Docker, AppArmor, Restic, Linux Kernel, Opera updates for SUSE

SUSE 5277 Published by

SUSE Linux has announced the release of multiple security updates, which include significant updates for Docker, AppArmor, Restic, Linux Kernel, and Opera:

SUSE-SU-2025:1062-1: important: Security update for docker, docker-stable
SUSE-SU-2025:1063-1: moderate: Security update for apparmor
openSUSE-SU-2025:0110-1: moderate: Security update for restic
SUSE-SU-2025:1076-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)
SUSE-SU-2025:1072-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)
openSUSE-SU-2025:0111-1: important: Security update for opera




SUSE-SU-2025:1062-1: important: Security update for docker, docker-stable


# Security update for docker, docker-stable

Announcement ID: SUSE-SU-2025:1062-1
Release Date: 2025-03-31T08:46:03Z
Rating: important
References:

* bsc#1237367
* bsc#1239185
* bsc#1239322

Cross-References:

* CVE-2024-2365
* CVE-2024-29018
* CVE-2024-41110
* CVE-2025-22868
* CVE-2025-22869

CVSS scores:

* CVE-2024-29018 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-29018 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-41110 ( SUSE ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-22868 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22869 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Containers Module 15-SP6
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves five vulnerabilities can now be installed.

## Description:

This update for docker, docker-stable fixes the following issues:

* CVE-2025-22868: Fixed unexpected memory consumption during token parsing in
golang.org/x/oauth2 (bsc#1239185).
* CVE-2025-22869: Fixed Denial of Service in the Key Exchange of
golang.org/x/crypto/ssh (bsc#1239322).

Other fixes: \- Make container-selinux requirement conditional on selinux-policy
(bsc#1237367)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-1062=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-1062=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-1062=1

* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-1062=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1062=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1062=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1062=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1062=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1062=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1062=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1062=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1062=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1062=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1062=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1062=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-1062=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-1062=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1062=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1062=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1062=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-1062=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-1062=1

## Package List:

* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* docker-stable-24.0.9_ce-150000.1.15.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.15.1
* Containers Module 15-SP6 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.15.1
* docker-bash-completion-27.5.1_ce-150000.218.1
* docker-rootless-extras-27.5.1_ce-150000.218.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* docker-stable-24.0.9_ce-150000.1.15.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.15.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* docker-bash-completion-27.5.1_ce-150000.218.1
* docker-fish-completion-27.5.1_ce-150000.218.1
* docker-stable-bash-completion-24.0.9_ce-150000.1.15.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* docker-stable-24.0.9_ce-150000.1.15.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.15.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.15.1
* docker-bash-completion-27.5.1_ce-150000.218.1
* docker-rootless-extras-27.5.1_ce-150000.218.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* docker-stable-24.0.9_ce-150000.1.15.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.15.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.15.1
* docker-bash-completion-27.5.1_ce-150000.218.1
* docker-rootless-extras-27.5.1_ce-150000.218.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* docker-stable-24.0.9_ce-150000.1.15.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.15.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.15.1
* docker-bash-completion-27.5.1_ce-150000.218.1
* docker-rootless-extras-27.5.1_ce-150000.218.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* docker-stable-24.0.9_ce-150000.1.15.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.15.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.15.1
* docker-bash-completion-27.5.1_ce-150000.218.1
* docker-rootless-extras-27.5.1_ce-150000.218.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* docker-stable-24.0.9_ce-150000.1.15.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.15.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* docker-bash-completion-27.5.1_ce-150000.218.1
* docker-fish-completion-27.5.1_ce-150000.218.1
* docker-stable-bash-completion-24.0.9_ce-150000.1.15.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* docker-stable-24.0.9_ce-150000.1.15.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.15.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.15.1
* docker-bash-completion-27.5.1_ce-150000.218.1
* docker-rootless-extras-27.5.1_ce-150000.218.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* docker-stable-24.0.9_ce-150000.1.15.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.15.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.15.1
* docker-bash-completion-27.5.1_ce-150000.218.1
* docker-rootless-extras-27.5.1_ce-150000.218.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* docker-stable-24.0.9_ce-150000.1.15.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.15.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* docker-bash-completion-27.5.1_ce-150000.218.1
* docker-fish-completion-27.5.1_ce-150000.218.1
* docker-stable-bash-completion-24.0.9_ce-150000.1.15.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* docker-stable-24.0.9_ce-150000.1.15.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.15.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.15.1
* docker-bash-completion-27.5.1_ce-150000.218.1
* docker-rootless-extras-27.5.1_ce-150000.218.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* docker-stable-24.0.9_ce-150000.1.15.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.15.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* docker-stable-bash-completion-24.0.9_ce-150000.1.15.1
* docker-bash-completion-27.5.1_ce-150000.218.1
* docker-rootless-extras-27.5.1_ce-150000.218.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* docker-stable-24.0.9_ce-150000.1.15.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.15.1
* SUSE Enterprise Storage 7.1 (noarch)
* docker-bash-completion-27.5.1_ce-150000.218.1
* docker-fish-completion-27.5.1_ce-150000.218.1
* docker-stable-bash-completion-24.0.9_ce-150000.1.15.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* docker-stable-24.0.9_ce-150000.1.15.1
* docker-stable-debuginfo-24.0.9_ce-150000.1.15.1
* openSUSE Leap 15.6 (noarch)
* docker-bash-completion-27.5.1_ce-150000.218.1
* docker-stable-fish-completion-24.0.9_ce-150000.1.15.1
* docker-rootless-extras-27.5.1_ce-150000.218.1
* docker-stable-zsh-completion-24.0.9_ce-150000.1.15.1
* docker-zsh-completion-27.5.1_ce-150000.218.1
* docker-stable-rootless-extras-24.0.9_ce-150000.1.15.1
* docker-stable-bash-completion-24.0.9_ce-150000.1.15.1
* docker-fish-completion-27.5.1_ce-150000.218.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* docker-debuginfo-27.5.1_ce-150000.218.1
* docker-27.5.1_ce-150000.218.1

## References:

* https://www.suse.com/security/cve/CVE-2024-2365.html
* https://www.suse.com/security/cve/CVE-2024-29018.html
* https://www.suse.com/security/cve/CVE-2024-41110.html
* https://www.suse.com/security/cve/CVE-2025-22868.html
* https://www.suse.com/security/cve/CVE-2025-22869.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237367
* https://bugzilla.suse.com/show_bug.cgi?id=1239185
* https://bugzilla.suse.com/show_bug.cgi?id=1239322



SUSE-SU-2025:1063-1: moderate: Security update for apparmor


# Security update for apparmor

Announcement ID: SUSE-SU-2025:1063-1
Release Date: 2025-03-31T09:04:56Z
Rating: moderate
References:

* bsc#1234452

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that has one security fix can now be installed.

## Description:

This update for apparmor fixes the following issues:

* Allow dovecot-auth to execute unix check password from /sbin, not only from
/usr/bin (bsc#1234452).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-1063=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-1063=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1063=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1063=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1063=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1063=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* apparmor-parser-3.0.4-150500.11.12.2
* apache2-mod_apparmor-3.0.4-150500.11.12.2
* pam_apparmor-debuginfo-3.0.4-150500.11.12.2
* ruby-apparmor-debuginfo-3.0.4-150500.11.12.2
* apache2-mod_apparmor-debuginfo-3.0.4-150500.11.12.2
* python3-apparmor-debuginfo-3.0.4-150500.11.12.2
* python3-apparmor-3.0.4-150500.11.12.2
* apparmor-debugsource-3.0.4-150500.11.12.2
* pam_apparmor-3.0.4-150500.11.12.2
* ruby-apparmor-3.0.4-150500.11.12.2
* libapparmor-debugsource-3.0.4-150500.11.12.2
* libapparmor-devel-3.0.4-150500.11.12.2
* perl-apparmor-debuginfo-3.0.4-150500.11.12.2
* perl-apparmor-3.0.4-150500.11.12.2
* libapparmor1-3.0.4-150500.11.12.2
* libapparmor1-debuginfo-3.0.4-150500.11.12.2
* apparmor-parser-debuginfo-3.0.4-150500.11.12.2
* openSUSE Leap 15.5 (noarch)
* apparmor-utils-3.0.4-150500.11.12.2
* apparmor-docs-3.0.4-150500.11.12.2
* apparmor-parser-lang-3.0.4-150500.11.12.2
* apparmor-utils-lang-3.0.4-150500.11.12.2
* apparmor-abstractions-3.0.4-150500.11.12.2
* apparmor-profiles-3.0.4-150500.11.12.2
* openSUSE Leap 15.5 (x86_64)
* pam_apparmor-32bit-debuginfo-3.0.4-150500.11.12.2
* libapparmor1-32bit-3.0.4-150500.11.12.2
* pam_apparmor-32bit-3.0.4-150500.11.12.2
* libapparmor1-32bit-debuginfo-3.0.4-150500.11.12.2
* openSUSE Leap 15.5 (aarch64_ilp32)
* pam_apparmor-64bit-debuginfo-3.0.4-150500.11.12.2
* pam_apparmor-64bit-3.0.4-150500.11.12.2
* libapparmor1-64bit-debuginfo-3.0.4-150500.11.12.2
* libapparmor1-64bit-3.0.4-150500.11.12.2
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* apparmor-parser-3.0.4-150500.11.12.2
* pam_apparmor-debuginfo-3.0.4-150500.11.12.2
* libapparmor-debugsource-3.0.4-150500.11.12.2
* apparmor-debugsource-3.0.4-150500.11.12.2
* pam_apparmor-3.0.4-150500.11.12.2
* libapparmor1-3.0.4-150500.11.12.2
* libapparmor1-debuginfo-3.0.4-150500.11.12.2
* apparmor-parser-debuginfo-3.0.4-150500.11.12.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* apparmor-parser-3.0.4-150500.11.12.2
* apache2-mod_apparmor-3.0.4-150500.11.12.2
* pam_apparmor-debuginfo-3.0.4-150500.11.12.2
* apache2-mod_apparmor-debuginfo-3.0.4-150500.11.12.2
* python3-apparmor-debuginfo-3.0.4-150500.11.12.2
* libapparmor-debugsource-3.0.4-150500.11.12.2
* apparmor-debugsource-3.0.4-150500.11.12.2
* libapparmor-devel-3.0.4-150500.11.12.2
* pam_apparmor-3.0.4-150500.11.12.2
* python3-apparmor-3.0.4-150500.11.12.2
* perl-apparmor-debuginfo-3.0.4-150500.11.12.2
* perl-apparmor-3.0.4-150500.11.12.2
* libapparmor1-3.0.4-150500.11.12.2
* libapparmor1-debuginfo-3.0.4-150500.11.12.2
* apparmor-parser-debuginfo-3.0.4-150500.11.12.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* apparmor-utils-3.0.4-150500.11.12.2
* apparmor-docs-3.0.4-150500.11.12.2
* apparmor-parser-lang-3.0.4-150500.11.12.2
* apparmor-utils-lang-3.0.4-150500.11.12.2
* apparmor-abstractions-3.0.4-150500.11.12.2
* apparmor-profiles-3.0.4-150500.11.12.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
* pam_apparmor-32bit-debuginfo-3.0.4-150500.11.12.2
* libapparmor1-32bit-3.0.4-150500.11.12.2
* pam_apparmor-32bit-3.0.4-150500.11.12.2
* libapparmor1-32bit-debuginfo-3.0.4-150500.11.12.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* apparmor-parser-3.0.4-150500.11.12.2
* apache2-mod_apparmor-3.0.4-150500.11.12.2
* pam_apparmor-debuginfo-3.0.4-150500.11.12.2
* apache2-mod_apparmor-debuginfo-3.0.4-150500.11.12.2
* python3-apparmor-debuginfo-3.0.4-150500.11.12.2
* libapparmor-debugsource-3.0.4-150500.11.12.2
* apparmor-debugsource-3.0.4-150500.11.12.2
* libapparmor-devel-3.0.4-150500.11.12.2
* pam_apparmor-3.0.4-150500.11.12.2
* python3-apparmor-3.0.4-150500.11.12.2
* perl-apparmor-debuginfo-3.0.4-150500.11.12.2
* perl-apparmor-3.0.4-150500.11.12.2
* libapparmor1-3.0.4-150500.11.12.2
* libapparmor1-debuginfo-3.0.4-150500.11.12.2
* apparmor-parser-debuginfo-3.0.4-150500.11.12.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* apparmor-utils-3.0.4-150500.11.12.2
* apparmor-docs-3.0.4-150500.11.12.2
* apparmor-parser-lang-3.0.4-150500.11.12.2
* apparmor-utils-lang-3.0.4-150500.11.12.2
* apparmor-abstractions-3.0.4-150500.11.12.2
* apparmor-profiles-3.0.4-150500.11.12.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
* pam_apparmor-32bit-debuginfo-3.0.4-150500.11.12.2
* libapparmor1-32bit-3.0.4-150500.11.12.2
* pam_apparmor-32bit-3.0.4-150500.11.12.2
* libapparmor1-32bit-debuginfo-3.0.4-150500.11.12.2
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* apparmor-parser-3.0.4-150500.11.12.2
* apache2-mod_apparmor-3.0.4-150500.11.12.2
* pam_apparmor-debuginfo-3.0.4-150500.11.12.2
* apache2-mod_apparmor-debuginfo-3.0.4-150500.11.12.2
* python3-apparmor-debuginfo-3.0.4-150500.11.12.2
* libapparmor-debugsource-3.0.4-150500.11.12.2
* apparmor-debugsource-3.0.4-150500.11.12.2
* libapparmor-devel-3.0.4-150500.11.12.2
* pam_apparmor-3.0.4-150500.11.12.2
* python3-apparmor-3.0.4-150500.11.12.2
* perl-apparmor-debuginfo-3.0.4-150500.11.12.2
* perl-apparmor-3.0.4-150500.11.12.2
* libapparmor1-3.0.4-150500.11.12.2
* libapparmor1-debuginfo-3.0.4-150500.11.12.2
* apparmor-parser-debuginfo-3.0.4-150500.11.12.2
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* apparmor-utils-3.0.4-150500.11.12.2
* apparmor-docs-3.0.4-150500.11.12.2
* apparmor-parser-lang-3.0.4-150500.11.12.2
* apparmor-utils-lang-3.0.4-150500.11.12.2
* apparmor-abstractions-3.0.4-150500.11.12.2
* apparmor-profiles-3.0.4-150500.11.12.2
* SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
* pam_apparmor-32bit-debuginfo-3.0.4-150500.11.12.2
* libapparmor1-32bit-3.0.4-150500.11.12.2
* pam_apparmor-32bit-3.0.4-150500.11.12.2
* libapparmor1-32bit-debuginfo-3.0.4-150500.11.12.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* apparmor-parser-3.0.4-150500.11.12.2
* apache2-mod_apparmor-3.0.4-150500.11.12.2
* pam_apparmor-debuginfo-3.0.4-150500.11.12.2
* apache2-mod_apparmor-debuginfo-3.0.4-150500.11.12.2
* python3-apparmor-debuginfo-3.0.4-150500.11.12.2
* libapparmor-debugsource-3.0.4-150500.11.12.2
* apparmor-debugsource-3.0.4-150500.11.12.2
* libapparmor-devel-3.0.4-150500.11.12.2
* pam_apparmor-3.0.4-150500.11.12.2
* python3-apparmor-3.0.4-150500.11.12.2
* perl-apparmor-debuginfo-3.0.4-150500.11.12.2
* perl-apparmor-3.0.4-150500.11.12.2
* libapparmor1-3.0.4-150500.11.12.2
* libapparmor1-debuginfo-3.0.4-150500.11.12.2
* apparmor-parser-debuginfo-3.0.4-150500.11.12.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* apparmor-utils-3.0.4-150500.11.12.2
* apparmor-docs-3.0.4-150500.11.12.2
* apparmor-parser-lang-3.0.4-150500.11.12.2
* apparmor-utils-lang-3.0.4-150500.11.12.2
* apparmor-abstractions-3.0.4-150500.11.12.2
* apparmor-profiles-3.0.4-150500.11.12.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* pam_apparmor-32bit-debuginfo-3.0.4-150500.11.12.2
* libapparmor1-32bit-3.0.4-150500.11.12.2
* pam_apparmor-32bit-3.0.4-150500.11.12.2
* libapparmor1-32bit-debuginfo-3.0.4-150500.11.12.2

## References:

* https://bugzilla.suse.com/show_bug.cgi?id=1234452



openSUSE-SU-2025:0110-1: moderate: Security update for restic


openSUSE Security Update: Security update for restic
_______________________________

Announcement ID: openSUSE-SU-2025:0110-1
Rating: moderate
References:
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that contains security fixes can now be installed.

Description:

This update for restic fixes the following issues:

Update to 0.18.0

- Sec #5291: Mitigate attack on content-defined chunking algorithm
- Fix #1843: Correctly restore long filepaths' timestamp on old Windows
- Fix #2165: Ignore disappeared backup source files
- Fix #5153: Include root tree when searching using find --tree
- Fix #5169: Prevent Windows VSS event log 8194 warnings for backup with
fs snapshot
- Fix #5212: Fix duplicate data handling in prune --max-unused
- Fix #5249: Fix creation of oversized index by repair index
--read-all-packs
- Fix #5259: Fix rare crash in command output
- Chg #4938: Update dependencies and require Go 1.23 or newer
- Chg #5162: Promote feature flags
- Enh #1378: Add JSON support to check command
- Enh #2511: Support generating shell completions to stdout
- Enh #3697: Allow excluding online-only cloud files (e.g. OneDrive)
- Enh #4179: Add sort option to ls command
- Enh #4433: Change default sort order for find output
- Enh #4521: Add support for Microsoft Blob Storage access tiers
- Enh #4942: Add snapshot summary statistics to rewritten snapshots
- Enh #4948: Format exit errors as JSON when requested
- Enh #4983: Add SLSA provenance to GHCR container images
- Enh #5054: Enable compression for ZIP archives in dump command
- Enh #5081: Add retry mechanism for loading repository config
- Enh #5089: Allow including/excluding extended file attributes during
restore
- Enh #5092: Show count of deleted files and directories during restore
- Enh #5109: Make small pack size configurable for prune
- Enh #5119: Add start and end timestamps to backup JSON output
- Enh #5131: Add DragonFlyBSD support
- Enh #5137: Make tag command print which snapshots were modified
- Enh #5141: Provide clear error message if AZURE_ACCOUNT_NAME is not set
- Enh #5173: Add experimental S3 cold storage support
- Enh #5174: Add xattr support for NetBSD 10+
- Enh #5251: Improve retry handling for flaky rclone backends
- Enh #52897: Make recover automatically rebuild index when needed

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-110=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

restic-0.18.0-bp156.2.6.1

- openSUSE Backports SLE-15-SP6 (noarch):

restic-bash-completion-0.18.0-bp156.2.6.1
restic-zsh-completion-0.18.0-bp156.2.6.1

References:



SUSE-SU-2025:1076-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:1076-1
Release Date: 2025-03-31T16:05:04Z
Rating: important
References:

* bsc#1235916

Cross-References:

* CVE-2024-57882

CVSS scores:

* CVE-2024-57882 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57882 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-57882 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_33 fixes one issue.

The following security issue was fixed:

* CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235916).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1079=1 SUSE-2025-1076=1 SUSE-2025-1077=1
SUSE-2025-1078=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-1079=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-1076=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2025-1077=1 SUSE-SLE-Module-Live-Patching-15-SP6-2025-1078=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_22-default-7-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_7-debugsource-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-3-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_4-debugsource-7-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_6-debugsource-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-6-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_5-debugsource-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-6-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_22-default-7-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_7-debugsource-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-3-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_4-debugsource-7-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_6-debugsource-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-6-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_5-debugsource-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-6-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-57882.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235916



SUSE-SU-2025:1072-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:1072-1
Release Date: 2025-03-31T16:04:28Z
Rating: important
References:

* bsc#1228578
* bsc#1235916

Cross-References:

* CVE-2024-41062
* CVE-2024-57882

CVSS scores:

* CVE-2024-41062 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41062 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57882 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57882 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-57882 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_17 fixes several issues.

The following security issues were fixed:

* CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235916).
* CVE-2024-41062: Sync sock recv cb and release (bsc#1228578).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1075=1 SUSE-2025-1072=1 SUSE-2025-1073=1
SUSE-2025-1074=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-1075=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-1072=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2025-1073=1 SUSE-SLE-Module-Live-Patching-15-SP6-2025-1074=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_2-debugsource-11-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_0-debugsource-13-150600.4.31.1
* kernel-livepatch-6_4_0-150600_23_17-default-11-150600.2.1
* kernel-livepatch-6_4_0-150600_21-default-debuginfo-13-150600.4.31.1
* kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-11-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-11-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_3-debugsource-11-150600.2.1
* kernel-livepatch-6_4_0-150600_23_14-default-11-150600.2.1
* kernel-livepatch-6_4_0-150600_23_7-default-11-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_1-debugsource-11-150600.2.1
* kernel-livepatch-6_4_0-150600_21-default-13-150600.4.31.1
* kernel-livepatch-6_4_0-150600_23_7-default-debuginfo-11-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_2-debugsource-11-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_0-debugsource-13-150600.4.31.1
* kernel-livepatch-6_4_0-150600_23_17-default-11-150600.2.1
* kernel-livepatch-6_4_0-150600_21-default-debuginfo-13-150600.4.31.1
* kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-11-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-11-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_3-debugsource-11-150600.2.1
* kernel-livepatch-6_4_0-150600_23_14-default-11-150600.2.1
* kernel-livepatch-6_4_0-150600_23_7-default-11-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_1-debugsource-11-150600.2.1
* kernel-livepatch-6_4_0-150600_21-default-13-150600.4.31.1
* kernel-livepatch-6_4_0-150600_23_7-default-debuginfo-11-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-41062.html
* https://www.suse.com/security/cve/CVE-2024-57882.html
* https://bugzilla.suse.com/show_bug.cgi?id=1228578
* https://bugzilla.suse.com/show_bug.cgi?id=1235916



openSUSE-SU-2025:0111-1: important: Security update for opera


openSUSE Security Update: Security update for opera
_______________________________

Announcement ID: openSUSE-SU-2025:0111-1
Rating: important
References:
Cross-References: CVE-2025-2783
Affected Products:
openSUSE Leap 15.6:NonFree
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for opera fixes the following issues:

- Update to 117.0.5408.163
* DNA-120683 [Issue back] Sometimes onboarding is blank and useless
* DNA-121682 Backport fix for CVE-2025-2783 to O132, O133, GX132 and
Air132
- Changes in 117.0.5408.154
* DNA-121210 After enabling tab scrolling, the tab bar narrows
on both the left and right sides
* DNA-121560 Extension updates which requires manual confirmation do not
work
- Changes in 117.0.5408.142
* DNA-121314 Use the extra palette color to paint the frame
* DNA-121321 Refactor ColorSet struct
* DNA-121444 Crash at opera::VibesServiceImpl::VibesServiceImpl
* DNA-121477 Add unit tests for ColorSet
* DNA-121488 [ASAN] ColorSetTest.DefaultConstructor fails
- Changes in 117.0.5408.93
* DNA-118548 After pressing Ctrl+F / Cmd+F on the Start Page (SP), the
focus should be on the search bar
* DNA-121183 Add 'transparent UI' parameter to Vibe logic
* DNA-121184 Allow to specify extra palette for window background in
Vibe logic
* DNA-121232 Enable Slack, Discord and Bluesky flag on all streams
* DNA-121237 Crash at opera::SidebarExpandViewEmbedder::Position
* DNA-121322 [Opera Translate] [Redesign] Expired #translator flag
* DNA-121385 Remove "passkey" string

- Update to 117.0.5408.53
* DNA-120848 Add 'x' button to close/dismiss translate popup
* DNA-120849 Dismissing popup adds language to never translate from list
* DNA-120951 Optimize MFSVE output handling
* DNA-120972 Crash at TabDesktopMediaList::Refresh
* CHR-9964 Update Chromium on desktop-stable-132-5408 to 132.0.6834.210
Changes in 117.0.5408.47
* CHR-9961 Update Chromium on desktop-stable-132-5408 to 132.0.6834.209

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.6:NonFree:

zypper in -t patch openSUSE-2025-111=1

Package List:

- openSUSE Leap 15.6:NonFree (x86_64):

opera-117.0.5408.163-lp156.2.32.1

References:

https://www.suse.com/security/cve/CVE-2025-2783.html


OpenTelemetry Collector, Freetype, Python-Jinja2, LibreOffice, ACS 4.6, Freetype updates for RHEL

MariaDB, OVN, WebKitGTK, AOM, LibTar, RabbitMQ Server, PHP updates for Ubuntu

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...