SUSE-SU-2025:1131-1: important: Security update for openvpn
SUSE-SU-2025:1134-1: moderate: Security update for apparmor
SUSE-SU-2025:1135-1: moderate: Security update for apparmor
SUSE-SU-2025:1137-1: important: Security update for xz
SUSE-SU-2025:1138-1: important: Security update for MozillaFirefox
openSUSE-SU-2025:14960-1: moderate: perl-Data-Entropy-0.8.0-1.1 on GA media
openSUSE-SU-2025:14959-1: moderate: libsaml-devel-3.3.1-2.1 on GA media
openSUSE-SU-2025:14951-1: moderate: aws-efs-utils-2.2.1-1.1 on GA media
openSUSE-SU-2025:14956-1: moderate: headscale-0.25.1-2.1 on GA media
openSUSE-SU-2025:14958-1: moderate: libmozjs-128-0-128.8.1-1.1 on GA media
openSUSE-SU-2025:14953-1: moderate: ghostscript-10.05.0-1.1 on GA media
openSUSE-SU-2025:14950-1: moderate: assimp-devel-5.4.3-5.1 on GA media
openSUSE-SU-2025:14954-1: moderate: gotosocial-0.18.3-2.1 on GA media
openSUSE-SU-2025:14952-1: moderate: expat-2.7.1-1.1 on GA media
openSUSE-SU-2025:14949-1: moderate: GraphicsMagick-1.3.45-2.1 on GA media
SUSE-SU-2025:1126-1: important: Security update for tomcat
SUSE-SU-2025:1125-1: important: Security update for libxslt
SUSE-SU-2025:1129-1: moderate: Security update for GraphicsMagick
SUSE-SU-2025:1123-1: important: Security update for the Linux Kernel (Live Patch 47 for SLE 15 SP3)
SUSE-SU-2025:1128-1: important: Security update for ffmpeg-4
SUSE-SU-2025:1127-1: important: Security update for ghostscript
SUSE-SU-2025:1139-1: important: Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)
openSUSE-SU-2025:14955-1: moderate: govulncheck-vulndb-0.0.20250331T171002-1.1 on GA media
SUSE-SU-2025:1131-1: important: Security update for openvpn
# Security update for openvpn
Announcement ID: SUSE-SU-2025:1131-1
Release Date: 2025-04-03T13:10:02Z
Rating: important
References:
* bsc#1235147
Cross-References:
* CVE-2024-5594
CVSS scores:
* CVE-2024-5594 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2024-5594 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2024-5594 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for openvpn fixes the following issues:
* CVE-2024-5594: Fixed incorrect handling of null bytes and invalid characters
in control messages (bsc#1235147)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1131=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1131=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1131=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1131=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1131=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1131=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1131=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1131=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1131=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1131=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-1131=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1131=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* openvpn-debuginfo-2.5.6-150400.3.9.1
* openvpn-debugsource-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-debuginfo-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
* openvpn-down-root-plugin-debuginfo-2.5.6-150400.3.9.1
* openvpn-devel-2.5.6-150400.3.9.1
* openvpn-down-root-plugin-2.5.6-150400.3.9.1
* openvpn-2.5.6-150400.3.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* openvpn-debuginfo-2.5.6-150400.3.9.1
* openvpn-debugsource-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-debuginfo-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
* openvpn-devel-2.5.6-150400.3.9.1
* openvpn-2.5.6-150400.3.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* openvpn-debuginfo-2.5.6-150400.3.9.1
* openvpn-debugsource-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-debuginfo-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
* openvpn-devel-2.5.6-150400.3.9.1
* openvpn-2.5.6-150400.3.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* openvpn-debuginfo-2.5.6-150400.3.9.1
* openvpn-debugsource-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-debuginfo-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
* openvpn-devel-2.5.6-150400.3.9.1
* openvpn-2.5.6-150400.3.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* openvpn-debuginfo-2.5.6-150400.3.9.1
* openvpn-debugsource-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-debuginfo-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
* openvpn-devel-2.5.6-150400.3.9.1
* openvpn-2.5.6-150400.3.9.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* openvpn-debuginfo-2.5.6-150400.3.9.1
* openvpn-debugsource-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-debuginfo-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
* openvpn-devel-2.5.6-150400.3.9.1
* openvpn-2.5.6-150400.3.9.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* openvpn-debuginfo-2.5.6-150400.3.9.1
* openvpn-debugsource-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-debuginfo-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
* openvpn-devel-2.5.6-150400.3.9.1
* openvpn-2.5.6-150400.3.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* openvpn-debuginfo-2.5.6-150400.3.9.1
* openvpn-debugsource-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-debuginfo-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
* openvpn-devel-2.5.6-150400.3.9.1
* openvpn-2.5.6-150400.3.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* openvpn-debuginfo-2.5.6-150400.3.9.1
* openvpn-debugsource-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-debuginfo-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
* openvpn-devel-2.5.6-150400.3.9.1
* openvpn-2.5.6-150400.3.9.1
* SUSE Manager Proxy 4.3 (x86_64)
* openvpn-debuginfo-2.5.6-150400.3.9.1
* openvpn-debugsource-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-debuginfo-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
* openvpn-devel-2.5.6-150400.3.9.1
* openvpn-2.5.6-150400.3.9.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* openvpn-debuginfo-2.5.6-150400.3.9.1
* openvpn-debugsource-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-debuginfo-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
* openvpn-devel-2.5.6-150400.3.9.1
* openvpn-2.5.6-150400.3.9.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* openvpn-debuginfo-2.5.6-150400.3.9.1
* openvpn-debugsource-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-debuginfo-2.5.6-150400.3.9.1
* openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
* openvpn-devel-2.5.6-150400.3.9.1
* openvpn-2.5.6-150400.3.9.1
## References:
* https://www.suse.com/security/cve/CVE-2024-5594.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235147
SUSE-SU-2025:1134-1: moderate: Security update for apparmor
# Security update for apparmor
Announcement ID: SUSE-SU-2025:1134-1
Release Date: 2025-04-03T14:18:00Z
Rating: moderate
References:
* bsc#1234452
Affected Products:
* Basesystem Module 15-SP6
* Development Tools Module 15-SP6
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that has one security fix can now be installed.
## Description:
This update for apparmor fixes the following issue:
* Allow dovecot-auth to execute unix check password from /sbin, not only from
/usr/bin (bsc#1234452).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-1134=1
* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-1134=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1134=1 openSUSE-SLE-15.6-2025-1134=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1134=1
## Package List:
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* perl-apparmor-3.1.7-150600.5.3.2
* perl-apparmor-debuginfo-3.1.7-150600.5.3.2
* apparmor-debugsource-3.1.7-150600.5.3.2
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* apache2-mod_apparmor-debuginfo-3.1.7-150600.5.3.2
* apache2-mod_apparmor-3.1.7-150600.5.3.2
* apparmor-debugsource-3.1.7-150600.5.3.2
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libapparmor1-debuginfo-3.1.7-150600.5.3.2
* apparmor-parser-debuginfo-3.1.7-150600.5.3.2
* libapparmor1-3.1.7-150600.5.3.2
* perl-apparmor-debuginfo-3.1.7-150600.5.3.2
* pam_apparmor-3.1.7-150600.5.3.2
* libapparmor-devel-3.1.7-150600.5.3.2
* pam_apparmor-debuginfo-3.1.7-150600.5.3.2
* python3-apparmor-debuginfo-3.1.7-150600.5.3.2
* apache2-mod_apparmor-debuginfo-3.1.7-150600.5.3.2
* python3-apparmor-3.1.7-150600.5.3.2
* apparmor-parser-3.1.7-150600.5.3.2
* ruby-apparmor-3.1.7-150600.5.3.2
* perl-apparmor-3.1.7-150600.5.3.2
* apache2-mod_apparmor-3.1.7-150600.5.3.2
* libapparmor-debugsource-3.1.7-150600.5.3.2
* apparmor-debugsource-3.1.7-150600.5.3.2
* ruby-apparmor-debuginfo-3.1.7-150600.5.3.2
* openSUSE Leap 15.6 (noarch)
* apparmor-utils-lang-3.1.7-150600.5.3.2
* apparmor-utils-3.1.7-150600.5.3.2
* apparmor-docs-3.1.7-150600.5.3.2
* apparmor-profiles-3.1.7-150600.5.3.2
* apparmor-abstractions-3.1.7-150600.5.3.2
* apparmor-parser-lang-3.1.7-150600.5.3.2
* openSUSE Leap 15.6 (x86_64)
* pam_apparmor-32bit-debuginfo-3.1.7-150600.5.3.2
* pam_apparmor-32bit-3.1.7-150600.5.3.2
* libapparmor1-32bit-debuginfo-3.1.7-150600.5.3.2
* libapparmor1-32bit-3.1.7-150600.5.3.2
* openSUSE Leap 15.6 (aarch64_ilp32)
* pam_apparmor-64bit-debuginfo-3.1.7-150600.5.3.2
* pam_apparmor-64bit-3.1.7-150600.5.3.2
* libapparmor1-64bit-debuginfo-3.1.7-150600.5.3.2
* libapparmor1-64bit-3.1.7-150600.5.3.2
* Basesystem Module 15-SP6 (noarch)
* apparmor-utils-lang-3.1.7-150600.5.3.2
* apparmor-utils-3.1.7-150600.5.3.2
* apparmor-docs-3.1.7-150600.5.3.2
* apparmor-profiles-3.1.7-150600.5.3.2
* apparmor-abstractions-3.1.7-150600.5.3.2
* apparmor-parser-lang-3.1.7-150600.5.3.2
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libapparmor1-debuginfo-3.1.7-150600.5.3.2
* apparmor-parser-debuginfo-3.1.7-150600.5.3.2
* libapparmor1-3.1.7-150600.5.3.2
* libapparmor-devel-3.1.7-150600.5.3.2
* pam_apparmor-3.1.7-150600.5.3.2
* pam_apparmor-debuginfo-3.1.7-150600.5.3.2
* python3-apparmor-debuginfo-3.1.7-150600.5.3.2
* python3-apparmor-3.1.7-150600.5.3.2
* apparmor-parser-3.1.7-150600.5.3.2
* libapparmor-debugsource-3.1.7-150600.5.3.2
* apparmor-debugsource-3.1.7-150600.5.3.2
* Basesystem Module 15-SP6 (x86_64)
* pam_apparmor-32bit-debuginfo-3.1.7-150600.5.3.2
* pam_apparmor-32bit-3.1.7-150600.5.3.2
* libapparmor1-32bit-debuginfo-3.1.7-150600.5.3.2
* libapparmor1-32bit-3.1.7-150600.5.3.2
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1234452
SUSE-SU-2025:1135-1: moderate: Security update for apparmor
# Security update for apparmor
Announcement ID: SUSE-SU-2025:1135-1
Release Date: 2025-04-03T14:18:32Z
Rating: moderate
References:
* bsc#1234452
Affected Products:
* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that has one security fix can now be installed.
## Description:
This update for apparmor fixes the following issue:
* Allow dovecot-auth to execute unix check password from /sbin, not only from
/usr/bin (bsc#1234452).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-1135=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1135=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1135=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1135=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-1135=1
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-1135=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1135=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1135=1
## Package List:
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* pam_apparmor-debuginfo-2.13.6-150300.3.18.2
* perl-apparmor-debuginfo-2.13.6-150300.3.18.2
* apache2-mod_apparmor-debuginfo-2.13.6-150300.3.18.2
* libapparmor-devel-2.13.6-150300.3.18.2
* apparmor-debugsource-2.13.6-150300.3.18.2
* python3-apparmor-2.13.6-150300.3.18.2
* apache2-mod_apparmor-2.13.6-150300.3.18.2
* perl-apparmor-2.13.6-150300.3.18.2
* ruby-apparmor-debuginfo-2.13.6-150300.3.18.2
* apparmor-parser-2.13.6-150300.3.18.2
* libapparmor-debugsource-2.13.6-150300.3.18.2
* ruby-apparmor-2.13.6-150300.3.18.2
* libapparmor1-debuginfo-2.13.6-150300.3.18.2
* libapparmor1-2.13.6-150300.3.18.2
* pam_apparmor-2.13.6-150300.3.18.2
* python3-apparmor-debuginfo-2.13.6-150300.3.18.2
* apparmor-parser-debuginfo-2.13.6-150300.3.18.2
* openSUSE Leap 15.3 (noarch)
* apparmor-profiles-2.13.6-150300.3.18.2
* apparmor-abstractions-2.13.6-150300.3.18.2
* apparmor-docs-2.13.6-150300.3.18.2
* apparmor-utils-lang-2.13.6-150300.3.18.2
* apparmor-utils-2.13.6-150300.3.18.2
* apparmor-parser-lang-2.13.6-150300.3.18.2
* openSUSE Leap 15.3 (x86_64)
* pam_apparmor-32bit-debuginfo-2.13.6-150300.3.18.2
* pam_apparmor-32bit-2.13.6-150300.3.18.2
* libapparmor1-32bit-2.13.6-150300.3.18.2
* libapparmor1-32bit-debuginfo-2.13.6-150300.3.18.2
* openSUSE Leap 15.3 (aarch64_ilp32)
* libapparmor1-64bit-debuginfo-2.13.6-150300.3.18.2
* pam_apparmor-64bit-2.13.6-150300.3.18.2
* libapparmor1-64bit-2.13.6-150300.3.18.2
* pam_apparmor-64bit-debuginfo-2.13.6-150300.3.18.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* pam_apparmor-debuginfo-2.13.6-150300.3.18.2
* perl-apparmor-debuginfo-2.13.6-150300.3.18.2
* apache2-mod_apparmor-debuginfo-2.13.6-150300.3.18.2
* libapparmor-devel-2.13.6-150300.3.18.2
* apparmor-debugsource-2.13.6-150300.3.18.2
* python3-apparmor-2.13.6-150300.3.18.2
* apache2-mod_apparmor-2.13.6-150300.3.18.2
* perl-apparmor-2.13.6-150300.3.18.2
* apparmor-parser-2.13.6-150300.3.18.2
* libapparmor-debugsource-2.13.6-150300.3.18.2
* libapparmor1-debuginfo-2.13.6-150300.3.18.2
* libapparmor1-2.13.6-150300.3.18.2
* pam_apparmor-2.13.6-150300.3.18.2
* python3-apparmor-debuginfo-2.13.6-150300.3.18.2
* apparmor-parser-debuginfo-2.13.6-150300.3.18.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* apparmor-profiles-2.13.6-150300.3.18.2
* apparmor-abstractions-2.13.6-150300.3.18.2
* apparmor-docs-2.13.6-150300.3.18.2
* apparmor-utils-lang-2.13.6-150300.3.18.2
* apparmor-utils-2.13.6-150300.3.18.2
* apparmor-parser-lang-2.13.6-150300.3.18.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64)
* libapparmor1-32bit-2.13.6-150300.3.18.2
* pam_apparmor-32bit-2.13.6-150300.3.18.2
* libapparmor1-32bit-debuginfo-2.13.6-150300.3.18.2
* pam_apparmor-32bit-debuginfo-2.13.6-150300.3.18.2
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* pam_apparmor-debuginfo-2.13.6-150300.3.18.2
* perl-apparmor-debuginfo-2.13.6-150300.3.18.2
* apache2-mod_apparmor-debuginfo-2.13.6-150300.3.18.2
* libapparmor-devel-2.13.6-150300.3.18.2
* apparmor-debugsource-2.13.6-150300.3.18.2
* python3-apparmor-2.13.6-150300.3.18.2
* apache2-mod_apparmor-2.13.6-150300.3.18.2
* perl-apparmor-2.13.6-150300.3.18.2
* apparmor-parser-2.13.6-150300.3.18.2
* libapparmor-debugsource-2.13.6-150300.3.18.2
* libapparmor1-debuginfo-2.13.6-150300.3.18.2
* libapparmor1-2.13.6-150300.3.18.2
* pam_apparmor-2.13.6-150300.3.18.2
* python3-apparmor-debuginfo-2.13.6-150300.3.18.2
* apparmor-parser-debuginfo-2.13.6-150300.3.18.2
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* apparmor-profiles-2.13.6-150300.3.18.2
* apparmor-abstractions-2.13.6-150300.3.18.2
* apparmor-docs-2.13.6-150300.3.18.2
* apparmor-utils-lang-2.13.6-150300.3.18.2
* apparmor-utils-2.13.6-150300.3.18.2
* apparmor-parser-lang-2.13.6-150300.3.18.2
* SUSE Linux Enterprise Server 15 SP3 LTSS (x86_64)
* libapparmor1-32bit-2.13.6-150300.3.18.2
* pam_apparmor-32bit-2.13.6-150300.3.18.2
* libapparmor1-32bit-debuginfo-2.13.6-150300.3.18.2
* pam_apparmor-32bit-debuginfo-2.13.6-150300.3.18.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* pam_apparmor-debuginfo-2.13.6-150300.3.18.2
* perl-apparmor-debuginfo-2.13.6-150300.3.18.2
* apache2-mod_apparmor-debuginfo-2.13.6-150300.3.18.2
* libapparmor-devel-2.13.6-150300.3.18.2
* apparmor-debugsource-2.13.6-150300.3.18.2
* python3-apparmor-2.13.6-150300.3.18.2
* apache2-mod_apparmor-2.13.6-150300.3.18.2
* perl-apparmor-2.13.6-150300.3.18.2
* apparmor-parser-2.13.6-150300.3.18.2
* libapparmor-debugsource-2.13.6-150300.3.18.2
* libapparmor1-debuginfo-2.13.6-150300.3.18.2
* libapparmor1-2.13.6-150300.3.18.2
* pam_apparmor-2.13.6-150300.3.18.2
* python3-apparmor-debuginfo-2.13.6-150300.3.18.2
* apparmor-parser-debuginfo-2.13.6-150300.3.18.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* apparmor-profiles-2.13.6-150300.3.18.2
* apparmor-abstractions-2.13.6-150300.3.18.2
* apparmor-docs-2.13.6-150300.3.18.2
* apparmor-utils-lang-2.13.6-150300.3.18.2
* apparmor-utils-2.13.6-150300.3.18.2
* apparmor-parser-lang-2.13.6-150300.3.18.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* libapparmor1-32bit-2.13.6-150300.3.18.2
* pam_apparmor-32bit-2.13.6-150300.3.18.2
* libapparmor1-32bit-debuginfo-2.13.6-150300.3.18.2
* pam_apparmor-32bit-debuginfo-2.13.6-150300.3.18.2
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* pam_apparmor-debuginfo-2.13.6-150300.3.18.2
* perl-apparmor-debuginfo-2.13.6-150300.3.18.2
* apache2-mod_apparmor-debuginfo-2.13.6-150300.3.18.2
* libapparmor-devel-2.13.6-150300.3.18.2
* apparmor-debugsource-2.13.6-150300.3.18.2
* python3-apparmor-2.13.6-150300.3.18.2
* apache2-mod_apparmor-2.13.6-150300.3.18.2
* perl-apparmor-2.13.6-150300.3.18.2
* apparmor-parser-2.13.6-150300.3.18.2
* libapparmor-debugsource-2.13.6-150300.3.18.2
* libapparmor1-debuginfo-2.13.6-150300.3.18.2
* libapparmor1-2.13.6-150300.3.18.2
* pam_apparmor-2.13.6-150300.3.18.2
* python3-apparmor-debuginfo-2.13.6-150300.3.18.2
* apparmor-parser-debuginfo-2.13.6-150300.3.18.2
* SUSE Enterprise Storage 7.1 (noarch)
* apparmor-profiles-2.13.6-150300.3.18.2
* apparmor-abstractions-2.13.6-150300.3.18.2
* apparmor-docs-2.13.6-150300.3.18.2
* apparmor-utils-lang-2.13.6-150300.3.18.2
* apparmor-utils-2.13.6-150300.3.18.2
* apparmor-parser-lang-2.13.6-150300.3.18.2
* SUSE Enterprise Storage 7.1 (x86_64)
* libapparmor1-32bit-2.13.6-150300.3.18.2
* pam_apparmor-32bit-2.13.6-150300.3.18.2
* libapparmor1-32bit-debuginfo-2.13.6-150300.3.18.2
* pam_apparmor-32bit-debuginfo-2.13.6-150300.3.18.2
* SUSE Linux Enterprise Micro 5.1 (noarch)
* apparmor-abstractions-2.13.6-150300.3.18.2
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* pam_apparmor-debuginfo-2.13.6-150300.3.18.2
* apparmor-debugsource-2.13.6-150300.3.18.2
* apparmor-parser-2.13.6-150300.3.18.2
* libapparmor-debugsource-2.13.6-150300.3.18.2
* libapparmor1-debuginfo-2.13.6-150300.3.18.2
* libapparmor1-2.13.6-150300.3.18.2
* pam_apparmor-2.13.6-150300.3.18.2
* apparmor-parser-debuginfo-2.13.6-150300.3.18.2
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* pam_apparmor-debuginfo-2.13.6-150300.3.18.2
* apparmor-debugsource-2.13.6-150300.3.18.2
* apparmor-parser-2.13.6-150300.3.18.2
* libapparmor-debugsource-2.13.6-150300.3.18.2
* libapparmor1-debuginfo-2.13.6-150300.3.18.2
* libapparmor1-2.13.6-150300.3.18.2
* pam_apparmor-2.13.6-150300.3.18.2
* apparmor-parser-debuginfo-2.13.6-150300.3.18.2
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* pam_apparmor-debuginfo-2.13.6-150300.3.18.2
* apparmor-debugsource-2.13.6-150300.3.18.2
* apparmor-parser-2.13.6-150300.3.18.2
* libapparmor-debugsource-2.13.6-150300.3.18.2
* libapparmor1-debuginfo-2.13.6-150300.3.18.2
* libapparmor1-2.13.6-150300.3.18.2
* pam_apparmor-2.13.6-150300.3.18.2
* apparmor-parser-debuginfo-2.13.6-150300.3.18.2
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1234452
SUSE-SU-2025:1137-1: important: Security update for xz
# Security update for xz
Announcement ID: SUSE-SU-2025:1137-1
Release Date: 2025-04-03T15:11:09Z
Rating: important
References:
* bsc#1240414
Cross-References:
* CVE-2025-31115
CVSS scores:
* CVE-2025-31115 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-31115 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Affected Products:
* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability can now be installed.
## Description:
This update for xz fixes the following issues:
* CVE-2025-31115: Fixed heap use after free and writing to an address based on
the null pointer plus an offset (bsc#1240414)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1137=1 openSUSE-SLE-15.6-2025-1137=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1137=1
## Package List:
* openSUSE Leap 15.6 (x86_64)
* xz-devel-32bit-5.4.1-150600.3.3.1
* liblzma5-32bit-5.4.1-150600.3.3.1
* liblzma5-32bit-debuginfo-5.4.1-150600.3.3.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* xz-static-devel-5.4.1-150600.3.3.1
* xz-devel-5.4.1-150600.3.3.1
* xz-debugsource-5.4.1-150600.3.3.1
* xz-debuginfo-5.4.1-150600.3.3.1
* liblzma5-debuginfo-5.4.1-150600.3.3.1
* xz-5.4.1-150600.3.3.1
* liblzma5-5.4.1-150600.3.3.1
* openSUSE Leap 15.6 (noarch)
* xz-lang-5.4.1-150600.3.3.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* liblzma5-64bit-debuginfo-5.4.1-150600.3.3.1
* xz-devel-64bit-5.4.1-150600.3.3.1
* liblzma5-64bit-5.4.1-150600.3.3.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* xz-static-devel-5.4.1-150600.3.3.1
* xz-devel-5.4.1-150600.3.3.1
* xz-debugsource-5.4.1-150600.3.3.1
* xz-debuginfo-5.4.1-150600.3.3.1
* liblzma5-debuginfo-5.4.1-150600.3.3.1
* xz-5.4.1-150600.3.3.1
* liblzma5-5.4.1-150600.3.3.1
* Basesystem Module 15-SP6 (noarch)
* xz-lang-5.4.1-150600.3.3.1
* Basesystem Module 15-SP6 (x86_64)
* liblzma5-32bit-5.4.1-150600.3.3.1
* liblzma5-32bit-debuginfo-5.4.1-150600.3.3.1
## References:
* https://www.suse.com/security/cve/CVE-2025-31115.html
* https://bugzilla.suse.com/show_bug.cgi?id=1240414
SUSE-SU-2025:1138-1: important: Security update for MozillaFirefox
# Security update for MozillaFirefox
Announcement ID: SUSE-SU-2025:1138-1
Release Date: 2025-04-03T15:14:14Z
Rating: important
References:
* bsc#1240083
Cross-References:
* CVE-2025-3028
* CVE-2025-3029
* CVE-2025-3030
CVSS scores:
* CVE-2025-3028 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2025-3028 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2025-3029 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-3029 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-3030 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-3030 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Desktop Applications Module 15-SP6
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves three vulnerabilities can now be installed.
## Description:
This update for MozillaFirefox fixes the following issues:
* Firefox Extended Support Release 128.9.0 ESR MFSA 2025-22 (bsc#1240083):
* CVE-2025-3028: Use-after-free triggered by XSLTProcessor
* CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters
* CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137,
Firefox ESR 128.9, and Thunderbird 128.9
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1138=1
* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-1138=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1138=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1138=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1138=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1138=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1138=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1138=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1138=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1138=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1138=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1138=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1138=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-1138=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-128.9.0-150200.152.176.1
* MozillaFirefox-debugsource-128.9.0-150200.152.176.1
* MozillaFirefox-translations-common-128.9.0-150200.152.176.1
* MozillaFirefox-debuginfo-128.9.0-150200.152.176.1
* MozillaFirefox-translations-other-128.9.0-150200.152.176.1
* MozillaFirefox-branding-upstream-128.9.0-150200.152.176.1
* openSUSE Leap 15.6 (noarch)
* MozillaFirefox-devel-128.9.0-150200.152.176.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-128.9.0-150200.152.176.1
* MozillaFirefox-debugsource-128.9.0-150200.152.176.1
* MozillaFirefox-translations-common-128.9.0-150200.152.176.1
* MozillaFirefox-debuginfo-128.9.0-150200.152.176.1
* MozillaFirefox-translations-other-128.9.0-150200.152.176.1
* Desktop Applications Module 15-SP6 (noarch)
* MozillaFirefox-devel-128.9.0-150200.152.176.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* MozillaFirefox-128.9.0-150200.152.176.1
* MozillaFirefox-debugsource-128.9.0-150200.152.176.1
* MozillaFirefox-translations-common-128.9.0-150200.152.176.1
* MozillaFirefox-debuginfo-128.9.0-150200.152.176.1
* MozillaFirefox-translations-other-128.9.0-150200.152.176.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* MozillaFirefox-devel-128.9.0-150200.152.176.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* MozillaFirefox-128.9.0-150200.152.176.1
* MozillaFirefox-debugsource-128.9.0-150200.152.176.1
* MozillaFirefox-translations-common-128.9.0-150200.152.176.1
* MozillaFirefox-debuginfo-128.9.0-150200.152.176.1
* MozillaFirefox-translations-other-128.9.0-150200.152.176.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* MozillaFirefox-devel-128.9.0-150200.152.176.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* MozillaFirefox-128.9.0-150200.152.176.1
* MozillaFirefox-debugsource-128.9.0-150200.152.176.1
* MozillaFirefox-translations-common-128.9.0-150200.152.176.1
* MozillaFirefox-debuginfo-128.9.0-150200.152.176.1
* MozillaFirefox-translations-other-128.9.0-150200.152.176.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* MozillaFirefox-devel-128.9.0-150200.152.176.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* MozillaFirefox-128.9.0-150200.152.176.1
* MozillaFirefox-debugsource-128.9.0-150200.152.176.1
* MozillaFirefox-translations-common-128.9.0-150200.152.176.1
* MozillaFirefox-debuginfo-128.9.0-150200.152.176.1
* MozillaFirefox-translations-other-128.9.0-150200.152.176.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* MozillaFirefox-devel-128.9.0-150200.152.176.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* MozillaFirefox-128.9.0-150200.152.176.1
* MozillaFirefox-debugsource-128.9.0-150200.152.176.1
* MozillaFirefox-translations-common-128.9.0-150200.152.176.1
* MozillaFirefox-debuginfo-128.9.0-150200.152.176.1
* MozillaFirefox-translations-other-128.9.0-150200.152.176.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* MozillaFirefox-devel-128.9.0-150200.152.176.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-128.9.0-150200.152.176.1
* MozillaFirefox-debugsource-128.9.0-150200.152.176.1
* MozillaFirefox-translations-common-128.9.0-150200.152.176.1
* MozillaFirefox-debuginfo-128.9.0-150200.152.176.1
* MozillaFirefox-translations-other-128.9.0-150200.152.176.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* MozillaFirefox-devel-128.9.0-150200.152.176.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-128.9.0-150200.152.176.1
* MozillaFirefox-debugsource-128.9.0-150200.152.176.1
* MozillaFirefox-translations-common-128.9.0-150200.152.176.1
* MozillaFirefox-debuginfo-128.9.0-150200.152.176.1
* MozillaFirefox-translations-other-128.9.0-150200.152.176.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* MozillaFirefox-devel-128.9.0-150200.152.176.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-128.9.0-150200.152.176.1
* MozillaFirefox-debugsource-128.9.0-150200.152.176.1
* MozillaFirefox-translations-common-128.9.0-150200.152.176.1
* MozillaFirefox-debuginfo-128.9.0-150200.152.176.1
* MozillaFirefox-translations-other-128.9.0-150200.152.176.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* MozillaFirefox-devel-128.9.0-150200.152.176.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* MozillaFirefox-128.9.0-150200.152.176.1
* MozillaFirefox-debugsource-128.9.0-150200.152.176.1
* MozillaFirefox-translations-common-128.9.0-150200.152.176.1
* MozillaFirefox-debuginfo-128.9.0-150200.152.176.1
* MozillaFirefox-translations-other-128.9.0-150200.152.176.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* MozillaFirefox-devel-128.9.0-150200.152.176.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* MozillaFirefox-128.9.0-150200.152.176.1
* MozillaFirefox-debugsource-128.9.0-150200.152.176.1
* MozillaFirefox-translations-common-128.9.0-150200.152.176.1
* MozillaFirefox-debuginfo-128.9.0-150200.152.176.1
* MozillaFirefox-translations-other-128.9.0-150200.152.176.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* MozillaFirefox-devel-128.9.0-150200.152.176.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* MozillaFirefox-128.9.0-150200.152.176.1
* MozillaFirefox-debugsource-128.9.0-150200.152.176.1
* MozillaFirefox-translations-common-128.9.0-150200.152.176.1
* MozillaFirefox-debuginfo-128.9.0-150200.152.176.1
* MozillaFirefox-translations-other-128.9.0-150200.152.176.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* MozillaFirefox-devel-128.9.0-150200.152.176.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* MozillaFirefox-128.9.0-150200.152.176.1
* MozillaFirefox-debugsource-128.9.0-150200.152.176.1
* MozillaFirefox-translations-common-128.9.0-150200.152.176.1
* MozillaFirefox-debuginfo-128.9.0-150200.152.176.1
* MozillaFirefox-translations-other-128.9.0-150200.152.176.1
* SUSE Enterprise Storage 7.1 (noarch)
* MozillaFirefox-devel-128.9.0-150200.152.176.1
## References:
* https://www.suse.com/security/cve/CVE-2025-3028.html
* https://www.suse.com/security/cve/CVE-2025-3029.html
* https://www.suse.com/security/cve/CVE-2025-3030.html
* https://bugzilla.suse.com/show_bug.cgi?id=1240083
openSUSE-SU-2025:14960-1: moderate: perl-Data-Entropy-0.8.0-1.1 on GA media
# perl-Data-Entropy-0.8.0-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14960-1
Rating: moderate
Cross-References:
* CVE-2025-1860
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the perl-Data-Entropy-0.8.0-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* perl-Data-Entropy 0.8.0-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-1860.html
openSUSE-SU-2025:14959-1: moderate: libsaml-devel-3.3.1-2.1 on GA media
# libsaml-devel-3.3.1-2.1 on GA media
Announcement ID: openSUSE-SU-2025:14959-1
Rating: moderate
Cross-References:
* CVE-2025-31335
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the libsaml-devel-3.3.1-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* libsaml-devel 3.3.1-2.1
* libsaml13 3.3.1-2.1
* opensaml-bin 3.3.1-2.1
* opensaml-schemas 3.3.1-2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-31335.html
openSUSE-SU-2025:14951-1: moderate: aws-efs-utils-2.2.1-1.1 on GA media
# aws-efs-utils-2.2.1-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14951-1
Rating: moderate
Cross-References:
* CVE-2020-35881
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the aws-efs-utils-2.2.1-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* aws-efs-utils 2.2.1-1.1
## References:
* https://www.suse.com/security/cve/CVE-2020-35881.html
openSUSE-SU-2025:14956-1: moderate: headscale-0.25.1-2.1 on GA media
# headscale-0.25.1-2.1 on GA media
Announcement ID: openSUSE-SU-2025:14956-1
Rating: moderate
Cross-References:
* CVE-2025-30204
CVSS scores:
* CVE-2025-30204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-30204 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the headscale-0.25.1-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* headscale 0.25.1-2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-30204.html
openSUSE-SU-2025:14958-1: moderate: libmozjs-128-0-128.8.1-1.1 on GA media
# libmozjs-128-0-128.8.1-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14958-1
Rating: moderate
Cross-References:
* CVE-2024-43097
* CVE-2025-1931
* CVE-2025-1935
* CVE-2025-2857
CVSS scores:
* CVE-2024-43097 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-43097 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-1931 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2025-1931 ( SUSE ): 7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-1935 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2025-1935 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 4 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the libmozjs-128-0-128.8.1-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* libmozjs-128-0 128.8.1-1.1
* mozjs128 128.8.1-1.1
* mozjs128-devel 128.8.1-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-43097.html
* https://www.suse.com/security/cve/CVE-2025-1931.html
* https://www.suse.com/security/cve/CVE-2025-1935.html
* https://www.suse.com/security/cve/CVE-2025-2857.html
openSUSE-SU-2025:14953-1: moderate: ghostscript-10.05.0-1.1 on GA media
# ghostscript-10.05.0-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14953-1
Rating: moderate
Cross-References:
* CVE-2025-27830
* CVE-2025-27831
* CVE-2025-27832
* CVE-2025-27833
* CVE-2025-27834
* CVE-2025-27835
* CVE-2025-27836
* CVE-2025-27837
CVSS scores:
* CVE-2025-27830 ( SUSE ): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-27831 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2025-27832 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
* CVE-2025-27833 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
* CVE-2025-27834 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
* CVE-2025-27835 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
* CVE-2025-27836 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2025-27837 ( SUSE ): 0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 8 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the ghostscript-10.05.0-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* ghostscript 10.05.0-1.1
* ghostscript-devel 10.05.0-1.1
* ghostscript-x11 10.05.0-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-27830.html
* https://www.suse.com/security/cve/CVE-2025-27831.html
* https://www.suse.com/security/cve/CVE-2025-27832.html
* https://www.suse.com/security/cve/CVE-2025-27833.html
* https://www.suse.com/security/cve/CVE-2025-27834.html
* https://www.suse.com/security/cve/CVE-2025-27835.html
* https://www.suse.com/security/cve/CVE-2025-27836.html
* https://www.suse.com/security/cve/CVE-2025-27837.html
openSUSE-SU-2025:14950-1: moderate: assimp-devel-5.4.3-5.1 on GA media
# assimp-devel-5.4.3-5.1 on GA media
Announcement ID: openSUSE-SU-2025:14950-1
Rating: moderate
Cross-References:
* CVE-2025-2591
* CVE-2025-2592
* CVE-2025-3015
* CVE-2025-3016
CVSS scores:
* CVE-2025-2591 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-2591 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-2592 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-2592 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 4 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the assimp-devel-5.4.3-5.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* assimp-devel 5.4.3-5.1
* libassimp5 5.4.3-5.1
## References:
* https://www.suse.com/security/cve/CVE-2025-2591.html
* https://www.suse.com/security/cve/CVE-2025-2592.html
* https://www.suse.com/security/cve/CVE-2025-3015.html
* https://www.suse.com/security/cve/CVE-2025-3016.html
openSUSE-SU-2025:14954-1: moderate: gotosocial-0.18.3-2.1 on GA media
# gotosocial-0.18.3-2.1 on GA media
Announcement ID: openSUSE-SU-2025:14954-1
Rating: moderate
Cross-References:
* CVE-2025-30204
CVSS scores:
* CVE-2025-30204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-30204 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the gotosocial-0.18.3-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* gotosocial 0.18.3-2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-30204.html
openSUSE-SU-2025:14952-1: moderate: expat-2.7.1-1.1 on GA media
# expat-2.7.1-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14952-1
Rating: moderate
Cross-References:
* CVE-2024-8176
CVSS scores:
* CVE-2024-8176 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-8176 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the expat-2.7.1-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* expat 2.7.1-1.1
* libexpat-devel 2.7.1-1.1
* libexpat-devel-32bit 2.7.1-1.1
* libexpat1 2.7.1-1.1
* libexpat1-32bit 2.7.1-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-8176.html
openSUSE-SU-2025:14949-1: moderate: GraphicsMagick-1.3.45-2.1 on GA media
# GraphicsMagick-1.3.45-2.1 on GA media
Announcement ID: openSUSE-SU-2025:14949-1
Rating: moderate
Cross-References:
* CVE-2025-27795
* CVE-2025-27796
CVSS scores:
* CVE-2025-27795 ( SUSE ): 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
* CVE-2025-27795 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-27796 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L
* CVE-2025-27796 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 2 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the GraphicsMagick-1.3.45-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* GraphicsMagick 1.3.45-2.1
* GraphicsMagick-devel 1.3.45-2.1
* libGraphicsMagick++-Q16-12 1.3.45-2.1
* libGraphicsMagick++-devel 1.3.45-2.1
* libGraphicsMagick-Q16-3 1.3.45-2.1
* libGraphicsMagick3-config 1.3.45-2.1
* libGraphicsMagickWand-Q16-2 1.3.45-2.1
* perl-GraphicsMagick 1.3.45-2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-27795.html
* https://www.suse.com/security/cve/CVE-2025-27796.html
SUSE-SU-2025:1126-1: important: Security update for tomcat
# Security update for tomcat
Announcement ID: SUSE-SU-2025:1126-1
Release Date: 2025-04-03T11:51:52Z
Rating: important
References:
* bsc#1239302
* bsc#1239676
Cross-References:
* CVE-2024-56337
* CVE-2025-24813
CVSS scores:
* CVE-2024-56337 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56337 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-24813 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-24813 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-24813 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-24813 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Server 4.3
* Web and Scripting Module 15-SP6
An update that solves two vulnerabilities can now be installed.
## Description:
This update for tomcat fixes the following issues:
* CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption
with partial PUT (bsc#1239302)
* Update to Tomcat 9.0.102
* Fixes:
* launch with java 17 (bsc#1239676)
* Catalina
* Fix: Weak etags in the If-Range header should not match as strong etags are required. (remm)
* Fix: When looking up class loader resources by resource name, the resource name should not start with '/'. If the resource name does start with '/', Tomcat is lenient and looks it up as if the '/' was not present. When the web application class loader was configured with external repositories and names starting with '/' were used for lookups, it was possible that cached 'not found' results could effectively hide lookup results using the correct resource name. (markt)
* Fix: Enable the JNDIRealm to validate credentials provided to HttpServletRequest.login(String username, String password) when the realm is configured to use GSSAPI authentication. (markt)
* Fix: Fix a bug in the JRE compatibility detection that incorrectly identified Java 19 and Java 20 as supporting Java 21 features. (markt)
* Fix: Improve the checks for exposure to and protection against CVE-2024-56337 so that reflection is not used unless required. The checks for whether the file system is case sensitive or not have been removed. (markt)
* Fix: Avoid scenarios where temporary files used for partial PUT would not be deleted. (remm)
* Fix: 69602: Fix regression in releases from 12-2024 that were too strict and rejected weak etags in the If-Range header. (remm)
* Fix: 69576: Avoid possible failure initializing JreCompat due to uncaught exception introduced for the check for CVE-2024-56337. (remm)
* Cluster
* Add: 69598: Add detection of service account token changes to the KubernetesMembershipProvider implementation and reload the token if it changes. Based on a patch by Miroslav Jezbera. (markt)
* Coyote
* Fix: 69575: Avoid using compression if a response is already compressed using compress, deflate or zstd. (remm)
* Update: Use Transfer-Encoding for compression rather than Content-Encoding if the client submits a TE header containing gzip. (remm)
* Fix: Fix a race condition in the handling of HTTP/2 stream reset that could cause unexpected 500 responses. (markt)
* Other
* Add: Add makensis as an option for building the Installer for Windows on non-Windows platforms. (rjung/markt)
* Update: Update Byte Buddy to 1.17.1. (markt)
* Update: Update Checkstyle to 10.21.3. (markt)
* Update: Update SpotBugs to 4.9.1. (markt)
* Update: Update JSign to 7.1. (markt)
* Add: Improvements to French translations. (remm)
* Add: Improvements to Japanese translations by tak7iji. (markt)
* Add: Add org.apache.juli.JsonFormatter to format log as one line JSON documents. (remm)
* Update to Tomcat 9.0.99
* Catalina
* Update: Add tableName configuration on the DataSourcePropertyStore that may be used by the WebDAV Servlet. (remm)
* Update: Improve HTTP If headers processing according to RFC 9110. Based on pull request #796 by Chenjp. (remm/markt)
* Update: Allow readOnly attribute configuration on the Resources element and allow configure the readOnly attribute value of the main resources. The attribute value will also be used by the default and WebDAV Servlets. (remm)
* Fix: 69285: Optimise the creation of the parameter map for included requests. Based on sample code and test cases provided by John Engebretson. (markt)
* Fix: 69527: Avoid rare cases where a cached resource could be set with 0 content length, or could be evicted immediately. (remm)
* Fix: Fix possible edge cases (such as HTTP/1.0) with trying to detect requests without body for WebDAV LOCK and PROPFIND. (remm)
* Fix: 69528: Add multi-release JAR support for the bloom archiveIndexStrategy of the Resources. (remm)
* Fix: Improve checks for WEB-INF and META-INF in the WebDAV servlet. Based on a patch submitted by Chenjp. (remm)
* Add: Add a check to ensure that, if one or more web applications are potentially vulnerable to CVE-2024-56337, the JVM has been configured to protect against the vulnerability and to configure the JVM correctly if not. Where one or more web applications are potentially vulnerable to CVE-2024-56337 and the JVM cannot be correctly configured or it cannot be confirmed that the JVM has been correctly configured, prevent the impacted web applications from starting. (markt)
* Fix: Remove unused session to client map from CrawlerSessionManagerValve. Submitted by Brian Matzon. (remm)
* Fix: When using the WebDAV servlet with serveSubpathOnly set to true, ensure that the destination for any requested WebDAV operation is also restricted to the sub-path. (markt)
* Fix: Generate an appropriate Allow HTTP header when the Default servlet returns a 405 (method not allowed) response in response to a DELETE request because the target resource cannot be deleted. Pull request #802 provided by Chenjp. (markt)
* Code: Refactor creation of RequestDispatcher instances so that the processing of the provided path is consistent with normal request processing. (markt)
* Add: Add encodedReverseSolidusHandling and encodedSolidusHandling attributes to Context to provide control over the handling of the path used to created a RequestDispatcher. (markt)
* Fix: Handle a potential NullPointerException after an IOException occurs on a non-container thread during asynchronous processing. (markt)
* Fix: Enhance lifecycle of temporary files used by partial PUT. (remm)
* Coyote
* Fix: Don't log warnings for registered HTTP/2 settings that Tomcat does not support. These settings are now silently ignored. (markt)
* Fix: Avoid a rare NullPointerException when recycling the Http11InputBuffer. (markt)
* Fix: Lower the log level to debug for logging an invalid socket channel when processing poller events for the NIO Connector as this may occur in normal usage. (markt)
* Code: Clean-up references to the HTTP/2 stream once request processing has completed to aid GC and reduce the size of the HTTP/2 recycled request and response cache. (markt)
* Add: Add a new Connector configuration attribute, encodedReverseSolidusHandling, to control how %5c sequences in URLs are handled. The default behaviour is unchanged (decode) keeping in mind that the allowBackslash attribute determines how the decoded URI is processed. (markt)
* Fix: 69545: Improve CRLF skipping for the available method of the ChunkedInputFilter. (remm)
* Fix: Improve the performance of repeated calls to getHeader(). Pull request #813 provided by Adwait Kumar Singh. (markt)
* Fix: 69559: Ensure that the Java 24 warning regarding the use of sun.misc.Unsafe::invokeCleaner is only reported by the JRE when the code will be used. (markt)
* Jasper
* Fix: 69508: Correct a regression in the fix for 69382 that broke JSP include actions if both the page attribute and the body contained parameters. Pull request #803 provided by Chenjp. (markt)
* Fix: 69521: Update the EL Parser to allow the full range of valid characters in an EL identifier as defined by the Java Language Specification. (markt)
* Fix: 69532: Optimise the creation of ExpressionFactory instances. Patch provided by John Engebretson. (markt)
* Web applications
* Add: Documentation. Expand the description of the security implications of setting mapperContextRootRedirectEnabled and/or mapperDirectoryRedirectEnabled to true. (markt)
* Fix: Documentation. Better document the default for the truststoreProvider attribute of a SSLHostConfig element. (markt)
* Other
* Update: Update to Commons Daemon 1.4.1. (markt)
* Update: Update the internal fork of Commons Pool to 2.12.1. (markt)
* Update: Update Byte Buddy to 1.16.1. (markt)
* Update: Update UnboundID to 7.0.2. (markt)
* Update: Update Checkstyle to 10.21.2. (markt)
* Update: Update SpotBugs to 4.9.0. (markt)
* Add: Improvements to French translations. (remm)
* Add: Improvements to Chinese translations by leeyazhou. (markt)
* Add: Improvements to Japanese translations by tak7iji. (markt)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1126=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1126=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1126=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1126=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-1126=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1126=1
* Web and Scripting Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP6-2025-1126=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1126=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1126=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1126=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1126=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1126=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1126=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1126=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1126=1
## Package List:
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* tomcat-lib-9.0.102-150200.78.1
* tomcat-admin-webapps-9.0.102-150200.78.1
* tomcat-webapps-9.0.102-150200.78.1
* tomcat-el-3_0-api-9.0.102-150200.78.1
* tomcat-servlet-4_0-api-9.0.102-150200.78.1
* tomcat-9.0.102-150200.78.1
* tomcat-jsp-2_3-api-9.0.102-150200.78.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* tomcat-lib-9.0.102-150200.78.1
* tomcat-admin-webapps-9.0.102-150200.78.1
* tomcat-webapps-9.0.102-150200.78.1
* tomcat-el-3_0-api-9.0.102-150200.78.1
* tomcat-servlet-4_0-api-9.0.102-150200.78.1
* tomcat-9.0.102-150200.78.1
* tomcat-jsp-2_3-api-9.0.102-150200.78.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* tomcat-lib-9.0.102-150200.78.1
* tomcat-admin-webapps-9.0.102-150200.78.1
* tomcat-webapps-9.0.102-150200.78.1
* tomcat-el-3_0-api-9.0.102-150200.78.1
* tomcat-servlet-4_0-api-9.0.102-150200.78.1
* tomcat-9.0.102-150200.78.1
* tomcat-jsp-2_3-api-9.0.102-150200.78.1
* SUSE Manager Server 4.3 (noarch)
* tomcat-lib-9.0.102-150200.78.1
* tomcat-admin-webapps-9.0.102-150200.78.1
* tomcat-webapps-9.0.102-150200.78.1
* tomcat-el-3_0-api-9.0.102-150200.78.1
* tomcat-servlet-4_0-api-9.0.102-150200.78.1
* tomcat-9.0.102-150200.78.1
* tomcat-jsp-2_3-api-9.0.102-150200.78.1
* SUSE Enterprise Storage 7.1 (noarch)
* tomcat-lib-9.0.102-150200.78.1
* tomcat-admin-webapps-9.0.102-150200.78.1
* tomcat-webapps-9.0.102-150200.78.1
* tomcat-el-3_0-api-9.0.102-150200.78.1
* tomcat-servlet-4_0-api-9.0.102-150200.78.1
* tomcat-9.0.102-150200.78.1
* tomcat-jsp-2_3-api-9.0.102-150200.78.1
* openSUSE Leap 15.6 (noarch)
* tomcat-javadoc-9.0.102-150200.78.1
* tomcat-lib-9.0.102-150200.78.1
* tomcat-servlet-4_0-api-9.0.102-150200.78.1
* tomcat-docs-webapp-9.0.102-150200.78.1
* tomcat-admin-webapps-9.0.102-150200.78.1
* tomcat-webapps-9.0.102-150200.78.1
* tomcat-el-3_0-api-9.0.102-150200.78.1
* tomcat-embed-9.0.102-150200.78.1
* tomcat-jsvc-9.0.102-150200.78.1
* tomcat-9.0.102-150200.78.1
* tomcat-jsp-2_3-api-9.0.102-150200.78.1
* Web and Scripting Module 15-SP6 (noarch)
* tomcat-lib-9.0.102-150200.78.1
* tomcat-admin-webapps-9.0.102-150200.78.1
* tomcat-webapps-9.0.102-150200.78.1
* tomcat-el-3_0-api-9.0.102-150200.78.1
* tomcat-servlet-4_0-api-9.0.102-150200.78.1
* tomcat-9.0.102-150200.78.1
* tomcat-jsp-2_3-api-9.0.102-150200.78.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* tomcat-lib-9.0.102-150200.78.1
* tomcat-admin-webapps-9.0.102-150200.78.1
* tomcat-webapps-9.0.102-150200.78.1
* tomcat-el-3_0-api-9.0.102-150200.78.1
* tomcat-servlet-4_0-api-9.0.102-150200.78.1
* tomcat-9.0.102-150200.78.1
* tomcat-jsp-2_3-api-9.0.102-150200.78.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* tomcat-lib-9.0.102-150200.78.1
* tomcat-admin-webapps-9.0.102-150200.78.1
* tomcat-webapps-9.0.102-150200.78.1
* tomcat-el-3_0-api-9.0.102-150200.78.1
* tomcat-servlet-4_0-api-9.0.102-150200.78.1
* tomcat-9.0.102-150200.78.1
* tomcat-jsp-2_3-api-9.0.102-150200.78.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* tomcat-lib-9.0.102-150200.78.1
* tomcat-admin-webapps-9.0.102-150200.78.1
* tomcat-webapps-9.0.102-150200.78.1
* tomcat-el-3_0-api-9.0.102-150200.78.1
* tomcat-servlet-4_0-api-9.0.102-150200.78.1
* tomcat-9.0.102-150200.78.1
* tomcat-jsp-2_3-api-9.0.102-150200.78.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* tomcat-lib-9.0.102-150200.78.1
* tomcat-admin-webapps-9.0.102-150200.78.1
* tomcat-webapps-9.0.102-150200.78.1
* tomcat-el-3_0-api-9.0.102-150200.78.1
* tomcat-servlet-4_0-api-9.0.102-150200.78.1
* tomcat-9.0.102-150200.78.1
* tomcat-jsp-2_3-api-9.0.102-150200.78.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* tomcat-lib-9.0.102-150200.78.1
* tomcat-admin-webapps-9.0.102-150200.78.1
* tomcat-webapps-9.0.102-150200.78.1
* tomcat-el-3_0-api-9.0.102-150200.78.1
* tomcat-servlet-4_0-api-9.0.102-150200.78.1
* tomcat-9.0.102-150200.78.1
* tomcat-jsp-2_3-api-9.0.102-150200.78.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* tomcat-lib-9.0.102-150200.78.1
* tomcat-admin-webapps-9.0.102-150200.78.1
* tomcat-webapps-9.0.102-150200.78.1
* tomcat-el-3_0-api-9.0.102-150200.78.1
* tomcat-servlet-4_0-api-9.0.102-150200.78.1
* tomcat-9.0.102-150200.78.1
* tomcat-jsp-2_3-api-9.0.102-150200.78.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* tomcat-lib-9.0.102-150200.78.1
* tomcat-admin-webapps-9.0.102-150200.78.1
* tomcat-webapps-9.0.102-150200.78.1
* tomcat-el-3_0-api-9.0.102-150200.78.1
* tomcat-servlet-4_0-api-9.0.102-150200.78.1
* tomcat-9.0.102-150200.78.1
* tomcat-jsp-2_3-api-9.0.102-150200.78.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* tomcat-lib-9.0.102-150200.78.1
* tomcat-admin-webapps-9.0.102-150200.78.1
* tomcat-webapps-9.0.102-150200.78.1
* tomcat-el-3_0-api-9.0.102-150200.78.1
* tomcat-servlet-4_0-api-9.0.102-150200.78.1
* tomcat-9.0.102-150200.78.1
* tomcat-jsp-2_3-api-9.0.102-150200.78.1
## References:
* https://www.suse.com/security/cve/CVE-2024-56337.html
* https://www.suse.com/security/cve/CVE-2025-24813.html
* https://bugzilla.suse.com/show_bug.cgi?id=1239302
* https://bugzilla.suse.com/show_bug.cgi?id=1239676
SUSE-SU-2025:1125-1: important: Security update for libxslt
# Security update for libxslt
Announcement ID: SUSE-SU-2025:1125-1
Release Date: 2025-04-03T11:50:13Z
Rating: important
References:
* bsc#1238591
* bsc#1239625
* bsc#1239637
Cross-References:
* CVE-2023-40403
* CVE-2024-55549
* CVE-2025-24855
CVSS scores:
* CVE-2023-40403 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2023-40403 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2024-55549 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
* CVE-2024-55549 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
* CVE-2025-24855 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
* CVE-2025-24855 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
Affected Products:
* Basesystem Module 15-SP6
* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP6
An update that solves three vulnerabilities can now be installed.
## Description:
This update for libxslt fixes the following issues:
* CVE-2023-40403: Fixed sensitive information disclosure during processing web
content (bsc#1238591)
* CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637)
* CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1125=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1125=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-1125=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-1125=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-1125=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-1125=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-1125=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1125=1
* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1125=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1125=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1125=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1125=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1125=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1125=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1125=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1125=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1125=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1125=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-1125=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1125=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libxslt-tools-debuginfo-1.1.34-150400.3.6.1
* libxslt1-debuginfo-1.1.34-150400.3.6.1
* libxslt-tools-1.1.34-150400.3.6.1
* libxslt-debugsource-1.1.34-150400.3.6.1
* libxslt-devel-1.1.34-150400.3.6.1
* libxslt1-1.1.34-150400.3.6.1
* openSUSE Leap 15.4 (x86_64)
* libxslt1-32bit-debuginfo-1.1.34-150400.3.6.1
* libxslt1-32bit-1.1.34-150400.3.6.1
* libxslt-devel-32bit-1.1.34-150400.3.6.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libxslt1-64bit-1.1.34-150400.3.6.1
* libxslt1-64bit-debuginfo-1.1.34-150400.3.6.1
* libxslt-devel-64bit-1.1.34-150400.3.6.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libxslt-tools-debuginfo-1.1.34-150400.3.6.1
* libxslt1-debuginfo-1.1.34-150400.3.6.1
* libxslt-tools-1.1.34-150400.3.6.1
* libxslt-debugsource-1.1.34-150400.3.6.1
* libxslt-devel-1.1.34-150400.3.6.1
* libxslt1-1.1.34-150400.3.6.1
* openSUSE Leap 15.6 (x86_64)
* libxslt1-32bit-debuginfo-1.1.34-150400.3.6.1
* libxslt1-32bit-1.1.34-150400.3.6.1
* libxslt-devel-32bit-1.1.34-150400.3.6.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libxslt1-debuginfo-1.1.34-150400.3.6.1
* libxslt-debugsource-1.1.34-150400.3.6.1
* libxslt1-1.1.34-150400.3.6.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libxslt1-debuginfo-1.1.34-150400.3.6.1
* libxslt-debugsource-1.1.34-150400.3.6.1
* libxslt1-1.1.34-150400.3.6.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libxslt1-debuginfo-1.1.34-150400.3.6.1
* libxslt-debugsource-1.1.34-150400.3.6.1
* libxslt1-1.1.34-150400.3.6.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libxslt1-debuginfo-1.1.34-150400.3.6.1
* libxslt-debugsource-1.1.34-150400.3.6.1
* libxslt1-1.1.34-150400.3.6.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libxslt1-debuginfo-1.1.34-150400.3.6.1
* libxslt-debugsource-1.1.34-150400.3.6.1
* libxslt1-1.1.34-150400.3.6.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libxslt-tools-debuginfo-1.1.34-150400.3.6.1
* libxslt1-debuginfo-1.1.34-150400.3.6.1
* libxslt-tools-1.1.34-150400.3.6.1
* libxslt-debugsource-1.1.34-150400.3.6.1
* libxslt-devel-1.1.34-150400.3.6.1
* libxslt1-1.1.34-150400.3.6.1
* SUSE Package Hub 15 15-SP6 (x86_64)
* libxslt1-32bit-debuginfo-1.1.34-150400.3.6.1
* libxslt-debugsource-1.1.34-150400.3.6.1
* libxslt1-32bit-1.1.34-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libxslt-tools-debuginfo-1.1.34-150400.3.6.1
* libxslt1-debuginfo-1.1.34-150400.3.6.1
* libxslt-tools-1.1.34-150400.3.6.1
* libxslt-debugsource-1.1.34-150400.3.6.1
* libxslt-devel-1.1.34-150400.3.6.1
* libxslt1-1.1.34-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libxslt-tools-debuginfo-1.1.34-150400.3.6.1
* libxslt1-debuginfo-1.1.34-150400.3.6.1
* libxslt-tools-1.1.34-150400.3.6.1
* libxslt-debugsource-1.1.34-150400.3.6.1
* libxslt-devel-1.1.34-150400.3.6.1
* libxslt1-1.1.34-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libxslt-tools-debuginfo-1.1.34-150400.3.6.1
* libxslt1-debuginfo-1.1.34-150400.3.6.1
* libxslt-tools-1.1.34-150400.3.6.1
* libxslt-debugsource-1.1.34-150400.3.6.1
* libxslt-devel-1.1.34-150400.3.6.1
* libxslt1-1.1.34-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libxslt-tools-debuginfo-1.1.34-150400.3.6.1
* libxslt1-debuginfo-1.1.34-150400.3.6.1
* libxslt-tools-1.1.34-150400.3.6.1
* libxslt-debugsource-1.1.34-150400.3.6.1
* libxslt-devel-1.1.34-150400.3.6.1
* libxslt1-1.1.34-150400.3.6.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libxslt-tools-debuginfo-1.1.34-150400.3.6.1
* libxslt1-debuginfo-1.1.34-150400.3.6.1
* libxslt-tools-1.1.34-150400.3.6.1
* libxslt-debugsource-1.1.34-150400.3.6.1
* libxslt-devel-1.1.34-150400.3.6.1
* libxslt1-1.1.34-150400.3.6.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libxslt-tools-debuginfo-1.1.34-150400.3.6.1
* libxslt1-debuginfo-1.1.34-150400.3.6.1
* libxslt-tools-1.1.34-150400.3.6.1
* libxslt-debugsource-1.1.34-150400.3.6.1
* libxslt-devel-1.1.34-150400.3.6.1
* libxslt1-1.1.34-150400.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libxslt-tools-debuginfo-1.1.34-150400.3.6.1
* libxslt1-debuginfo-1.1.34-150400.3.6.1
* libxslt-tools-1.1.34-150400.3.6.1
* libxslt-debugsource-1.1.34-150400.3.6.1
* libxslt-devel-1.1.34-150400.3.6.1
* libxslt1-1.1.34-150400.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libxslt-tools-debuginfo-1.1.34-150400.3.6.1
* libxslt1-debuginfo-1.1.34-150400.3.6.1
* libxslt-tools-1.1.34-150400.3.6.1
* libxslt-debugsource-1.1.34-150400.3.6.1
* libxslt-devel-1.1.34-150400.3.6.1
* libxslt1-1.1.34-150400.3.6.1
* SUSE Manager Proxy 4.3 (x86_64)
* libxslt-tools-debuginfo-1.1.34-150400.3.6.1
* libxslt1-debuginfo-1.1.34-150400.3.6.1
* libxslt-tools-1.1.34-150400.3.6.1
* libxslt-debugsource-1.1.34-150400.3.6.1
* libxslt-devel-1.1.34-150400.3.6.1
* libxslt1-1.1.34-150400.3.6.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* libxslt-tools-debuginfo-1.1.34-150400.3.6.1
* libxslt1-debuginfo-1.1.34-150400.3.6.1
* libxslt-tools-1.1.34-150400.3.6.1
* libxslt-debugsource-1.1.34-150400.3.6.1
* libxslt-devel-1.1.34-150400.3.6.1
* libxslt1-1.1.34-150400.3.6.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* libxslt-tools-debuginfo-1.1.34-150400.3.6.1
* libxslt1-debuginfo-1.1.34-150400.3.6.1
* libxslt-tools-1.1.34-150400.3.6.1
* libxslt-debugsource-1.1.34-150400.3.6.1
* libxslt-devel-1.1.34-150400.3.6.1
* libxslt1-1.1.34-150400.3.6.1
## References:
* https://www.suse.com/security/cve/CVE-2023-40403.html
* https://www.suse.com/security/cve/CVE-2024-55549.html
* https://www.suse.com/security/cve/CVE-2025-24855.html
* https://bugzilla.suse.com/show_bug.cgi?id=1238591
* https://bugzilla.suse.com/show_bug.cgi?id=1239625
* https://bugzilla.suse.com/show_bug.cgi?id=1239637
SUSE-SU-2025:1129-1: moderate: Security update for GraphicsMagick
# Security update for GraphicsMagick
Announcement ID: SUSE-SU-2025:1129-1
Release Date: 2025-04-03T11:54:25Z
Rating: moderate
References:
* bsc#1239044
Cross-References:
* CVE-2025-27795
CVSS scores:
* CVE-2025-27795 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-27795 ( SUSE ): 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
* CVE-2025-27795 ( NVD ): 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6
An update that solves one vulnerability can now be installed.
## Description:
This update for GraphicsMagick fixes the following issues:
* CVE-2025-27795: Fixed missing image dimension resource limits in JXL
(bsc#1239044)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1129=1 openSUSE-SLE-15.6-2025-1129=1
* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1129=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* GraphicsMagick-devel-1.3.42-150600.3.4.1
* GraphicsMagick-1.3.42-150600.3.4.1
* libGraphicsMagick-Q16-3-1.3.42-150600.3.4.1
* libGraphicsMagick++-Q16-12-1.3.42-150600.3.4.1
* libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.4.1
* libGraphicsMagickWand-Q16-2-1.3.42-150600.3.4.1
* libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.4.1
* libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.4.1
* libGraphicsMagick++-devel-1.3.42-150600.3.4.1
* GraphicsMagick-debugsource-1.3.42-150600.3.4.1
* libGraphicsMagick3-config-1.3.42-150600.3.4.1
* perl-GraphicsMagick-1.3.42-150600.3.4.1
* GraphicsMagick-debuginfo-1.3.42-150600.3.4.1
* perl-GraphicsMagick-debuginfo-1.3.42-150600.3.4.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* GraphicsMagick-devel-1.3.42-150600.3.4.1
* GraphicsMagick-1.3.42-150600.3.4.1
* libGraphicsMagick-Q16-3-1.3.42-150600.3.4.1
* libGraphicsMagick++-Q16-12-1.3.42-150600.3.4.1
* libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.4.1
* libGraphicsMagickWand-Q16-2-1.3.42-150600.3.4.1
* libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.4.1
* libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.4.1
* libGraphicsMagick++-devel-1.3.42-150600.3.4.1
* GraphicsMagick-debugsource-1.3.42-150600.3.4.1
* libGraphicsMagick3-config-1.3.42-150600.3.4.1
* perl-GraphicsMagick-1.3.42-150600.3.4.1
* GraphicsMagick-debuginfo-1.3.42-150600.3.4.1
* perl-GraphicsMagick-debuginfo-1.3.42-150600.3.4.1
## References:
* https://www.suse.com/security/cve/CVE-2025-27795.html
* https://bugzilla.suse.com/show_bug.cgi?id=1239044
SUSE-SU-2025:1123-1: important: Security update for the Linux Kernel (Live Patch 47 for SLE 15 SP3)
# Security update for the Linux Kernel (Live Patch 47 for SLE 15 SP3)
Announcement ID: SUSE-SU-2025:1123-1
Release Date: 2025-04-03T11:15:36Z
Rating: important
References:
* bsc#1228012
* bsc#1228578
* bsc#1233023
Cross-References:
* CVE-2022-48791
* CVE-2022-49025
* CVE-2024-41062
CVSS scores:
* CVE-2022-48791 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49025 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49025 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41062 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41062 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves three vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.3.18-150300_59_170 fixes several issues.
The following security issues were fixed:
* CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination
table (bsc#1233023).
* CVE-2024-41062: Sync sock recv cb and release (bsc#1228578).
* CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-1124=1 SUSE-2025-1123=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1124=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-1123=1
## Package List:
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_164-default-debuginfo-11-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_45-debugsource-11-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_164-default-11-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-8-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_47-debugsource-8-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_170-preempt-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_164-preempt-debuginfo-11-150300.2.1
* kernel-livepatch-5_3_18-150300_59_164-preempt-11-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-preempt-debuginfo-8-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_170-default-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_164-default-11-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_47-debugsource-8-150300.2.1
## References:
* https://www.suse.com/security/cve/CVE-2022-48791.html
* https://www.suse.com/security/cve/CVE-2022-49025.html
* https://www.suse.com/security/cve/CVE-2024-41062.html
* https://bugzilla.suse.com/show_bug.cgi?id=1228012
* https://bugzilla.suse.com/show_bug.cgi?id=1228578
* https://bugzilla.suse.com/show_bug.cgi?id=1233023
SUSE-SU-2025:1128-1: important: Security update for ffmpeg-4
# Security update for ffmpeg-4
Announcement ID: SUSE-SU-2025:1128-1
Release Date: 2025-04-03T11:54:06Z
Rating: important
References:
* bsc#1186756
* bsc#1202848
* bsc#1215945
* bsc#1219494
* bsc#1229338
* bsc#1230983
* bsc#1234028
* bsc#1235092
* bsc#1236007
* bsc#1237351
* bsc#1237358
* bsc#1237371
* bsc#1237382
* jsc#PED-10024
Cross-References:
* CVE-2020-22037
* CVE-2024-12361
* CVE-2024-35368
* CVE-2024-36613
* CVE-2025-0518
* CVE-2025-22919
* CVE-2025-22921
* CVE-2025-25473
CVSS scores:
* CVE-2020-22037 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2020-22037 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-12361 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-12361 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-35368 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-35368 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-35368 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36613 ( SUSE ): 4.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-36613 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
* CVE-2024-36613 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-0518 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-0518 ( NVD ): 4.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-22919 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-22919 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-22919 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-22921 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-22921 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-22921 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-25473 ( SUSE ): 0.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-25473 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
* CVE-2025-25473 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves eight vulnerabilities, contains one feature and has five
security fixes can now be installed.
## Description:
This update for ffmpeg-4 fixes the following issues:
* CVE-2020-22037: Fixed unchecked return value of the init_vlc function
(bsc#1186756)
* CVE-2024-12361: Fixed null pointer dereference (bsc#1237358)
* CVE-2024-35368: Fixed double free via the rkmpp_retrieve_frame function
within libavcodec/rkmppdec.c (bsc#1234028)
* CVE-2024-36613: Fixed integer overflow in the DXA demuxer of the libavformat
library (bsc#1235092)
* CVE-2025-0518: Fixed memory leak due to unchecked sscanf return value
(bsc#1236007)
* CVE-2025-22919: Fixed denial of service (DoS) via opening a crafted AAC file
(bsc#1237371)
* CVE-2025-22921: Fixed segmentation violation in NULL pointer dereference via
the component /libavcodec/jpeg2000dec.c (bsc#1237382)
* CVE-2025-25473: Fixed memory leak in avformat_free_context() (bsc#1237351)
Other fixes:
* Build with SVT-AV1 3.0.0.
* Update to release 4.4.5:
* Adjust bconds to build the package in SLFO without xvidcore.
* Add 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
(bsc#1229338)
* Add ffmpeg-c99.patch so that the package conforms to the C99 standard and
builds on i586 with GCC 14.
* No longer build against libmfx; build against libvpl (bsc#1230983,
bsc#1219494)
* Drop libmfx dependency from our product (jira #PED-10024)
* Update patch to build with glslang 14
* Disable vmaf integration as ffmpeg-4 cannot handle vmaf>=3
* Copy codec list from ffmpeg-6
* Resolve build failure with binutils >= 2.41. (bsc#1215945)
* Update to version 4.4.4:
* avcodec/012v: Order operations for odd size handling
* avcodec/alsdec: The minimal block is at least 7 bits
* avcodec/bink:
* Avoid undefined out of array end pointers in
binkb_decode_plane()
* Fix off by 1 error in ref end
* avcodec/eac3dec: avoid float noise in fixed mode addition to
overflow
* avcodec/eatgq: : Check index increments in tgq_decode_block()
* avcodec/escape124:
* Fix signdness of end of input check
* Fix some return codes
* avcodec/ffv1dec:
* Check that num h/v slices is supported
* Fail earlier if prior context is corrupted
* Restructure slice coordinate reading a bit
* avcodec/mjpegenc: take into account component count when
writing the SOF header size
* avcodec/mlpdec: Check max matrix instead of max channel in
noise check
* avcodec/motionpixels: Mask pixels to valid values
* avcodec/mpeg12dec: Check input size
* avcodec/nvenc:
* Fix b-frame DTS behavior with fractional framerates
* Fix vbv buffer size in cq mode
* avcodec/pictordec: Remove mid exit branch
* avcodec/pngdec: Check deloco index more exactly
* avcodec/rpzaenc: stop accessing out of bounds frame
* avcodec/scpr3: Check bx
* avcodec/scpr: Test bx before use
* avcodec/snowenc: Fix visual weight calculation
* avcodec/speedhq: Check buf_size to be big enough for DC
* avcodec/sunrast: Fix maplength check
* avcodec/tests/snowenc:
* Fix 2nd test
* Return a failure if DWT/IDWT mismatches
* Unbreak DWT tests
* avcodec/tiff: Ignore tile_count
* avcodec/utils:
* Allocate a line more for VC1 and WMV3
* Ensure linesize for SVQ3
* Use 32pixel alignment for bink
* avcodec/videodsp_template: Adjust pointers to avoid undefined
pointer things
* avcodec/vp3: Add missing check for av_malloc
* avcodec/wavpack:
* Avoid undefined shift in get_tail()
* Check for end of input in wv_unpack_dsd_high()
* avcodec/xpmdec: Check size before allocation to avoid
truncation
* avfilter/vf_untile: swap the chroma shift values used for plane
offsets
* avformat/id3v2: Check taglen in read_uslt()
* avformat/mov: Check samplesize and offset to avoid integer
overflow
* avformat/mxfdec: Use 64bit in remainder
* avformat/nutdec: Add check for avformat_new_stream
* avformat/replaygain: avoid undefined / negative abs
* swscale/input: Use more unsigned intermediates
* swscale/output: Bias 16bps output calculations to improve non
overflowing range
* swscale: aarch64: Fix yuv2rgb with negative stride
* Use https for repository links
* Update to version 4.4.3:
* Stable bug fix release, mainly codecs, filter and format fixes.
* Add patch to detect SDL2 >= 2.1.0 (bsc#1202848):
* Update to version 4.4.2:
* Stable bug fix release, mainly codecs, filter and format fixes.
* Add conflicts for ffmpeg-5's tools
* Enable Vulkan filters
* Fix OS version check, so nvcodec is enabled for Leap too.
* Disamble libsmbclient usage (can always be built with
\--with-smbclient): the usecase of ffmpeg directly accessing
smb:// shares is quite constructed (most users will have their
smb shares mounted).
* Update to version 4.4.1:
* Stable bug fix release, mainly codecs and format fixes.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1128=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1128=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1128=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1128=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1128=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libpostproc55_9-debuginfo-4.4.5-150400.3.46.1
* ffmpeg-4-debugsource-4.4.5-150400.3.46.1
* libavcodec58_134-4.4.5-150400.3.46.1
* ffmpeg-4-libavdevice-devel-4.4.5-150400.3.46.1
* ffmpeg-4-libavresample-devel-4.4.5-150400.3.46.1
* ffmpeg-4-libswscale-devel-4.4.5-150400.3.46.1
* libavfilter7_110-debuginfo-4.4.5-150400.3.46.1
* libavformat58_76-4.4.5-150400.3.46.1
* libavutil56_70-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-debuginfo-4.4.5-150400.3.46.1
* libavresample4_0-4.4.5-150400.3.46.1
* ffmpeg-4-libswresample-devel-4.4.5-150400.3.46.1
* libavdevice58_13-debuginfo-4.4.5-150400.3.46.1
* ffmpeg-4-4.4.5-150400.3.46.1
* ffmpeg-4-debuginfo-4.4.5-150400.3.46.1
* libswscale5_9-debuginfo-4.4.5-150400.3.46.1
* libavcodec58_134-debuginfo-4.4.5-150400.3.46.1
* libavutil56_70-4.4.5-150400.3.46.1
* ffmpeg-4-libavutil-devel-4.4.5-150400.3.46.1
* libpostproc55_9-4.4.5-150400.3.46.1
* ffmpeg-4-libpostproc-devel-4.4.5-150400.3.46.1
* libavfilter7_110-4.4.5-150400.3.46.1
* ffmpeg-4-libavcodec-devel-4.4.5-150400.3.46.1
* ffmpeg-4-libavfilter-devel-4.4.5-150400.3.46.1
* ffmpeg-4-libavformat-devel-4.4.5-150400.3.46.1
* libswscale5_9-4.4.5-150400.3.46.1
* libavformat58_76-debuginfo-4.4.5-150400.3.46.1
* libavdevice58_13-4.4.5-150400.3.46.1
* libswresample3_9-4.4.5-150400.3.46.1
* ffmpeg-4-private-devel-4.4.5-150400.3.46.1
* libavresample4_0-debuginfo-4.4.5-150400.3.46.1
* openSUSE Leap 15.4 (x86_64)
* libavresample4_0-32bit-4.4.5-150400.3.46.1
* libswresample3_9-32bit-debuginfo-4.4.5-150400.3.46.1
* libavformat58_76-32bit-debuginfo-4.4.5-150400.3.46.1
* libavresample4_0-32bit-debuginfo-4.4.5-150400.3.46.1
* libpostproc55_9-32bit-4.4.5-150400.3.46.1
* libavcodec58_134-32bit-debuginfo-4.4.5-150400.3.46.1
* libavcodec58_134-32bit-4.4.5-150400.3.46.1
* libswresample3_9-32bit-4.4.5-150400.3.46.1
* libswscale5_9-32bit-debuginfo-4.4.5-150400.3.46.1
* libavdevice58_13-32bit-debuginfo-4.4.5-150400.3.46.1
* libavformat58_76-32bit-4.4.5-150400.3.46.1
* libpostproc55_9-32bit-debuginfo-4.4.5-150400.3.46.1
* libswscale5_9-32bit-4.4.5-150400.3.46.1
* libavfilter7_110-32bit-debuginfo-4.4.5-150400.3.46.1
* libavfilter7_110-32bit-4.4.5-150400.3.46.1
* libavutil56_70-32bit-debuginfo-4.4.5-150400.3.46.1
* libavutil56_70-32bit-4.4.5-150400.3.46.1
* libavdevice58_13-32bit-4.4.5-150400.3.46.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libavresample4_0-64bit-debuginfo-4.4.5-150400.3.46.1
* libpostproc55_9-64bit-4.4.5-150400.3.46.1
* libavutil56_70-64bit-4.4.5-150400.3.46.1
* libavfilter7_110-64bit-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-64bit-debuginfo-4.4.5-150400.3.46.1
* libswscale5_9-64bit-4.4.5-150400.3.46.1
* libavfilter7_110-64bit-4.4.5-150400.3.46.1
* libavdevice58_13-64bit-4.4.5-150400.3.46.1
* libpostproc55_9-64bit-debuginfo-4.4.5-150400.3.46.1
* libavcodec58_134-64bit-debuginfo-4.4.5-150400.3.46.1
* libavresample4_0-64bit-4.4.5-150400.3.46.1
* libswscale5_9-64bit-debuginfo-4.4.5-150400.3.46.1
* libavdevice58_13-64bit-debuginfo-4.4.5-150400.3.46.1
* libavformat58_76-64bit-debuginfo-4.4.5-150400.3.46.1
* libavcodec58_134-64bit-4.4.5-150400.3.46.1
* libavutil56_70-64bit-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-64bit-4.4.5-150400.3.46.1
* libavformat58_76-64bit-4.4.5-150400.3.46.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libpostproc55_9-4.4.5-150400.3.46.1
* libpostproc55_9-debuginfo-4.4.5-150400.3.46.1
* ffmpeg-4-debugsource-4.4.5-150400.3.46.1
* libavcodec58_134-4.4.5-150400.3.46.1
* libavformat58_76-debuginfo-4.4.5-150400.3.46.1
* libavutil56_70-debuginfo-4.4.5-150400.3.46.1
* libavformat58_76-4.4.5-150400.3.46.1
* ffmpeg-4-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-4.4.5-150400.3.46.1
* libavcodec58_134-debuginfo-4.4.5-150400.3.46.1
* libavutil56_70-4.4.5-150400.3.46.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libpostproc55_9-4.4.5-150400.3.46.1
* libpostproc55_9-debuginfo-4.4.5-150400.3.46.1
* ffmpeg-4-debugsource-4.4.5-150400.3.46.1
* libavcodec58_134-4.4.5-150400.3.46.1
* libavformat58_76-debuginfo-4.4.5-150400.3.46.1
* libavutil56_70-debuginfo-4.4.5-150400.3.46.1
* libavformat58_76-4.4.5-150400.3.46.1
* ffmpeg-4-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-4.4.5-150400.3.46.1
* libavcodec58_134-debuginfo-4.4.5-150400.3.46.1
* libavutil56_70-4.4.5-150400.3.46.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libpostproc55_9-4.4.5-150400.3.46.1
* libpostproc55_9-debuginfo-4.4.5-150400.3.46.1
* ffmpeg-4-debugsource-4.4.5-150400.3.46.1
* libavcodec58_134-4.4.5-150400.3.46.1
* libavformat58_76-debuginfo-4.4.5-150400.3.46.1
* libavutil56_70-debuginfo-4.4.5-150400.3.46.1
* libavformat58_76-4.4.5-150400.3.46.1
* ffmpeg-4-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-4.4.5-150400.3.46.1
* libavcodec58_134-debuginfo-4.4.5-150400.3.46.1
* libavutil56_70-4.4.5-150400.3.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libpostproc55_9-4.4.5-150400.3.46.1
* libpostproc55_9-debuginfo-4.4.5-150400.3.46.1
* ffmpeg-4-debugsource-4.4.5-150400.3.46.1
* libavcodec58_134-4.4.5-150400.3.46.1
* libavformat58_76-debuginfo-4.4.5-150400.3.46.1
* libavutil56_70-debuginfo-4.4.5-150400.3.46.1
* libavformat58_76-4.4.5-150400.3.46.1
* ffmpeg-4-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-4.4.5-150400.3.46.1
* libavcodec58_134-debuginfo-4.4.5-150400.3.46.1
* libavutil56_70-4.4.5-150400.3.46.1
## References:
* https://www.suse.com/security/cve/CVE-2020-22037.html
* https://www.suse.com/security/cve/CVE-2024-12361.html
* https://www.suse.com/security/cve/CVE-2024-35368.html
* https://www.suse.com/security/cve/CVE-2024-36613.html
* https://www.suse.com/security/cve/CVE-2025-0518.html
* https://www.suse.com/security/cve/CVE-2025-22919.html
* https://www.suse.com/security/cve/CVE-2025-22921.html
* https://www.suse.com/security/cve/CVE-2025-25473.html
* https://bugzilla.suse.com/show_bug.cgi?id=1186756
* https://bugzilla.suse.com/show_bug.cgi?id=1202848
* https://bugzilla.suse.com/show_bug.cgi?id=1215945
* https://bugzilla.suse.com/show_bug.cgi?id=1219494
* https://bugzilla.suse.com/show_bug.cgi?id=1229338
* https://bugzilla.suse.com/show_bug.cgi?id=1230983
* https://bugzilla.suse.com/show_bug.cgi?id=1234028
* https://bugzilla.suse.com/show_bug.cgi?id=1235092
* https://bugzilla.suse.com/show_bug.cgi?id=1236007
* https://bugzilla.suse.com/show_bug.cgi?id=1237351
* https://bugzilla.suse.com/show_bug.cgi?id=1237358
* https://bugzilla.suse.com/show_bug.cgi?id=1237371
* https://bugzilla.suse.com/show_bug.cgi?id=1237382
* https://jira.suse.com/browse/PED-10024
SUSE-SU-2025:1127-1: important: Security update for ghostscript
# Security update for ghostscript
Announcement ID: SUSE-SU-2025:1127-1
Release Date: 2025-04-03T11:53:43Z
Rating: important
References:
* bsc#1240075
* bsc#1240077
* bsc#1240080
* bsc#1240081
Cross-References:
* CVE-2025-27831
* CVE-2025-27832
* CVE-2025-27835
* CVE-2025-27836
CVSS scores:
* CVE-2025-27831 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2025-27831 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-27832 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
* CVE-2025-27832 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-27835 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
* CVE-2025-27835 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-27836 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2025-27836 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves four vulnerabilities can now be installed.
## Description:
This update for ghostscript fixes the following issues:
* CVE-2025-27831: Fixed text buffer overflow in DOCXWRITE TXTWRITE device via
long characters to devices/vector/doc_common.c (bsc#1240075)
* CVE-2025-27832: Fixed compression buffer overflow in NPDL device for
contrib/japanese/gdevnpdl.c (bsc#1240077)
* CVE-2025-27835: Fixed buffer overflow occurs when converting glyphs to
Unicode in psi/zbfont.c (bsc#1240080)
* CVE-2025-27836: Fixed Print buffer overflow in BJ10V device in
contrib/japanese/gdev10v.c (bsc#1240081)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1127=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1127=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1127=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1127=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1127=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1127=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1127=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1127=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1127=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1127=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1127=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1127=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1127=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1127=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-1127=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1127=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-1127=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* ghostscript-x11-debuginfo-9.52-150000.203.1
* ghostscript-x11-9.52-150000.203.1
* ghostscript-debugsource-9.52-150000.203.1
* ghostscript-devel-9.52-150000.203.1
* ghostscript-debuginfo-9.52-150000.203.1
* ghostscript-9.52-150000.203.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* ghostscript-x11-debuginfo-9.52-150000.203.1
* ghostscript-x11-9.52-150000.203.1
* ghostscript-debugsource-9.52-150000.203.1
* ghostscript-devel-9.52-150000.203.1
* ghostscript-debuginfo-9.52-150000.203.1
* ghostscript-9.52-150000.203.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* ghostscript-x11-debuginfo-9.52-150000.203.1
* ghostscript-x11-9.52-150000.203.1
* ghostscript-debugsource-9.52-150000.203.1
* ghostscript-devel-9.52-150000.203.1
* ghostscript-debuginfo-9.52-150000.203.1
* ghostscript-9.52-150000.203.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* ghostscript-x11-debuginfo-9.52-150000.203.1
* ghostscript-x11-9.52-150000.203.1
* ghostscript-debugsource-9.52-150000.203.1
* ghostscript-devel-9.52-150000.203.1
* ghostscript-debuginfo-9.52-150000.203.1
* ghostscript-9.52-150000.203.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* ghostscript-x11-debuginfo-9.52-150000.203.1
* ghostscript-x11-9.52-150000.203.1
* ghostscript-debugsource-9.52-150000.203.1
* ghostscript-devel-9.52-150000.203.1
* ghostscript-debuginfo-9.52-150000.203.1
* ghostscript-9.52-150000.203.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* ghostscript-x11-debuginfo-9.52-150000.203.1
* ghostscript-x11-9.52-150000.203.1
* ghostscript-debugsource-9.52-150000.203.1
* ghostscript-devel-9.52-150000.203.1
* ghostscript-debuginfo-9.52-150000.203.1
* ghostscript-9.52-150000.203.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* ghostscript-x11-debuginfo-9.52-150000.203.1
* ghostscript-x11-9.52-150000.203.1
* ghostscript-debugsource-9.52-150000.203.1
* ghostscript-devel-9.52-150000.203.1
* ghostscript-debuginfo-9.52-150000.203.1
* ghostscript-9.52-150000.203.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* ghostscript-x11-debuginfo-9.52-150000.203.1
* ghostscript-x11-9.52-150000.203.1
* ghostscript-debugsource-9.52-150000.203.1
* ghostscript-devel-9.52-150000.203.1
* ghostscript-debuginfo-9.52-150000.203.1
* ghostscript-9.52-150000.203.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* ghostscript-x11-debuginfo-9.52-150000.203.1
* ghostscript-x11-9.52-150000.203.1
* ghostscript-debugsource-9.52-150000.203.1
* ghostscript-devel-9.52-150000.203.1
* ghostscript-debuginfo-9.52-150000.203.1
* ghostscript-9.52-150000.203.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* ghostscript-x11-debuginfo-9.52-150000.203.1
* ghostscript-x11-9.52-150000.203.1
* ghostscript-debugsource-9.52-150000.203.1
* ghostscript-devel-9.52-150000.203.1
* ghostscript-debuginfo-9.52-150000.203.1
* ghostscript-9.52-150000.203.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* ghostscript-x11-debuginfo-9.52-150000.203.1
* ghostscript-x11-9.52-150000.203.1
* ghostscript-debugsource-9.52-150000.203.1
* ghostscript-devel-9.52-150000.203.1
* ghostscript-debuginfo-9.52-150000.203.1
* ghostscript-9.52-150000.203.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* ghostscript-x11-debuginfo-9.52-150000.203.1
* ghostscript-x11-9.52-150000.203.1
* ghostscript-debugsource-9.52-150000.203.1
* ghostscript-devel-9.52-150000.203.1
* ghostscript-debuginfo-9.52-150000.203.1
* ghostscript-9.52-150000.203.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* ghostscript-x11-debuginfo-9.52-150000.203.1
* ghostscript-x11-9.52-150000.203.1
* ghostscript-debugsource-9.52-150000.203.1
* ghostscript-devel-9.52-150000.203.1
* ghostscript-debuginfo-9.52-150000.203.1
* ghostscript-9.52-150000.203.1
* SUSE Manager Proxy 4.3 (x86_64)
* ghostscript-x11-debuginfo-9.52-150000.203.1
* ghostscript-x11-9.52-150000.203.1
* ghostscript-debugsource-9.52-150000.203.1
* ghostscript-devel-9.52-150000.203.1
* ghostscript-debuginfo-9.52-150000.203.1
* ghostscript-9.52-150000.203.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* ghostscript-x11-debuginfo-9.52-150000.203.1
* ghostscript-x11-9.52-150000.203.1
* ghostscript-debugsource-9.52-150000.203.1
* ghostscript-devel-9.52-150000.203.1
* ghostscript-debuginfo-9.52-150000.203.1
* ghostscript-9.52-150000.203.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* ghostscript-x11-debuginfo-9.52-150000.203.1
* ghostscript-x11-9.52-150000.203.1
* ghostscript-debugsource-9.52-150000.203.1
* ghostscript-devel-9.52-150000.203.1
* ghostscript-debuginfo-9.52-150000.203.1
* ghostscript-9.52-150000.203.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* ghostscript-x11-debuginfo-9.52-150000.203.1
* ghostscript-x11-9.52-150000.203.1
* ghostscript-debugsource-9.52-150000.203.1
* ghostscript-devel-9.52-150000.203.1
* ghostscript-debuginfo-9.52-150000.203.1
* ghostscript-9.52-150000.203.1
## References:
* https://www.suse.com/security/cve/CVE-2025-27831.html
* https://www.suse.com/security/cve/CVE-2025-27832.html
* https://www.suse.com/security/cve/CVE-2025-27835.html
* https://www.suse.com/security/cve/CVE-2025-27836.html
* https://bugzilla.suse.com/show_bug.cgi?id=1240075
* https://bugzilla.suse.com/show_bug.cgi?id=1240077
* https://bugzilla.suse.com/show_bug.cgi?id=1240080
* https://bugzilla.suse.com/show_bug.cgi?id=1240081
SUSE-SU-2025:1139-1: important: Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)
# Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)
Announcement ID: SUSE-SU-2025:1139-1
Release Date: 2025-04-03T16:33:54Z
Rating: important
References:
* bsc#1228012
* bsc#1228578
* bsc#1233023
Cross-References:
* CVE-2022-48791
* CVE-2022-49025
* CVE-2024-41062
CVSS scores:
* CVE-2022-48791 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49025 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49025 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41062 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41062 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves three vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.3.18-150300_59_161 fixes several issues.
The following security issues were fixed:
* CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination
table (bsc#1233023).
* CVE-2024-41062: Sync sock recv cb and release (bsc#1228578).
* CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-1139=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1139=1
## Package List:
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_161-default-14-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_44-debugsource-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_161-default-debuginfo-14-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_161-preempt-debuginfo-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_161-preempt-14-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_161-default-14-150300.2.1
## References:
* https://www.suse.com/security/cve/CVE-2022-48791.html
* https://www.suse.com/security/cve/CVE-2022-49025.html
* https://www.suse.com/security/cve/CVE-2024-41062.html
* https://bugzilla.suse.com/show_bug.cgi?id=1228012
* https://bugzilla.suse.com/show_bug.cgi?id=1228578
* https://bugzilla.suse.com/show_bug.cgi?id=1233023
openSUSE-SU-2025:14955-1: moderate: govulncheck-vulndb-0.0.20250331T171002-1.1 on GA media
# govulncheck-vulndb-0.0.20250331T171002-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14955-1
Rating: moderate
Cross-References:
* CVE-2024-12055
* CVE-2024-12886
* CVE-2025-0315
* CVE-2025-0317
Affected Products:
* openSUSE Tumbleweed
An update that solves 4 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the govulncheck-vulndb-0.0.20250331T171002-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* govulncheck-vulndb 0.0.20250331T171002-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-12055.html
* https://www.suse.com/security/cve/CVE-2024-12886.html
* https://www.suse.com/security/cve/CVE-2025-0315.html
* https://www.suse.com/security/cve/CVE-2025-0317.html
