SUSE-SU-2025:0392-1: moderate: Security update for go1.22
SUSE-SU-2025:0393-1: moderate: Security update for go1.23
SUSE-SU-2025:0404-1: moderate: Security update for rsync
SUSE-SU-2025:0401-1: moderate: Security update for crypto-policies, krb5
openSUSE-SU-2025:14760-1: moderate: python313-3.13.2-1.1 on GA media
openSUSE-SU-2025:14758-1: moderate: python310-3.10.16-2.1 on GA media
openSUSE-SU-2025:14755-1: moderate: java-21-openj9-21.0.6.0-1.1 on GA media
openSUSE-SU-2025:14753-1: moderate: fq-0.14.0-1.1 on GA media
openSUSE-SU-2025:14752-1: moderate: rime-schema-all-20230603+git.5fdd2d6-5.1 on GA media
openSUSE-SU-2025:14761-1: moderate: python314-3.14.0~a4-1.1 on GA media
openSUSE-SU-2025:14759-1: moderate: python312-3.12.9-1.1 on GA media
openSUSE-SU-2025:14756-1: moderate: libtasn1-6-32bit-4.20.0-1.1 on GA media
SUSE-SU-2025:0405-1: important: Security update for MozillaThunderbird
SUSE-SU-2025:0406-1: moderate: Security update for python310
SUSE-SU-2025:0407-1: important: Security update for ovmf
SUSE-SU-2025:0392-1: moderate: Security update for go1.22
# Security update for go1.22
Announcement ID: SUSE-SU-2025:0392-1
Release Date: 2025-02-10T07:34:22Z
Rating: moderate
References:
* bsc#1218424
* bsc#1236801
Cross-References:
* CVE-2025-22866
CVSS scores:
* CVE-2025-22866 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-22866 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* Development Tools Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability and has one security fix can now be
installed.
## Description:
This update for go1.22 fixes the following issues:
* CVE-2025-22866: Fixed timing sidechannel for P-256 on ppc64le (bsc#1236801).
Bug fixes:
* go1.22 release tracking (bsc#1218424)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-392=1
* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-392=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.22-1.22.12-150000.1.42.1
* go1.22-race-1.22.12-150000.1.42.1
* go1.22-doc-1.22.12-150000.1.42.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* go1.22-1.22.12-150000.1.42.1
* go1.22-race-1.22.12-150000.1.42.1
* go1.22-doc-1.22.12-150000.1.42.1
## References:
* https://www.suse.com/security/cve/CVE-2025-22866.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218424
* https://bugzilla.suse.com/show_bug.cgi?id=1236801
SUSE-SU-2025:0393-1: moderate: Security update for go1.23
# Security update for go1.23
Announcement ID: SUSE-SU-2025:0393-1
Release Date: 2025-02-10T07:34:35Z
Rating: moderate
References:
* bsc#1229122
* bsc#1236801
Cross-References:
* CVE-2025-22866
CVSS scores:
* CVE-2025-22866 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-22866 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* Development Tools Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability and has one security fix can now be
installed.
## Description:
This update for go1.23 fixes the following issues:
* CVE-2025-22866: Fixed timing sidechannel for P-256 on ppc64le (bsc#1236801).
Bug fixes:
* go1.23 release tracking (bsc#1229122)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-393=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-393=1
## Package List:
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* go1.23-doc-1.23.6-150000.1.21.1
* go1.23-1.23.6-150000.1.21.1
* go1.23-race-1.23.6-150000.1.21.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.23-doc-1.23.6-150000.1.21.1
* go1.23-1.23.6-150000.1.21.1
* go1.23-race-1.23.6-150000.1.21.1
## References:
* https://www.suse.com/security/cve/CVE-2025-22866.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229122
* https://bugzilla.suse.com/show_bug.cgi?id=1236801
SUSE-SU-2025:0404-1: moderate: Security update for rsync
# Security update for rsync
Announcement ID: SUSE-SU-2025:0404-1
Release Date: 2025-02-10T11:49:54Z
Rating: moderate
References:
* bsc#1233760
Affected Products:
* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that has one security fix can now be installed.
## Description:
This update for rsync fixes the following issues:
* Bump rsync protocol version to 32 to show server is patched against recent
vulnerabilities.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-404=1 openSUSE-SLE-15.6-2025-404=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-404=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* rsync-debuginfo-3.2.7-150600.3.11.1
* rsync-3.2.7-150600.3.11.1
* rsync-debugsource-3.2.7-150600.3.11.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* rsync-debuginfo-3.2.7-150600.3.11.1
* rsync-3.2.7-150600.3.11.1
* rsync-debugsource-3.2.7-150600.3.11.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1233760
SUSE-SU-2025:0401-1: moderate: Security update for crypto-policies, krb5
# Security update for crypto-policies, krb5
Announcement ID: SUSE-SU-2025:0401-1
Release Date: 2025-02-10T09:38:40Z
Rating: moderate
References:
* bsc#1236619
* jsc#PED-12018
Cross-References:
* CVE-2025-24528
CVSS scores:
* CVE-2025-24528 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-24528 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability and contains one feature can now be
installed.
## Description:
This update for crypto-policies and krb5 fixes the following issues:
Security issue fixed:
* CVE-2025-24528: Fixed out-of-bounds write caused by overflow when
calculating ulog block size can lead to process crash (bsc#1236619).
Feature addition:
* Add crypto-policies support; (jsc#PED-12018)
* The default krb5.conf has been updated to include config snippets in the
krb5.conf.d directory, where crypto-policies drops its.
* Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018);
* This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and
AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these
encryption types are allowed or not in FIPS mode is enforced now by the
FIPS:AD-SUPPORT subpolicy.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-401=1 openSUSE-SLE-15.6-2025-401=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-401=1
* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-401=1
## Package List:
* openSUSE Leap 15.6 (noarch)
* crypto-policies-20230920.570ea89-150600.3.3.1
* crypto-policies-scripts-20230920.570ea89-150600.3.3.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* krb5-debugsource-1.20.1-150600.11.8.1
* krb5-plugin-preauth-pkinit-1.20.1-150600.11.8.1
* krb5-plugin-preauth-spake-1.20.1-150600.11.8.1
* krb5-server-debuginfo-1.20.1-150600.11.8.1
* krb5-mini-debuginfo-1.20.1-150600.11.8.1
* krb5-plugin-kdb-ldap-debuginfo-1.20.1-150600.11.8.1
* krb5-mini-1.20.1-150600.11.8.1
* krb5-mini-devel-1.20.1-150600.11.8.1
* krb5-devel-1.20.1-150600.11.8.1
* krb5-client-debuginfo-1.20.1-150600.11.8.1
* krb5-debuginfo-1.20.1-150600.11.8.1
* krb5-plugin-kdb-ldap-1.20.1-150600.11.8.1
* krb5-plugin-preauth-otp-1.20.1-150600.11.8.1
* krb5-client-1.20.1-150600.11.8.1
* krb5-plugin-preauth-spake-debuginfo-1.20.1-150600.11.8.1
* krb5-mini-debugsource-1.20.1-150600.11.8.1
* krb5-plugin-preauth-otp-debuginfo-1.20.1-150600.11.8.1
* krb5-1.20.1-150600.11.8.1
* krb5-server-1.20.1-150600.11.8.1
* krb5-plugin-preauth-pkinit-debuginfo-1.20.1-150600.11.8.1
* openSUSE Leap 15.6 (x86_64)
* krb5-32bit-1.20.1-150600.11.8.1
* krb5-devel-32bit-1.20.1-150600.11.8.1
* krb5-32bit-debuginfo-1.20.1-150600.11.8.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* krb5-devel-64bit-1.20.1-150600.11.8.1
* krb5-64bit-1.20.1-150600.11.8.1
* krb5-64bit-debuginfo-1.20.1-150600.11.8.1
* Basesystem Module 15-SP6 (noarch)
* crypto-policies-20230920.570ea89-150600.3.3.1
* crypto-policies-scripts-20230920.570ea89-150600.3.3.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* krb5-debugsource-1.20.1-150600.11.8.1
* krb5-plugin-preauth-pkinit-1.20.1-150600.11.8.1
* krb5-devel-1.20.1-150600.11.8.1
* krb5-plugin-preauth-otp-1.20.1-150600.11.8.1
* krb5-debuginfo-1.20.1-150600.11.8.1
* krb5-client-debuginfo-1.20.1-150600.11.8.1
* krb5-client-1.20.1-150600.11.8.1
* krb5-plugin-preauth-otp-debuginfo-1.20.1-150600.11.8.1
* krb5-1.20.1-150600.11.8.1
* krb5-plugin-preauth-pkinit-debuginfo-1.20.1-150600.11.8.1
* Basesystem Module 15-SP6 (x86_64)
* krb5-32bit-1.20.1-150600.11.8.1
* krb5-32bit-debuginfo-1.20.1-150600.11.8.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* krb5-debugsource-1.20.1-150600.11.8.1
* krb5-plugin-kdb-ldap-debuginfo-1.20.1-150600.11.8.1
* krb5-plugin-kdb-ldap-1.20.1-150600.11.8.1
* krb5-debuginfo-1.20.1-150600.11.8.1
* krb5-server-1.20.1-150600.11.8.1
* krb5-server-debuginfo-1.20.1-150600.11.8.1
## References:
* https://www.suse.com/security/cve/CVE-2025-24528.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236619
* https://jira.suse.com/browse/PED-12018
openSUSE-SU-2025:14760-1: moderate: python313-3.13.2-1.1 on GA media
# python313-3.13.2-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14760-1
Rating: moderate
Cross-References:
* CVE-2025-0938
CVSS scores:
* CVE-2025-0938 ( SUSE ): 4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
* CVE-2025-0938 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the python313-3.13.2-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* python313 3.13.2-1.1
* python313-32bit 3.13.2-1.1
* python313-curses 3.13.2-1.1
* python313-dbm 3.13.2-1.1
* python313-idle 3.13.2-1.1
* python313-tk 3.13.2-1.1
* python313-x86-64-v3 3.13.2-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-0938.html
openSUSE-SU-2025:14758-1: moderate: python310-3.10.16-2.1 on GA media
# python310-3.10.16-2.1 on GA media
Announcement ID: openSUSE-SU-2025:14758-1
Rating: moderate
Cross-References:
* CVE-2025-0938
CVSS scores:
* CVE-2025-0938 ( SUSE ): 4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
* CVE-2025-0938 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the python310-3.10.16-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* python310 3.10.16-2.1
* python310-32bit 3.10.16-2.1
* python310-curses 3.10.16-2.1
* python310-dbm 3.10.16-2.1
* python310-idle 3.10.16-2.1
* python310-tk 3.10.16-2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-0938.html
openSUSE-SU-2025:14755-1: moderate: java-21-openj9-21.0.6.0-1.1 on GA media
# java-21-openj9-21.0.6.0-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14755-1
Rating: moderate
Cross-References:
* CVE-2024-21208
* CVE-2024-21217
* CVE-2025-21502
CVSS scores:
* CVE-2024-21208 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-21208 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-21217 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-21217 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-21502 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-21502 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 3 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the java-21-openj9-21.0.6.0-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* java-21-openj9 21.0.6.0-1.1
* java-21-openj9-demo 21.0.6.0-1.1
* java-21-openj9-devel 21.0.6.0-1.1
* java-21-openj9-headless 21.0.6.0-1.1
* java-21-openj9-javadoc 21.0.6.0-1.1
* java-21-openj9-jmods 21.0.6.0-1.1
* java-21-openj9-src 21.0.6.0-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-21208.html
* https://www.suse.com/security/cve/CVE-2024-21217.html
* https://www.suse.com/security/cve/CVE-2025-21502.html
openSUSE-SU-2025:14753-1: moderate: fq-0.14.0-1.1 on GA media
# fq-0.14.0-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14753-1
Rating: moderate
Cross-References:
* CVE-2024-44337
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the fq-0.14.0-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* fq 0.14.0-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-44337.html
openSUSE-SU-2025:14752-1: moderate: rime-schema-all-20230603+git.5fdd2d6-5.1 on GA media
# rime-schema-all-20230603+git.5fdd2d6-5.1 on GA media
Announcement ID: openSUSE-SU-2025:14752-1
Rating: moderate
Cross-References:
* CVE-2025-21613
CVSS scores:
* CVE-2025-21613 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the rime-schema-all-20230603+git.5fdd2d6-5.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* rime-schema-all 20230603+git.5fdd2d6-5.1
* rime-schema-array 20230603+git.5fdd2d6-5.1
* rime-schema-bopomofo 20230603+git.5fdd2d6-5.1
* rime-schema-cangjie 20230603+git.5fdd2d6-5.1
* rime-schema-cantonese 20230603+git.5fdd2d6-5.1
* rime-schema-combo-pinyin 20230603+git.5fdd2d6-5.1
* rime-schema-custom 20230603+git.5fdd2d6-5.1
* rime-schema-default 20230603+git.5fdd2d6-5.1
* rime-schema-double-pinyin 20230603+git.5fdd2d6-5.1
* rime-schema-emoji 20230603+git.5fdd2d6-5.1
* rime-schema-essay 20230603+git.5fdd2d6-5.1
* rime-schema-essay-simp 20230603+git.5fdd2d6-5.1
* rime-schema-extra 20230603+git.5fdd2d6-5.1
* rime-schema-ipa 20230603+git.5fdd2d6-5.1
* rime-schema-luna-pinyin 20230603+git.5fdd2d6-5.1
* rime-schema-middle-chinese 20230603+git.5fdd2d6-5.1
* rime-schema-pinyin-simp 20230603+git.5fdd2d6-5.1
* rime-schema-prelude 20230603+git.5fdd2d6-5.1
* rime-schema-quick 20230603+git.5fdd2d6-5.1
* rime-schema-scj 20230603+git.5fdd2d6-5.1
* rime-schema-soutzoe 20230603+git.5fdd2d6-5.1
* rime-schema-stenotype 20230603+git.5fdd2d6-5.1
* rime-schema-stroke 20230603+git.5fdd2d6-5.1
* rime-schema-terra-pinyin 20230603+git.5fdd2d6-5.1
* rime-schema-wubi 20230603+git.5fdd2d6-5.1
* rime-schema-wugniu 20230603+git.5fdd2d6-5.1
## References:
* https://www.suse.com/security/cve/CVE-2025-21613.html
openSUSE-SU-2025:14761-1: moderate: python314-3.14.0~a4-1.1 on GA media
# python314-3.14.0~a4-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14761-1
Rating: moderate
Cross-References:
* CVE-2025-0938
CVSS scores:
* CVE-2025-0938 ( SUSE ): 4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
* CVE-2025-0938 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the python314-3.14.0~a4-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* python314 3.14.0~a4-1.1
* python314-curses 3.14.0~a4-1.1
* python314-dbm 3.14.0~a4-1.1
* python314-idle 3.14.0~a4-1.1
* python314-tk 3.14.0~a4-1.1
* python314-x86-64-v3 3.14.0~a4-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-0938.html
openSUSE-SU-2025:14759-1: moderate: python312-3.12.9-1.1 on GA media
# python312-3.12.9-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14759-1
Rating: moderate
Cross-References:
* CVE-2025-0938
CVSS scores:
* CVE-2025-0938 ( SUSE ): 4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
* CVE-2025-0938 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the python312-3.12.9-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* python312 3.12.9-1.1
* python312-32bit 3.12.9-1.1
* python312-curses 3.12.9-1.1
* python312-dbm 3.12.9-1.1
* python312-idle 3.12.9-1.1
* python312-tk 3.12.9-1.1
* python312-x86-64-v3 3.12.9-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-0938.html
openSUSE-SU-2025:14756-1: moderate: libtasn1-6-32bit-4.20.0-1.1 on GA media
# libtasn1-6-32bit-4.20.0-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14756-1
Rating: moderate
Cross-References:
* CVE-2024-12133
CVSS scores:
* CVE-2024-12133 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-12133 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the libtasn1-6-32bit-4.20.0-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* libtasn1-6 4.20.0-1.1
* libtasn1-6-32bit 4.20.0-1.1
* libtasn1-devel 4.20.0-1.1
* libtasn1-devel-32bit 4.20.0-1.1
* libtasn1-tools 4.20.0-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-12133.html
SUSE-SU-2025:0405-1: important: Security update for MozillaThunderbird
# Security update for MozillaThunderbird
Announcement ID: SUSE-SU-2025:0405-1
Release Date: 2025-02-10T13:54:56Z
Rating: important
References:
* bsc#1236411
* bsc#1236539
Cross-References:
* CVE-2024-11704
* CVE-2025-0510
* CVE-2025-1009
* CVE-2025-1010
* CVE-2025-1011
* CVE-2025-1012
* CVE-2025-1013
* CVE-2025-1014
* CVE-2025-1015
* CVE-2025-1016
* CVE-2025-1017
CVSS scores:
* CVE-2024-11704 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-0510 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2025-0510 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2025-0510 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2025-1009 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2025-1009 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-1009 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-1010 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2025-1010 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-1010 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1011 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1011 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-1011 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1012 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1012 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1012 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-1013 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2025-1013 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-1014 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-1014 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1014 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1015 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1015 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2025-1015 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2025-1016 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1016 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-1016 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-1017 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1017 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-1017 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Workstation Extension 15 SP6
* SUSE Package Hub 15 15-SP6
An update that solves 11 vulnerabilities can now be installed.
## Description:
This update for MozillaThunderbird fixes the following issues:
Update to Mozilla Thunderbird 128.7 (MFSA 2025-10, bsc#1236539).
Security fixes:
* CVE-2025-1009: use-after-free in XSLT.
* CVE-2025-1010: use-after-free in Custom Highlight.
* CVE-2025-1011: a bug in WebAssembly code generation could result in a crash.
* CVE-2025-1012: use-after-free during concurrent delazification.
* CVE-2024-11704: potential double-free vulnerability in PKCS#7 decryption
handling.
* CVE-2025-1013: potential opening of private browsing tabs in normal browsing
windows.
* CVE-2025-1014: certificate length was not properly checked.
* CVE-2025-1015: unsanitized address book fields.
* CVE-2025-0510: address of e-mail sender can be spoofed by malicious email.
* CVE-2025-1016: memory safety bugs.
* CVE-2025-1017: memory safety bugs.
Other fixes:
* fixed: images inside links could zoom when clicked instead of opening the
link.
* fixed: compacting an empty folder failed with write error.
* fixed: compacting of IMAP folder with corrupted local storage failed with
write error.
* fixed: after restart, all restored tabs with opened PDFs showed the same
attachment.
* fixed: exceptions during CalDAV item processing would halt subsequent item
handling.
* fixed: context menu was unable to move email address to a different field.
* fixed: link at about:rights pointed to Firefox privacy policy instead of
Thunderbird's.
* fixed: POP3 'fetch headers only' and 'get selected messages' could delete
messages.
* fixed: 'Search Online' checkbox in saved search properties was incorrectly
disabled.
* fixed: POP3 status message showed incorrect download count when messages
were deleted.
* fixed: space bar did not always advance to the next unread message.
* fixed: folder creation or renaming failed due to incorrect preference
settings.
* fixed: forwarding/editing S/MIME drafts/templates unusable due to regression
(bsc#1236411).
* fixed: sort order in 'Search Messages' panel reset after search or on first
launch.
* fixed: reply window added an unnecessary third blank line at the top.
* fixed: Thunderbird spell check box did not allow ENTER to accept suggested
changes.
* fixed: long email subject lines could overlap window control buttons on
macOS.
* fixed: flathub manifest link was not correct.
* fixed: 'Prefer client-side email scheduling' needed to be selected twice.
* fixed: duplicate invitations were sent if CALDAV calendar email case did not
match.
* fixed: visual and UX improvements.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-405=1
* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-405=1
* SUSE Linux Enterprise Workstation Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-405=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* MozillaThunderbird-128.7.0-150200.8.200.1
* MozillaThunderbird-debuginfo-128.7.0-150200.8.200.1
* MozillaThunderbird-translations-common-128.7.0-150200.8.200.1
* MozillaThunderbird-debugsource-128.7.0-150200.8.200.1
* MozillaThunderbird-translations-other-128.7.0-150200.8.200.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x)
* MozillaThunderbird-128.7.0-150200.8.200.1
* MozillaThunderbird-debuginfo-128.7.0-150200.8.200.1
* MozillaThunderbird-translations-common-128.7.0-150200.8.200.1
* MozillaThunderbird-debugsource-128.7.0-150200.8.200.1
* MozillaThunderbird-translations-other-128.7.0-150200.8.200.1
* SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
* MozillaThunderbird-128.7.0-150200.8.200.1
* MozillaThunderbird-debuginfo-128.7.0-150200.8.200.1
* MozillaThunderbird-translations-common-128.7.0-150200.8.200.1
* MozillaThunderbird-debugsource-128.7.0-150200.8.200.1
* MozillaThunderbird-translations-other-128.7.0-150200.8.200.1
## References:
* https://www.suse.com/security/cve/CVE-2024-11704.html
* https://www.suse.com/security/cve/CVE-2025-0510.html
* https://www.suse.com/security/cve/CVE-2025-1009.html
* https://www.suse.com/security/cve/CVE-2025-1010.html
* https://www.suse.com/security/cve/CVE-2025-1011.html
* https://www.suse.com/security/cve/CVE-2025-1012.html
* https://www.suse.com/security/cve/CVE-2025-1013.html
* https://www.suse.com/security/cve/CVE-2025-1014.html
* https://www.suse.com/security/cve/CVE-2025-1015.html
* https://www.suse.com/security/cve/CVE-2025-1016.html
* https://www.suse.com/security/cve/CVE-2025-1017.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236411
* https://bugzilla.suse.com/show_bug.cgi?id=1236539
SUSE-SU-2025:0406-1: moderate: Security update for python310
# Security update for python310
Announcement ID: SUSE-SU-2025:0406-1
Release Date: 2025-02-10T13:55:52Z
Rating: moderate
References:
* bsc#1236705
Cross-References:
* CVE-2025-0938
CVSS scores:
* CVE-2025-0938 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
* CVE-2025-0938 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
* CVE-2025-0938 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.6
An update that solves one vulnerability can now be installed.
## Description:
This update for python310 fixes the following issues:
* CVE-2025-0938: domain names containing square brackets are not identified as
incorrect by urlparse. (bsc#1236705)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-406=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-406=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python310-tk-debuginfo-3.10.16-150400.4.69.1
* python310-devel-3.10.16-150400.4.69.1
* libpython3_10-1_0-3.10.16-150400.4.69.1
* python310-core-debugsource-3.10.16-150400.4.69.1
* python310-doc-3.10.16-150400.4.69.1
* python310-debuginfo-3.10.16-150400.4.69.1
* python310-base-debuginfo-3.10.16-150400.4.69.1
* python310-dbm-3.10.16-150400.4.69.1
* python310-doc-devhelp-3.10.16-150400.4.69.1
* python310-testsuite-debuginfo-3.10.16-150400.4.69.1
* python310-base-3.10.16-150400.4.69.1
* python310-debugsource-3.10.16-150400.4.69.1
* python310-tk-3.10.16-150400.4.69.1
* python310-dbm-debuginfo-3.10.16-150400.4.69.1
* python310-3.10.16-150400.4.69.1
* python310-curses-debuginfo-3.10.16-150400.4.69.1
* python310-curses-3.10.16-150400.4.69.1
* python310-idle-3.10.16-150400.4.69.1
* python310-tools-3.10.16-150400.4.69.1
* python310-testsuite-3.10.16-150400.4.69.1
* libpython3_10-1_0-debuginfo-3.10.16-150400.4.69.1
* openSUSE Leap 15.4 (x86_64)
* python310-base-32bit-debuginfo-3.10.16-150400.4.69.1
* libpython3_10-1_0-32bit-3.10.16-150400.4.69.1
* libpython3_10-1_0-32bit-debuginfo-3.10.16-150400.4.69.1
* python310-base-32bit-3.10.16-150400.4.69.1
* python310-32bit-3.10.16-150400.4.69.1
* python310-32bit-debuginfo-3.10.16-150400.4.69.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* python310-64bit-debuginfo-3.10.16-150400.4.69.1
* libpython3_10-1_0-64bit-debuginfo-3.10.16-150400.4.69.1
* libpython3_10-1_0-64bit-3.10.16-150400.4.69.1
* python310-64bit-3.10.16-150400.4.69.1
* python310-base-64bit-debuginfo-3.10.16-150400.4.69.1
* python310-base-64bit-3.10.16-150400.4.69.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python310-tk-debuginfo-3.10.16-150400.4.69.1
* python310-devel-3.10.16-150400.4.69.1
* libpython3_10-1_0-3.10.16-150400.4.69.1
* python310-core-debugsource-3.10.16-150400.4.69.1
* python310-doc-3.10.16-150400.4.69.1
* python310-debuginfo-3.10.16-150400.4.69.1
* python310-base-debuginfo-3.10.16-150400.4.69.1
* python310-dbm-3.10.16-150400.4.69.1
* python310-doc-devhelp-3.10.16-150400.4.69.1
* python310-testsuite-debuginfo-3.10.16-150400.4.69.1
* python310-base-3.10.16-150400.4.69.1
* python310-debugsource-3.10.16-150400.4.69.1
* python310-tk-3.10.16-150400.4.69.1
* python310-dbm-debuginfo-3.10.16-150400.4.69.1
* python310-3.10.16-150400.4.69.1
* python310-curses-3.10.16-150400.4.69.1
* python310-curses-debuginfo-3.10.16-150400.4.69.1
* python310-idle-3.10.16-150400.4.69.1
* python310-tools-3.10.16-150400.4.69.1
* python310-testsuite-3.10.16-150400.4.69.1
* libpython3_10-1_0-debuginfo-3.10.16-150400.4.69.1
* openSUSE Leap 15.6 (x86_64)
* python310-base-32bit-debuginfo-3.10.16-150400.4.69.1
* libpython3_10-1_0-32bit-3.10.16-150400.4.69.1
* libpython3_10-1_0-32bit-debuginfo-3.10.16-150400.4.69.1
* python310-base-32bit-3.10.16-150400.4.69.1
* python310-32bit-3.10.16-150400.4.69.1
* python310-32bit-debuginfo-3.10.16-150400.4.69.1
## References:
* https://www.suse.com/security/cve/CVE-2025-0938.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236705
SUSE-SU-2025:0407-1: important: Security update for ovmf
# Security update for ovmf
Announcement ID: SUSE-SU-2025:0407-1
Release Date: 2025-02-10T13:56:35Z
Rating: important
References:
* bsc#1218879
* bsc#1218880
* bsc#1218881
* bsc#1218882
* bsc#1218883
* bsc#1218884
* bsc#1218885
* bsc#1218886
* bsc#1218887
Cross-References:
* CVE-2023-45229
* CVE-2023-45230
* CVE-2023-45231
* CVE-2023-45232
* CVE-2023-45233
* CVE-2023-45234
* CVE-2023-45235
* CVE-2023-45236
* CVE-2023-45237
CVSS scores:
* CVE-2023-45229 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-45229 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-45230 ( SUSE ): 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2023-45230 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45230 ( NVD ): 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2023-45231 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-45231 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-45232 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45232 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45233 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45233 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45234 ( SUSE ): 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2023-45234 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45235 ( SUSE ): 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2023-45235 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45236 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-45236 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-45237 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-45237 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves nine vulnerabilities can now be installed.
## Description:
This update for ovmf fixes the following issues:
* CVE-2023-45229: out-of-bounds read in edk2 when processing IA_NA/IA_TA
options in DHCPv6 Advertise messages. (bsc#1218879)
* CVE-2023-45230: buffer overflow in the DHCPv6 client in edk2 via a long
Server ID option. (bsc#1218880)
* CVE-2023-45231: out-of-bounds read in edk2 when handling a ND Redirect
message with truncated options. (bsc#1218881)
* CVE-2023-45232: infinite loop in edk2 when parsing unknown options in the
Destination Options header. (bsc#1218882)
* CVE-2023-45233: infinite loop in edk2 when parsing PadN options in the
Destination Options header. (bsc#1218883)
* CVE-2023-45234: buffer overflow in edk2 when processing DNS Servers options
in a DHCPv6 Advertise message. (bsc#1218884)
* CVE-2023-45235: buffer overflow in edk2 when handling the Server ID option
in a DHCPv6 proxy Advertise message. (bsc#1218885)
* CVE-2023-45236: predictable TCP Initial Sequence Numbers in edk2 network
packages. (bsc#1218886)
* CVE-2023-45237: use of a weak pseudorandom number generator in edk2.
(bsc#1218887)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-407=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-407=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-407=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-407=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-407=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-407=1
## Package List:
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* ovmf-202208-150500.6.6.1
* ovmf-tools-202208-150500.6.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* qemu-ovmf-x86_64-202208-150500.6.6.1
* qemu-uefi-aarch64-202208-150500.6.6.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 x86_64)
* ovmf-202208-150500.6.6.1
* ovmf-tools-202208-150500.6.6.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* qemu-ovmf-x86_64-202208-150500.6.6.1
* qemu-uefi-aarch64-202208-150500.6.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* ovmf-202208-150500.6.6.1
* ovmf-tools-202208-150500.6.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* qemu-ovmf-x86_64-202208-150500.6.6.1
* openSUSE Leap 15.5 (aarch64 x86_64)
* ovmf-202208-150500.6.6.1
* ovmf-tools-202208-150500.6.6.1
* openSUSE Leap 15.5 (noarch)
* qemu-ovmf-ia32-202208-150500.6.6.1
* qemu-ovmf-x86_64-202208-150500.6.6.1
* qemu-uefi-aarch64-202208-150500.6.6.1
* qemu-uefi-aarch32-202208-150500.6.6.1
* openSUSE Leap 15.5 (x86_64)
* qemu-ovmf-x86_64-debug-202208-150500.6.6.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* qemu-ovmf-x86_64-202208-150500.6.6.1
* qemu-uefi-aarch64-202208-150500.6.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* ovmf-202208-150500.6.6.1
* ovmf-tools-202208-150500.6.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* qemu-ovmf-x86_64-202208-150500.6.6.1
* qemu-uefi-aarch64-202208-150500.6.6.1
## References:
* https://www.suse.com/security/cve/CVE-2023-45229.html
* https://www.suse.com/security/cve/CVE-2023-45230.html
* https://www.suse.com/security/cve/CVE-2023-45231.html
* https://www.suse.com/security/cve/CVE-2023-45232.html
* https://www.suse.com/security/cve/CVE-2023-45233.html
* https://www.suse.com/security/cve/CVE-2023-45234.html
* https://www.suse.com/security/cve/CVE-2023-45235.html
* https://www.suse.com/security/cve/CVE-2023-45236.html
* https://www.suse.com/security/cve/CVE-2023-45237.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218879
* https://bugzilla.suse.com/show_bug.cgi?id=1218880
* https://bugzilla.suse.com/show_bug.cgi?id=1218881
* https://bugzilla.suse.com/show_bug.cgi?id=1218882
* https://bugzilla.suse.com/show_bug.cgi?id=1218883
* https://bugzilla.suse.com/show_bug.cgi?id=1218884
* https://bugzilla.suse.com/show_bug.cgi?id=1218885
* https://bugzilla.suse.com/show_bug.cgi?id=1218886
* https://bugzilla.suse.com/show_bug.cgi?id=1218887
