SUSE-SU-2025:0590-1: important: Security update for netty, netty-tcnative
SUSE-SU-2025:0591-1: moderate: Security update for ucode-intel
openSUSE-SU-2025:14821-1: moderate: ruby3.4-rubygem-grpc-1.70.1-1.1 on GA media
openSUSE-SU-2025:14818-1: moderate: kubernetes1.31-apiserver-1.31.6-1.1 on GA media
openSUSE-SU-2025:14815-1: moderate: google-osconfig-agent-20250115.01-2.1 on GA media
openSUSE-SU-2025:14819-1: moderate: kubernetes1.32-apiserver-1.32.2-1.1 on GA media
openSUSE-SU-2025:14820-1: moderate: openssh-9.9p2-1.1 on GA media
openSUSE-SU-2025:14816-1: moderate: kubernetes1.29-apiserver-1.29.14-1.1 on GA media
openSUSE-SU-2025:14817-1: moderate: kubernetes1.30-apiserver-1.30.10-1.1 on GA media
openSUSE-SU-2025:0067-1: important: Security update for java-17-openj9
SUSE-SU-2025:0590-1: important: Security update for netty, netty-tcnative
# Security update for netty, netty-tcnative
Announcement ID: SUSE-SU-2025:0590-1
Release Date: 2025-02-19T10:34:42Z
Rating: important
References:
* bsc#1237037
* bsc#1237038
Cross-References:
* CVE-2025-24970
* CVE-2025-25193
CVSS scores:
* CVE-2025-24970 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-24970 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-25193 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-25193 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Development Tools Module 15-SP6
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6
An update that solves two vulnerabilities can now be installed.
## Description:
This update for netty, netty-tcnative fixes the following issues:
* CVE-2025-24970: incorrect validation of packets by SslHandler can lead to a
native crash. (bsc#1237037)
* CVE-2025-25193: unsafe reading of environment files can lead to an
application crash. (bsc#1237038)
Update to netty version 4.1.118 and netty-tcnative version 2.0.70 Final.
Other fixes:
* Fix recycling in CodecOutputList.
* StreamBufferingEncoder: do not send header frame with priority by default.
* Notify event loop termination future of unexpected exceptions.
* Fix AccessControlException in GlobalEventExecutor.
* AdaptivePoolingAllocator: round chunk sizes up and reduce chunk release
frequency.
* Support BouncyCastle FIPS for reading PEM files.
* Dns: correctly encode DnsPtrRecord.
* Provide Brotli settings without com.aayushatharva.brotli4j dependency.
* Make DefaultResourceLeak more resilient against OOM.
* OpenSslSession: add support to defensively check for peer certs.
* SslHandler: ensure buffers are never leaked when wrap(...) produces
SSLException.
* Correcly handle comments appended to nameserver declarations.
* PcapWriteHandler: apply fixes so that the handler can append to an existing
PCAP file when writing the global header.
* PcapWriteHandler: allow output of PCAP files larger than 2GB.
* Fix bugs in BoundedInputStream.
* Fix HTTP header validation bug.
* AdaptivePoolingAllocator: fix possible race condition in method
offerToQueue(...).
* AdaptivePoolingAllocator: make sure the sentinel object
Magazine.MAGAZINE_FREED not be replaced.
* Only try to use Zstd and Brotli if the native libs can be loaded.
* Bump BlockHound version to 1.0.10.RELEASE.
* Add details to TooLongFrameException message.
* AdaptivePoolingAllocator: correctly reuse chunks.
* AdaptivePoolingAllocator: don't fail when we run on a host with 1 core.
* AdaptivePoolingAllocator: correctly re-use central queue chunks and avoid
OOM issue.
* Fix several memory management (leaks and missing checks) issues.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-590=1
* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-590=1
* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-590=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-590=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-590=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-590=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-590=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-590=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-590=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-590=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-590=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-590=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-590=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-590=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-590=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* netty-4.1.118-150200.4.29.2
* netty-tcnative-2.0.70-150200.3.25.1
* openSUSE Leap 15.6 (noarch)
* netty-javadoc-4.1.118-150200.4.29.2
* netty-tcnative-javadoc-2.0.70-150200.3.25.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* netty-tcnative-2.0.70-150200.3.25.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* netty-4.1.118-150200.4.29.2
* SUSE Package Hub 15 15-SP6 (noarch)
* netty-javadoc-4.1.118-150200.4.29.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* netty-tcnative-2.0.70-150200.3.25.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* netty-tcnative-2.0.70-150200.3.25.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* netty-tcnative-2.0.70-150200.3.25.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* netty-tcnative-2.0.70-150200.3.25.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* netty-tcnative-2.0.70-150200.3.25.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* netty-tcnative-2.0.70-150200.3.25.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* netty-tcnative-2.0.70-150200.3.25.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* netty-tcnative-2.0.70-150200.3.25.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* netty-tcnative-2.0.70-150200.3.25.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* netty-tcnative-2.0.70-150200.3.25.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* netty-tcnative-2.0.70-150200.3.25.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* netty-tcnative-2.0.70-150200.3.25.1
## References:
* https://www.suse.com/security/cve/CVE-2025-24970.html
* https://www.suse.com/security/cve/CVE-2025-25193.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237037
* https://bugzilla.suse.com/show_bug.cgi?id=1237038
SUSE-SU-2025:0591-1: moderate: Security update for ucode-intel
# Security update for ucode-intel
Announcement ID: SUSE-SU-2025:0591-1
Release Date: 2025-02-19T10:35:47Z
Rating: moderate
References:
* bsc#1237096
Cross-References:
* CVE-2024-31068
* CVE-2024-36293
* CVE-2024-37020
* CVE-2024-39355
CVSS scores:
* CVE-2024-31068 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-31068 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-31068 ( NVD ): 5.6
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-31068 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-36293 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-36293 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-36293 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-36293 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-37020 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-37020 ( SUSE ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
* CVE-2024-37020 ( NVD ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-37020 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
* CVE-2024-37020 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
* CVE-2024-39355 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-39355 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-39355 ( NVD ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-39355 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves four vulnerabilities can now be installed.
## Description:
This update for ucode-intel fixes the following issues:
* Intel CPU Microcode was updated to the 20250211 release (bsc#1237096)
* CVE-2024-31068: Improper Finite State Machines (FSMs) in Hardware Logic for
some Intel Processors may allow privileged user to potentially enable denial
of service via local access.
* CVE-2024-36293: A potential security vulnerability in some Intel Software
Guard Extensions (Intel SGX) Platforms may allow denial of service. Intel is
releasing microcode updates to mitigate this potential vulnerability.
* CVE-2024-39355: A potential security vulnerability in some 13th and 14th
Generation Intel Core Processors may allow denial of service. Intel is
releasing microcode and UEFI reference code updates to mitigate this
potential vulnerability.
* CVE-2024-37020: A potential security vulnerability in the Intel Data
Streaming Accelerator (Intel DSA) for some Intel Xeon Processors may allow
denial of service. Intel is releasing software updates to mitigate this
potential vulnerability.
* New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver |
Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SRF-SP | C0 | 06-af-03/01 | | 03000330 | Xeon 6700-Series Processors with
E-Cores ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver |
New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000037 | 00000038 | Core Gen12 | ADL | H0 |
06-97-05/07 | 00000037 | 00000038 | Core Gen12 | ADL | L0 | 06-9a-03/80 |
00000435 | 00000436 | Core Gen12 | ADL | R0 | 06-9a-04/80 | 00000435 |
00000436 | Core Gen12 | ADL-N | N0 | 06-be-00/19 | 0000001a | 0000001c |
Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AZB |
A0/R0 | 06-9a-04/40 | 00000007 | 00000009 | Intel(R) Atom(R) C1100 | CFL-H |
R0 | 06-9e-0d/22 | 00000100 | 00000102 | Core Gen9 Mobile | CFL-H/S/E3 | U0
| 06-9e-0a/22 | 000000f8 | 000000fa | Core Gen8 Desktop, Mobile, Xeon E |
EMR-SP | A0 | 06-cf-01/87 | 21000283 | 21000291 | Xeon Scalable Gen5 | EMR-
SP | A1 | 06-cf-02/87 | 21000283 | 21000291 | Xeon Scalable Gen5 | ICL-D |
B0 | 06-6c-01/10 | 010002b0 | 010002c0 | Xeon D-17xx, D-27xx | ICX-SP |
Dx/M1 | 06-6a-06/87 | 0d0003e7 | 0d0003f5 | Xeon Scalable Gen3 | RPL-E/HX/S
| B0 | 06-b7-01/32 | 0000012b | 0000012c | Core Gen13/Gen14 | RPL-H/P/PX 6+8
| J0 | 06-ba-02/e0 | 00004123 | 00004124 | Core Gen13 | RPL-HX/S | C0 |
06-bf-02/07 | 00000037 | 00000038 | Core Gen13/Gen14 | RPL-U 2+8 | Q0 |
06-ba-03/e0 | 00004123 | 00004124 | Core Gen13 | RPL-S | H0 | 06-bf-05/07 |
00000037 | 00000038 | Core Gen13/Gen14 | RKL-S | B0 | 06-a7-01/02 | 00000062
| 00000063 | Core Gen11 | SPR-HBM | Bx | 06-8f-08/10 | 2c000390 | 2c0003e0 |
Xeon Max | SPR-SP | E4/S2 | 06-8f-07/87 | 2b000603 | 2b000620 | Xeon
Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b000603 | 2b000620 | Xeon
Scalable Gen4 | TWL | N0 | 06-be-00/19 | 0000001a | 0000001c | Core
i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E ### New
Disclosures Updated in Prior Releases | Processor | Stepping | F-M-S/PI |
Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-591=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-591=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-591=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-591=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-591=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-591=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-591=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-591=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-591=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-591=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-591=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-591=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-591=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-591=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-591=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-591=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-591=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-591=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-591=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-591=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-591=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-591=1
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-591=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-591=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-591=1
## Package List:
* openSUSE Leap 15.6 (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Linux Enterprise Micro 5.3 (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Linux Enterprise Micro 5.4 (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* ucode-intel-20250211-150200.53.1
* Basesystem Module 15-SP6 (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Manager Proxy 4.3 (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Manager Server 4.3 (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Enterprise Storage 7.1 (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Linux Enterprise Micro 5.1 (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Linux Enterprise Micro 5.2 (x86_64)
* ucode-intel-20250211-150200.53.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64)
* ucode-intel-20250211-150200.53.1
## References:
* https://www.suse.com/security/cve/CVE-2024-31068.html
* https://www.suse.com/security/cve/CVE-2024-36293.html
* https://www.suse.com/security/cve/CVE-2024-37020.html
* https://www.suse.com/security/cve/CVE-2024-39355.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237096
openSUSE-SU-2025:14821-1: moderate: ruby3.4-rubygem-grpc-1.70.1-1.1 on GA media
# ruby3.4-rubygem-grpc-1.70.1-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14821-1
Rating: moderate
Cross-References:
* CVE-2023-0286
CVSS scores:
* CVE-2023-0286 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the ruby3.4-rubygem-grpc-1.70.1-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* ruby3.4-rubygem-grpc 1.70.1-1.1
## References:
* https://www.suse.com/security/cve/CVE-2023-0286.html
openSUSE-SU-2025:14818-1: moderate: kubernetes1.31-apiserver-1.31.6-1.1 on GA media
# kubernetes1.31-apiserver-1.31.6-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14818-1
Rating: moderate
Cross-References:
* CVE-2025-0426
CVSS scores:
* CVE-2025-0426 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-0426 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the kubernetes1.31-apiserver-1.31.6-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* kubernetes1.31-apiserver 1.31.6-1.1
* kubernetes1.31-client 1.31.6-1.1
* kubernetes1.31-client-bash-completion 1.31.6-1.1
* kubernetes1.31-client-common 1.31.6-1.1
* kubernetes1.31-client-fish-completion 1.31.6-1.1
* kubernetes1.31-controller-manager 1.31.6-1.1
* kubernetes1.31-kubeadm 1.31.6-1.1
* kubernetes1.31-kubelet 1.31.6-1.1
* kubernetes1.31-kubelet-common 1.31.6-1.1
* kubernetes1.31-proxy 1.31.6-1.1
* kubernetes1.31-scheduler 1.31.6-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-0426.html
openSUSE-SU-2025:14815-1: moderate: google-osconfig-agent-20250115.01-2.1 on GA media
# google-osconfig-agent-20250115.01-2.1 on GA media
Announcement ID: openSUSE-SU-2025:14815-1
Rating: moderate
Cross-References:
* CVE-2024-45339
CVSS scores:
* CVE-2024-45339 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-45339 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the google-osconfig-agent-20250115.01-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* google-osconfig-agent 20250115.01-2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-45339.html
openSUSE-SU-2025:14819-1: moderate: kubernetes1.32-apiserver-1.32.2-1.1 on GA media
# kubernetes1.32-apiserver-1.32.2-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14819-1
Rating: moderate
Cross-References:
* CVE-2025-0426
CVSS scores:
* CVE-2025-0426 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-0426 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the kubernetes1.32-apiserver-1.32.2-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* kubernetes1.32-apiserver 1.32.2-1.1
* kubernetes1.32-client 1.32.2-1.1
* kubernetes1.32-client-bash-completion 1.32.2-1.1
* kubernetes1.32-client-common 1.32.2-1.1
* kubernetes1.32-client-fish-completion 1.32.2-1.1
* kubernetes1.32-controller-manager 1.32.2-1.1
* kubernetes1.32-kubeadm 1.32.2-1.1
* kubernetes1.32-kubelet 1.32.2-1.1
* kubernetes1.32-kubelet-common 1.32.2-1.1
* kubernetes1.32-proxy 1.32.2-1.1
* kubernetes1.32-scheduler 1.32.2-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-0426.html
openSUSE-SU-2025:14820-1: moderate: openssh-9.9p2-1.1 on GA media
# openssh-9.9p2-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14820-1
Rating: moderate
Cross-References:
* CVE-2025-26465
* CVE-2025-26466
CVSS scores:
* CVE-2025-26465 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2025-26466 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-26466 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 2 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the openssh-9.9p2-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* openssh 9.9p2-1.1
* openssh-cavs 9.9p2-1.1
* openssh-clients 9.9p2-1.1
* openssh-common 9.9p2-1.1
* openssh-fips 9.9p2-1.1
* openssh-helpers 9.9p2-1.1
* openssh-server 9.9p2-1.1
* openssh-server-config-rootlogin 9.9p2-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-26465.html
* https://www.suse.com/security/cve/CVE-2025-26466.html
openSUSE-SU-2025:14816-1: moderate: kubernetes1.29-apiserver-1.29.14-1.1 on GA media
# kubernetes1.29-apiserver-1.29.14-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14816-1
Rating: moderate
Cross-References:
* CVE-2025-0426
CVSS scores:
* CVE-2025-0426 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-0426 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the kubernetes1.29-apiserver-1.29.14-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* kubernetes1.29-apiserver 1.29.14-1.1
* kubernetes1.29-client 1.29.14-1.1
* kubernetes1.29-client-bash-completion 1.29.14-1.1
* kubernetes1.29-client-common 1.29.14-1.1
* kubernetes1.29-client-fish-completion 1.29.14-1.1
* kubernetes1.29-controller-manager 1.29.14-1.1
* kubernetes1.29-kubeadm 1.29.14-1.1
* kubernetes1.29-kubelet 1.29.14-1.1
* kubernetes1.29-kubelet-common 1.29.14-1.1
* kubernetes1.29-proxy 1.29.14-1.1
* kubernetes1.29-scheduler 1.29.14-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-0426.html
openSUSE-SU-2025:14817-1: moderate: kubernetes1.30-apiserver-1.30.10-1.1 on GA media
# kubernetes1.30-apiserver-1.30.10-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14817-1
Rating: moderate
Cross-References:
* CVE-2025-0426
CVSS scores:
* CVE-2025-0426 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-0426 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the kubernetes1.30-apiserver-1.30.10-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* kubernetes1.30-apiserver 1.30.10-1.1
* kubernetes1.30-client 1.30.10-1.1
* kubernetes1.30-client-bash-completion 1.30.10-1.1
* kubernetes1.30-client-common 1.30.10-1.1
* kubernetes1.30-client-fish-completion 1.30.10-1.1
* kubernetes1.30-controller-manager 1.30.10-1.1
* kubernetes1.30-kubeadm 1.30.10-1.1
* kubernetes1.30-kubelet 1.30.10-1.1
* kubernetes1.30-kubelet-common 1.30.10-1.1
* kubernetes1.30-proxy 1.30.10-1.1
* kubernetes1.30-scheduler 1.30.10-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-0426.html
openSUSE-SU-2025:0067-1: important: Security update for java-17-openj9
openSUSE Security Update: Security update for java-17-openj9
_______________________________
Announcement ID: openSUSE-SU-2025:0067-1
Rating: important
References: #1204468 #1204471 #1204472 #1204473 #1204475
#1204480 #1204703 #1206549 #1207246 #1207248
#1207922 #1210628 #1210631 #1210632 #1210634
#1210635 #1210636 #1210637 #1211615 #1213470
#1213473 #1213474 #1213475 #1213479 #1213481
#1213482 #1216339 #1216374 #1217214 #1218903
#1218905 #1218907 #1218908 #1218909 #1218911
#1222979 #1222983 #1222986 #1222987 #1228046
#1228047 #1228048 #1228051 #1228052 #1231702
#1231711 #1231716 #1231719 #1236278 #1236804
Cross-References: CVE-2022-21618 CVE-2022-21619 CVE-2022-21624
CVE-2022-21626 CVE-2022-21628 CVE-2022-3676
CVE-2022-39399 CVE-2023-21835 CVE-2023-21843
CVE-2023-21930 CVE-2023-21937 CVE-2023-21938
CVE-2023-21939 CVE-2023-21954 CVE-2023-21967
CVE-2023-21968 CVE-2023-22006 CVE-2023-22025
CVE-2023-22036 CVE-2023-22041 CVE-2023-22044
CVE-2023-22045 CVE-2023-22049 CVE-2023-22081
CVE-2023-25193 CVE-2023-2597 CVE-2023-5676
CVE-2024-20918 CVE-2024-20919 CVE-2024-20921
CVE-2024-20932 CVE-2024-20945 CVE-2024-20952
CVE-2024-21011 CVE-2024-21012 CVE-2024-21068
CVE-2024-21094 CVE-2024-21131 CVE-2024-21138
CVE-2024-21140 CVE-2024-21145 CVE-2024-21147
CVE-2024-21208 CVE-2024-21210 CVE-2024-21217
CVE-2024-21235 CVE-2025-21502
CVSS scores:
CVE-2022-21618 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21619 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21624 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21626 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-21628 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-3676 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2022-39399 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2023-21835 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2023-21843 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2023-21930 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2023-21937 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2023-21938 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2023-21939 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2023-21954 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2023-21967 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-21968 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2023-22006 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-22025 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2023-22036 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2023-22041 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2023-22044 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2023-22045 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2023-22049 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2023-22081 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2023-25193 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-2597 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-5676 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2024-20918 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2024-20919 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2024-20921 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2024-20932 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2024-20945 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2024-20952 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2024-21011 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2024-21012 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2024-21068 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2024-21094 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2024-21131 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2024-21138 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2024-21140 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2024-21145 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2024-21147 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2024-21208 (SUSE): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVE-2024-21210 (SUSE): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
CVE-2024-21217 (SUSE): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVE-2024-21235 (SUSE): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
CVE-2025-21502 (SUSE): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________
An update that solves 47 vulnerabilities and has three
fixes is now available.
Description:
This update for java-17-openj9 fixes the following issues:
- Update to OpenJDK 17.0.14 with OpenJ9 0.49.0 virtual machine
- Including Oracle October 2024 and January 2025 CPU changes
* CVE-2024-21208 (boo#1231702), CVE-2024-21210 (boo#1231711),
CVE-2024-21217 (boo#1231716), CVE-2024-21235 (boo#1231719),
CVE-2025-21502 (boo#1236278)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.49/
- Update to OpenJDK 17.0.12 with OpenJ9 0.46.0 virtual machine
- Including Oracle July 2024 CPU changes
* CVE-2024-21131 (boo#1228046), CVE-2024-21138 (boo#1228047),
CVE-2024-21140 (boo#1228048), CVE-2024-21147 (boo#1228052),
CVE-2024-21145 (boo#1228051)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.46/
- Update to OpenJDK 17.0.11 with OpenJ9 0.44.0 virtual machine
- Including Oracle April 2024 CPU changes
* CVE-2024-21012 (boo#1222987), CVE-2024-21094 (boo#1222986),
CVE-2024-21011 (boo#1222979), CVE-2024-21068 (boo#1222983)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.44/
- Update to OpenJDK 17.0.10 with OpenJ9 0.43.0 virtual machine
- Including Oracle January 2024 CPU changes
* CVE-2024-20918 (boo#1218907), CVE-2024-20919 (boo#1218903),
CVE-2024-20921 (boo#1218905), CVE-2024-20932 (boo#1218908),
CVE-2024-20945 (boo#1218909), CVE-2024-20952 (boo#1218911)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.43/
- Update to OpenJDK 17.0.9 with OpenJ9 0.41.0 virtual machine
- Including Oracle October 2023 CPU changes
* CVE-2023-22081, boo#1216374
* CVE-2023-22025, boo#1216339
- Including Openj9 0.41.0 fixes of CVE-2023-5676, boo#1217214
* For other OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.41
- Update to OpenJDK 17.0.8.1 with OpenJ9 0.40.0 virtual machine
* JDK-8313765: Invalid CEN header (invalid zip64 extra data field size)
- Update to OpenJDK 17.0.8 with OpenJ9 0.40.0 virtual machine
- Including Oracle July 2023 CPU changes
* CVE-2023-22006 (boo#1213473), CVE-2023-22036 (boo#1213474),
CVE-2023-22041 (boo#1213475), CVE-2023-22044 (boo#1213479),
CVE-2023-22045 (boo#1213481), CVE-2023-22049 (boo#1213482),
CVE-2023-25193 (boo#1207922)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.40
- Update to OpenJDK 17.0.7 with OpenJ9 0.38.0 virtual machine
- Including Oracle April 2023 CPU changes
* CVE-2023-21930 (boo#1210628), CVE-2023-21937 (boo#1210631),
CVE-2023-21938 (boo#1210632), CVE-2023-21939 (boo#1210634),
CVE-2023-21954 (boo#1210635), CVE-2023-21967 (boo#1210636),
CVE-2023-21968 (boo#1210637)
* OpenJ9 specific vulnerability: CVE-2023-2597 (boo#1211615)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.38
- Update to OpenJDK 17.0.6 with OpenJ9 0.36.0 virtual machine
* including Oracle January 2023 CPU changes
+ CVE-2023-21835, boo#1207246
+ CVE-2023-21843, boo#1207248
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.36
- Update to OpenJDK 17.0.5 with OpenJ9 0.35.0 virtual machine
* Including Oracle October 2022 CPU changes CVE-2022-21618
(boo#1204468), CVE-2022-21619 (boo#1204473), CVE-2022-21626
(boo#1204471), CVE-2022-21624 (boo#1204475), CVE-2022-21628
(boo#1204472), CVE-2022-39399 (boo#1204480)
* Fixes OpenJ9 vulnerability boo#1204703, CVE-2022-3676
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.35
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2025-67=1
Package List:
- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64):
java-17-openj9-17.0.14.0-bp156.3.3.1
java-17-openj9-demo-17.0.14.0-bp156.3.3.1
java-17-openj9-devel-17.0.14.0-bp156.3.3.1
java-17-openj9-headless-17.0.14.0-bp156.3.3.1
java-17-openj9-jmods-17.0.14.0-bp156.3.3.1
java-17-openj9-src-17.0.14.0-bp156.3.3.1
- openSUSE Backports SLE-15-SP6 (noarch):
java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1
References:
https://www.suse.com/security/cve/CVE-2022-21618.html
https://www.suse.com/security/cve/CVE-2022-21619.html
https://www.suse.com/security/cve/CVE-2022-21624.html
https://www.suse.com/security/cve/CVE-2022-21626.html
https://www.suse.com/security/cve/CVE-2022-21628.html
https://www.suse.com/security/cve/CVE-2022-3676.html
https://www.suse.com/security/cve/CVE-2022-39399.html
https://www.suse.com/security/cve/CVE-2023-21835.html
https://www.suse.com/security/cve/CVE-2023-21843.html
https://www.suse.com/security/cve/CVE-2023-21930.html
https://www.suse.com/security/cve/CVE-2023-21937.html
https://www.suse.com/security/cve/CVE-2023-21938.html
https://www.suse.com/security/cve/CVE-2023-21939.html
https://www.suse.com/security/cve/CVE-2023-21954.html
https://www.suse.com/security/cve/CVE-2023-21967.html
https://www.suse.com/security/cve/CVE-2023-21968.html
https://www.suse.com/security/cve/CVE-2023-22006.html
https://www.suse.com/security/cve/CVE-2023-22025.html
https://www.suse.com/security/cve/CVE-2023-22036.html
https://www.suse.com/security/cve/CVE-2023-22041.html
https://www.suse.com/security/cve/CVE-2023-22044.html
https://www.suse.com/security/cve/CVE-2023-22045.html
https://www.suse.com/security/cve/CVE-2023-22049.html
https://www.suse.com/security/cve/CVE-2023-22081.html
https://www.suse.com/security/cve/CVE-2023-25193.html
https://www.suse.com/security/cve/CVE-2023-2597.html
https://www.suse.com/security/cve/CVE-2023-5676.html
https://www.suse.com/security/cve/CVE-2024-20918.html
https://www.suse.com/security/cve/CVE-2024-20919.html
https://www.suse.com/security/cve/CVE-2024-20921.html
https://www.suse.com/security/cve/CVE-2024-20932.html
https://www.suse.com/security/cve/CVE-2024-20945.html
https://www.suse.com/security/cve/CVE-2024-20952.html
https://www.suse.com/security/cve/CVE-2024-21011.html
https://www.suse.com/security/cve/CVE-2024-21012.html
https://www.suse.com/security/cve/CVE-2024-21068.html
https://www.suse.com/security/cve/CVE-2024-21094.html
https://www.suse.com/security/cve/CVE-2024-21131.html
https://www.suse.com/security/cve/CVE-2024-21138.html
https://www.suse.com/security/cve/CVE-2024-21140.html
https://www.suse.com/security/cve/CVE-2024-21145.html
https://www.suse.com/security/cve/CVE-2024-21147.html
https://www.suse.com/security/cve/CVE-2024-21208.html
https://www.suse.com/security/cve/CVE-2024-21210.html
https://www.suse.com/security/cve/CVE-2024-21217.html
https://www.suse.com/security/cve/CVE-2024-21235.html
https://www.suse.com/security/cve/CVE-2025-21502.html
https://bugzilla.suse.com/1204468
https://bugzilla.suse.com/1204471
https://bugzilla.suse.com/1204472
https://bugzilla.suse.com/1204473
https://bugzilla.suse.com/1204475
https://bugzilla.suse.com/1204480
https://bugzilla.suse.com/1204703
https://bugzilla.suse.com/1206549
https://bugzilla.suse.com/1207246
https://bugzilla.suse.com/1207248
https://bugzilla.suse.com/1207922
https://bugzilla.suse.com/1210628
https://bugzilla.suse.com/1210631
https://bugzilla.suse.com/1210632
https://bugzilla.suse.com/1210634
https://bugzilla.suse.com/1210635
https://bugzilla.suse.com/1210636
https://bugzilla.suse.com/1210637
https://bugzilla.suse.com/1211615
https://bugzilla.suse.com/1213470
https://bugzilla.suse.com/1213473
https://bugzilla.suse.com/1213474
https://bugzilla.suse.com/1213475
https://bugzilla.suse.com/1213479
https://bugzilla.suse.com/1213481
https://bugzilla.suse.com/1213482
https://bugzilla.suse.com/1216339
https://bugzilla.suse.com/1216374
https://bugzilla.suse.com/1217214
https://bugzilla.suse.com/1218903
https://bugzilla.suse.com/1218905
https://bugzilla.suse.com/1218907
https://bugzilla.suse.com/1218908
https://bugzilla.suse.com/1218909
https://bugzilla.suse.com/1218911
https://bugzilla.suse.com/1222979
https://bugzilla.suse.com/1222983
https://bugzilla.suse.com/1222986
https://bugzilla.suse.com/1222987
https://bugzilla.suse.com/1228046
https://bugzilla.suse.com/1228047
https://bugzilla.suse.com/1228048
https://bugzilla.suse.com/1228051
https://bugzilla.suse.com/1228052
https://bugzilla.suse.com/1231702
https://bugzilla.suse.com/1231711
https://bugzilla.suse.com/1231716
https://bugzilla.suse.com/1231719
https://bugzilla.suse.com/1236278
https://bugzilla.suse.com/1236804