Kernel, Thunderbid, GIT, Xen, Python updates for SUSE

SUSE 5272 Published by

SUSE Linux has announced the release of multiple security updates, which encompass Live Patches for the Linux Kernel, as well as updates for Mozilla Thunderbird, git-lfs, xen, python-Django, and the Linux Kernel:

SUSE-SU-2025:0138-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)
SUSE-SU-2025:0136-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP3)
SUSE-SU-2025:0137-1: important: Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)
openSUSE-SU-2025:14648-1: moderate: MozillaThunderbird-128.6.0-1.1 on GA media
openSUSE-SU-2025:14649-1: moderate: git-lfs-3.6.1-1.1 on GA media
SUSE-SU-2025:0142-1: moderate: Security update for xen
SUSE-SU-2025:0146-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)
SUSE-SU-2025:0144-1: important: Security update for git
SUSE-SU-2025:0149-1: important: Security update for python-Django
SUSE-SU-2025:0150-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP4)




SUSE-SU-2025:0138-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)


# Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:0138-1
Release Date: 2025-01-16T10:35:20Z
Rating: important
References:

* bsc#1223683
* bsc#1225099
* bsc#1225429
* bsc#1225733
* bsc#1225739
* bsc#1225819
* bsc#1227471
* bsc#1228349
* bsc#1228573
* bsc#1228786
* bsc#1229273
* bsc#1229553
* bsc#1232637
* bsc#1233712

Cross-References:

* CVE-2021-47517
* CVE-2021-47598
* CVE-2022-48956
* CVE-2023-52752
* CVE-2023-52846
* CVE-2024-26923
* CVE-2024-35949
* CVE-2024-36899
* CVE-2024-36904
* CVE-2024-40909
* CVE-2024-40954
* CVE-2024-41059
* CVE-2024-43861
* CVE-2024-50264

CVSS scores:

* CVE-2021-47517 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48956 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48956 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35949 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40909 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50264 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves 14 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_68 fixes several issues.

The following security issues were fixed:

* CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer
occurring in vsk->trans (bsc#1233712).
* CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1232637).
* CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool
(bsc#1225429).
* CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
(bsc#1225733).
* CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks
(bsc#1229273).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1231353).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free()
(bsc#1228349).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-138=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-138=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_15-debugsource-7-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_68-default-debuginfo-7-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_68-default-7-150500.11.6.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_15-debugsource-7-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_68-default-debuginfo-7-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_68-default-7-150500.11.6.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47517.html
* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2022-48956.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-35949.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36904.html
* https://www.suse.com/security/cve/CVE-2024-40909.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://www.suse.com/security/cve/CVE-2024-43861.html
* https://www.suse.com/security/cve/CVE-2024-50264.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225429
* https://bugzilla.suse.com/show_bug.cgi?id=1225733
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1228349
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786
* https://bugzilla.suse.com/show_bug.cgi?id=1229273
* https://bugzilla.suse.com/show_bug.cgi?id=1229553
* https://bugzilla.suse.com/show_bug.cgi?id=1232637
* https://bugzilla.suse.com/show_bug.cgi?id=1233712



SUSE-SU-2025:0136-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:0136-1
Release Date: 2025-01-16T10:34:57Z
Rating: important
References:

* bsc#1232637
* bsc#1233712

Cross-References:

* CVE-2022-48956
* CVE-2024-50264

CVSS scores:

* CVE-2022-48956 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48956 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50264 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves two vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_144 fixes several issues.

The following security issues were fixed:

* CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer
occurring in vsk->trans (bsc#1233712).
* CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1232637).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-136=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-136=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_144-default-15-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_39-debugsource-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_144-default-debuginfo-15-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_144-preempt-debuginfo-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_144-preempt-15-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_144-default-15-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-48956.html
* https://www.suse.com/security/cve/CVE-2024-50264.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232637
* https://bugzilla.suse.com/show_bug.cgi?id=1233712



SUSE-SU-2025:0137-1: important: Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:0137-1
Release Date: 2025-01-16T10:35:10Z
Rating: important
References:

* bsc#1210619
* bsc#1223363
* bsc#1223683
* bsc#1225013
* bsc#1225202
* bsc#1225211
* bsc#1225302
* bsc#1225309
* bsc#1225310
* bsc#1225311
* bsc#1225312
* bsc#1225733
* bsc#1225819
* bsc#1226325
* bsc#1227471
* bsc#1227651
* bsc#1228573
* bsc#1229553
* bsc#1232637
* bsc#1233712

Cross-References:

* CVE-2021-47291
* CVE-2021-47378
* CVE-2021-47383
* CVE-2021-47402
* CVE-2021-47598
* CVE-2022-48956
* CVE-2023-1829
* CVE-2023-52752
* CVE-2024-26828
* CVE-2024-26923
* CVE-2024-27398
* CVE-2024-35861
* CVE-2024-35862
* CVE-2024-35864
* CVE-2024-35950
* CVE-2024-36904
* CVE-2024-36964
* CVE-2024-41059
* CVE-2024-43861
* CVE-2024-50264

CVSS scores:

* CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47291 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47402 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48956 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48956 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26828 ( NVD ): 6.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50264 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves 20 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_161 fixes several issues.

The following security issues were fixed:

* CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer
occurring in vsk->trans (bsc#1233712).
* CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1232637).
* CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
(bsc#1225733).
* CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).
* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2021-47291: ipv6: fix another slab-out-of-bounds in
fib6_nh_flush_exceptions (bsc#1227651).
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301)
* CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free
(bsc#1225202).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit
(bsc#1225211).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2023-1829: Fixed a use-after-free vulnerability in the control index
filter (tcindex) (bsc#1210619).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-137=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-137=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_161-default-9-150300.7.6.1
* kernel-livepatch-SLE15-SP3_Update_44-debugsource-9-150300.7.6.1
* kernel-livepatch-5_3_18-150300_59_161-default-debuginfo-9-150300.7.6.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_161-preempt-debuginfo-9-150300.7.6.1
* kernel-livepatch-5_3_18-150300_59_161-preempt-9-150300.7.6.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_161-default-9-150300.7.6.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47291.html
* https://www.suse.com/security/cve/CVE-2021-47378.html
* https://www.suse.com/security/cve/CVE-2021-47383.html
* https://www.suse.com/security/cve/CVE-2021-47402.html
* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2022-48956.html
* https://www.suse.com/security/cve/CVE-2023-1829.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36904.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://www.suse.com/security/cve/CVE-2024-43861.html
* https://www.suse.com/security/cve/CVE-2024-50264.html
* https://bugzilla.suse.com/show_bug.cgi?id=1210619
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225202
* https://bugzilla.suse.com/show_bug.cgi?id=1225211
* https://bugzilla.suse.com/show_bug.cgi?id=1225302
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225733
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1227651
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1229553
* https://bugzilla.suse.com/show_bug.cgi?id=1232637
* https://bugzilla.suse.com/show_bug.cgi?id=1233712



openSUSE-SU-2025:14648-1: moderate: MozillaThunderbird-128.6.0-1.1 on GA media


# MozillaThunderbird-128.6.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:14648-1
Rating: moderate

Cross-References:

* CVE-2025-0237
* CVE-2025-0238
* CVE-2025-0239
* CVE-2025-0240
* CVE-2025-0241
* CVE-2025-0242
* CVE-2025-0243

CVSS scores:

* CVE-2025-0237 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-0238 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-0239 ( SUSE ): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-0240 ( SUSE ): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-0242 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-0243 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 7 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the MozillaThunderbird-128.6.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* MozillaThunderbird 128.6.0-1.1
* MozillaThunderbird-openpgp-librnp 128.6.0-1.1
* MozillaThunderbird-translations-common 128.6.0-1.1
* MozillaThunderbird-translations-other 128.6.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-0237.html
* https://www.suse.com/security/cve/CVE-2025-0238.html
* https://www.suse.com/security/cve/CVE-2025-0239.html
* https://www.suse.com/security/cve/CVE-2025-0240.html
* https://www.suse.com/security/cve/CVE-2025-0241.html
* https://www.suse.com/security/cve/CVE-2025-0242.html
* https://www.suse.com/security/cve/CVE-2025-0243.html



openSUSE-SU-2025:14649-1: moderate: git-lfs-3.6.1-1.1 on GA media


# git-lfs-3.6.1-1.1 on GA media

Announcement ID: openSUSE-SU-2025:14649-1
Rating: moderate

Cross-References:

* CVE-2024-53263

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the git-lfs-3.6.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* git-lfs 3.6.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-53263.html



SUSE-SU-2025:0142-1: moderate: Security update for xen


# Security update for xen

Announcement ID: SUSE-SU-2025:0142-1
Release Date: 2025-01-16T13:20:15Z
Rating: moderate
References:

* bsc#1027519
* bsc#1234282

Cross-References:

* CVE-2024-53241

CVSS scores:

* CVE-2024-53241 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-53241 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for xen fixes the following issues:

* CVE-2024-53241: Xen hypercall page unsafe against speculative attacks
(bsc#1234282).

Bug fixes:

* Update to Xen 4.18.4 security bug fix release (bsc#1027519)
* x86: Prefer ACPI reboot over UEFI ResetSystem() run time service call
* No other changes mentioned in upstream changelog, sources, or webpage

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-142=1 openSUSE-SLE-15.6-2025-142=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-142=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-142=1

## Package List:

* openSUSE Leap 15.6 (aarch64 x86_64 i586)
* xen-tools-domU-4.18.4_02-150600.3.15.2
* xen-debugsource-4.18.4_02-150600.3.15.2
* xen-tools-domU-debuginfo-4.18.4_02-150600.3.15.2
* xen-libs-debuginfo-4.18.4_02-150600.3.15.2
* xen-devel-4.18.4_02-150600.3.15.2
* xen-libs-4.18.4_02-150600.3.15.2
* openSUSE Leap 15.6 (x86_64)
* xen-libs-32bit-debuginfo-4.18.4_02-150600.3.15.2
* xen-libs-32bit-4.18.4_02-150600.3.15.2
* openSUSE Leap 15.6 (aarch64 x86_64)
* xen-tools-debuginfo-4.18.4_02-150600.3.15.2
* xen-tools-4.18.4_02-150600.3.15.2
* xen-doc-html-4.18.4_02-150600.3.15.2
* xen-4.18.4_02-150600.3.15.2
* openSUSE Leap 15.6 (noarch)
* xen-tools-xendomains-wait-disk-4.18.4_02-150600.3.15.2
* openSUSE Leap 15.6 (aarch64_ilp32)
* xen-libs-64bit-4.18.4_02-150600.3.15.2
* xen-libs-64bit-debuginfo-4.18.4_02-150600.3.15.2
* Basesystem Module 15-SP6 (x86_64)
* xen-tools-domU-4.18.4_02-150600.3.15.2
* xen-debugsource-4.18.4_02-150600.3.15.2
* xen-tools-domU-debuginfo-4.18.4_02-150600.3.15.2
* xen-libs-debuginfo-4.18.4_02-150600.3.15.2
* xen-libs-4.18.4_02-150600.3.15.2
* Server Applications Module 15-SP6 (x86_64)
* xen-tools-debuginfo-4.18.4_02-150600.3.15.2
* xen-debugsource-4.18.4_02-150600.3.15.2
* xen-tools-4.18.4_02-150600.3.15.2
* xen-4.18.4_02-150600.3.15.2
* xen-devel-4.18.4_02-150600.3.15.2
* Server Applications Module 15-SP6 (noarch)
* xen-tools-xendomains-wait-disk-4.18.4_02-150600.3.15.2

## References:

* https://www.suse.com/security/cve/CVE-2024-53241.html
* https://bugzilla.suse.com/show_bug.cgi?id=1027519
* https://bugzilla.suse.com/show_bug.cgi?id=1234282



SUSE-SU-2025:0146-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)


# Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:0146-1
Release Date: 2025-01-16T15:03:42Z
Rating: important
References:

* bsc#1223363
* bsc#1223683
* bsc#1225011
* bsc#1225012
* bsc#1225013
* bsc#1225099
* bsc#1225309
* bsc#1225311
* bsc#1225312
* bsc#1225429
* bsc#1225733
* bsc#1225739
* bsc#1225819
* bsc#1226325
* bsc#1226327
* bsc#1227471
* bsc#1228573
* bsc#1228786
* bsc#1229273
* bsc#1229553
* bsc#1232637
* bsc#1233712

Cross-References:

* CVE-2021-47517
* CVE-2021-47598
* CVE-2022-48956
* CVE-2023-52752
* CVE-2023-52846
* CVE-2024-26828
* CVE-2024-26923
* CVE-2024-27398
* CVE-2024-35861
* CVE-2024-35862
* CVE-2024-35863
* CVE-2024-35864
* CVE-2024-35867
* CVE-2024-35905
* CVE-2024-35949
* CVE-2024-36899
* CVE-2024-36904
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059
* CVE-2024-43861
* CVE-2024-50264

CVSS scores:

* CVE-2021-47517 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48956 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48956 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26828 ( NVD ): 6.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35863 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35867 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35905 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35949 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50264 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves 22 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_62 fixes several issues.

The following security issues were fixed:

* CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer
occurring in vsk->trans (bsc#1233712).
* CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1232637).
* CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool
(bsc#1225429).
* CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
(bsc#1225733).
* CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
* CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327).
* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks
(bsc#1229273).
* CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break()
(bsc#1225011).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).
* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1231353).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-146=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-146=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_13-debugsource-8-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_62-default-debuginfo-8-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_62-default-8-150500.11.6.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_13-debugsource-8-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_62-default-debuginfo-8-150500.11.6.1
* kernel-livepatch-5_14_21-150500_55_62-default-8-150500.11.6.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47517.html
* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2022-48956.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35863.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35867.html
* https://www.suse.com/security/cve/CVE-2024-35905.html
* https://www.suse.com/security/cve/CVE-2024-35949.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36904.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://www.suse.com/security/cve/CVE-2024-43861.html
* https://www.suse.com/security/cve/CVE-2024-50264.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225011
* https://bugzilla.suse.com/show_bug.cgi?id=1225012
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225429
* https://bugzilla.suse.com/show_bug.cgi?id=1225733
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1226327
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786
* https://bugzilla.suse.com/show_bug.cgi?id=1229273
* https://bugzilla.suse.com/show_bug.cgi?id=1229553
* https://bugzilla.suse.com/show_bug.cgi?id=1232637
* https://bugzilla.suse.com/show_bug.cgi?id=1233712



SUSE-SU-2025:0144-1: important: Security update for git


# Security update for git

Announcement ID: SUSE-SU-2025:0144-1
Release Date: 2025-01-16T13:30:38Z
Rating: important
References:

* bsc#1235600
* bsc#1235601

Cross-References:

* CVE-2024-50349
* CVE-2024-52006

CVSS scores:

* CVE-2024-50349 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2024-50349 ( NVD ): 2.1
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-52006 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2024-52006 ( NVD ): 2.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves two vulnerabilities can now be installed.

## Description:

This update for git fixes the following issues:

* CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites
(bsc#1235600).
* CVE-2024-52006: Carriage Returns via the credential protocol to credential
helpers (bsc#1235601).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-144=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-144=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-144=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-144=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-144=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-144=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-144=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-144=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-144=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-144=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-144=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-144=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-144=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-144=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-144=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-144=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-144=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* git-web-2.35.3-150300.10.48.1
* git-email-2.35.3-150300.10.48.1
* git-gui-2.35.3-150300.10.48.1
* gitk-2.35.3-150300.10.48.1
* git-daemon-debuginfo-2.35.3-150300.10.48.1
* git-2.35.3-150300.10.48.1
* perl-Git-2.35.3-150300.10.48.1
* git-credential-libsecret-2.35.3-150300.10.48.1
* git-daemon-2.35.3-150300.10.48.1
* git-credential-libsecret-debuginfo-2.35.3-150300.10.48.1
* git-debuginfo-2.35.3-150300.10.48.1
* git-core-2.35.3-150300.10.48.1
* git-debugsource-2.35.3-150300.10.48.1
* git-svn-2.35.3-150300.10.48.1
* git-credential-gnome-keyring-2.35.3-150300.10.48.1
* git-core-debuginfo-2.35.3-150300.10.48.1
* git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.48.1
* git-arch-2.35.3-150300.10.48.1
* git-p4-2.35.3-150300.10.48.1
* git-cvs-2.35.3-150300.10.48.1
* openSUSE Leap 15.3 (noarch)
* git-doc-2.35.3-150300.10.48.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* git-2.35.3-150300.10.48.1
* perl-Git-2.35.3-150300.10.48.1
* git-debugsource-2.35.3-150300.10.48.1
* git-core-2.35.3-150300.10.48.1
* git-debuginfo-2.35.3-150300.10.48.1
* git-core-debuginfo-2.35.3-150300.10.48.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* git-web-2.35.3-150300.10.48.1
* git-email-2.35.3-150300.10.48.1
* git-gui-2.35.3-150300.10.48.1
* git-2.35.3-150300.10.48.1
* perl-Git-2.35.3-150300.10.48.1
* git-daemon-2.35.3-150300.10.48.1
* git-debugsource-2.35.3-150300.10.48.1
* git-core-2.35.3-150300.10.48.1
* git-svn-2.35.3-150300.10.48.1
* git-debuginfo-2.35.3-150300.10.48.1
* git-core-debuginfo-2.35.3-150300.10.48.1
* git-cvs-2.35.3-150300.10.48.1
* git-arch-2.35.3-150300.10.48.1
* gitk-2.35.3-150300.10.48.1
* git-daemon-debuginfo-2.35.3-150300.10.48.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* git-doc-2.35.3-150300.10.48.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* git-web-2.35.3-150300.10.48.1
* git-email-2.35.3-150300.10.48.1
* git-gui-2.35.3-150300.10.48.1
* git-2.35.3-150300.10.48.1
* perl-Git-2.35.3-150300.10.48.1
* git-daemon-2.35.3-150300.10.48.1
* git-debugsource-2.35.3-150300.10.48.1
* git-core-2.35.3-150300.10.48.1
* git-svn-2.35.3-150300.10.48.1
* git-debuginfo-2.35.3-150300.10.48.1
* git-core-debuginfo-2.35.3-150300.10.48.1
* git-cvs-2.35.3-150300.10.48.1
* git-arch-2.35.3-150300.10.48.1
* gitk-2.35.3-150300.10.48.1
* git-daemon-debuginfo-2.35.3-150300.10.48.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* git-doc-2.35.3-150300.10.48.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* git-web-2.35.3-150300.10.48.1
* git-email-2.35.3-150300.10.48.1
* git-gui-2.35.3-150300.10.48.1
* git-2.35.3-150300.10.48.1
* perl-Git-2.35.3-150300.10.48.1
* git-daemon-2.35.3-150300.10.48.1
* git-debugsource-2.35.3-150300.10.48.1
* git-core-2.35.3-150300.10.48.1
* git-svn-2.35.3-150300.10.48.1
* git-debuginfo-2.35.3-150300.10.48.1
* git-core-debuginfo-2.35.3-150300.10.48.1
* git-cvs-2.35.3-150300.10.48.1
* git-arch-2.35.3-150300.10.48.1
* gitk-2.35.3-150300.10.48.1
* git-daemon-debuginfo-2.35.3-150300.10.48.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* git-doc-2.35.3-150300.10.48.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* git-web-2.35.3-150300.10.48.1
* git-email-2.35.3-150300.10.48.1
* git-gui-2.35.3-150300.10.48.1
* git-2.35.3-150300.10.48.1
* perl-Git-2.35.3-150300.10.48.1
* git-daemon-2.35.3-150300.10.48.1
* git-debugsource-2.35.3-150300.10.48.1
* git-core-2.35.3-150300.10.48.1
* git-svn-2.35.3-150300.10.48.1
* git-debuginfo-2.35.3-150300.10.48.1
* git-core-debuginfo-2.35.3-150300.10.48.1
* git-cvs-2.35.3-150300.10.48.1
* git-arch-2.35.3-150300.10.48.1
* gitk-2.35.3-150300.10.48.1
* git-daemon-debuginfo-2.35.3-150300.10.48.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* git-doc-2.35.3-150300.10.48.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* git-web-2.35.3-150300.10.48.1
* git-email-2.35.3-150300.10.48.1
* git-gui-2.35.3-150300.10.48.1
* git-2.35.3-150300.10.48.1
* perl-Git-2.35.3-150300.10.48.1
* git-daemon-2.35.3-150300.10.48.1
* git-debugsource-2.35.3-150300.10.48.1
* git-core-2.35.3-150300.10.48.1
* git-svn-2.35.3-150300.10.48.1
* git-debuginfo-2.35.3-150300.10.48.1
* git-core-debuginfo-2.35.3-150300.10.48.1
* git-cvs-2.35.3-150300.10.48.1
* git-arch-2.35.3-150300.10.48.1
* gitk-2.35.3-150300.10.48.1
* git-daemon-debuginfo-2.35.3-150300.10.48.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* git-doc-2.35.3-150300.10.48.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* git-web-2.35.3-150300.10.48.1
* git-email-2.35.3-150300.10.48.1
* git-gui-2.35.3-150300.10.48.1
* git-2.35.3-150300.10.48.1
* perl-Git-2.35.3-150300.10.48.1
* git-daemon-2.35.3-150300.10.48.1
* git-debugsource-2.35.3-150300.10.48.1
* git-core-2.35.3-150300.10.48.1
* git-svn-2.35.3-150300.10.48.1
* git-debuginfo-2.35.3-150300.10.48.1
* git-core-debuginfo-2.35.3-150300.10.48.1
* git-cvs-2.35.3-150300.10.48.1
* git-arch-2.35.3-150300.10.48.1
* gitk-2.35.3-150300.10.48.1
* git-daemon-debuginfo-2.35.3-150300.10.48.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* git-doc-2.35.3-150300.10.48.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* git-web-2.35.3-150300.10.48.1
* git-email-2.35.3-150300.10.48.1
* git-gui-2.35.3-150300.10.48.1
* git-2.35.3-150300.10.48.1
* perl-Git-2.35.3-150300.10.48.1
* git-daemon-2.35.3-150300.10.48.1
* git-debugsource-2.35.3-150300.10.48.1
* git-core-2.35.3-150300.10.48.1
* git-svn-2.35.3-150300.10.48.1
* git-debuginfo-2.35.3-150300.10.48.1
* git-core-debuginfo-2.35.3-150300.10.48.1
* git-cvs-2.35.3-150300.10.48.1
* git-arch-2.35.3-150300.10.48.1
* gitk-2.35.3-150300.10.48.1
* git-daemon-debuginfo-2.35.3-150300.10.48.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* git-doc-2.35.3-150300.10.48.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* git-web-2.35.3-150300.10.48.1
* git-email-2.35.3-150300.10.48.1
* git-gui-2.35.3-150300.10.48.1
* git-2.35.3-150300.10.48.1
* perl-Git-2.35.3-150300.10.48.1
* git-daemon-2.35.3-150300.10.48.1
* git-debugsource-2.35.3-150300.10.48.1
* git-core-2.35.3-150300.10.48.1
* git-svn-2.35.3-150300.10.48.1
* git-debuginfo-2.35.3-150300.10.48.1
* git-core-debuginfo-2.35.3-150300.10.48.1
* git-cvs-2.35.3-150300.10.48.1
* git-arch-2.35.3-150300.10.48.1
* gitk-2.35.3-150300.10.48.1
* git-daemon-debuginfo-2.35.3-150300.10.48.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* git-doc-2.35.3-150300.10.48.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* git-web-2.35.3-150300.10.48.1
* git-email-2.35.3-150300.10.48.1
* git-gui-2.35.3-150300.10.48.1
* git-2.35.3-150300.10.48.1
* perl-Git-2.35.3-150300.10.48.1
* git-daemon-2.35.3-150300.10.48.1
* git-debugsource-2.35.3-150300.10.48.1
* git-core-2.35.3-150300.10.48.1
* git-svn-2.35.3-150300.10.48.1
* git-debuginfo-2.35.3-150300.10.48.1
* git-core-debuginfo-2.35.3-150300.10.48.1
* git-cvs-2.35.3-150300.10.48.1
* git-arch-2.35.3-150300.10.48.1
* gitk-2.35.3-150300.10.48.1
* git-daemon-debuginfo-2.35.3-150300.10.48.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* git-doc-2.35.3-150300.10.48.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* git-web-2.35.3-150300.10.48.1
* git-email-2.35.3-150300.10.48.1
* git-gui-2.35.3-150300.10.48.1
* git-2.35.3-150300.10.48.1
* perl-Git-2.35.3-150300.10.48.1
* git-daemon-2.35.3-150300.10.48.1
* git-debugsource-2.35.3-150300.10.48.1
* git-core-2.35.3-150300.10.48.1
* git-svn-2.35.3-150300.10.48.1
* git-debuginfo-2.35.3-150300.10.48.1
* git-core-debuginfo-2.35.3-150300.10.48.1
* git-cvs-2.35.3-150300.10.48.1
* git-arch-2.35.3-150300.10.48.1
* gitk-2.35.3-150300.10.48.1
* git-daemon-debuginfo-2.35.3-150300.10.48.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* git-doc-2.35.3-150300.10.48.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* git-web-2.35.3-150300.10.48.1
* git-email-2.35.3-150300.10.48.1
* git-gui-2.35.3-150300.10.48.1
* git-2.35.3-150300.10.48.1
* perl-Git-2.35.3-150300.10.48.1
* git-daemon-2.35.3-150300.10.48.1
* git-debugsource-2.35.3-150300.10.48.1
* git-core-2.35.3-150300.10.48.1
* git-svn-2.35.3-150300.10.48.1
* git-debuginfo-2.35.3-150300.10.48.1
* git-core-debuginfo-2.35.3-150300.10.48.1
* git-cvs-2.35.3-150300.10.48.1
* git-arch-2.35.3-150300.10.48.1
* gitk-2.35.3-150300.10.48.1
* git-daemon-debuginfo-2.35.3-150300.10.48.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* git-doc-2.35.3-150300.10.48.1
* SUSE Manager Proxy 4.3 (x86_64)
* git-debuginfo-2.35.3-150300.10.48.1
* git-core-2.35.3-150300.10.48.1
* git-core-debuginfo-2.35.3-150300.10.48.1
* git-debugsource-2.35.3-150300.10.48.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* git-debuginfo-2.35.3-150300.10.48.1
* git-core-2.35.3-150300.10.48.1
* git-core-debuginfo-2.35.3-150300.10.48.1
* git-debugsource-2.35.3-150300.10.48.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* git-debuginfo-2.35.3-150300.10.48.1
* git-core-2.35.3-150300.10.48.1
* git-core-debuginfo-2.35.3-150300.10.48.1
* git-debugsource-2.35.3-150300.10.48.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* git-web-2.35.3-150300.10.48.1
* git-email-2.35.3-150300.10.48.1
* git-gui-2.35.3-150300.10.48.1
* git-2.35.3-150300.10.48.1
* perl-Git-2.35.3-150300.10.48.1
* git-daemon-2.35.3-150300.10.48.1
* git-debugsource-2.35.3-150300.10.48.1
* git-core-2.35.3-150300.10.48.1
* git-svn-2.35.3-150300.10.48.1
* git-debuginfo-2.35.3-150300.10.48.1
* git-core-debuginfo-2.35.3-150300.10.48.1
* git-cvs-2.35.3-150300.10.48.1
* git-arch-2.35.3-150300.10.48.1
* gitk-2.35.3-150300.10.48.1
* git-daemon-debuginfo-2.35.3-150300.10.48.1
* SUSE Enterprise Storage 7.1 (noarch)
* git-doc-2.35.3-150300.10.48.1

## References:

* https://www.suse.com/security/cve/CVE-2024-50349.html
* https://www.suse.com/security/cve/CVE-2024-52006.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235600
* https://bugzilla.suse.com/show_bug.cgi?id=1235601



SUSE-SU-2025:0149-1: important: Security update for python-Django


# Security update for python-Django

Announcement ID: SUSE-SU-2025:0149-1
Release Date: 2025-01-16T17:03:46Z
Rating: important
References:

* bsc#1235856

Cross-References:

* CVE-2024-56374

CVSS scores:

* CVE-2024-56374 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56374 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56374 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for python-Django fixes the following issues:

* CVE-2024-56374: Fixed lack of upper bound limit enforcement in strings when
performing IPv6 validation that could lead to denial of service
(bsc#1235856)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-149=1 openSUSE-SLE-15.6-2025-149=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-149=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* python311-Django-4.2.11-150600.3.15.1
* SUSE Package Hub 15 15-SP6 (noarch)
* python311-Django-4.2.11-150600.3.15.1

## References:

* https://www.suse.com/security/cve/CVE-2024-56374.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235856



SUSE-SU-2025:0150-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:0150-1
Release Date: 2025-01-16T17:33:50Z
Rating: important
References:

* bsc#1220145
* bsc#1221302
* bsc#1222882
* bsc#1223059
* bsc#1223363
* bsc#1223514
* bsc#1223521
* bsc#1223681
* bsc#1223683
* bsc#1225011
* bsc#1225012
* bsc#1225013
* bsc#1225099
* bsc#1225309
* bsc#1225310
* bsc#1225311
* bsc#1225312
* bsc#1225313
* bsc#1225733
* bsc#1225739
* bsc#1225819
* bsc#1226325
* bsc#1226327
* bsc#1227471
* bsc#1228573
* bsc#1228786
* bsc#1229553
* bsc#1231353
* bsc#1232637
* bsc#1233712

Cross-References:

* CVE-2021-47598
* CVE-2022-48651
* CVE-2022-48662
* CVE-2022-48956
* CVE-2023-52752
* CVE-2023-52846
* CVE-2024-23307
* CVE-2024-26610
* CVE-2024-26766
* CVE-2024-26828
* CVE-2024-26852
* CVE-2024-26923
* CVE-2024-26930
* CVE-2024-27398
* CVE-2024-35817
* CVE-2024-35861
* CVE-2024-35862
* CVE-2024-35863
* CVE-2024-35864
* CVE-2024-35867
* CVE-2024-35905
* CVE-2024-35950
* CVE-2024-36899
* CVE-2024-36904
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059
* CVE-2024-43861
* CVE-2024-50264

CVSS scores:

* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48956 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48956 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-26610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26766 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26828 ( NVD ): 6.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26852 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35863 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35867 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35905 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50264 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves 29 vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_116 fixes several issues.

The following security issues were fixed:

* CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer
occurring in vsk->trans (bsc#1233712).
* CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1232637).
* CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
(bsc#1225733).
* CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
* CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327).
* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break()
(bsc#1225011).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).
* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1231353).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2022-48662: Fixed a general protection fault (GPF) in
i915_perf_open_ioctl (bsc#1223521).
* CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
and ARM md, raid, raid5 modules (bsc#1220145).
* CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify()
(bsc#1223059).
* CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302).
* CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
skb->mac_header (bsc#1223514).
* CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs()
(bsc#1222882).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-150=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-150=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_25-debugsource-10-150400.9.8.1
* kernel-livepatch-5_14_21-150400_24_116-default-debuginfo-10-150400.9.8.1
* kernel-livepatch-5_14_21-150400_24_116-default-10-150400.9.8.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_25-debugsource-10-150400.9.8.1
* kernel-livepatch-5_14_21-150400_24_116-default-debuginfo-10-150400.9.8.1
* kernel-livepatch-5_14_21-150400_24_116-default-10-150400.9.8.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2022-48651.html
* https://www.suse.com/security/cve/CVE-2022-48662.html
* https://www.suse.com/security/cve/CVE-2022-48956.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2024-23307.html
* https://www.suse.com/security/cve/CVE-2024-26610.html
* https://www.suse.com/security/cve/CVE-2024-26766.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26852.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-26930.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35817.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35863.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35867.html
* https://www.suse.com/security/cve/CVE-2024-35905.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36904.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://www.suse.com/security/cve/CVE-2024-43861.html
* https://www.suse.com/security/cve/CVE-2024-50264.html
* https://bugzilla.suse.com/show_bug.cgi?id=1220145
* https://bugzilla.suse.com/show_bug.cgi?id=1221302
* https://bugzilla.suse.com/show_bug.cgi?id=1222882
* https://bugzilla.suse.com/show_bug.cgi?id=1223059
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223514
* https://bugzilla.suse.com/show_bug.cgi?id=1223521
* https://bugzilla.suse.com/show_bug.cgi?id=1223681
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225011
* https://bugzilla.suse.com/show_bug.cgi?id=1225012
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225313
* https://bugzilla.suse.com/show_bug.cgi?id=1225733
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1226327
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786
* https://bugzilla.suse.com/show_bug.cgi?id=1229553
* https://bugzilla.suse.com/show_bug.cgi?id=1231353
* https://bugzilla.suse.com/show_bug.cgi?id=1232637
* https://bugzilla.suse.com/show_bug.cgi?id=1233712


JBoss, Tuned, NetworkManager, Submariner, VolSync, .NET updates for RHEL

.NET, Python, LibXML2, HarfBuzz, Poppler, Audacity, tqdm, Rsync, GIMP, BCEL updates for Ubuntu

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...