SUSE-SU-2025:0650-1: important: Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)
SUSE-SU-2025:0652-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)
SUSE-SU-2025:0656-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)
SUSE-SU-2025:0681-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6)
SUSE-SU-2025:0674-1: moderate: Security update for java-1_8_0-ibm
SUSE-SU-2025:0662-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)
SUSE-SU-2025:0669-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP6)
SUSE-SU-2025:0690-1: important: Security update for ovmf
SUSE-SU-2025:0691-1: important: Security update for webkit2gtk3
SUSE-SU-2025:0692-1: important: Security update for qemu
SUSE-SU-2025:0689-1: moderate: Security update for pam_pkcs11
SUSE-SU-2025:0687-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)
SUSE-SU-2025:0698-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP4)
SUSE-SU-2025:0703-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)
SUSE-SU-2025:0704-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)
openSUSE-SU-2025:0074-1: moderate: Security update for crun
SUSE-SU-2025:0650-1: important: Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)
# Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:0650-1
Release Date: 2025-02-22T22:03:56Z
Rating: important
References:
* bsc#1236783
Cross-References:
* CVE-2024-53104
CVSS scores:
* CVE-2024-53104 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 12-SP5
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_10_17 fixes one issue.
The following security issue was fixed:
* CVE-2024-53104: media: uvcvideo: Skip parsing frames of type
UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 12-SP5
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2025-650=1 SUSE-SLE-Live-
Patching-12-SP5-2025-649=1 SUSE-SLE-Live-Patching-12-SP5-2025-646=1 SUSE-SLE-
Live-Patching-12-SP5-2025-647=1 SUSE-SLE-Live-Patching-12-SP5-2025-648=1
* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-653=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-653=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-658=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-658=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-640=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-641=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2025-642=1 SUSE-SLE-Module-Live-Patching-15-SP6-2025-644=1
## Package List:
* SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
* kgraft-patch-4_12_14-122_219-default-8-2.1
* kgraft-patch-4_12_14-122_222-default-6-2.1
* kgraft-patch-4_12_14-122_231-default-4-2.1
* kgraft-patch-4_12_14-122_225-default-5-2.1
* kgraft-patch-4_12_14-122_228-default-4-2.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_49-debugsource-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-4-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_179-preempt-debuginfo-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-preempt-4-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_49-debugsource-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-4-150300.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_73-default-debuginfo-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_73-default-5-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_17-debugsource-5-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_73-default-debuginfo-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_73-default-5-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le x86_64)
* kernel-livepatch-SLE15-SP5_Update_17-debugsource-5-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
* kernel-livepatch-SLE15-SP6-RT_Update_1-debugsource-9-150600.2.1
* kernel-livepatch-6_4_0-150600_10_5-rt-debuginfo-9-150600.2.1
* kernel-livepatch-6_4_0-150600_10_17-rt-3-150600.2.1
* kernel-livepatch-SLE15-SP6-RT_Update_2-debugsource-5-150600.2.1
* kernel-livepatch-6_4_0-150600_10_5-rt-9-150600.2.1
* kernel-livepatch-6_4_0-150600_10_14-rt-debuginfo-4-150600.2.1
* kernel-livepatch-SLE15-SP6-RT_Update_5-debugsource-3-150600.2.1
* kernel-livepatch-6_4_0-150600_10_17-rt-debuginfo-3-150600.2.1
* kernel-livepatch-6_4_0-150600_10_14-rt-4-150600.2.1
* kernel-livepatch-6_4_0-150600_10_8-rt-debuginfo-5-150600.2.1
* kernel-livepatch-SLE15-SP6-RT_Update_4-debugsource-4-150600.2.1
* kernel-livepatch-6_4_0-150600_10_8-rt-5-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-53104.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236783
SUSE-SU-2025:0652-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:0652-1
Release Date: 2025-02-22T21:33:30Z
Rating: important
References:
* bsc#1227320
* bsc#1227371
* bsc#1228585
* bsc#1236783
Cross-References:
* CVE-2024-35789
* CVE-2024-36974
* CVE-2024-40956
* CVE-2024-53104
CVSS scores:
* CVE-2024-35789 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36974 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40956 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40956 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves four vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_59 fixes several issues.
The following security issues were fixed:
* CVE-2024-35789: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN
changes (bsc#1227320).
* CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in
irq_process_work_list (bsc#1228585).
* CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
(bsc#1227371).
* CVE-2024-53104: media: uvcvideo: Skip parsing frames of type
UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-652=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-652=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-657=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-657=1
## Package List:
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_150-default-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_150-default-debuginfo-17-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_41-debugsource-17-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_150-preempt-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_150-preempt-debuginfo-17-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_150-default-17-150300.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_59-default-13-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_12-debugsource-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_59-default-debuginfo-13-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_59-default-13-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_12-debugsource-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_59-default-debuginfo-13-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-35789.html
* https://www.suse.com/security/cve/CVE-2024-36974.html
* https://www.suse.com/security/cve/CVE-2024-40956.html
* https://www.suse.com/security/cve/CVE-2024-53104.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227320
* https://bugzilla.suse.com/show_bug.cgi?id=1227371
* https://bugzilla.suse.com/show_bug.cgi?id=1228585
* https://bugzilla.suse.com/show_bug.cgi?id=1236783
SUSE-SU-2025:0656-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:0656-1
Release Date: 2025-02-22T20:04:03Z
Rating: important
References:
* bsc#1227371
* bsc#1228585
* bsc#1236783
Cross-References:
* CVE-2024-36974
* CVE-2024-40956
* CVE-2024-53104
CVSS scores:
* CVE-2024-36974 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40956 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40956 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves three vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_68 fixes several issues.
The following security issues were fixed:
* CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in
irq_process_work_list (bsc#1228585).
* CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
(bsc#1227371).
* CVE-2024-53104: media: uvcvideo: Skip parsing frames of type
UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-656=1 SUSE-2025-654=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-656=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-654=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_14-debugsource-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_68-default-debuginfo-10-150500.2.1
* kernel-livepatch-5_14_21-150500_55_65-default-debuginfo-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_65-default-11-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_15-debugsource-10-150500.2.1
* kernel-livepatch-5_14_21-150500_55_68-default-10-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_14-debugsource-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_68-default-debuginfo-10-150500.2.1
* kernel-livepatch-5_14_21-150500_55_65-default-debuginfo-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_65-default-11-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_15-debugsource-10-150500.2.1
* kernel-livepatch-5_14_21-150500_55_68-default-10-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-36974.html
* https://www.suse.com/security/cve/CVE-2024-40956.html
* https://www.suse.com/security/cve/CVE-2024-53104.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227371
* https://bugzilla.suse.com/show_bug.cgi?id=1228585
* https://bugzilla.suse.com/show_bug.cgi?id=1236783
SUSE-SU-2025:0681-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:0681-1
Release Date: 2025-02-24T11:04:10Z
Rating: important
References:
* bsc#1227320
* bsc#1227371
* bsc#1228585
* bsc#1236783
Cross-References:
* CVE-2024-35789
* CVE-2024-36974
* CVE-2024-40956
* CVE-2024-53104
CVSS scores:
* CVE-2024-35789 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36974 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40956 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40956 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves four vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_21 fixes several issues.
The following security issues were fixed:
* CVE-2024-35789: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN
changes (bsc#1227320).
* CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in
irq_process_work_list (bsc#1228585).
* CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
(bsc#1227371).
* CVE-2024-53104: media: uvcvideo: Skip parsing frames of type
UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-681=1 SUSE-2025-668=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-668=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-681=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-670=1 SUSE-2025-682=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-670=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-682=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-663=1 SUSE-2025-683=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-683=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-663=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-665=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-665=1
## Package List:
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_43-debugsource-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_158-default-debuginfo-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_153-default-debuginfo-14-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_42-debugsource-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_153-default-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_158-default-13-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_158-preempt-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_153-preempt-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_153-preempt-debuginfo-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_158-preempt-debuginfo-13-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_158-default-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_153-default-14-150300.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_27-debugsource-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_122-default-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_24-debugsource-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_111-default-debuginfo-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_111-default-13-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_27-debugsource-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_122-default-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_24-debugsource-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_111-default-debuginfo-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_111-default-13-150400.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_49-default-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_52-default-debuginfo-13-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_11-debugsource-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_52-default-13-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_10-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_49-default-debuginfo-15-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_49-default-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_52-default-debuginfo-13-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_11-debugsource-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_52-default-13-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_10-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_49-default-debuginfo-15-150500.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_0-debugsource-11-150600.4.25.1
* kernel-livepatch-6_4_0-150600_21-default-debuginfo-11-150600.4.25.1
* kernel-livepatch-6_4_0-150600_21-default-11-150600.4.25.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_0-debugsource-11-150600.4.25.1
* kernel-livepatch-6_4_0-150600_21-default-debuginfo-11-150600.4.25.1
* kernel-livepatch-6_4_0-150600_21-default-11-150600.4.25.1
## References:
* https://www.suse.com/security/cve/CVE-2024-35789.html
* https://www.suse.com/security/cve/CVE-2024-36974.html
* https://www.suse.com/security/cve/CVE-2024-40956.html
* https://www.suse.com/security/cve/CVE-2024-53104.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227320
* https://bugzilla.suse.com/show_bug.cgi?id=1227371
* https://bugzilla.suse.com/show_bug.cgi?id=1228585
* https://bugzilla.suse.com/show_bug.cgi?id=1236783
SUSE-SU-2025:0674-1: moderate: Security update for java-1_8_0-ibm
# Security update for java-1_8_0-ibm
Announcement ID: SUSE-SU-2025:0674-1
Release Date: 2025-02-24T10:45:43Z
Rating: moderate
References:
* bsc#1233296
* bsc#1236278
* bsc#1236470
Cross-References:
* CVE-2024-10917
* CVE-2025-21502
CVSS scores:
* CVE-2024-10917 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-10917 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-10917 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-10917 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-21502 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-21502 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-21502 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products:
* Legacy Module 15-SP6
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves two vulnerabilities and has one security fix can now be
installed.
## Description:
This update for java-1_8_0-ibm fixes the following issues:
Update to Java 8.0 Service Refresh 8 Fix Pack 40 (bsc#1236470):
* CVE-2025-21502: unauthenticated attacker can obtain unauthorized read and
write access to data through the Hotspot component API (bsc#1236278).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-674=1
* Legacy Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-674=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-674=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-674=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-674=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-674=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-674=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-674=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-674=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-674=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-674=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-674=1
## Package List:
* openSUSE Leap 15.6 (nosrc ppc64le s390x x86_64)
* java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1
* openSUSE Leap 15.6 (x86_64)
* java-1_8_0-ibm-devel-32bit-1.8.0_sr8.40-150000.3.98.1
* java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1
* java-1_8_0-ibm-32bit-1.8.0_sr8.40-150000.3.98.1
* java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* java-1_8_0-ibm-src-1.8.0_sr8.40-150000.3.98.1
* java-1_8_0-ibm-demo-1.8.0_sr8.40-150000.3.98.1
* java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1
* Legacy Module 15-SP6 (nosrc ppc64le s390x x86_64)
* java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1
* Legacy Module 15-SP6 (ppc64le s390x x86_64)
* java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1
* Legacy Module 15-SP6 (x86_64)
* java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1
* java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (nosrc x86_64)
* java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64)
* java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1
* java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1
* java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (nosrc x86_64)
* java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1
* java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1
* java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (nosrc x86_64)
* java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1
* java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1
* java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (nosrc ppc64le s390x x86_64)
* java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (ppc64le s390x x86_64)
* java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (x86_64)
* java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1
* java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (nosrc ppc64le s390x x86_64)
* java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (ppc64le s390x x86_64)
* java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
* java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1
* java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (nosrc ppc64le s390x x86_64)
* java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (ppc64le s390x x86_64)
* java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
* java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1
* java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le
x86_64)
* java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1
* java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le
x86_64)
* java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1
* java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (nosrc ppc64le
x86_64)
* java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1
* java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1
* SUSE Enterprise Storage 7.1 (nosrc x86_64)
* java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1
* SUSE Enterprise Storage 7.1 (x86_64)
* java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1
* java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1
* java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1
## References:
* https://www.suse.com/security/cve/CVE-2024-10917.html
* https://www.suse.com/security/cve/CVE-2025-21502.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233296
* https://bugzilla.suse.com/show_bug.cgi?id=1236278
* https://bugzilla.suse.com/show_bug.cgi?id=1236470
SUSE-SU-2025:0662-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:0662-1
Release Date: 2025-02-24T11:33:43Z
Rating: important
References:
* bsc#1236783
Cross-References:
* CVE-2024-53104
CVSS scores:
* CVE-2024-53104 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 12-SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_22 fixes one issue.
The following security issue was fixed:
* CVE-2024-53104: media: uvcvideo: Skip parsing frames of type
UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-684=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-666=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2025-673=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-666=1 SUSE-2025-673=1
* SUSE Linux Enterprise Live Patching 12-SP5
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2025-662=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-686=1 SUSE-2025-671=1 SUSE-2025-685=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-686=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-671=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2025-685=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-664=1 SUSE-2025-672=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-664=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-672=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
* kernel-livepatch-6_4_0-150600_10_11-rt-debuginfo-5-150600.2.1
* kernel-livepatch-6_4_0-150600_10_11-rt-5-150600.2.1
* kernel-livepatch-SLE15-SP6-RT_Update_3-debugsource-5-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_4-debugsource-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-5-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_3-debugsource-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-5-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_4-debugsource-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-5-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_3-debugsource-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-5-150600.2.1
* SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
* kgraft-patch-4_12_14-122_234-default-4-2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_29-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_128-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_128-default-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_32-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_33-debugsource-3-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_29-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_128-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_128-default-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_32-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_33-debugsource-3-150400.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_20-debugsource-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_19-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-4-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_20-debugsource-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_19-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-4-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-53104.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236783
SUSE-SU-2025:0669-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:0669-1
Release Date: 2025-02-24T09:03:58Z
Rating: important
References:
* bsc#1227371
* bsc#1236783
Cross-References:
* CVE-2024-36974
* CVE-2024-53104
CVSS scores:
* CVE-2024-36974 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves two vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_14 fixes several issues.
The following security issues were fixed:
* CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
(bsc#1227371).
* CVE-2024-53104: media: uvcvideo: Skip parsing frames of type
UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-669=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-669=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-9-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_2-debugsource-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_14-default-9-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-9-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_2-debugsource-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_14-default-9-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-36974.html
* https://www.suse.com/security/cve/CVE-2024-53104.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227371
* https://bugzilla.suse.com/show_bug.cgi?id=1236783
SUSE-SU-2025:0690-1: important: Security update for ovmf
# Security update for ovmf
Announcement ID: SUSE-SU-2025:0690-1
Release Date: 2025-02-24T13:06:15Z
Rating: important
References:
* bsc#1237084
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that has one security fix can now be installed.
## Description:
This update for ovmf fixes the following issues:
* PXE boot is failing due to patches applied to fix CVE-2023-45236 and
CVE-2023-45237 (bsc#1237084).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-690=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-690=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-690=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-690=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-690=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-690=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-690=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-690=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-690=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-690=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-690=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-690=1
## Package List:
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* ovmf-tools-202202-150400.5.18.1
* ovmf-202202-150400.5.18.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* qemu-ovmf-x86_64-202202-150400.5.18.1
* SUSE Manager Proxy 4.3 (x86_64)
* ovmf-tools-202202-150400.5.18.1
* ovmf-202202-150400.5.18.1
* SUSE Manager Proxy 4.3 (noarch)
* qemu-ovmf-x86_64-202202-150400.5.18.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* ovmf-tools-202202-150400.5.18.1
* ovmf-202202-150400.5.18.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* qemu-ovmf-x86_64-202202-150400.5.18.1
* SUSE Manager Server 4.3 (x86_64)
* ovmf-tools-202202-150400.5.18.1
* ovmf-202202-150400.5.18.1
* SUSE Manager Server 4.3 (noarch)
* qemu-ovmf-x86_64-202202-150400.5.18.1
* openSUSE Leap 15.4 (aarch64 x86_64)
* ovmf-tools-202202-150400.5.18.1
* ovmf-202202-150400.5.18.1
* openSUSE Leap 15.4 (noarch)
* qemu-ovmf-x86_64-202202-150400.5.18.1
* qemu-ovmf-ia32-202202-150400.5.18.1
* qemu-uefi-aarch32-202202-150400.5.18.1
* qemu-uefi-aarch64-202202-150400.5.18.1
* openSUSE Leap 15.4 (x86_64)
* qemu-ovmf-x86_64-debug-202202-150400.5.18.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
* qemu-uefi-aarch64-202202-150400.5.18.1
* qemu-ovmf-x86_64-202202-150400.5.18.1
* SUSE Linux Enterprise Micro 5.3 (noarch)
* qemu-uefi-aarch64-202202-150400.5.18.1
* qemu-ovmf-x86_64-202202-150400.5.18.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
* qemu-uefi-aarch64-202202-150400.5.18.1
* qemu-ovmf-x86_64-202202-150400.5.18.1
* SUSE Linux Enterprise Micro 5.4 (noarch)
* qemu-uefi-aarch64-202202-150400.5.18.1
* qemu-ovmf-x86_64-202202-150400.5.18.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* ovmf-tools-202202-150400.5.18.1
* ovmf-202202-150400.5.18.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* qemu-uefi-aarch64-202202-150400.5.18.1
* qemu-ovmf-x86_64-202202-150400.5.18.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* ovmf-tools-202202-150400.5.18.1
* ovmf-202202-150400.5.18.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* qemu-uefi-aarch64-202202-150400.5.18.1
* qemu-ovmf-x86_64-202202-150400.5.18.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 x86_64)
* ovmf-tools-202202-150400.5.18.1
* ovmf-202202-150400.5.18.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* qemu-uefi-aarch64-202202-150400.5.18.1
* qemu-ovmf-x86_64-202202-150400.5.18.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1237084
SUSE-SU-2025:0691-1: important: Security update for webkit2gtk3
# Security update for webkit2gtk3
Announcement ID: SUSE-SU-2025:0691-1
Release Date: 2025-02-24T13:12:41Z
Rating: important
References:
* bsc#1236946
Cross-References:
* CVE-2024-27856
* CVE-2024-54543
* CVE-2024-54658
* CVE-2025-24143
* CVE-2025-24150
* CVE-2025-24158
* CVE-2025-24162
CVSS scores:
* CVE-2024-27856 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-27856 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-27856 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-54543 ( SUSE ): 7.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-54543 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-54543 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-54543 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-54658 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-54658 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-54658 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-24143 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-24143 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-24143 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-24143 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-24150 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-24150 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-24150 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-24150 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-24158 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-24158 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-24158 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-24162 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-24162 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-24162 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP6
* Desktop Applications Module 15-SP6
* Development Tools Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves seven vulnerabilities can now be installed.
## Description:
This update for webkit2gtk3 fixes the following issues:
Update to version 2.46.6 (bsc#1236946):
* CVE-2025-24143: A maliciously crafted webpage may be able to fingerprint the
user.
* CVE-2025-24150: Copying a URL from Web Inspector may lead to command
injection.
* CVE-2025-24158: Processing web content may lead to a denial-of-service.
* CVE-2025-24162: Processing maliciously crafted web content may lead to an
unexpected process crash.
Already fixed in previous releases:
* CVE-2024-54543: Processing maliciously crafted web content may lead to
memory corruption.
* CVE-2024-27856: Processing a file may lead to unexpected app termination or
arbitrary code execution.
* CVE-2024-54658: Processing web content may lead to a denial-of-service.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-691=1 openSUSE-SLE-15.6-2025-691=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-691=1
* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-691=1
* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-691=1
## Package List:
* openSUSE Leap 15.6 (noarch)
* WebKitGTK-6.0-lang-2.46.6-150600.12.27.1
* WebKitGTK-4.0-lang-2.46.6-150600.12.27.1
* WebKitGTK-4.1-lang-2.46.6-150600.12.27.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* webkit2gtk-4_1-injected-bundles-debuginfo-2.46.6-150600.12.27.1
* webkit2gtk3-minibrowser-2.46.6-150600.12.27.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.46.6-150600.12.27.1
* webkit2gtk3-debugsource-2.46.6-150600.12.27.1
* libwebkit2gtk-4_1-0-debuginfo-2.46.6-150600.12.27.1
* webkit-jsc-6.0-debuginfo-2.46.6-150600.12.27.1
* webkitgtk-6_0-injected-bundles-debuginfo-2.46.6-150600.12.27.1
* webkit2gtk3-minibrowser-debuginfo-2.46.6-150600.12.27.1
* webkit-jsc-4.1-2.46.6-150600.12.27.1
* libjavascriptcoregtk-4_0-18-2.46.6-150600.12.27.1
* webkit2gtk-4_1-injected-bundles-2.46.6-150600.12.27.1
* libwebkitgtk-6_0-4-2.46.6-150600.12.27.1
* typelib-1_0-WebKit-6_0-2.46.6-150600.12.27.1
* libwebkit2gtk-4_0-37-debuginfo-2.46.6-150600.12.27.1
* typelib-1_0-JavaScriptCore-4_0-2.46.6-150600.12.27.1
* webkit2gtk-4_0-injected-bundles-2.46.6-150600.12.27.1
* webkit-jsc-4.1-debuginfo-2.46.6-150600.12.27.1
* libwebkit2gtk-4_0-37-2.46.6-150600.12.27.1
* typelib-1_0-WebKit2-4_1-2.46.6-150600.12.27.1
* libjavascriptcoregtk-6_0-1-2.46.6-150600.12.27.1
* webkit2gtk4-minibrowser-debuginfo-2.46.6-150600.12.27.1
* typelib-1_0-WebKit2WebExtension-4_1-2.46.6-150600.12.27.1
* webkit2gtk3-soup2-devel-2.46.6-150600.12.27.1
* webkit-jsc-6.0-2.46.6-150600.12.27.1
* webkit2gtk4-debugsource-2.46.6-150600.12.27.1
* libwebkitgtk-6_0-4-debuginfo-2.46.6-150600.12.27.1
* webkit-jsc-4-2.46.6-150600.12.27.1
* webkit2gtk3-soup2-minibrowser-2.46.6-150600.12.27.1
* webkit2gtk3-soup2-minibrowser-debuginfo-2.46.6-150600.12.27.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150600.12.27.1
* webkit2gtk3-devel-2.46.6-150600.12.27.1
* webkit2gtk4-minibrowser-2.46.6-150600.12.27.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150600.12.27.1
* libjavascriptcoregtk-4_1-0-2.46.6-150600.12.27.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.46.6-150600.12.27.1
* typelib-1_0-WebKitWebProcessExtension-6_0-2.46.6-150600.12.27.1
* typelib-1_0-WebKit2-4_0-2.46.6-150600.12.27.1
* typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150600.12.27.1
* webkit2gtk3-soup2-debugsource-2.46.6-150600.12.27.1
* typelib-1_0-JavaScriptCore-6_0-2.46.6-150600.12.27.1
* libwebkit2gtk-4_1-0-2.46.6-150600.12.27.1
* webkitgtk-6_0-injected-bundles-2.46.6-150600.12.27.1
* webkit-jsc-4-debuginfo-2.46.6-150600.12.27.1
* typelib-1_0-JavaScriptCore-4_1-2.46.6-150600.12.27.1
* webkit2gtk4-devel-2.46.6-150600.12.27.1
* openSUSE Leap 15.6 (x86_64)
* libwebkit2gtk-4_1-0-32bit-debuginfo-2.46.6-150600.12.27.1
* libwebkit2gtk-4_0-37-32bit-debuginfo-2.46.6-150600.12.27.1
* libwebkit2gtk-4_0-37-32bit-2.46.6-150600.12.27.1
* libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.46.6-150600.12.27.1
* libjavascriptcoregtk-4_1-0-32bit-2.46.6-150600.12.27.1
* libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.46.6-150600.12.27.1
* libwebkit2gtk-4_1-0-32bit-2.46.6-150600.12.27.1
* libjavascriptcoregtk-4_0-18-32bit-2.46.6-150600.12.27.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.46.6-150600.12.27.1
* libwebkit2gtk-4_0-37-64bit-2.46.6-150600.12.27.1
* libjavascriptcoregtk-4_0-18-64bit-2.46.6-150600.12.27.1
* libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.46.6-150600.12.27.1
* libwebkit2gtk-4_0-37-64bit-debuginfo-2.46.6-150600.12.27.1
* libjavascriptcoregtk-4_1-0-64bit-2.46.6-150600.12.27.1
* libwebkit2gtk-4_1-0-64bit-debuginfo-2.46.6-150600.12.27.1
* libwebkit2gtk-4_1-0-64bit-2.46.6-150600.12.27.1
* Basesystem Module 15-SP6 (noarch)
* WebKitGTK-6.0-lang-2.46.6-150600.12.27.1
* WebKitGTK-4.0-lang-2.46.6-150600.12.27.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libjavascriptcoregtk-4_0-18-2.46.6-150600.12.27.1
* libwebkitgtk-6_0-4-2.46.6-150600.12.27.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150600.12.27.1
* libwebkitgtk-6_0-4-debuginfo-2.46.6-150600.12.27.1
* libwebkit2gtk-4_0-37-debuginfo-2.46.6-150600.12.27.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.46.6-150600.12.27.1
* typelib-1_0-JavaScriptCore-4_0-2.46.6-150600.12.27.1
* webkit2gtk-4_0-injected-bundles-2.46.6-150600.12.27.1
* libwebkit2gtk-4_0-37-2.46.6-150600.12.27.1
* typelib-1_0-WebKit2-4_0-2.46.6-150600.12.27.1
* typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150600.12.27.1
* webkit2gtk3-soup2-debugsource-2.46.6-150600.12.27.1
* webkitgtk-6_0-injected-bundles-2.46.6-150600.12.27.1
* libjavascriptcoregtk-6_0-1-2.46.6-150600.12.27.1
* webkitgtk-6_0-injected-bundles-debuginfo-2.46.6-150600.12.27.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150600.12.27.1
* webkit2gtk3-soup2-devel-2.46.6-150600.12.27.1
* webkit2gtk4-debugsource-2.46.6-150600.12.27.1
* Desktop Applications Module 15-SP6 (noarch)
* WebKitGTK-4.1-lang-2.46.6-150600.12.27.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* webkit2gtk-4_1-injected-bundles-debuginfo-2.46.6-150600.12.27.1
* webkit2gtk-4_1-injected-bundles-2.46.6-150600.12.27.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.46.6-150600.12.27.1
* libjavascriptcoregtk-4_1-0-2.46.6-150600.12.27.1
* webkit2gtk3-debugsource-2.46.6-150600.12.27.1
* libwebkit2gtk-4_1-0-debuginfo-2.46.6-150600.12.27.1
* typelib-1_0-WebKit2-4_1-2.46.6-150600.12.27.1
* libwebkit2gtk-4_1-0-2.46.6-150600.12.27.1
* typelib-1_0-WebKit2WebExtension-4_1-2.46.6-150600.12.27.1
* webkit2gtk3-devel-2.46.6-150600.12.27.1
* typelib-1_0-JavaScriptCore-4_1-2.46.6-150600.12.27.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* typelib-1_0-WebKit-6_0-2.46.6-150600.12.27.1
* typelib-1_0-WebKitWebProcessExtension-6_0-2.46.6-150600.12.27.1
* typelib-1_0-JavaScriptCore-6_0-2.46.6-150600.12.27.1
* webkit2gtk4-devel-2.46.6-150600.12.27.1
* webkit2gtk4-debugsource-2.46.6-150600.12.27.1
## References:
* https://www.suse.com/security/cve/CVE-2024-27856.html
* https://www.suse.com/security/cve/CVE-2024-54543.html
* https://www.suse.com/security/cve/CVE-2024-54658.html
* https://www.suse.com/security/cve/CVE-2025-24143.html
* https://www.suse.com/security/cve/CVE-2025-24150.html
* https://www.suse.com/security/cve/CVE-2025-24158.html
* https://www.suse.com/security/cve/CVE-2025-24162.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236946
SUSE-SU-2025:0692-1: important: Security update for qemu
# Security update for qemu
Announcement ID: SUSE-SU-2025:0692-1
Release Date: 2025-02-24T14:21:31Z
Rating: important
References:
* bsc#1219722
* bsc#1219733
* bsc#1222845
* bsc#1229007
* bsc#1230915
Cross-References:
* CVE-2024-3447
* CVE-2024-7409
* CVE-2024-8612
CVSS scores:
* CVE-2024-3447 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-3447 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-7409 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-7409 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-7409 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-8612 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-8612 ( SUSE ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
* CVE-2024-8612 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Affected Products:
* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves three vulnerabilities and has two security fixes can now
be installed.
## Description:
This update for qemu fixes the following issues:
* CVE-2024-8612: Fixed information leak in virtio devices (bsc#1230915).
* CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU
NBD Server during socket closure (bsc#1229007).
* CVE-2024-3447: Fixed heap buffer overflow in sdhci_write_dataport()
(bsc#1222845).
Other fixes:
* Fix ipxe build with new binutils (bsc#1219733, bsc#1219722).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-692=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-692=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-692=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-692=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-692=1
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-692=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-692=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-692=1
## Package List:
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* qemu-ui-curses-5.2.0-150300.135.1
* qemu-audio-pa-debuginfo-5.2.0-150300.135.1
* qemu-ivshmem-tools-debuginfo-5.2.0-150300.135.1
* qemu-block-iscsi-debuginfo-5.2.0-150300.135.1
* qemu-audio-alsa-debuginfo-5.2.0-150300.135.1
* qemu-lang-5.2.0-150300.135.1
* qemu-ui-opengl-debuginfo-5.2.0-150300.135.1
* qemu-hw-usb-smartcard-debuginfo-5.2.0-150300.135.1
* qemu-block-dmg-5.2.0-150300.135.1
* qemu-extra-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.135.1
* qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.135.1
* qemu-block-gluster-5.2.0-150300.135.1
* qemu-hw-usb-redirect-5.2.0-150300.135.1
* qemu-arm-debuginfo-5.2.0-150300.135.1
* qemu-block-dmg-debuginfo-5.2.0-150300.135.1
* qemu-tools-debuginfo-5.2.0-150300.135.1
* qemu-vhost-user-gpu-debuginfo-5.2.0-150300.135.1
* qemu-x86-debuginfo-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-pci-5.2.0-150300.135.1
* qemu-ui-opengl-5.2.0-150300.135.1
* qemu-hw-display-qxl-5.2.0-150300.135.1
* qemu-hw-display-virtio-vga-5.2.0-150300.135.1
* qemu-chardev-spice-5.2.0-150300.135.1
* qemu-ivshmem-tools-5.2.0-150300.135.1
* qemu-ui-spice-core-debuginfo-5.2.0-150300.135.1
* qemu-hw-display-qxl-debuginfo-5.2.0-150300.135.1
* qemu-ppc-debuginfo-5.2.0-150300.135.1
* qemu-linux-user-5.2.0-150300.135.1
* qemu-audio-alsa-5.2.0-150300.135.1
* qemu-debugsource-5.2.0-150300.135.1
* qemu-extra-debuginfo-5.2.0-150300.135.1
* qemu-hw-usb-smartcard-5.2.0-150300.135.1
* qemu-chardev-baum-5.2.0-150300.135.1
* qemu-audio-spice-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.135.1
* qemu-block-curl-debuginfo-5.2.0-150300.135.1
* qemu-debuginfo-5.2.0-150300.135.1
* qemu-guest-agent-debuginfo-5.2.0-150300.135.1
* qemu-guest-agent-5.2.0-150300.135.1
* qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.135.1
* qemu-block-ssh-debuginfo-5.2.0-150300.135.1
* qemu-s390x-5.2.0-150300.135.1
* qemu-vhost-user-gpu-5.2.0-150300.135.1
* qemu-ui-gtk-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-5.2.0-150300.135.1
* qemu-5.2.0-150300.135.1
* qemu-s390x-debuginfo-5.2.0-150300.135.1
* qemu-linux-user-debuginfo-5.2.0-150300.135.1
* qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.135.1
* qemu-block-iscsi-5.2.0-150300.135.1
* qemu-arm-5.2.0-150300.135.1
* qemu-audio-spice-debuginfo-5.2.0-150300.135.1
* qemu-block-curl-5.2.0-150300.135.1
* qemu-tools-5.2.0-150300.135.1
* qemu-ui-gtk-debuginfo-5.2.0-150300.135.1
* qemu-ksm-5.2.0-150300.135.1
* qemu-ui-spice-app-debuginfo-5.2.0-150300.135.1
* qemu-hw-usb-redirect-debuginfo-5.2.0-150300.135.1
* qemu-x86-5.2.0-150300.135.1
* qemu-ui-curses-debuginfo-5.2.0-150300.135.1
* qemu-ui-spice-app-5.2.0-150300.135.1
* qemu-ui-spice-core-5.2.0-150300.135.1
* qemu-block-gluster-debuginfo-5.2.0-150300.135.1
* qemu-chardev-spice-debuginfo-5.2.0-150300.135.1
* qemu-chardev-baum-debuginfo-5.2.0-150300.135.1
* qemu-testsuite-5.2.0-150300.135.1
* qemu-linux-user-debugsource-5.2.0-150300.135.1
* qemu-block-nfs-debuginfo-5.2.0-150300.135.1
* qemu-block-ssh-5.2.0-150300.135.1
* qemu-ppc-5.2.0-150300.135.1
* qemu-audio-pa-5.2.0-150300.135.1
* qemu-block-nfs-5.2.0-150300.135.1
* openSUSE Leap 15.3 (s390x x86_64 i586)
* qemu-kvm-5.2.0-150300.135.1
* openSUSE Leap 15.3 (noarch)
* qemu-vgabios-1.14.0_0_g155821a-150300.135.1
* qemu-seabios-1.14.0_0_g155821a-150300.135.1
* qemu-ipxe-1.0.0+-150300.135.1
* qemu-microvm-5.2.0-150300.135.1
* qemu-sgabios-8-150300.135.1
* qemu-skiboot-5.2.0-150300.135.1
* qemu-SLOF-5.2.0-150300.135.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64)
* qemu-block-rbd-5.2.0-150300.135.1
* qemu-block-rbd-debuginfo-5.2.0-150300.135.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* qemu-ui-curses-5.2.0-150300.135.1
* qemu-block-iscsi-debuginfo-5.2.0-150300.135.1
* qemu-lang-5.2.0-150300.135.1
* qemu-ui-opengl-debuginfo-5.2.0-150300.135.1
* qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.135.1
* qemu-hw-usb-redirect-5.2.0-150300.135.1
* qemu-tools-debuginfo-5.2.0-150300.135.1
* qemu-ui-opengl-5.2.0-150300.135.1
* qemu-hw-display-qxl-5.2.0-150300.135.1
* qemu-hw-display-virtio-vga-5.2.0-150300.135.1
* qemu-chardev-spice-5.2.0-150300.135.1
* qemu-ui-spice-core-debuginfo-5.2.0-150300.135.1
* qemu-hw-display-qxl-debuginfo-5.2.0-150300.135.1
* qemu-debugsource-5.2.0-150300.135.1
* qemu-chardev-baum-5.2.0-150300.135.1
* qemu-block-curl-debuginfo-5.2.0-150300.135.1
* qemu-debuginfo-5.2.0-150300.135.1
* qemu-guest-agent-debuginfo-5.2.0-150300.135.1
* qemu-guest-agent-5.2.0-150300.135.1
* qemu-block-rbd-5.2.0-150300.135.1
* qemu-block-ssh-debuginfo-5.2.0-150300.135.1
* qemu-ui-gtk-5.2.0-150300.135.1
* qemu-5.2.0-150300.135.1
* qemu-block-iscsi-5.2.0-150300.135.1
* qemu-audio-spice-debuginfo-5.2.0-150300.135.1
* qemu-block-curl-5.2.0-150300.135.1
* qemu-tools-5.2.0-150300.135.1
* qemu-ui-gtk-debuginfo-5.2.0-150300.135.1
* qemu-ksm-5.2.0-150300.135.1
* qemu-ui-spice-app-debuginfo-5.2.0-150300.135.1
* qemu-hw-usb-redirect-debuginfo-5.2.0-150300.135.1
* qemu-ui-curses-debuginfo-5.2.0-150300.135.1
* qemu-ui-spice-app-5.2.0-150300.135.1
* qemu-ui-spice-core-5.2.0-150300.135.1
* qemu-chardev-spice-debuginfo-5.2.0-150300.135.1
* qemu-chardev-baum-debuginfo-5.2.0-150300.135.1
* qemu-block-rbd-debuginfo-5.2.0-150300.135.1
* qemu-block-ssh-5.2.0-150300.135.1
* qemu-audio-spice-5.2.0-150300.135.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64)
* qemu-arm-5.2.0-150300.135.1
* qemu-arm-debuginfo-5.2.0-150300.135.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* qemu-seabios-1.14.0_0_g155821a-150300.135.1
* qemu-vgabios-1.14.0_0_g155821a-150300.135.1
* qemu-ipxe-1.0.0+-150300.135.1
* qemu-sgabios-8-150300.135.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64)
* qemu-audio-pa-debuginfo-5.2.0-150300.135.1
* qemu-audio-alsa-debuginfo-5.2.0-150300.135.1
* qemu-audio-alsa-5.2.0-150300.135.1
* qemu-kvm-5.2.0-150300.135.1
* qemu-x86-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.135.1
* qemu-x86-debuginfo-5.2.0-150300.135.1
* qemu-audio-pa-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-pci-5.2.0-150300.135.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* qemu-ui-curses-5.2.0-150300.135.1
* qemu-block-iscsi-debuginfo-5.2.0-150300.135.1
* qemu-lang-5.2.0-150300.135.1
* qemu-tools-debuginfo-5.2.0-150300.135.1
* qemu-debugsource-5.2.0-150300.135.1
* qemu-chardev-baum-5.2.0-150300.135.1
* qemu-block-curl-debuginfo-5.2.0-150300.135.1
* qemu-debuginfo-5.2.0-150300.135.1
* qemu-guest-agent-debuginfo-5.2.0-150300.135.1
* qemu-guest-agent-5.2.0-150300.135.1
* qemu-block-rbd-5.2.0-150300.135.1
* qemu-block-ssh-debuginfo-5.2.0-150300.135.1
* qemu-5.2.0-150300.135.1
* qemu-block-iscsi-5.2.0-150300.135.1
* qemu-block-curl-5.2.0-150300.135.1
* qemu-tools-5.2.0-150300.135.1
* qemu-ksm-5.2.0-150300.135.1
* qemu-ui-curses-debuginfo-5.2.0-150300.135.1
* qemu-chardev-baum-debuginfo-5.2.0-150300.135.1
* qemu-block-rbd-debuginfo-5.2.0-150300.135.1
* qemu-block-ssh-5.2.0-150300.135.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64)
* qemu-arm-5.2.0-150300.135.1
* qemu-arm-debuginfo-5.2.0-150300.135.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le x86_64)
* qemu-hw-display-qxl-5.2.0-150300.135.1
* qemu-hw-display-virtio-vga-5.2.0-150300.135.1
* qemu-chardev-spice-5.2.0-150300.135.1
* qemu-ui-gtk-debuginfo-5.2.0-150300.135.1
* qemu-ui-spice-core-debuginfo-5.2.0-150300.135.1
* qemu-hw-display-qxl-debuginfo-5.2.0-150300.135.1
* qemu-ui-spice-app-debuginfo-5.2.0-150300.135.1
* qemu-hw-usb-redirect-debuginfo-5.2.0-150300.135.1
* qemu-ui-opengl-debuginfo-5.2.0-150300.135.1
* qemu-ui-spice-app-5.2.0-150300.135.1
* qemu-ui-spice-core-5.2.0-150300.135.1
* qemu-chardev-spice-debuginfo-5.2.0-150300.135.1
* qemu-ui-gtk-5.2.0-150300.135.1
* qemu-audio-spice-5.2.0-150300.135.1
* qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.135.1
* qemu-hw-usb-redirect-5.2.0-150300.135.1
* qemu-audio-spice-debuginfo-5.2.0-150300.135.1
* qemu-ui-opengl-5.2.0-150300.135.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* qemu-vgabios-1.14.0_0_g155821a-150300.135.1
* qemu-seabios-1.14.0_0_g155821a-150300.135.1
* qemu-ipxe-1.0.0+-150300.135.1
* qemu-sgabios-8-150300.135.1
* qemu-skiboot-5.2.0-150300.135.1
* qemu-SLOF-5.2.0-150300.135.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (ppc64le)
* qemu-ppc-5.2.0-150300.135.1
* qemu-ppc-debuginfo-5.2.0-150300.135.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (s390x x86_64)
* qemu-kvm-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-pci-5.2.0-150300.135.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (s390x)
* qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.135.1
* qemu-s390x-5.2.0-150300.135.1
* qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.135.1
* qemu-s390x-debuginfo-5.2.0-150300.135.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (x86_64)
* qemu-audio-pa-debuginfo-5.2.0-150300.135.1
* qemu-audio-alsa-debuginfo-5.2.0-150300.135.1
* qemu-audio-alsa-5.2.0-150300.135.1
* qemu-x86-5.2.0-150300.135.1
* qemu-x86-debuginfo-5.2.0-150300.135.1
* qemu-audio-pa-5.2.0-150300.135.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* qemu-ui-curses-5.2.0-150300.135.1
* qemu-block-iscsi-debuginfo-5.2.0-150300.135.1
* qemu-lang-5.2.0-150300.135.1
* qemu-ui-opengl-debuginfo-5.2.0-150300.135.1
* qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.135.1
* qemu-hw-usb-redirect-5.2.0-150300.135.1
* qemu-tools-debuginfo-5.2.0-150300.135.1
* qemu-ui-opengl-5.2.0-150300.135.1
* qemu-hw-display-qxl-5.2.0-150300.135.1
* qemu-hw-display-virtio-vga-5.2.0-150300.135.1
* qemu-chardev-spice-5.2.0-150300.135.1
* qemu-ui-spice-core-debuginfo-5.2.0-150300.135.1
* qemu-hw-display-qxl-debuginfo-5.2.0-150300.135.1
* qemu-debugsource-5.2.0-150300.135.1
* qemu-chardev-baum-5.2.0-150300.135.1
* qemu-block-curl-debuginfo-5.2.0-150300.135.1
* qemu-debuginfo-5.2.0-150300.135.1
* qemu-guest-agent-debuginfo-5.2.0-150300.135.1
* qemu-guest-agent-5.2.0-150300.135.1
* qemu-block-rbd-5.2.0-150300.135.1
* qemu-block-ssh-debuginfo-5.2.0-150300.135.1
* qemu-ui-gtk-5.2.0-150300.135.1
* qemu-5.2.0-150300.135.1
* qemu-block-iscsi-5.2.0-150300.135.1
* qemu-audio-spice-debuginfo-5.2.0-150300.135.1
* qemu-block-curl-5.2.0-150300.135.1
* qemu-tools-5.2.0-150300.135.1
* qemu-ui-gtk-debuginfo-5.2.0-150300.135.1
* qemu-ksm-5.2.0-150300.135.1
* qemu-ui-spice-app-debuginfo-5.2.0-150300.135.1
* qemu-hw-usb-redirect-debuginfo-5.2.0-150300.135.1
* qemu-ui-curses-debuginfo-5.2.0-150300.135.1
* qemu-ui-spice-app-5.2.0-150300.135.1
* qemu-ui-spice-core-5.2.0-150300.135.1
* qemu-chardev-spice-debuginfo-5.2.0-150300.135.1
* qemu-chardev-baum-debuginfo-5.2.0-150300.135.1
* qemu-block-rbd-debuginfo-5.2.0-150300.135.1
* qemu-block-ssh-5.2.0-150300.135.1
* qemu-audio-spice-5.2.0-150300.135.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* qemu-vgabios-1.14.0_0_g155821a-150300.135.1
* qemu-seabios-1.14.0_0_g155821a-150300.135.1
* qemu-ipxe-1.0.0+-150300.135.1
* qemu-sgabios-8-150300.135.1
* qemu-skiboot-5.2.0-150300.135.1
* qemu-SLOF-5.2.0-150300.135.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le)
* qemu-ppc-5.2.0-150300.135.1
* qemu-ppc-debuginfo-5.2.0-150300.135.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* qemu-audio-pa-debuginfo-5.2.0-150300.135.1
* qemu-audio-alsa-debuginfo-5.2.0-150300.135.1
* qemu-audio-alsa-5.2.0-150300.135.1
* qemu-kvm-5.2.0-150300.135.1
* qemu-x86-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.135.1
* qemu-x86-debuginfo-5.2.0-150300.135.1
* qemu-audio-pa-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-pci-5.2.0-150300.135.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* qemu-ui-curses-5.2.0-150300.135.1
* qemu-block-iscsi-debuginfo-5.2.0-150300.135.1
* qemu-lang-5.2.0-150300.135.1
* qemu-ui-opengl-debuginfo-5.2.0-150300.135.1
* qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.135.1
* qemu-hw-usb-redirect-5.2.0-150300.135.1
* qemu-tools-debuginfo-5.2.0-150300.135.1
* qemu-ui-opengl-5.2.0-150300.135.1
* qemu-hw-display-qxl-5.2.0-150300.135.1
* qemu-hw-display-virtio-vga-5.2.0-150300.135.1
* qemu-chardev-spice-5.2.0-150300.135.1
* qemu-ui-spice-core-debuginfo-5.2.0-150300.135.1
* qemu-hw-display-qxl-debuginfo-5.2.0-150300.135.1
* qemu-debugsource-5.2.0-150300.135.1
* qemu-chardev-baum-5.2.0-150300.135.1
* qemu-block-curl-debuginfo-5.2.0-150300.135.1
* qemu-debuginfo-5.2.0-150300.135.1
* qemu-guest-agent-debuginfo-5.2.0-150300.135.1
* qemu-guest-agent-5.2.0-150300.135.1
* qemu-block-rbd-5.2.0-150300.135.1
* qemu-block-ssh-debuginfo-5.2.0-150300.135.1
* qemu-ui-gtk-5.2.0-150300.135.1
* qemu-5.2.0-150300.135.1
* qemu-block-iscsi-5.2.0-150300.135.1
* qemu-audio-spice-debuginfo-5.2.0-150300.135.1
* qemu-block-curl-5.2.0-150300.135.1
* qemu-tools-5.2.0-150300.135.1
* qemu-ui-gtk-debuginfo-5.2.0-150300.135.1
* qemu-ksm-5.2.0-150300.135.1
* qemu-ui-spice-app-debuginfo-5.2.0-150300.135.1
* qemu-hw-usb-redirect-debuginfo-5.2.0-150300.135.1
* qemu-ui-curses-debuginfo-5.2.0-150300.135.1
* qemu-ui-spice-app-5.2.0-150300.135.1
* qemu-ui-spice-core-5.2.0-150300.135.1
* qemu-chardev-spice-debuginfo-5.2.0-150300.135.1
* qemu-chardev-baum-debuginfo-5.2.0-150300.135.1
* qemu-block-rbd-debuginfo-5.2.0-150300.135.1
* qemu-block-ssh-5.2.0-150300.135.1
* qemu-audio-spice-5.2.0-150300.135.1
* SUSE Enterprise Storage 7.1 (aarch64)
* qemu-arm-5.2.0-150300.135.1
* qemu-arm-debuginfo-5.2.0-150300.135.1
* SUSE Enterprise Storage 7.1 (noarch)
* qemu-seabios-1.14.0_0_g155821a-150300.135.1
* qemu-vgabios-1.14.0_0_g155821a-150300.135.1
* qemu-ipxe-1.0.0+-150300.135.1
* qemu-sgabios-8-150300.135.1
* SUSE Enterprise Storage 7.1 (x86_64)
* qemu-audio-pa-debuginfo-5.2.0-150300.135.1
* qemu-audio-alsa-debuginfo-5.2.0-150300.135.1
* qemu-audio-alsa-5.2.0-150300.135.1
* qemu-kvm-5.2.0-150300.135.1
* qemu-x86-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.135.1
* qemu-x86-debuginfo-5.2.0-150300.135.1
* qemu-audio-pa-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-pci-5.2.0-150300.135.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* qemu-tools-5.2.0-150300.135.1
* qemu-debugsource-5.2.0-150300.135.1
* qemu-5.2.0-150300.135.1
* qemu-tools-debuginfo-5.2.0-150300.135.1
* qemu-debuginfo-5.2.0-150300.135.1
* SUSE Linux Enterprise Micro 5.1 (aarch64)
* qemu-arm-5.2.0-150300.135.1
* qemu-arm-debuginfo-5.2.0-150300.135.1
* SUSE Linux Enterprise Micro 5.1 (noarch)
* qemu-seabios-1.14.0_0_g155821a-150300.135.1
* qemu-vgabios-1.14.0_0_g155821a-150300.135.1
* qemu-ipxe-1.0.0+-150300.135.1
* qemu-sgabios-8-150300.135.1
* SUSE Linux Enterprise Micro 5.1 (s390x)
* qemu-s390x-debuginfo-5.2.0-150300.135.1
* qemu-s390x-5.2.0-150300.135.1
* SUSE Linux Enterprise Micro 5.1 (x86_64)
* qemu-x86-5.2.0-150300.135.1
* qemu-x86-debuginfo-5.2.0-150300.135.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* qemu-ui-opengl-debuginfo-5.2.0-150300.135.1
* qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.135.1
* qemu-hw-usb-redirect-5.2.0-150300.135.1
* qemu-tools-debuginfo-5.2.0-150300.135.1
* qemu-ui-opengl-5.2.0-150300.135.1
* qemu-hw-display-qxl-5.2.0-150300.135.1
* qemu-hw-display-virtio-vga-5.2.0-150300.135.1
* qemu-chardev-spice-5.2.0-150300.135.1
* qemu-ui-spice-core-debuginfo-5.2.0-150300.135.1
* qemu-hw-display-qxl-debuginfo-5.2.0-150300.135.1
* qemu-debugsource-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.135.1
* qemu-debuginfo-5.2.0-150300.135.1
* qemu-guest-agent-debuginfo-5.2.0-150300.135.1
* qemu-guest-agent-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-5.2.0-150300.135.1
* qemu-5.2.0-150300.135.1
* qemu-audio-spice-debuginfo-5.2.0-150300.135.1
* qemu-tools-5.2.0-150300.135.1
* qemu-hw-usb-redirect-debuginfo-5.2.0-150300.135.1
* qemu-ui-spice-core-5.2.0-150300.135.1
* qemu-chardev-spice-debuginfo-5.2.0-150300.135.1
* qemu-audio-spice-5.2.0-150300.135.1
* SUSE Linux Enterprise Micro 5.2 (aarch64)
* qemu-arm-5.2.0-150300.135.1
* qemu-arm-debuginfo-5.2.0-150300.135.1
* SUSE Linux Enterprise Micro 5.2 (noarch)
* qemu-seabios-1.14.0_0_g155821a-150300.135.1
* qemu-vgabios-1.14.0_0_g155821a-150300.135.1
* qemu-ipxe-1.0.0+-150300.135.1
* qemu-sgabios-8-150300.135.1
* SUSE Linux Enterprise Micro 5.2 (s390x)
* qemu-s390x-debuginfo-5.2.0-150300.135.1
* qemu-s390x-5.2.0-150300.135.1
* SUSE Linux Enterprise Micro 5.2 (x86_64)
* qemu-x86-5.2.0-150300.135.1
* qemu-x86-debuginfo-5.2.0-150300.135.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* qemu-ui-opengl-debuginfo-5.2.0-150300.135.1
* qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.135.1
* qemu-hw-usb-redirect-5.2.0-150300.135.1
* qemu-tools-debuginfo-5.2.0-150300.135.1
* qemu-ui-opengl-5.2.0-150300.135.1
* qemu-hw-display-qxl-5.2.0-150300.135.1
* qemu-hw-display-virtio-vga-5.2.0-150300.135.1
* qemu-chardev-spice-5.2.0-150300.135.1
* qemu-ui-spice-core-debuginfo-5.2.0-150300.135.1
* qemu-hw-display-qxl-debuginfo-5.2.0-150300.135.1
* qemu-debugsource-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.135.1
* qemu-debuginfo-5.2.0-150300.135.1
* qemu-guest-agent-debuginfo-5.2.0-150300.135.1
* qemu-guest-agent-5.2.0-150300.135.1
* qemu-hw-display-virtio-gpu-5.2.0-150300.135.1
* qemu-5.2.0-150300.135.1
* qemu-audio-spice-debuginfo-5.2.0-150300.135.1
* qemu-tools-5.2.0-150300.135.1
* qemu-hw-usb-redirect-debuginfo-5.2.0-150300.135.1
* qemu-ui-spice-core-5.2.0-150300.135.1
* qemu-chardev-spice-debuginfo-5.2.0-150300.135.1
* qemu-audio-spice-5.2.0-150300.135.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64)
* qemu-arm-5.2.0-150300.135.1
* qemu-arm-debuginfo-5.2.0-150300.135.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (noarch)
* qemu-seabios-1.14.0_0_g155821a-150300.135.1
* qemu-vgabios-1.14.0_0_g155821a-150300.135.1
* qemu-ipxe-1.0.0+-150300.135.1
* qemu-sgabios-8-150300.135.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (s390x)
* qemu-s390x-debuginfo-5.2.0-150300.135.1
* qemu-s390x-5.2.0-150300.135.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64)
* qemu-x86-5.2.0-150300.135.1
* qemu-x86-debuginfo-5.2.0-150300.135.1
## References:
* https://www.suse.com/security/cve/CVE-2024-3447.html
* https://www.suse.com/security/cve/CVE-2024-7409.html
* https://www.suse.com/security/cve/CVE-2024-8612.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219722
* https://bugzilla.suse.com/show_bug.cgi?id=1219733
* https://bugzilla.suse.com/show_bug.cgi?id=1222845
* https://bugzilla.suse.com/show_bug.cgi?id=1229007
* https://bugzilla.suse.com/show_bug.cgi?id=1230915
SUSE-SU-2025:0689-1: moderate: Security update for pam_pkcs11
# Security update for pam_pkcs11
Announcement ID: SUSE-SU-2025:0689-1
Release Date: 2025-02-24T12:57:20Z
Rating: moderate
References:
* bsc#1237058
* bsc#1237062
Cross-References:
* CVE-2025-24031
* CVE-2025-24032
CVSS scores:
* CVE-2025-24031 ( SUSE ): 4.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-24031 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-24031 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-24032 ( SUSE ): 7.5
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-24032 ( SUSE ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
* CVE-2025-24032 ( NVD ): 9.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products:
* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves two vulnerabilities can now be installed.
## Description:
This update for pam_pkcs11 fixes the following issues:
* CVE-2025-24032: default value for `cert_policy` (`none`) allows for
authentication bypass (bsc#1237062).
* CVE-2025-24031: uninitialized pointer dereference caused by user pressing
ctrl-c/ctrl-d when asked for PIN leads to crash (bsc#1237058).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-689=1 SUSE-2025-689=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-689=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* pam_pkcs11-debuginfo-0.6.10-150600.16.3.1
* pam_pkcs11-0.6.10-150600.16.3.1
* pam_pkcs11-debugsource-0.6.10-150600.16.3.1
* openSUSE Leap 15.6 (x86_64)
* pam_pkcs11-32bit-debuginfo-0.6.10-150600.16.3.1
* pam_pkcs11-32bit-0.6.10-150600.16.3.1
* openSUSE Leap 15.6 (noarch)
* pam_pkcs11-devel-doc-0.6.10-150600.16.3.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* pam_pkcs11-64bit-0.6.10-150600.16.3.1
* pam_pkcs11-64bit-debuginfo-0.6.10-150600.16.3.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* pam_pkcs11-debuginfo-0.6.10-150600.16.3.1
* pam_pkcs11-0.6.10-150600.16.3.1
* pam_pkcs11-debugsource-0.6.10-150600.16.3.1
* Basesystem Module 15-SP6 (x86_64)
* pam_pkcs11-32bit-debuginfo-0.6.10-150600.16.3.1
* pam_pkcs11-32bit-0.6.10-150600.16.3.1
## References:
* https://www.suse.com/security/cve/CVE-2025-24031.html
* https://www.suse.com/security/cve/CVE-2025-24032.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237058
* https://bugzilla.suse.com/show_bug.cgi?id=1237062
SUSE-SU-2025:0687-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:0687-1
Release Date: 2025-02-24T15:33:20Z
Rating: important
References:
* bsc#1227371
* bsc#1228585
* bsc#1236783
Cross-References:
* CVE-2024-36974
* CVE-2024-40956
* CVE-2024-53104
CVSS scores:
* CVE-2024-36974 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40956 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40956 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves three vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_7 fixes several issues.
The following security issues were fixed:
* CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in
irq_process_work_list (bsc#1228585).
* CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
(bsc#1227371).
* CVE-2024-53104: media: uvcvideo: Skip parsing frames of type
UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-697=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-697=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-687=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-687=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_7-default-debuginfo-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_7-default-9-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_1-debugsource-9-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_7-default-debuginfo-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_7-default-9-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_1-debugsource-9-150600.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_28-debugsource-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_125-default-7-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_28-debugsource-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_125-default-7-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-36974.html
* https://www.suse.com/security/cve/CVE-2024-40956.html
* https://www.suse.com/security/cve/CVE-2024-53104.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227371
* https://bugzilla.suse.com/show_bug.cgi?id=1228585
* https://bugzilla.suse.com/show_bug.cgi?id=1236783
SUSE-SU-2025:0698-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP4)
# Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP4)
Announcement ID: SUSE-SU-2025:0698-1
Release Date: 2025-02-24T16:36:00Z
Rating: important
References:
* bsc#1227320
* bsc#1227371
* bsc#1228585
* bsc#1236783
Cross-References:
* CVE-2024-35789
* CVE-2024-36974
* CVE-2024-40956
* CVE-2024-53104
CVSS scores:
* CVE-2024-35789 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36974 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40956 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40956 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves four vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150400_24_119 fixes several issues.
The following security issues were fixed:
* CVE-2024-35789: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN
changes (bsc#1227320).
* CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in
irq_process_work_list (bsc#1228585).
* CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
(bsc#1227371).
* CVE-2024-53104: media: uvcvideo: Skip parsing frames of type
UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-698=1 SUSE-2025-699=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-698=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-699=1
## Package List:
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_25-debugsource-13-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_26-debugsource-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_119-default-debuginfo-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_116-default-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_119-default-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_116-default-debuginfo-13-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_25-debugsource-13-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_26-debugsource-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_119-default-debuginfo-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_116-default-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_119-default-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_116-default-debuginfo-13-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-35789.html
* https://www.suse.com/security/cve/CVE-2024-36974.html
* https://www.suse.com/security/cve/CVE-2024-40956.html
* https://www.suse.com/security/cve/CVE-2024-53104.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227320
* https://bugzilla.suse.com/show_bug.cgi?id=1227371
* https://bugzilla.suse.com/show_bug.cgi?id=1228585
* https://bugzilla.suse.com/show_bug.cgi?id=1236783
SUSE-SU-2025:0703-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:0703-1
Release Date: 2025-02-24T18:03:39Z
Rating: important
References:
* bsc#1227371
* bsc#1228585
* bsc#1236783
Cross-References:
* CVE-2024-36974
* CVE-2024-40956
* CVE-2024-53104
CVSS scores:
* CVE-2024-36974 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40956 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40956 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves three vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_62 fixes several issues.
The following security issues were fixed:
* CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in
irq_process_work_list (bsc#1228585).
* CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
(bsc#1227371).
* CVE-2024-53104: media: uvcvideo: Skip parsing frames of type
UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-705=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-705=1
* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-703=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-703=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_13-debugsource-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_62-default-debuginfo-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_13-debugsource-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_62-default-debuginfo-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_167-default-debuginfo-8-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_46-debugsource-8-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_167-preempt-debuginfo-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_167-preempt-8-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-36974.html
* https://www.suse.com/security/cve/CVE-2024-40956.html
* https://www.suse.com/security/cve/CVE-2024-53104.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227371
* https://bugzilla.suse.com/show_bug.cgi?id=1228585
* https://bugzilla.suse.com/show_bug.cgi?id=1236783
SUSE-SU-2025:0704-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:0704-1
Release Date: 2025-02-24T17:33:33Z
Rating: important
References:
* bsc#1236783
Cross-References:
* CVE-2024-53104
CVSS scores:
* CVE-2024-53104 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_25 fixes one issue.
The following security issue was fixed:
* CVE-2024-53104: media: uvcvideo: Skip parsing frames of type
UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-701=1 SUSE-2025-704=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-701=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-704=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-702=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-702=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-700=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-700=1
## Package List:
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_47-debugsource-6-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_50-debugsource-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-default-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-default-debuginfo-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-6-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_182-preempt-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-preempt-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-preempt-debuginfo-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-preempt-debuginfo-6-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_47-debugsource-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-default-3-150300.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_31-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-debuginfo-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-4-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_31-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-debuginfo-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-4-150400.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_25-default-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_5-debugsource-4-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_25-default-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_5-debugsource-4-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-53104.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236783
openSUSE-SU-2025:0074-1: moderate: Security update for crun
openSUSE Security Update: Security update for crun
_______________________________
Announcement ID: openSUSE-SU-2025:0074-1
Rating: moderate
References: #1217590 #1218894 #1237421
Cross-References: CVE-2024-21626 CVE-2025-24965
CVSS scores:
CVE-2024-21626 (SUSE): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2025-24965 (SUSE): 6.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________
An update that solves two vulnerabilities and has one
errata is now available.
Description:
This update for crun fixes the following issues:
Update to 1.20:
* krun: fix CVE-2025-24965. The .krun_config.json file could be created
outside of the container rootfs. (bsc#1237421)
* cgroup: reverted the removal of tun/tap from the default allow list,
this was done in crun-1.5. The tun/tap device is now added by default
again.
* CRIU: do not set network_lock unless explicitly specified.
* status: disallow container names containing slashes in their name.
* linux: Improved error message when failing to set the
net.ipv4.ping_group_range sysctl.
* scheduler: Ignore ENOSYS errors when resetting the CPU affinity mask.
* linux: return a better error message when pidfd_open fails with EINVAL.
* cgroup: display the absolute path to cgroup.controllers when a
controller is unavailable.
* exec: always call setsid. Now processes created through exec get the
correct process group id.
Update to 1.19.1:
* linux: fix a hang if there are no reads from the tty. Use non blocking
sockets to read and write from the tty so that the "crun exec" process
doesn't hang when the terminal is not consuming any data.
* linux: remove the workaround needed to mount a cgroup on top of
another cgroup mount. The workaround had the disadvantage to
temporarily leak a mount on the host. The alternative that is
currently used is to mount a temporary tmpfs between the twoo cgroup
mounts.
Update to 1.19:
* wasm: add new handler wamr.
* criu: allow passing network lock method to libcriu.
* linux: honor exec cpu affinity mask.
* build: fix build with musl libc.
* crun: use mount API to self-clone.
* cgroup, systemd: do not override devices on update. If the "update"
request has no device block configured, do not reset the previously
configuration.
* cgroup: handle case where cgroup v1 freezer is disabled. On systems
without the freezer controller, containers were mistakenly reported as
paused.
* cgroup: do not stop process on exec. The cpu mask is configured on the
systemd scope, the previous workaround to stop the container until the
cgroup is fully configured is no longer needed.
- Update to crun v1.18.2 Upstream changelog is available from
( https://github.com/containers/crun/releases/tag/1.18.2)
- Update to crun v1.18. Upstream changelog is available from
( https://github.com/containers/crun/releases/tag/1.18)
Update to 1.17:
* Add --log-level option. It accepts error, warning and error.
* Add debug logs for container creation.
* Fix double-free in crun exec code that could lead to a crash.
* Allow passing an ID to the journald log driver.
* Report "executable not found" errors after tty has been setup.
* Do not treat EPIPE from hooks as an error.
* Make sure DefaultDependencies is correctly set in the systemd scope.
* Improve the error message when the container process is not found.
* Improve error handling for the mnt namespace restoration.
* Fix error handling for getpwuid_r, recvfrom and libcrun_kill_linux.
* Fix handling of device paths with trailing slashes.
- add url for keyring
- enable leap by disabling wasmedge (not packaged for leap)
Upstream release 1.16.1:
- fix a regression introduced by 1.16 where using 'rshared' rootfs mount
propagation and the rootfs itself is a mountpoint.
- inherit user from original process on exec, if not overridden.
Update to 1.16:
- build: fix build for s390x.
- linux: fix mount of special files with rro. Open the mount target with
O_PATH to prevent open(2) failures with special files like FIFOs or UNIX
sockets.
- Fix sd-bus error handling for cpu quota and period props update.
- container: use relative path for rootfs if possible. If the rootfs
cannot be resolved and it is below the current working directory, only
use its relative path.
- wasmedge: access container environment variables for the WasmEdge
configuration.
- cgroup, systemd: use MemoryMax instead of MemoryLimit. Fixes a warning
for using an old configuration name.
- cgroup, systemd: improve checks for sd_bus_message_append errors
New upstream release 1.15:
* fix a mount point leak under /run/crun, add a retry mechanism to
unmount the directory if the removal failed with EBUSY.
* linux: cgroups: fix potential mount leak when /sys/fs/cgroup is
already mounted, causing the posthooks to not run.
* release: build s390x binaries using musl libc.
* features: add support for potentiallyUnsafeConfigAnnotations.
* handlers: add option to load wasi-nn plugin for wasmedge.
* linux: fix "harden chdir()" security measure. The previous check was
not correct.
* crun: add option --keep to the run command. When specified the
container is not automatically deleted when it exits.
New upstream release 1.14.4:
- linux: fix mount of file with recursive flags. Do not assume it is a
directory, but check the source type.
- follow up for 1.14.2. Drop the version check for each command.
- crun: drop check for OCI version. A recent bump in the OCI runtime
specs caused crun to fail with every config file. Just drop the check
since it doesn't add any value.
- there was recently a security vulnerability (CVE-2024-21626) in runc
that allowed a malicious user to chdir(2) to a /proc/*/fd entry that is
outside the container rootfs. While crun is not affected directly,
harden chdir by validating that we are still inside the container
rootfs.
- container: attempt to close all the files before execv(2). if we leak
any fd, it prevents execv to gain access to files outside the container
rootfs through /proc/self/fd/$fd.
- fix a regression caused by 1.14 when installing the ebpf filter on a
kernel older than 5.11.
- cgroup, systemd: fix segfault if the resources block is not specified.
Update to 1.14:
* build: drop dependency on libgcrypt. Use blake3 to compute the cache
key.
* cpuset: don't clobber parent cgroup value when writing the cpuset
value.
* linux: force umask(0). It ensures that the mknodat syscall is not
affected by the umask of the calling process, allowing file
permissions to be set as specified in the OCI configuration.
* ebpf: do not require MEMLOCK for eBPF programs. This requirement was
relaxed in Linux 5.11.
- update to 1.13:
* src: use O_CLOEXEC for all open/openat calls
* cgroup v1: use "max" when pids limit < 0.
* improve error message when idmap mount fails because the underlying
file system has no support for it.
* libcrun: fix compilation when building without libseccomp and libcap.
* fix relative idmapped mount when using the custom annotation.
- New upstream release 1.12:
* add new WebAssembly handler: spin.
* systemd: fallback to system bus if session bus is not available.
* configure the cpu rt and cpuset controllers before joining them to
avoid running temporarily the workload on the wrong cpus.
* preconfigure the cpuset with required resources instead of using the
parent's set. This prevents needless churn in the kernel as it tracks
which CPUs have load balancing disabled.
* try attr//* before the attr/* files. Writes to the attr/* files
may fail if apparmor is not the first "major" LSM in the list
of loaded LSMs (e.g. lsm=apparmor,bpf vs lsm=bpf,apparmor).
- New upstream release 1.11.2:
* fix a regression caused by 1.11.1 where the process crashes if there
are no CPU limits configured on cgroup v1. (boo#1217590)
* fix error code check for the ptsname_r function.
- update to 1.11.1:
* force a remount operation with bind mounts from the host to correctly
set all the mount flags.
* cgroup: honor cpu burst.
* systemd: set CPUQuota and CPUPeriod on the scope cgroup.
* linux: append tmpfs mode if missing for mounts. This is the same
behavior of runc.
* cgroup: always use the user session for rootless.
* support for Intel Resource Director Technology (RDT).
* new mount option "copy-symlink". When provided for a mount, if the
source is a symlink, then it is copied in the container instead of
attempting a mount.
* linux: open mounts before setgroups if in a userns. This solves a
problem where a directory that was previously accessible to the user,
become inaccessible after setgroups causing the bind mount to fail.
- New upstream release 1.9.2:
* cgroup: reset the inherited cpu affinity after moving to cgroup. Old
kernels do that automatically, but new kernels remember the affinity
that was set before the cgroup move, so we need to reset it in order
to honor the cpuset configuration.
- New upstream release 1.9.1:
* utils: ignore ENOTSUP when chmod a symlink. It fixes a problem on
Linux 6.6 that always refuses chmod on a symlink.
* build: fix build on CentOS 7
* linux: add new fallback when mount fails with EBUSY, so that there is
not an additional tmpfs mount if not needed.
* utils: improve error message when a directory cannot be created as a
component of the path is already existing as a non directory.
- Only build with wasmedge on x86_64 & aarch64
- Add crun-wasm symlink for platform 'wasi/wasm'
- Update to 1.9:
* linux: support arbitrary idmapped mounts.
* linux: add support for "ridmap" mount option to support recursive
idmapped mounts.
* crun delete: call systemd's reset-failed.
* linux: fix check for oom_score_adj.
* features: Support mountExtensions.
* linux: correctly handle unknown signal string when it doesn't start
with a digit.
* linux: do not attempt to join again already joined namespace.
* wasmer: use latest wasix API.
- Enable WasmEdge support to run Wasm compat containers.
* linux: idmapped mounts expect the same configuration as mapping. It is
a breaking change, but the behavior was aligned
* cgroup: always delete the cgroup on errors. ?? exec: fix double free
when using --apparmor and
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2025-74=1
Package List:
- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):
crun-1.20-bp156.2.3.1
References:
https://www.suse.com/security/cve/CVE-2024-21626.html
https://www.suse.com/security/cve/CVE-2025-24965.html
https://bugzilla.suse.com/1217590
https://bugzilla.suse.com/1218894
https://bugzilla.suse.com/1237421
