and forth

- Update to 4.5.0
* Fix build of the onefied shared lib
* Enable asm.jmpsub by default
* Fix m68k analysis issues
* Fix infinite loop bug related to anal.nopskip

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-72=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64):

radare2-5.9.8-bp156.4.6.1
radare2-devel-5.9.8-bp156.4.6.1

- openSUSE Backports SLE-15-SP6 (noarch):

radare2-zsh-completion-5.9.8-bp156.4.6.1

References:

https://www.suse.com/security/cve/CVE-2025-1378.html
https://bugzilla.suse.com/1237250



openSUSE-SU-2025:14824-1: moderate: java-23-openjdk-23.0.2.0-1.1 on GA media


# java-23-openjdk-23.0.2.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:14824-1
Rating: moderate

Cross-References:

* CVE-2025-21502

CVSS scores:

* CVE-2025-21502 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-21502 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the java-23-openjdk-23.0.2.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* java-23-openjdk 23.0.2.0-1.1
* java-23-openjdk-demo 23.0.2.0-1.1
* java-23-openjdk-devel 23.0.2.0-1.1
* java-23-openjdk-headless 23.0.2.0-1.1
* java-23-openjdk-javadoc 23.0.2.0-1.1
* java-23-openjdk-jmods 23.0.2.0-1.1
* java-23-openjdk-src 23.0.2.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21502.html



openSUSE-SU-2025:14827-1: moderate: proftpd-1.3.8c-2.1 on GA media


# proftpd-1.3.8c-2.1 on GA media

Announcement ID: openSUSE-SU-2025:14827-1
Rating: moderate

Cross-References:

* CVE-2024-57392

CVSS scores:

* CVE-2024-57392 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the proftpd-1.3.8c-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* proftpd 1.3.8c-2.1
* proftpd-devel 1.3.8c-2.1
* proftpd-doc 1.3.8c-2.1
* proftpd-lang 1.3.8c-2.1
* proftpd-ldap 1.3.8c-2.1
* proftpd-mysql 1.3.8c-2.1
* proftpd-pgsql 1.3.8c-2.1
* proftpd-radius 1.3.8c-2.1
* proftpd-sqlite 1.3.8c-2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-57392.html



openSUSE-SU-2025:14828-1: moderate: radare2-5.9.8-2.1 on GA media


# radare2-5.9.8-2.1 on GA media

Announcement ID: openSUSE-SU-2025:14828-1
Rating: moderate

Cross-References:

* CVE-2025-1378

CVSS scores:

* CVE-2025-1378 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-1378 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the radare2-5.9.8-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* radare2 5.9.8-2.1
* radare2-devel 5.9.8-2.1
* radare2-zsh-completion 5.9.8-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-1378.html



openSUSE-SU-2025:14823-1: moderate: dcmtk-3.6.9-2.1 on GA media


# dcmtk-3.6.9-2.1 on GA media

Announcement ID: openSUSE-SU-2025:14823-1
Rating: moderate

Cross-References:

* CVE-2025-25472
* CVE-2025-25474
* CVE-2025-25475

CVSS scores:

* CVE-2025-25472 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
* CVE-2025-25472 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-25474 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
* CVE-2025-25474 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-25475 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-25475 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the dcmtk-3.6.9-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* dcmtk 3.6.9-2.1
* dcmtk-devel 3.6.9-2.1
* libdcmtk19 3.6.9-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-25472.html
* https://www.suse.com/security/cve/CVE-2025-25474.html
* https://www.suse.com/security/cve/CVE-2025-25475.html



openSUSE-SU-2025:14825-1: moderate: luanti-5.11.0-1.1 on GA media


# luanti-5.11.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:14825-1
Rating: moderate

Cross-References:

* CVE-2022-35978

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the luanti-5.11.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* luanti 5.11.0-1.1
* luanti-data 5.11.0-1.1
* luanti-lang 5.11.0-1.1
* luantiserver 5.11.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2022-35978.html



SUSE-SU-2025:0635-1: important: Security update for postgresql16


# Security update for postgresql16

Announcement ID: SUSE-SU-2025:0635-1
Release Date: 2025-02-21T14:13:33Z
Rating: important
References:

* bsc#1237093

Cross-References:

* CVE-2025-1094

CVSS scores:

* CVE-2025-1094 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-1094 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-1094 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for postgresql16 fixes the following issues:

Upgrade to 16.8:

* CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-
encoded input strings (bsc#1237093).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-635=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-635=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-635=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-635=1 openSUSE-SLE-15.6-2025-635=1

## Package List:

* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql16-16.8-150600.16.15.1
* postgresql16-debugsource-16.8-150600.16.15.1
* postgresql16-debuginfo-16.8-150600.16.15.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql16-debuginfo-16.8-150600.16.15.1
* postgresql16-debugsource-16.8-150600.16.15.1
* postgresql16-test-16.8-150600.16.15.1
* postgresql16-llvmjit-16.8-150600.16.15.1
* postgresql16-llvmjit-debuginfo-16.8-150600.16.15.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql16-debuginfo-16.8-150600.16.15.1
* postgresql16-debugsource-16.8-150600.16.15.1
* postgresql16-contrib-16.8-150600.16.15.1
* postgresql16-pltcl-debuginfo-16.8-150600.16.15.1
* postgresql16-server-devel-debuginfo-16.8-150600.16.15.1
* postgresql16-plperl-16.8-150600.16.15.1
* postgresql16-plpython-16.8-150600.16.15.1
* postgresql16-server-debuginfo-16.8-150600.16.15.1
* postgresql16-server-devel-16.8-150600.16.15.1
* postgresql16-server-16.8-150600.16.15.1
* postgresql16-plpython-debuginfo-16.8-150600.16.15.1
* postgresql16-plperl-debuginfo-16.8-150600.16.15.1
* postgresql16-devel-16.8-150600.16.15.1
* postgresql16-pltcl-16.8-150600.16.15.1
* postgresql16-contrib-debuginfo-16.8-150600.16.15.1
* postgresql16-devel-debuginfo-16.8-150600.16.15.1
* Server Applications Module 15-SP6 (noarch)
* postgresql16-docs-16.8-150600.16.15.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* postgresql16-debuginfo-16.8-150600.16.15.1
* postgresql16-server-16.8-150600.16.15.1
* postgresql16-devel-16.8-150600.16.15.1
* postgresql16-pltcl-16.8-150600.16.15.1
* postgresql16-llvmjit-devel-16.8-150600.16.15.1
* postgresql16-server-debuginfo-16.8-150600.16.15.1
* postgresql16-server-devel-16.8-150600.16.15.1
* postgresql16-plperl-debuginfo-16.8-150600.16.15.1
* postgresql16-devel-debuginfo-16.8-150600.16.15.1
* postgresql16-contrib-16.8-150600.16.15.1
* postgresql16-16.8-150600.16.15.1
* postgresql16-llvmjit-16.8-150600.16.15.1
* postgresql16-plperl-16.8-150600.16.15.1
* postgresql16-plpython-debuginfo-16.8-150600.16.15.1
* postgresql16-contrib-debuginfo-16.8-150600.16.15.1
* postgresql16-debugsource-16.8-150600.16.15.1
* postgresql16-test-16.8-150600.16.15.1
* postgresql16-server-devel-debuginfo-16.8-150600.16.15.1
* postgresql16-pltcl-debuginfo-16.8-150600.16.15.1
* postgresql16-plpython-16.8-150600.16.15.1
* postgresql16-llvmjit-debuginfo-16.8-150600.16.15.1
* openSUSE Leap 15.6 (noarch)
* postgresql16-docs-16.8-150600.16.15.1

## References:

* https://www.suse.com/security/cve/CVE-2025-1094.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237093



SUSE-SU-2025:0631-1: important: Security update for postgresql14


# Security update for postgresql14

Announcement ID: SUSE-SU-2025:0631-1
Release Date: 2025-02-21T14:09:14Z
Rating: important
References:

* bsc#1237093

Cross-References:

* CVE-2025-1094

CVSS scores:

* CVE-2025-1094 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-1094 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-1094 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Legacy Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for postgresql14 fixes the following issues:

Upgrade to 14.17:

* CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-
encoded input strings (bsc#1237093).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-631=1 openSUSE-SLE-15.6-2025-631=1

* Legacy Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-631=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-631=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* postgresql14-plperl-debuginfo-14.17-150600.16.14.1
* postgresql14-devel-debuginfo-14.17-150600.16.14.1
* postgresql14-server-debuginfo-14.17-150600.16.14.1
* postgresql14-contrib-14.17-150600.16.14.1
* postgresql14-14.17-150600.16.14.1
* postgresql14-pltcl-14.17-150600.16.14.1
* postgresql14-llvmjit-devel-14.17-150600.16.14.1
* postgresql14-plpython-debuginfo-14.17-150600.16.14.1
* postgresql14-server-14.17-150600.16.14.1
* postgresql14-plpython-14.17-150600.16.14.1
* postgresql14-contrib-debuginfo-14.17-150600.16.14.1
* postgresql14-plperl-14.17-150600.16.14.1
* postgresql14-devel-14.17-150600.16.14.1
* postgresql14-server-devel-14.17-150600.16.14.1
* postgresql14-debuginfo-14.17-150600.16.14.1
* postgresql14-server-devel-debuginfo-14.17-150600.16.14.1
* postgresql14-llvmjit-debuginfo-14.17-150600.16.14.1
* postgresql14-llvmjit-14.17-150600.16.14.1
* postgresql14-debugsource-14.17-150600.16.14.1
* postgresql14-test-14.17-150600.16.14.1
* postgresql14-pltcl-debuginfo-14.17-150600.16.14.1
* openSUSE Leap 15.6 (noarch)
* postgresql14-docs-14.17-150600.16.14.1
* Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql14-plpython-debuginfo-14.17-150600.16.14.1
* postgresql14-plperl-debuginfo-14.17-150600.16.14.1
* postgresql14-devel-debuginfo-14.17-150600.16.14.1
* postgresql14-server-devel-14.17-150600.16.14.1
* postgresql14-server-14.17-150600.16.14.1
* postgresql14-server-debuginfo-14.17-150600.16.14.1
* postgresql14-debuginfo-14.17-150600.16.14.1
* postgresql14-debugsource-14.17-150600.16.14.1
* postgresql14-server-devel-debuginfo-14.17-150600.16.14.1
* postgresql14-contrib-14.17-150600.16.14.1
* postgresql14-plpython-14.17-150600.16.14.1
* postgresql14-14.17-150600.16.14.1
* postgresql14-pltcl-14.17-150600.16.14.1
* postgresql14-pltcl-debuginfo-14.17-150600.16.14.1
* postgresql14-contrib-debuginfo-14.17-150600.16.14.1
* postgresql14-plperl-14.17-150600.16.14.1
* postgresql14-devel-14.17-150600.16.14.1
* Legacy Module 15-SP6 (noarch)
* postgresql14-docs-14.17-150600.16.14.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql14-llvmjit-14.17-150600.16.14.1
* postgresql14-debuginfo-14.17-150600.16.14.1
* postgresql14-debugsource-14.17-150600.16.14.1
* postgresql14-test-14.17-150600.16.14.1
* postgresql14-llvmjit-debuginfo-14.17-150600.16.14.1

## References:

* https://www.suse.com/security/cve/CVE-2025-1094.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237093



SUSE-SU-2025:0638-1: important: Security update for webkit2gtk3


# Security update for webkit2gtk3

Announcement ID: SUSE-SU-2025:0638-1
Release Date: 2025-02-21T15:38:48Z
Rating: important
References:

* bsc#1236946

Cross-References:

* CVE-2024-27856
* CVE-2024-54543
* CVE-2024-54658
* CVE-2025-24143
* CVE-2025-24150
* CVE-2025-24158
* CVE-2025-24162

CVSS scores:

* CVE-2024-27856 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-27856 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-27856 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-54543 ( SUSE ): 7.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-54543 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-54543 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-54543 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-54658 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-54658 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-54658 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-24143 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-24143 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-24143 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-24143 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-24150 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-24150 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-24150 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-24150 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-24158 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-24158 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-24158 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-24162 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-24162 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-24162 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for webkit2gtk3 fixes the following issues:

Update to version 2.46.6 (bsc#1236946):

* CVE-2025-24143: A maliciously crafted webpage may be able to fingerprint the
user.
* CVE-2025-24150: Copying a URL from Web Inspector may lead to command
injection.
* CVE-2025-24158: Processing web content may lead to a denial-of-service.
* CVE-2025-24162: Processing maliciously crafted web content may lead to an
unexpected process crash.

Already fixed in previous releases:

* CVE-2024-54543: Processing maliciously crafted web content may lead to
memory corruption.
* CVE-2024-27856: Processing a file may lead to unexpected app termination or
arbitrary code execution.
* CVE-2024-54658: Processing web content may lead to a denial-of-service.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-638=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-638=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-638=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-638=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-638=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-638=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-638=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-638=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-638=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-638=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-638=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-638=1

## Package List:

* openSUSE Leap 15.4 (noarch)
* WebKitGTK-4.1-lang-2.46.6-150400.4.106.1
* WebKitGTK-6.0-lang-2.46.6-150400.4.106.1
* WebKitGTK-4.0-lang-2.46.6-150400.4.106.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libjavascriptcoregtk-6_0-1-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKitWebProcessExtension-6_0-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_1-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-6_0-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_0-2.46.6-150400.4.106.1
* libwebkitgtk-6_0-4-debuginfo-2.46.6-150400.4.106.1
* webkitgtk-6_0-injected-bundles-2.46.6-150400.4.106.1
* webkit-jsc-4.1-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-minibrowser-2.46.6-150400.4.106.1
* libjavascriptcoregtk-6_0-1-2.46.6-150400.4.106.1
* webkit-jsc-4-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-debuginfo-2.46.6-150400.4.106.1
* webkit-jsc-6.0-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-minibrowser-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_0-2.46.6-150400.4.106.1
* webkit-jsc-4.1-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_1-2.46.6-150400.4.106.1
* webkit-jsc-4-debuginfo-2.46.6-150400.4.106.1
* webkit2gtk3-minibrowser-2.46.6-150400.4.106.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* webkitgtk-6_0-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* webkit2gtk3-devel-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_1-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-2.46.6-150400.4.106.1
* webkit2gtk3-debugsource-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150400.4.106.1
* webkit2gtk4-debugsource-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-debugsource-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.46.6-150400.4.106.1
* webkit2gtk4-minibrowser-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-2.46.6-150400.4.106.1
* libwebkitgtk-6_0-4-2.46.6-150400.4.106.1
* webkit2gtk4-minibrowser-debuginfo-2.46.6-150400.4.106.1
* webkit2gtk-4_1-injected-bundles-2.46.6-150400.4.106.1
* webkit-jsc-6.0-debuginfo-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-devel-2.46.6-150400.4.106.1
* typelib-1_0-WebKit-6_0-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-debuginfo-2.46.6-150400.4.106.1
* webkit2gtk3-minibrowser-debuginfo-2.46.6-150400.4.106.1
* webkit2gtk4-devel-2.46.6-150400.4.106.1
* openSUSE Leap 15.4 (x86_64)
* libwebkit2gtk-4_1-0-32bit-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-32bit-debuginfo-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-32bit-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-32bit-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-32bit-debuginfo-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-32bit-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.46.6-150400.4.106.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-64bit-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-64bit-debuginfo-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-64bit-debuginfo-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-64bit-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-64bit-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-64bit-2.46.6-150400.4.106.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* WebKitGTK-4.1-lang-2.46.6-150400.4.106.1
* WebKitGTK-6.0-lang-2.46.6-150400.4.106.1
* WebKitGTK-4.0-lang-2.46.6-150400.4.106.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libjavascriptcoregtk-6_0-1-debuginfo-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_1-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_0-2.46.6-150400.4.106.1
* libwebkitgtk-6_0-4-debuginfo-2.46.6-150400.4.106.1
* webkitgtk-6_0-injected-bundles-2.46.6-150400.4.106.1
* libjavascriptcoregtk-6_0-1-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_0-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_1-2.46.6-150400.4.106.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_1-2.46.6-150400.4.106.1
* webkit2gtk3-devel-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-2.46.6-150400.4.106.1
* webkit2gtk3-debugsource-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150400.4.106.1
* webkit2gtk4-debugsource-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-debugsource-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-2.46.6-150400.4.106.1
* libwebkitgtk-6_0-4-2.46.6-150400.4.106.1
* webkit2gtk-4_1-injected-bundles-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-devel-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-debuginfo-2.46.6-150400.4.106.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* WebKitGTK-4.1-lang-2.46.6-150400.4.106.1
* WebKitGTK-6.0-lang-2.46.6-150400.4.106.1
* WebKitGTK-4.0-lang-2.46.6-150400.4.106.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libjavascriptcoregtk-6_0-1-debuginfo-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_1-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_0-2.46.6-150400.4.106.1
* libwebkitgtk-6_0-4-debuginfo-2.46.6-150400.4.106.1
* webkitgtk-6_0-injected-bundles-2.46.6-150400.4.106.1
* libjavascriptcoregtk-6_0-1-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_0-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_1-2.46.6-150400.4.106.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_1-2.46.6-150400.4.106.1
* webkit2gtk3-devel-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-2.46.6-150400.4.106.1
* webkit2gtk3-debugsource-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150400.4.106.1
* webkit2gtk4-debugsource-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-debugsource-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-2.46.6-150400.4.106.1
* libwebkitgtk-6_0-4-2.46.6-150400.4.106.1
* webkit2gtk-4_1-injected-bundles-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-devel-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-debuginfo-2.46.6-150400.4.106.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* WebKitGTK-4.1-lang-2.46.6-150400.4.106.1
* WebKitGTK-6.0-lang-2.46.6-150400.4.106.1
* WebKitGTK-4.0-lang-2.46.6-150400.4.106.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libjavascriptcoregtk-6_0-1-debuginfo-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_1-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_0-2.46.6-150400.4.106.1
* libwebkitgtk-6_0-4-debuginfo-2.46.6-150400.4.106.1
* webkitgtk-6_0-injected-bundles-2.46.6-150400.4.106.1
* libjavascriptcoregtk-6_0-1-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_0-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_1-2.46.6-150400.4.106.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_1-2.46.6-150400.4.106.1
* webkit2gtk3-devel-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-2.46.6-150400.4.106.1
* webkit2gtk3-debugsource-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150400.4.106.1
* webkit2gtk4-debugsource-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-debugsource-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-2.46.6-150400.4.106.1
* libwebkitgtk-6_0-4-2.46.6-150400.4.106.1
* webkit2gtk-4_1-injected-bundles-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-devel-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-debuginfo-2.46.6-150400.4.106.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* WebKitGTK-4.1-lang-2.46.6-150400.4.106.1
* WebKitGTK-6.0-lang-2.46.6-150400.4.106.1
* WebKitGTK-4.0-lang-2.46.6-150400.4.106.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libjavascriptcoregtk-6_0-1-debuginfo-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_1-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_0-2.46.6-150400.4.106.1
* libwebkitgtk-6_0-4-debuginfo-2.46.6-150400.4.106.1
* webkitgtk-6_0-injected-bundles-2.46.6-150400.4.106.1
* libjavascriptcoregtk-6_0-1-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_0-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_1-2.46.6-150400.4.106.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_1-2.46.6-150400.4.106.1
* webkit2gtk3-devel-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-2.46.6-150400.4.106.1
* webkit2gtk3-debugsource-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150400.4.106.1
* webkit2gtk4-debugsource-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-debugsource-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-2.46.6-150400.4.106.1
* libwebkitgtk-6_0-4-2.46.6-150400.4.106.1
* webkit2gtk-4_1-injected-bundles-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-devel-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-debuginfo-2.46.6-150400.4.106.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* WebKitGTK-4.1-lang-2.46.6-150400.4.106.1
* WebKitGTK-6.0-lang-2.46.6-150400.4.106.1
* WebKitGTK-4.0-lang-2.46.6-150400.4.106.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libjavascriptcoregtk-6_0-1-debuginfo-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_1-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_0-2.46.6-150400.4.106.1
* libwebkitgtk-6_0-4-debuginfo-2.46.6-150400.4.106.1
* webkitgtk-6_0-injected-bundles-2.46.6-150400.4.106.1
* libjavascriptcoregtk-6_0-1-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_0-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_1-2.46.6-150400.4.106.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_1-2.46.6-150400.4.106.1
* webkit2gtk3-devel-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-2.46.6-150400.4.106.1
* webkit2gtk3-debugsource-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150400.4.106.1
* webkit2gtk4-debugsource-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-debugsource-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-2.46.6-150400.4.106.1
* libwebkitgtk-6_0-4-2.46.6-150400.4.106.1
* webkit2gtk-4_1-injected-bundles-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-devel-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-debuginfo-2.46.6-150400.4.106.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* WebKitGTK-4.1-lang-2.46.6-150400.4.106.1
* WebKitGTK-6.0-lang-2.46.6-150400.4.106.1
* WebKitGTK-4.0-lang-2.46.6-150400.4.106.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libjavascriptcoregtk-6_0-1-debuginfo-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_1-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_0-2.46.6-150400.4.106.1
* libwebkitgtk-6_0-4-debuginfo-2.46.6-150400.4.106.1
* webkitgtk-6_0-injected-bundles-2.46.6-150400.4.106.1
* libjavascriptcoregtk-6_0-1-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_0-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_1-2.46.6-150400.4.106.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_1-2.46.6-150400.4.106.1
* webkit2gtk3-devel-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-2.46.6-150400.4.106.1
* webkit2gtk3-debugsource-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150400.4.106.1
* webkit2gtk4-debugsource-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-debugsource-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-2.46.6-150400.4.106.1
* libwebkitgtk-6_0-4-2.46.6-150400.4.106.1
* webkit2gtk-4_1-injected-bundles-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-devel-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-debuginfo-2.46.6-150400.4.106.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* WebKitGTK-4.1-lang-2.46.6-150400.4.106.1
* WebKitGTK-6.0-lang-2.46.6-150400.4.106.1
* WebKitGTK-4.0-lang-2.46.6-150400.4.106.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libjavascriptcoregtk-6_0-1-debuginfo-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_1-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_0-2.46.6-150400.4.106.1
* libwebkitgtk-6_0-4-debuginfo-2.46.6-150400.4.106.1
* webkitgtk-6_0-injected-bundles-2.46.6-150400.4.106.1
* libjavascriptcoregtk-6_0-1-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_0-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_1-2.46.6-150400.4.106.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_1-2.46.6-150400.4.106.1
* webkit2gtk3-devel-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-2.46.6-150400.4.106.1
* webkit2gtk3-debugsource-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150400.4.106.1
* webkit2gtk4-debugsource-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-debugsource-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-2.46.6-150400.4.106.1
* libwebkitgtk-6_0-4-2.46.6-150400.4.106.1
* webkit2gtk-4_1-injected-bundles-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-devel-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-debuginfo-2.46.6-150400.4.106.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* WebKitGTK-4.1-lang-2.46.6-150400.4.106.1
* WebKitGTK-6.0-lang-2.46.6-150400.4.106.1
* WebKitGTK-4.0-lang-2.46.6-150400.4.106.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libjavascriptcoregtk-6_0-1-debuginfo-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_1-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_0-2.46.6-150400.4.106.1
* libwebkitgtk-6_0-4-debuginfo-2.46.6-150400.4.106.1
* webkitgtk-6_0-injected-bundles-2.46.6-150400.4.106.1
* libjavascriptcoregtk-6_0-1-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_0-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_1-2.46.6-150400.4.106.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_1-2.46.6-150400.4.106.1
* webkit2gtk3-devel-2.46.6-150400.4.106.1
* libwebkit2gtk-4_1-0-2.46.6-150400.4.106.1
* webkit2gtk3-debugsource-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150400.4.106.1
* webkit2gtk4-debugsource-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-debugsource-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-2.46.6-150400.4.106.1
* libwebkitgtk-6_0-4-2.46.6-150400.4.106.1
* webkit2gtk-4_1-injected-bundles-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-devel-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-debuginfo-2.46.6-150400.4.106.1
* SUSE Manager Proxy 4.3 (noarch)
* WebKitGTK-4.0-lang-2.46.6-150400.4.106.1
* SUSE Manager Proxy 4.3 (x86_64)
* libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_0-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-devel-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-debugsource-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_0-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-debuginfo-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-2.46.6-150400.4.106.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* WebKitGTK-4.0-lang-2.46.6-150400.4.106.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_0-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-devel-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-debugsource-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_0-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-debuginfo-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-2.46.6-150400.4.106.1
* SUSE Manager Server 4.3 (noarch)
* WebKitGTK-4.0-lang-2.46.6-150400.4.106.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2-4_0-2.46.6-150400.4.106.1
* typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-devel-2.46.6-150400.4.106.1
* webkit2gtk-4_0-injected-bundles-2.46.6-150400.4.106.1
* libjavascriptcoregtk-4_0-18-2.46.6-150400.4.106.1
* webkit2gtk3-soup2-debugsource-2.46.6-150400.4.106.1
* typelib-1_0-JavaScriptCore-4_0-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-debuginfo-2.46.6-150400.4.106.1
* libwebkit2gtk-4_0-37-2.46.6-150400.4.106.1

## References:

* https://www.suse.com/security/cve/CVE-2024-27856.html
* https://www.suse.com/security/cve/CVE-2024-54543.html
* https://www.suse.com/security/cve/CVE-2024-54658.html
* https://www.suse.com/security/cve/CVE-2025-24143.html
* https://www.suse.com/security/cve/CVE-2025-24150.html
* https://www.suse.com/security/cve/CVE-2025-24158.html
* https://www.suse.com/security/cve/CVE-2025-24162.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236946


PostgreSQL, LibPQ, BIND, MySQL updates for AlmaLinux

PostgreSQL, BIND, LibTasn, Python-Werkzeug, GnuTLS updates for Debian

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...