Freetype 2, GitLeaks, PHP 8, and more updates for SUSE

SUSE 5269 Published by

SUSE Linux has been updated with multiple security enhancements, featuring a major update for freetype2 and moderate updates for gitleaks, forgejo, govulncheck-vulndb, buildah, php8, google-guest-agent, helm, google-osconfig-agent, python-gunicorn, grafana, and libxslt:

SUSE-SU-2025:0998-1: important: Security update for freetype2
openSUSE-SU-2025:14920-1: moderate: gitleaks-8.24.2-1.1 on GA media
openSUSE-SU-2025:14919-1: moderate: forgejo-10.0.3-1.1 on GA media
SUSE-SU-2025:1013-1: moderate: Security update for govulncheck-vulndb
SUSE-SU-2025:1014-1: important: Security update for buildah
SUSE-SU-2025:1012-1: important: Security update for php8
SUSE-SU-2025:1005-1: important: Security update for google-guest-agent
SUSE-SU-2025:1007-1: moderate: Security update for helm
SUSE-SU-2025:1006-1: important: Security update for google-osconfig-agent
SUSE-SU-2025:1008-1: important: Security update for python-gunicorn
SUSE-SU-2025:1011-1: important: Security update for grafana
SUSE-SU-2025:1003-1: important: Security update for libxslt




SUSE-SU-2025:0998-1: important: Security update for freetype2


# Security update for freetype2

Announcement ID: SUSE-SU-2025:0998-1
Release Date: 2025-03-25T02:08:14Z
Rating: important
References:

* bsc#1239465

Cross-References:

* CVE-2025-27363

CVSS scores:

* CVE-2025-27363 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-27363 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-27363 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* Desktop Applications Module 15-SP6
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for freetype2 fixes the following issues:

* CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font
subglyph structures related to TrueType GX and variable font files
(bsc#1239465).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-998=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-998=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-998=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-998=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-998=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-998=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-998=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-998=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-998=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-998=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-998=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-998=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-998=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-998=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-998=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-998=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-998=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-998=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-998=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-998=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-998=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-998=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-998=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-998=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-998=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-998=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* ftinspect-2.10.4-150000.4.18.1
* ftstring-2.10.4-150000.4.18.1
* ftgamma-2.10.4-150000.4.18.1
* freetype2-devel-2.10.4-150000.4.18.1
* libfreetype6-2.10.4-150000.4.18.1
* ftdiff-2.10.4-150000.4.18.1
* ftmulti-2.10.4-150000.4.18.1
* ftvalid-2.10.4-150000.4.18.1
* ftview-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* ftdump-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* ftbench-2.10.4-150000.4.18.1
* ftlint-2.10.4-150000.4.18.1
* ftgrid-2.10.4-150000.4.18.1
* openSUSE Leap 15.6 (x86_64)
* libfreetype6-32bit-debuginfo-2.10.4-150000.4.18.1
* libfreetype6-32bit-2.10.4-150000.4.18.1
* freetype2-devel-32bit-2.10.4-150000.4.18.1
* openSUSE Leap 15.6 (noarch)
* freetype2-profile-tti35-2.10.4-150000.4.18.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc)
* ft2demos-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* freetype2-devel-2.10.4-150000.4.18.1
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* Basesystem Module 15-SP6 (x86_64)
* libfreetype6-32bit-debuginfo-2.10.4-150000.4.18.1
* libfreetype6-32bit-2.10.4-150000.4.18.1
* Desktop Applications Module 15-SP6 (nosrc)
* ft2demos-2.10.4-150000.4.18.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* ftdump-2.10.4-150000.4.18.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* freetype2-devel-2.10.4-150000.4.18.1
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* ftdump-2.10.4-150000.4.18.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (nosrc)
* ft2demos-2.10.4-150000.4.18.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64)
* libfreetype6-32bit-debuginfo-2.10.4-150000.4.18.1
* libfreetype6-32bit-2.10.4-150000.4.18.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* freetype2-devel-2.10.4-150000.4.18.1
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* ftdump-2.10.4-150000.4.18.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (nosrc)
* ft2demos-2.10.4-150000.4.18.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* libfreetype6-32bit-debuginfo-2.10.4-150000.4.18.1
* libfreetype6-32bit-2.10.4-150000.4.18.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* freetype2-devel-2.10.4-150000.4.18.1
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* ftdump-2.10.4-150000.4.18.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (nosrc)
* ft2demos-2.10.4-150000.4.18.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* libfreetype6-32bit-debuginfo-2.10.4-150000.4.18.1
* libfreetype6-32bit-2.10.4-150000.4.18.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* freetype2-devel-2.10.4-150000.4.18.1
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* ftdump-2.10.4-150000.4.18.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (nosrc)
* ft2demos-2.10.4-150000.4.18.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
* libfreetype6-32bit-debuginfo-2.10.4-150000.4.18.1
* libfreetype6-32bit-2.10.4-150000.4.18.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* freetype2-devel-2.10.4-150000.4.18.1
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* ftdump-2.10.4-150000.4.18.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (nosrc)
* ft2demos-2.10.4-150000.4.18.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
* libfreetype6-32bit-debuginfo-2.10.4-150000.4.18.1
* libfreetype6-32bit-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* freetype2-devel-2.10.4-150000.4.18.1
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* ftdump-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (nosrc)
* ft2demos-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (x86_64)
* libfreetype6-32bit-debuginfo-2.10.4-150000.4.18.1
* libfreetype6-32bit-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* freetype2-devel-2.10.4-150000.4.18.1
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* ftdump-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (nosrc)
* ft2demos-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
* libfreetype6-32bit-debuginfo-2.10.4-150000.4.18.1
* libfreetype6-32bit-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* freetype2-devel-2.10.4-150000.4.18.1
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* ftdump-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (nosrc)
* ft2demos-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
* libfreetype6-32bit-debuginfo-2.10.4-150000.4.18.1
* libfreetype6-32bit-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* freetype2-devel-2.10.4-150000.4.18.1
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* ftdump-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc)
* ft2demos-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* libfreetype6-32bit-debuginfo-2.10.4-150000.4.18.1
* libfreetype6-32bit-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* freetype2-devel-2.10.4-150000.4.18.1
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* ftdump-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc)
* ft2demos-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* libfreetype6-32bit-debuginfo-2.10.4-150000.4.18.1
* libfreetype6-32bit-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* freetype2-devel-2.10.4-150000.4.18.1
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* ftdump-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (nosrc)
* ft2demos-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* libfreetype6-32bit-debuginfo-2.10.4-150000.4.18.1
* libfreetype6-32bit-2.10.4-150000.4.18.1
* SUSE Manager Proxy 4.3 (x86_64)
* libfreetype6-32bit-2.10.4-150000.4.18.1
* freetype2-devel-2.10.4-150000.4.18.1
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-32bit-debuginfo-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* libfreetype6-32bit-2.10.4-150000.4.18.1
* freetype2-devel-2.10.4-150000.4.18.1
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-32bit-debuginfo-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* freetype2-devel-2.10.4-150000.4.18.1
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* SUSE Manager Server 4.3 (x86_64)
* libfreetype6-32bit-debuginfo-2.10.4-150000.4.18.1
* libfreetype6-32bit-2.10.4-150000.4.18.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* freetype2-devel-2.10.4-150000.4.18.1
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* ftdump-2.10.4-150000.4.18.1
* SUSE Enterprise Storage 7.1 (nosrc)
* ft2demos-2.10.4-150000.4.18.1
* SUSE Enterprise Storage 7.1 (x86_64)
* libfreetype6-32bit-debuginfo-2.10.4-150000.4.18.1
* libfreetype6-32bit-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* libfreetype6-2.10.4-150000.4.18.1
* libfreetype6-debuginfo-2.10.4-150000.4.18.1
* freetype2-debugsource-2.10.4-150000.4.18.1

## References:

* https://www.suse.com/security/cve/CVE-2025-27363.html
* https://bugzilla.suse.com/show_bug.cgi?id=1239465



openSUSE-SU-2025:14920-1: moderate: gitleaks-8.24.2-1.1 on GA media


# gitleaks-8.24.2-1.1 on GA media

Announcement ID: openSUSE-SU-2025:14920-1
Rating: moderate

Cross-References:

* CVE-2024-45337

CVSS scores:

* CVE-2024-45337 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the gitleaks-8.24.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* gitleaks 8.24.2-1.1
* gitleaks-bash-completion 8.24.2-1.1
* gitleaks-fish-completion 8.24.2-1.1
* gitleaks-zsh-completion 8.24.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-45337.html



openSUSE-SU-2025:14919-1: moderate: forgejo-10.0.3-1.1 on GA media


# forgejo-10.0.3-1.1 on GA media

Announcement ID: openSUSE-SU-2025:14919-1
Rating: moderate

Cross-References:

* CVE-2025-22869

CVSS scores:

* CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22869 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the forgejo-10.0.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* forgejo 10.0.3-1.1
* forgejo-apparmor 10.0.3-1.1
* forgejo-environment-to-ini 10.0.3-1.1
* forgejo-firewalld 10.0.3-1.1
* forgejo-selinux 10.0.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-22869.html



SUSE-SU-2025:1013-1: moderate: Security update for govulncheck-vulndb


# Security update for govulncheck-vulndb

Announcement ID: SUSE-SU-2025:1013-1
Release Date: 2025-03-25T12:47:51Z
Rating: moderate
References:

* jsc#PED-11136

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that contains one feature can now be installed.

## Description:

This update for govulncheck-vulndb fixes the following issues:

* Update to version 0.0.20250318T181448 2025-03-18T18:14:48Z (jsc#PED-11136):
* GO-2025-3448 GHSA-23qp-3c2m-xx6w
* GO-2025-3516 GHSA-47ww-ff84-4jrg
* GO-2025-3517 GHSA-4wf3-5qj9-368v
* GO-2025-3525 GHSA-93mq-9ffx-83m2
* GO-2025-3527 GHSA-m4gq-fm9h-8q75
* GO-2025-3528 GHSA-265r-hfxg-fhmg
* GO-2025-3529 GHSA-c339-mwfc-fmr2
* GO-2025-3530 GHSA-c98h-7hp9-v9hq

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1013=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1013=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* govulncheck-vulndb-0.0.20250318T181448-150000.1.43.1
* SUSE Package Hub 15 15-SP6 (noarch)
* govulncheck-vulndb-0.0.20250318T181448-150000.1.43.1

## References:

* https://jira.suse.com/browse/PED-11136



SUSE-SU-2025:1014-1: important: Security update for buildah


# Security update for buildah

Announcement ID: SUSE-SU-2025:1014-1
Release Date: 2025-03-25T13:05:56Z
Rating: important
References:

* bsc#1239339

Cross-References:

* CVE-2025-22869
* CVE-2025-27144

CVSS scores:

* CVE-2025-22869 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-27144 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-27144 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-27144 ( NVD ): 6.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves two vulnerabilities can now be installed.

## Description:

This update for buildah fixes the following issues:

* CVE-2025-22869: Fixed Denial of Service in the Key Exchange of
golang.org/x/crypto/ssh (bsc#1239339).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1014=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1014=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1014=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1014=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1014=1

## Package List:

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* buildah-1.35.5-150400.3.45.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* buildah-1.35.5-150400.3.45.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150400.3.45.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* buildah-1.35.5-150400.3.45.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* buildah-1.35.5-150400.3.45.1

## References:

* https://www.suse.com/security/cve/CVE-2025-22869.html
* https://www.suse.com/security/cve/CVE-2025-27144.html
* https://bugzilla.suse.com/show_bug.cgi?id=1239339



SUSE-SU-2025:1012-1: important: Security update for php8


# Security update for php8

Announcement ID: SUSE-SU-2025:1012-1
Release Date: 2025-03-25T12:47:38Z
Rating: important
References:

* bsc#1239664
* bsc#1239666
* bsc#1239667
* bsc#1239668
* bsc#1239669
* bsc#1239670

Cross-References:

* CVE-2024-11235
* CVE-2025-1217
* CVE-2025-1219
* CVE-2025-1734
* CVE-2025-1736
* CVE-2025-1861

CVSS scores:

* CVE-2024-11235 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2025-1217 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-1219 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-1734 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-1736 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-1861 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* Web and Scripting Module 15-SP6

An update that solves six vulnerabilities can now be installed.

## Description:

This update for php8 fixes the following issues:

* CVE-2025-1217: Fixed header parser of `http` stream wrapper not handling
folded headers (bsc#1239664)
* CVE-2024-11235: Fixed reference counting in php_request_shutdown causing
Use-After-Free (bsc#1239666)
* CVE-2025-1219: Fixed libxml streams using wrong `content-type` header when
requesting a redirected resource (bsc#1239667)
* CVE-2025-1734: Fixed streams HTTP wrapper not failing for headers with
invalid name and no colon (bsc#1239668)
* CVE-2025-1861: Fixed stream HTTP wrapper truncate redirect location to 1024
bytes (bsc#1239669)
* CVE-2025-1736: Fixed stream HTTP wrapper header check might omitting basic
auth header (bsc#1239670)

Version update to 8.2.28: Core: Fixed bug GH-17211 (observer segfault on
function loaded with dl()). LibXML: Fixed GHSA-wg4p-4hqh-c3g9. Fixed
GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when
requesting a redirected resource). Streams: Fixed GHSA-hgf5-96fm-v528 (Stream
HTTP wrapper header check might omit basic auth header). Fixed GHSA-52jp-
hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). Fixed
GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without
colon). Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does
not handle folded headers).

Version update version 8.2.27 Calendar: Fixed jdtogregorian overflow. Fixed
cal_to_jd julian_days argument overflow. COM: Fixed bug GH-16991 (Getting
typeinfo of non DISPATCH variant segfaults). Core: Fail early in *nix
configuration build script. Fixed bug GH-16727 (Opcache bad signal 139 crash in
ZTS bookworm (frankenphp)). Fixed bug GH-16799 (Assertion failure at
Zend/zend_vm_execute.h:7469). Fixed bug GH-16630 (UAF in lexer with encoding
translation and heredocs). Fix is_zend_ptr() huge block comparison. Fixed
potential OOB read in zend_dirname() on Windows. Curl: Fix various memory leaks
in curl mime handling. FPM: Fixed GH-16432 (PHP-FPM 8.2 SIGSEGV in
fpm_get_status). GD: Fixed GH-16776 (imagecreatefromstring overflow). GMP:
Revert gmp_pow() overly restrictive overflow checks. Hash: Fixed GH-16711:
Segfault in mhash(). Opcache: Fixed bug GH-16770 (Tracing JIT type mismatch when
returning UNDEF). Fixed bug GH-16851 (JIT_G(enabled) not set correctly on other
threads). Fixed bug GH-16902 (Set of opcache tests fail zts+aarch64). OpenSSL:
Prevent unexpected array entry conversion when reading key. Fix various memory
leaks related to openssl exports. Fix memory leak in
php_openssl_pkey_from_zval(). PDO: Fixed memory leak of `setFetchMode()`. Phar:
Fixed bug GH-16695 (phar:// tar parser and zero-length file header blocks).
PHPDBG: Fixed bug GH-15208 (Segfault with breakpoint map and phpdbg_clear()).
SAPI: Fixed bug GH-16998 (UBSAN warning in rfc1867). SimpleXML: Fixed bug
GH-16808 (Segmentation fault in RecursiveIteratorIterator ->current() with a xml
element input). SNMP: Fixed bug GH-16959 (snmget modifies the object_id array).
Standard: Fixed bug GH-16905 (Internal iterator functions can't handle UNDEF
properties). Streams: Fixed network connect poll interuption handling.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1012=1 openSUSE-SLE-15.6-2025-1012=1

* Web and Scripting Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP6-2025-1012=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* php8-bz2-8.2.28-150600.3.16.1
* php8-readline-8.2.28-150600.3.16.1
* php8-fastcgi-debuginfo-8.2.28-150600.3.16.1
* php8-fastcgi-debugsource-8.2.28-150600.3.16.1
* php8-tokenizer-debuginfo-8.2.28-150600.3.16.1
* php8-embed-8.2.28-150600.3.16.1
* php8-embed-debugsource-8.2.28-150600.3.16.1
* php8-shmop-debuginfo-8.2.28-150600.3.16.1
* php8-sodium-debuginfo-8.2.28-150600.3.16.1
* php8-ctype-8.2.28-150600.3.16.1
* php8-calendar-debuginfo-8.2.28-150600.3.16.1
* php8-tidy-8.2.28-150600.3.16.1
* php8-xmlreader-8.2.28-150600.3.16.1
* php8-zlib-debuginfo-8.2.28-150600.3.16.1
* php8-bz2-debuginfo-8.2.28-150600.3.16.1
* php8-bcmath-8.2.28-150600.3.16.1
* apache2-mod_php8-8.2.28-150600.3.16.1
* php8-snmp-debuginfo-8.2.28-150600.3.16.1
* php8-ldap-debuginfo-8.2.28-150600.3.16.1
* php8-ftp-8.2.28-150600.3.16.1
* php8-readline-debuginfo-8.2.28-150600.3.16.1
* php8-mysql-8.2.28-150600.3.16.1
* php8-sysvsem-debuginfo-8.2.28-150600.3.16.1
* php8-fileinfo-debuginfo-8.2.28-150600.3.16.1
* php8-odbc-debuginfo-8.2.28-150600.3.16.1
* php8-debugsource-8.2.28-150600.3.16.1
* php8-posix-8.2.28-150600.3.16.1
* php8-fpm-debugsource-8.2.28-150600.3.16.1
* php8-phar-debuginfo-8.2.28-150600.3.16.1
* php8-gd-8.2.28-150600.3.16.1
* php8-zip-8.2.28-150600.3.16.1
* php8-curl-debuginfo-8.2.28-150600.3.16.1
* php8-tokenizer-8.2.28-150600.3.16.1
* php8-cli-8.2.28-150600.3.16.1
* php8-shmop-8.2.28-150600.3.16.1
* php8-openssl-debuginfo-8.2.28-150600.3.16.1
* php8-pdo-8.2.28-150600.3.16.1
* php8-devel-8.2.28-150600.3.16.1
* php8-pcntl-8.2.28-150600.3.16.1
* php8-sysvshm-8.2.28-150600.3.16.1
* php8-sqlite-debuginfo-8.2.28-150600.3.16.1
* php8-sqlite-8.2.28-150600.3.16.1
* php8-fpm-8.2.28-150600.3.16.1
* php8-opcache-debuginfo-8.2.28-150600.3.16.1
* php8-ldap-8.2.28-150600.3.16.1
* php8-iconv-8.2.28-150600.3.16.1
* php8-tidy-debuginfo-8.2.28-150600.3.16.1
* php8-curl-8.2.28-150600.3.16.1
* apache2-mod_php8-debuginfo-8.2.28-150600.3.16.1
* php8-xsl-8.2.28-150600.3.16.1
* php8-cli-debuginfo-8.2.28-150600.3.16.1
* php8-phar-8.2.28-150600.3.16.1
* php8-dom-debuginfo-8.2.28-150600.3.16.1
* php8-debuginfo-8.2.28-150600.3.16.1
* php8-fileinfo-8.2.28-150600.3.16.1
* php8-intl-8.2.28-150600.3.16.1
* php8-embed-debuginfo-8.2.28-150600.3.16.1
* php8-gettext-debuginfo-8.2.28-150600.3.16.1
* php8-mysql-debuginfo-8.2.28-150600.3.16.1
* php8-test-8.2.28-150600.3.16.1
* php8-iconv-debuginfo-8.2.28-150600.3.16.1
* php8-gmp-debuginfo-8.2.28-150600.3.16.1
* php8-fastcgi-8.2.28-150600.3.16.1
* php8-dom-8.2.28-150600.3.16.1
* php8-sysvmsg-debuginfo-8.2.28-150600.3.16.1
* php8-ctype-debuginfo-8.2.28-150600.3.16.1
* php8-sysvshm-debuginfo-8.2.28-150600.3.16.1
* php8-sysvsem-8.2.28-150600.3.16.1
* php8-calendar-8.2.28-150600.3.16.1
* php8-posix-debuginfo-8.2.28-150600.3.16.1
* php8-pgsql-debuginfo-8.2.28-150600.3.16.1
* php8-sysvmsg-8.2.28-150600.3.16.1
* php8-zlib-8.2.28-150600.3.16.1
* php8-mbstring-8.2.28-150600.3.16.1
* php8-openssl-8.2.28-150600.3.16.1
* php8-sockets-8.2.28-150600.3.16.1
* php8-sockets-debuginfo-8.2.28-150600.3.16.1
* php8-bcmath-debuginfo-8.2.28-150600.3.16.1
* apache2-mod_php8-debugsource-8.2.28-150600.3.16.1
* php8-pcntl-debuginfo-8.2.28-150600.3.16.1
* php8-enchant-8.2.28-150600.3.16.1
* php8-enchant-debuginfo-8.2.28-150600.3.16.1
* php8-odbc-8.2.28-150600.3.16.1
* php8-xmlwriter-debuginfo-8.2.28-150600.3.16.1
* php8-fpm-debuginfo-8.2.28-150600.3.16.1
* php8-snmp-8.2.28-150600.3.16.1
* php8-soap-8.2.28-150600.3.16.1
* php8-dba-debuginfo-8.2.28-150600.3.16.1
* php8-zip-debuginfo-8.2.28-150600.3.16.1
* php8-exif-8.2.28-150600.3.16.1
* php8-ffi-8.2.28-150600.3.16.1
* php8-gettext-8.2.28-150600.3.16.1
* php8-xsl-debuginfo-8.2.28-150600.3.16.1
* php8-xmlwriter-8.2.28-150600.3.16.1
* php8-xmlreader-debuginfo-8.2.28-150600.3.16.1
* php8-soap-debuginfo-8.2.28-150600.3.16.1
* php8-mbstring-debuginfo-8.2.28-150600.3.16.1
* php8-8.2.28-150600.3.16.1
* php8-pgsql-8.2.28-150600.3.16.1
* php8-sodium-8.2.28-150600.3.16.1
* php8-opcache-8.2.28-150600.3.16.1
* php8-dba-8.2.28-150600.3.16.1
* php8-gd-debuginfo-8.2.28-150600.3.16.1
* php8-exif-debuginfo-8.2.28-150600.3.16.1
* php8-gmp-8.2.28-150600.3.16.1
* php8-pdo-debuginfo-8.2.28-150600.3.16.1
* php8-ftp-debuginfo-8.2.28-150600.3.16.1
* php8-intl-debuginfo-8.2.28-150600.3.16.1
* php8-ffi-debuginfo-8.2.28-150600.3.16.1
* openSUSE Leap 15.6 (noarch)
* php8-fpm-apache-8.2.28-150600.3.16.1
* Web and Scripting Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* php8-bz2-8.2.28-150600.3.16.1
* php8-readline-8.2.28-150600.3.16.1
* php8-fastcgi-debuginfo-8.2.28-150600.3.16.1
* php8-fastcgi-debugsource-8.2.28-150600.3.16.1
* php8-tokenizer-debuginfo-8.2.28-150600.3.16.1
* php8-embed-8.2.28-150600.3.16.1
* php8-embed-debugsource-8.2.28-150600.3.16.1
* php8-shmop-debuginfo-8.2.28-150600.3.16.1
* php8-sodium-debuginfo-8.2.28-150600.3.16.1
* php8-ctype-8.2.28-150600.3.16.1
* php8-calendar-debuginfo-8.2.28-150600.3.16.1
* php8-tidy-8.2.28-150600.3.16.1
* php8-xmlreader-8.2.28-150600.3.16.1
* php8-zlib-debuginfo-8.2.28-150600.3.16.1
* php8-bz2-debuginfo-8.2.28-150600.3.16.1
* php8-bcmath-8.2.28-150600.3.16.1
* apache2-mod_php8-8.2.28-150600.3.16.1
* php8-snmp-debuginfo-8.2.28-150600.3.16.1
* php8-ldap-debuginfo-8.2.28-150600.3.16.1
* php8-ftp-8.2.28-150600.3.16.1
* php8-readline-debuginfo-8.2.28-150600.3.16.1
* php8-mysql-8.2.28-150600.3.16.1
* php8-sysvsem-debuginfo-8.2.28-150600.3.16.1
* php8-fileinfo-debuginfo-8.2.28-150600.3.16.1
* php8-odbc-debuginfo-8.2.28-150600.3.16.1
* php8-debugsource-8.2.28-150600.3.16.1
* php8-posix-8.2.28-150600.3.16.1
* php8-fpm-debugsource-8.2.28-150600.3.16.1
* php8-phar-debuginfo-8.2.28-150600.3.16.1
* php8-gd-8.2.28-150600.3.16.1
* php8-zip-8.2.28-150600.3.16.1
* php8-curl-debuginfo-8.2.28-150600.3.16.1
* php8-cli-8.2.28-150600.3.16.1
* php8-shmop-8.2.28-150600.3.16.1
* php8-tokenizer-8.2.28-150600.3.16.1
* php8-openssl-debuginfo-8.2.28-150600.3.16.1
* php8-pdo-8.2.28-150600.3.16.1
* php8-devel-8.2.28-150600.3.16.1
* php8-pcntl-8.2.28-150600.3.16.1
* php8-sysvshm-8.2.28-150600.3.16.1
* php8-sqlite-debuginfo-8.2.28-150600.3.16.1
* php8-sqlite-8.2.28-150600.3.16.1
* php8-fpm-8.2.28-150600.3.16.1
* php8-opcache-debuginfo-8.2.28-150600.3.16.1
* php8-ldap-8.2.28-150600.3.16.1
* php8-iconv-8.2.28-150600.3.16.1
* php8-tidy-debuginfo-8.2.28-150600.3.16.1
* php8-curl-8.2.28-150600.3.16.1
* apache2-mod_php8-debuginfo-8.2.28-150600.3.16.1
* php8-xsl-8.2.28-150600.3.16.1
* php8-cli-debuginfo-8.2.28-150600.3.16.1
* php8-phar-8.2.28-150600.3.16.1
* php8-dom-debuginfo-8.2.28-150600.3.16.1
* php8-debuginfo-8.2.28-150600.3.16.1
* php8-fileinfo-8.2.28-150600.3.16.1
* php8-intl-8.2.28-150600.3.16.1
* php8-embed-debuginfo-8.2.28-150600.3.16.1
* php8-gettext-debuginfo-8.2.28-150600.3.16.1
* php8-mysql-debuginfo-8.2.28-150600.3.16.1
* php8-test-8.2.28-150600.3.16.1
* php8-iconv-debuginfo-8.2.28-150600.3.16.1
* php8-gmp-debuginfo-8.2.28-150600.3.16.1
* php8-fastcgi-8.2.28-150600.3.16.1
* php8-dom-8.2.28-150600.3.16.1
* php8-sysvmsg-debuginfo-8.2.28-150600.3.16.1
* php8-ctype-debuginfo-8.2.28-150600.3.16.1
* php8-sysvshm-debuginfo-8.2.28-150600.3.16.1
* php8-sysvsem-8.2.28-150600.3.16.1
* php8-calendar-8.2.28-150600.3.16.1
* php8-posix-debuginfo-8.2.28-150600.3.16.1
* php8-pgsql-debuginfo-8.2.28-150600.3.16.1
* php8-sysvmsg-8.2.28-150600.3.16.1
* php8-zlib-8.2.28-150600.3.16.1
* php8-mbstring-8.2.28-150600.3.16.1
* php8-openssl-8.2.28-150600.3.16.1
* php8-sockets-8.2.28-150600.3.16.1
* php8-sockets-debuginfo-8.2.28-150600.3.16.1
* php8-bcmath-debuginfo-8.2.28-150600.3.16.1
* apache2-mod_php8-debugsource-8.2.28-150600.3.16.1
* php8-pcntl-debuginfo-8.2.28-150600.3.16.1
* php8-enchant-8.2.28-150600.3.16.1
* php8-enchant-debuginfo-8.2.28-150600.3.16.1
* php8-odbc-8.2.28-150600.3.16.1
* php8-xmlwriter-debuginfo-8.2.28-150600.3.16.1
* php8-fpm-debuginfo-8.2.28-150600.3.16.1
* php8-snmp-8.2.28-150600.3.16.1
* php8-soap-8.2.28-150600.3.16.1
* php8-dba-debuginfo-8.2.28-150600.3.16.1
* php8-zip-debuginfo-8.2.28-150600.3.16.1
* php8-exif-8.2.28-150600.3.16.1
* php8-gettext-8.2.28-150600.3.16.1
* php8-xsl-debuginfo-8.2.28-150600.3.16.1
* php8-xmlwriter-8.2.28-150600.3.16.1
* php8-xmlreader-debuginfo-8.2.28-150600.3.16.1
* php8-soap-debuginfo-8.2.28-150600.3.16.1
* php8-mbstring-debuginfo-8.2.28-150600.3.16.1
* php8-8.2.28-150600.3.16.1
* php8-pgsql-8.2.28-150600.3.16.1
* php8-sodium-8.2.28-150600.3.16.1
* php8-opcache-8.2.28-150600.3.16.1
* php8-dba-8.2.28-150600.3.16.1
* php8-gd-debuginfo-8.2.28-150600.3.16.1
* php8-exif-debuginfo-8.2.28-150600.3.16.1
* php8-gmp-8.2.28-150600.3.16.1
* php8-pdo-debuginfo-8.2.28-150600.3.16.1
* php8-ftp-debuginfo-8.2.28-150600.3.16.1
* php8-intl-debuginfo-8.2.28-150600.3.16.1

## References:

* https://www.suse.com/security/cve/CVE-2024-11235.html
* https://www.suse.com/security/cve/CVE-2025-1217.html
* https://www.suse.com/security/cve/CVE-2025-1219.html
* https://www.suse.com/security/cve/CVE-2025-1734.html
* https://www.suse.com/security/cve/CVE-2025-1736.html
* https://www.suse.com/security/cve/CVE-2025-1861.html
* https://bugzilla.suse.com/show_bug.cgi?id=1239664
* https://bugzilla.suse.com/show_bug.cgi?id=1239666
* https://bugzilla.suse.com/show_bug.cgi?id=1239667
* https://bugzilla.suse.com/show_bug.cgi?id=1239668
* https://bugzilla.suse.com/show_bug.cgi?id=1239669
* https://bugzilla.suse.com/show_bug.cgi?id=1239670



SUSE-SU-2025:1005-1: important: Security update for google-guest-agent


# Security update for google-guest-agent

Announcement ID: SUSE-SU-2025:1005-1
Release Date: 2025-03-25T08:43:38Z
Rating: important
References:

* bsc#1239197

Cross-References:

* CVE-2025-22868

CVSS scores:

* CVE-2025-22868 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* Public Cloud Module 15-SP3
* Public Cloud Module 15-SP4
* Public Cloud Module 15-SP5
* Public Cloud Module 15-SP6
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.2
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for google-guest-agent fixes the following issues:

* CVE-2025-22868: golang.org/x/oauth2/jws: Fixed unexpected memory consumption
during token parsing (bsc#1239197)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Public Cloud Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2025-1005=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1005=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-1005=1

* Public Cloud Module 15-SP3
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2025-1005=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2025-1005=1

* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2025-1005=1

## Package List:

* Public Cloud Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* google-guest-agent-20250116.00-150000.1.57.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* google-guest-agent-20250116.00-150000.1.57.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* google-guest-agent-20250116.00-150000.1.57.1
* Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64)
* google-guest-agent-20250116.00-150000.1.57.1
* Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* google-guest-agent-20250116.00-150000.1.57.1
* Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* google-guest-agent-20250116.00-150000.1.57.1

## References:

* https://www.suse.com/security/cve/CVE-2025-22868.html
* https://bugzilla.suse.com/show_bug.cgi?id=1239197



SUSE-SU-2025:1007-1: moderate: Security update for helm


# Security update for helm

Announcement ID: SUSE-SU-2025:1007-1
Release Date: 2025-03-25T08:44:57Z
Rating: moderate
References:

* bsc#1238688

Cross-References:

* CVE-2025-22870

CVSS scores:

* CVE-2025-22870 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-22870 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-22870 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Affected Products:

* Containers Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for helm fixes the following issues:

* CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238688).

Other fixes: \- Updated to version 3.17.2 \- Updated to 0.37.0 for x/net

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-1007=1

* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-1007=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1007=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1007=1

## Package List:

* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* helm-debuginfo-3.17.2-150000.1.44.1
* helm-3.17.2-150000.1.44.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* helm-bash-completion-3.17.2-150000.1.44.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* helm-debuginfo-3.17.2-150000.1.44.1
* helm-3.17.2-150000.1.44.1
* Containers Module 15-SP6 (noarch)
* helm-bash-completion-3.17.2-150000.1.44.1
* helm-zsh-completion-3.17.2-150000.1.44.1
* SUSE Package Hub 15 15-SP6 (noarch)
* helm-fish-completion-3.17.2-150000.1.44.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* helm-debuginfo-3.17.2-150000.1.44.1
* helm-3.17.2-150000.1.44.1
* openSUSE Leap 15.6 (noarch)
* helm-bash-completion-3.17.2-150000.1.44.1
* helm-zsh-completion-3.17.2-150000.1.44.1
* helm-fish-completion-3.17.2-150000.1.44.1

## References:

* https://www.suse.com/security/cve/CVE-2025-22870.html
* https://bugzilla.suse.com/show_bug.cgi?id=1238688



SUSE-SU-2025:1006-1: important: Security update for google-osconfig-agent


# Security update for google-osconfig-agent

Announcement ID: SUSE-SU-2025:1006-1
Release Date: 2025-03-25T08:44:14Z
Rating: important
References:

* bsc#1239197

Cross-References:

* CVE-2025-22868

CVSS scores:

* CVE-2025-22868 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* Public Cloud Module 15-SP3
* Public Cloud Module 15-SP4
* Public Cloud Module 15-SP5
* Public Cloud Module 15-SP6
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.2
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for google-osconfig-agent fixes the following issues:

* CVE-2025-22868: golang.org/x/oauth2/jws: Fixed unexpected memory consumption
during token parsing (bsc#1239197)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1006=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-1006=1

* Public Cloud Module 15-SP3
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2025-1006=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2025-1006=1

* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2025-1006=1

* Public Cloud Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2025-1006=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* google-osconfig-agent-20250115.01-150000.1.47.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* google-osconfig-agent-20250115.01-150000.1.47.1
* Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64)
* google-osconfig-agent-20250115.01-150000.1.47.1
* Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* google-osconfig-agent-20250115.01-150000.1.47.1
* Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* google-osconfig-agent-20250115.01-150000.1.47.1
* Public Cloud Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* google-osconfig-agent-20250115.01-150000.1.47.1

## References:

* https://www.suse.com/security/cve/CVE-2025-22868.html
* https://bugzilla.suse.com/show_bug.cgi?id=1239197



SUSE-SU-2025:1008-1: important: Security update for python-gunicorn


# Security update for python-gunicorn

Announcement ID: SUSE-SU-2025:1008-1
Release Date: 2025-03-25T11:09:27Z
Rating: important
References:

* bsc#1239830

Cross-References:

* CVE-2024-6827

CVSS scores:

* CVE-2024-6827 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-6827 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-6827 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6
* Python 3 Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for python-gunicorn fixes the following issues:

* CVE-2024-6827: Fixed improper validation of the 'Transfer-Encoding' header
value can allow for HTTP request smuggling attacks (bsc#1239830)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1008=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1008=1

* Python 3 Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-1008=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1008=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1008=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1008=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1008=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1008=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1008=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1008=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1008=1

## Package List:

* openSUSE Leap 15.4 (noarch)
* python311-gunicorn-20.1.0-150400.12.9.1
* openSUSE Leap 15.6 (noarch)
* python311-gunicorn-20.1.0-150400.12.9.1
* Python 3 Module 15-SP6 (noarch)
* python311-gunicorn-20.1.0-150400.12.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* python311-gunicorn-20.1.0-150400.12.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* python311-gunicorn-20.1.0-150400.12.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* python311-gunicorn-20.1.0-150400.12.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* python311-gunicorn-20.1.0-150400.12.9.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* python311-gunicorn-20.1.0-150400.12.9.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* python311-gunicorn-20.1.0-150400.12.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* python311-gunicorn-20.1.0-150400.12.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* python311-gunicorn-20.1.0-150400.12.9.1

## References:

* https://www.suse.com/security/cve/CVE-2024-6827.html
* https://bugzilla.suse.com/show_bug.cgi?id=1239830



SUSE-SU-2025:1011-1: important: Security update for grafana


# Security update for grafana

Announcement ID: SUSE-SU-2025:1011-1
Release Date: 2025-03-25T11:44:37Z
Rating: important
References:

* bsc#1237671
* jsc#MSQA-935

Cross-References:

* CVE-2025-27144

CVSS scores:

* CVE-2025-27144 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-27144 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-27144 ( NVD ): 6.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves one vulnerability and contains one feature can now be
installed.

## Description:

This update for grafana fixes the following issues:

* CVE-2025-27144: Fixed Go JOSE's Parsing Vulnerability (bsc#1237671)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1011=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1011=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* grafana-10.4.15-150200.3.69.1
* grafana-debuginfo-10.4.15-150200.3.69.1
* openSUSE Leap 15.6 (aarch64)
* grafana-debuginfo-10.4.15-150200.3.67.1
* grafana-10.4.15-150200.3.67.1
* SUSE Package Hub 15 15-SP6 (aarch64)
* grafana-debuginfo-10.4.15-150200.3.67.1
* grafana-10.4.15-150200.3.67.1
* SUSE Package Hub 15 15-SP6 (ppc64le s390x x86_64)
* grafana-10.4.15-150200.3.69.1
* grafana-debuginfo-10.4.15-150200.3.69.1

## References:

* https://www.suse.com/security/cve/CVE-2025-27144.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237671
* https://jira.suse.com/browse/MSQA-935



SUSE-SU-2025:1003-1: important: Security update for libxslt


# Security update for libxslt

Announcement ID: SUSE-SU-2025:1003-1
Release Date: 2025-03-25T08:42:21Z
Rating: important
References:

* bsc#1238591
* bsc#1239625
* bsc#1239637

Cross-References:

* CVE-2023-40403
* CVE-2024-55549
* CVE-2025-24855

CVSS scores:

* CVE-2023-40403 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2023-40403 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2024-55549 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
* CVE-2024-55549 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
* CVE-2025-24855 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
* CVE-2025-24855 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for libxslt fixes the following issues:

* CVE-2023-40403: Fixed sensitive information disclosure during processing web
content (bsc#1238591)
* CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637)
* CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1003=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1003=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1003=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1003=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-1003=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-1003=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1003=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1003=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libxslt-python-1.1.32-150000.3.17.1
* libxslt-python-debugsource-1.1.32-150000.3.17.1
* libxslt-python-debuginfo-1.1.32-150000.3.17.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* libxslt-debugsource-1.1.32-150000.3.17.1
* libxslt-tools-debuginfo-1.1.32-150000.3.17.1
* libxslt1-1.1.32-150000.3.17.1
* libxslt1-debuginfo-1.1.32-150000.3.17.1
* libxslt-tools-1.1.32-150000.3.17.1
* libxslt-devel-1.1.32-150000.3.17.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* libxslt-debugsource-1.1.32-150000.3.17.1
* libxslt-tools-debuginfo-1.1.32-150000.3.17.1
* libxslt1-1.1.32-150000.3.17.1
* libxslt1-debuginfo-1.1.32-150000.3.17.1
* libxslt-tools-1.1.32-150000.3.17.1
* libxslt-devel-1.1.32-150000.3.17.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* libxslt-debugsource-1.1.32-150000.3.17.1
* libxslt-tools-debuginfo-1.1.32-150000.3.17.1
* libxslt1-1.1.32-150000.3.17.1
* libxslt1-debuginfo-1.1.32-150000.3.17.1
* libxslt-tools-1.1.32-150000.3.17.1
* libxslt-devel-1.1.32-150000.3.17.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* libxslt-debugsource-1.1.32-150000.3.17.1
* libxslt-tools-debuginfo-1.1.32-150000.3.17.1
* libxslt1-1.1.32-150000.3.17.1
* libxslt1-debuginfo-1.1.32-150000.3.17.1
* libxslt-tools-1.1.32-150000.3.17.1
* libxslt-devel-1.1.32-150000.3.17.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* libxslt1-debuginfo-1.1.32-150000.3.17.1
* libxslt-debugsource-1.1.32-150000.3.17.1
* libxslt1-1.1.32-150000.3.17.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* libxslt1-debuginfo-1.1.32-150000.3.17.1
* libxslt-debugsource-1.1.32-150000.3.17.1
* libxslt1-1.1.32-150000.3.17.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* libxslt1-debuginfo-1.1.32-150000.3.17.1
* libxslt-debugsource-1.1.32-150000.3.17.1
* libxslt1-1.1.32-150000.3.17.1

## References:

* https://www.suse.com/security/cve/CVE-2023-40403.html
* https://www.suse.com/security/cve/CVE-2024-55549.html
* https://www.suse.com/security/cve/CVE-2025-24855.html
* https://bugzilla.suse.com/show_bug.cgi?id=1238591
* https://bugzilla.suse.com/show_bug.cgi?id=1239625
* https://bugzilla.suse.com/show_bug.cgi?id=1239637


OpenShift, LibreOffice, Podman, and more updates for RHEL

Rack, FreeRDP, and Varnish updates for Ubuntu

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...