Warewulf4, Kernel, Govulncheck-Vulndb, Firefox updates for SUSE

SUSE 5275 Published 3 days ago by Philipp Esselbach

News

SUSE Linux has announced the release of multiple security updates, which include warewulf4, live patches for the Linux Kernel, govulncheck-vulndb, and Mozilla Firefox:

SUSE-SU-2025:1094-1: important: Security update for warewulf4
SUSE-SU-2025:1104-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)
SUSE-SU-2025:1099-1: moderate: Security update for govulncheck-vulndb
openSUSE-SU-2025:14948-1: moderate: MozillaFirefox-136.0.4-1.1 on GA media
SUSE-SU-2025:1119-1: important: Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)
SUSE-SU-2025:1120-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP5)
SUSE-SU-2025:1114-1: important: Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)
SUSE-SU-2025:1121-1: important: Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)
openSUSE-SU-2025:0113-1: important: Security update for assimp

SUSE-SU-2025:1094-1: important: Security update for warewulf4

# Security update for warewulf4

Announcement ID: SUSE-SU-2025:1094-1
Release Date: 2025-04-02T03:37:41Z
Rating: important
References:

* bsc#1226654
* bsc#1238611
* bsc#1239322

Cross-References:

* CVE-2025-22869
* CVE-2025-22870

CVSS scores:

* CVE-2025-22869 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22870 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-22870 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-22870 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Affected Products:

* HPC Module 15-SP6
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP6

An update that solves two vulnerabilities and has one security fix can now be
installed.

## Description:

This update for warewulf4 fixes the following issues:

warewulf4 was updated from version 4.5.8 to 4.6.0:

* Security issues fixed for version 4.6.0:

* CVE-2025-22869: Fixed Denial of Service vulnerability in the Key Exchange of
golang.org/x/crypto/ssh (bsc#1239322)

* CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238611)

* User visible changes:

* Default values `nodes.conf`:

* The default values for `kernel command line`, `init parameters` and `root` are now set in the `default` profile and this profileshould be included in every profile. During the installation of an update an upgrade is done to `nodes.conf` which updates the database accordingly.
* Overlay split up:

* The overlays `wwinit` and `runtime` are now split up in different overlays named according to their role. The upgrade process will update the node database and replace the overlays `wwinit` and `runtime` with a list of overlays with same role.
* Site and distribution overlays:

* The overlays in `/var/lib/warewulf/overlays` should not be changed by the user any more. Site specific overlays are now sorted under `/etc/warewulf/overlays`. On upgrade, changed overlays are stored with the `rpmsave` suffix and move to `/etc/warewulf/overlays/$OVERLAYNAME`.
* Other changes and bugs fixed:

* Fixed udev issue with assigning device names (bsc#1226654)

* Implemented new package `warewulf-reference-doc` with the reference
documentation for Warewulf 4 as PDF
* The configuation files nodes.conf and warewulf.conf will be updated on
upgrade and the unmodified configuration files will be saved as
nodes.conf.4.5.x and warewulf.conf.4.5.x

* Summary of upstream changes:

* New configuration upgrade system

* Changes to the default profile
* Renamed containers to (node) images
* New kernel management system
* Parallel overlay builds
* Sprig functions in overlay templates
* Improved network overlays
* Nested profiles
* Arbitrary "resources" data in nodes.conf
* NFS client configuration in nodes.conf
* Emphatically optional syncuser
* Improved network boot observability
* Particularly significant changes, especially those affecting the user
interface, are described in the release notes:

* https://warewulf.org/docs/v4.6.x/release/v4.6.0.html

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-1094=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1094=1

* HPC Module 15-SP6
zypper in -t patch SUSE-SLE-Module-HPC-15-SP6-2025-1094=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1094=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1094=1

## Package List:

* openSUSE Leap 15.5 (aarch64 x86_64)
* warewulf4-4.6.0-150500.6.34.1
* warewulf4-overlay-4.6.0-150500.6.34.1
* openSUSE Leap 15.5 (noarch)
* warewulf4-man-4.6.0-150500.6.34.1
* warewulf4-dracut-4.6.0-150500.6.34.1
* warewulf4-overlay-slurm-4.6.0-150500.6.34.1
* warewulf4-overlay-rke2-4.6.0-150500.6.34.1
* warewulf4-reference-doc-4.6.0-150500.6.34.1
* openSUSE Leap 15.6 (aarch64 x86_64)
* warewulf4-4.6.0-150500.6.34.1
* warewulf4-overlay-4.6.0-150500.6.34.1
* openSUSE Leap 15.6 (noarch)
* warewulf4-overlay-slurm-4.6.0-150500.6.34.1
* warewulf4-dracut-4.6.0-150500.6.34.1
* warewulf4-reference-doc-4.6.0-150500.6.34.1
* warewulf4-man-4.6.0-150500.6.34.1
* HPC Module 15-SP6 (aarch64 x86_64)
* warewulf4-4.6.0-150500.6.34.1
* warewulf4-overlay-4.6.0-150500.6.34.1
* HPC Module 15-SP6 (noarch)
* warewulf4-overlay-slurm-4.6.0-150500.6.34.1
* warewulf4-dracut-4.6.0-150500.6.34.1
* warewulf4-reference-doc-4.6.0-150500.6.34.1
* warewulf4-man-4.6.0-150500.6.34.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* warewulf4-4.6.0-150500.6.34.1
* warewulf4-overlay-4.6.0-150500.6.34.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* warewulf4-overlay-slurm-4.6.0-150500.6.34.1
* warewulf4-dracut-4.6.0-150500.6.34.1
* warewulf4-reference-doc-4.6.0-150500.6.34.1
* warewulf4-man-4.6.0-150500.6.34.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* warewulf4-4.6.0-150500.6.34.1
* warewulf4-overlay-4.6.0-150500.6.34.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* warewulf4-overlay-slurm-4.6.0-150500.6.34.1
* warewulf4-dracut-4.6.0-150500.6.34.1
* warewulf4-reference-doc-4.6.0-150500.6.34.1
* warewulf4-man-4.6.0-150500.6.34.1

## References:

* https://www.suse.com/security/cve/CVE-2025-22869.html
* https://www.suse.com/security/cve/CVE-2025-22870.html
* https://bugzilla.suse.com/show_bug.cgi?id=1226654
* https://bugzilla.suse.com/show_bug.cgi?id=1238611
* https://bugzilla.suse.com/show_bug.cgi?id=1239322

SUSE-SU-2025:1104-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)

# Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:1104-1
Release Date: 2025-04-02T10:33:56Z
Rating: important
References:

* bsc#1228578

Cross-References:

* CVE-2024-41062

CVSS scores:

* CVE-2024-41062 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41062 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_62 fixes one issue.

The following security issue was fixed:

* CVE-2024-41062: Sync sock recv cb and release (bsc#1228578).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1104=1 SUSE-2025-1105=1 SUSE-2025-1106=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-1104=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-1105=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2025-1106=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-1108=1 SUSE-2025-1107=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-1108=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-1107=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-12-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_27-debugsource-12-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_28-debugsource-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_111-default-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_122-default-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_125-default-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_111-default-debuginfo-15-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_24-debugsource-15-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-12-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_27-debugsource-12-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_28-debugsource-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_111-default-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_122-default-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_125-default-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_111-default-debuginfo-15-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_24-debugsource-15-150400.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_11-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_62-default-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_62-default-debuginfo-13-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_13-debugsource-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_52-default-debuginfo-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_52-default-15-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_11-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_62-default-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_62-default-debuginfo-13-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_13-debugsource-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_52-default-debuginfo-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_52-default-15-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-41062.html
* https://bugzilla.suse.com/show_bug.cgi?id=1228578

SUSE-SU-2025:1099-1: moderate: Security update for govulncheck-vulndb

# Security update for govulncheck-vulndb

Announcement ID: SUSE-SU-2025:1099-1
Release Date: 2025-04-02T08:14:12Z
Rating: moderate
References:

* jsc#PED-11136

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that contains one feature can now be installed.

## Description:

This update for govulncheck-vulndb fixes the following issues:

* Update to version 0.0.20250331T171002 2025-03-31T17:10:02Z (jsc#PED-11136)
* GO-2025-3443
* GO-2025-3548
* GO-2025-3557
* GO-2025-3558
* GO-2025-3559

* Update to version 0.0.20250327T184518 2025-03-27T18:45:18Z (jsc#PED-11136)

* GO-2025-3526

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1099=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1099=1

## Package List:

* SUSE Package Hub 15 15-SP6 (noarch)
* govulncheck-vulndb-0.0.20250331T171002-150000.1.49.1
* openSUSE Leap 15.6 (noarch)
* govulncheck-vulndb-0.0.20250331T171002-150000.1.49.1

## References:

* https://jira.suse.com/browse/PED-11136

openSUSE-SU-2025:14948-1: moderate: MozillaFirefox-136.0.4-1.1 on GA media

# MozillaFirefox-136.0.4-1.1 on GA media

Announcement ID: openSUSE-SU-2025:14948-1
Rating: moderate

Cross-References:

* CVE-2025-2857

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the MozillaFirefox-136.0.4-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* MozillaFirefox 136.0.4-1.1
* MozillaFirefox-branding-upstream 136.0.4-1.1
* MozillaFirefox-devel 136.0.4-1.1
* MozillaFirefox-translations-common 136.0.4-1.1
* MozillaFirefox-translations-other 136.0.4-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-2857.html

SUSE-SU-2025:1119-1: important: Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)

# Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:1119-1
Release Date: 2025-04-02T15:03:49Z
Rating: important
References:

* bsc#1228012
* bsc#1228578
* bsc#1233023

Cross-References:

* CVE-2022-48791
* CVE-2022-49025
* CVE-2024-41062

CVSS scores:

* CVE-2022-48791 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49025 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49025 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41062 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41062 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_167 fixes several issues.

The following security issues were fixed:

* CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination
table (bsc#1233023).
* CVE-2024-41062: Sync sock recv cb and release (bsc#1228578).
* CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-1112=1 SUSE-2025-1119=1 SUSE-2025-1109=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1112=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-1119=1 SUSE-SLE-Module-Live-
Patching-15-SP3-2025-1109=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_43-debugsource-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_158-default-debuginfo-15-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_42-debugsource-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_153-default-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_153-default-debuginfo-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_167-default-debuginfo-10-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_46-debugsource-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_167-default-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_158-default-15-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_153-preempt-debuginfo-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_158-preempt-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_167-preempt-debuginfo-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_158-preempt-debuginfo-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_153-preempt-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_167-preempt-10-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_158-default-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_167-default-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_153-default-16-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-48791.html
* https://www.suse.com/security/cve/CVE-2022-49025.html
* https://www.suse.com/security/cve/CVE-2024-41062.html
* https://bugzilla.suse.com/show_bug.cgi?id=1228012
* https://bugzilla.suse.com/show_bug.cgi?id=1228578
* https://bugzilla.suse.com/show_bug.cgi?id=1233023

SUSE-SU-2025:1120-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP5)

# Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:1120-1
Release Date: 2025-04-02T15:03:56Z
Rating: important
References:

* bsc#1228578

Cross-References:

* CVE-2024-41062

CVSS scores:

* CVE-2024-41062 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41062 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_73 fixes one issue.

The following security issue was fixed:

* CVE-2024-41062: Sync sock recv cb and release (bsc#1228578).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1120=1 SUSE-2025-1115=1 SUSE-2025-1110=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-1120=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-1115=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2025-1110=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-1113=1 SUSE-2025-1116=1 SUSE-2025-1117=1
SUSE-2025-1111=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-1113=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-1116=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2025-1117=1 SUSE-SLE-Module-Live-Patching-15-SP5-2025-1111=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_128-default-debuginfo-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_119-default-debuginfo-14-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_25-debugsource-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_116-default-debuginfo-15-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_29-debugsource-7-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_26-debugsource-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_128-default-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_116-default-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_119-default-14-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_128-default-debuginfo-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_119-default-debuginfo-14-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_25-debugsource-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_116-default-debuginfo-15-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_29-debugsource-7-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_26-debugsource-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_128-default-7-150400.2.1
* kernel-livepatch-5_14_21-150400_24_116-default-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_119-default-14-150400.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_65-default-debuginfo-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_59-default-debuginfo-15-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_12-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_73-default-debuginfo-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_15-debugsource-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_65-default-13-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_14-debugsource-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_68-default-debuginfo-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_59-default-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_68-default-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_73-default-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_17-debugsource-7-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_65-default-debuginfo-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_59-default-debuginfo-15-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_12-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_73-default-debuginfo-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_15-debugsource-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_65-default-13-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_14-debugsource-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_68-default-debuginfo-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_59-default-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_68-default-12-150500.2.1
* kernel-livepatch-5_14_21-150500_55_73-default-7-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le x86_64)
* kernel-livepatch-SLE15-SP5_Update_17-debugsource-7-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-41062.html
* https://bugzilla.suse.com/show_bug.cgi?id=1228578

SUSE-SU-2025:1114-1: important: Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)

# Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:1114-1
Release Date: 2025-04-02T14:03:50Z
Rating: important
References:

* bsc#1233023

Cross-References:

* CVE-2022-49025

CVSS scores:

* CVE-2022-49025 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49025 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves one vulnerability can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_174 fixes one issue.

The following security issue was fixed:

* CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination
table (bsc#1233023).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-1114=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1114=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_174-default-7-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_48-debugsource-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-default-debuginfo-7-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_174-preempt-debuginfo-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-preempt-7-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_174-default-7-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49025.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233023

SUSE-SU-2025:1121-1: important: Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)

# Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:1121-1
Release Date: 2025-04-02T16:33:31Z
Rating: important
References:

* bsc#1233023

Cross-References:

* CVE-2022-49025

CVSS scores:

* CVE-2022-49025 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49025 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves one vulnerability can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_179 fixes one issue.

The following security issue was fixed:

* CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination
table (bsc#1233023).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-1121=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1121=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_49-debugsource-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-6-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_179-preempt-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-preempt-debuginfo-6-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_49-debugsource-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-6-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49025.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233023

openSUSE-SU-2025:0113-1: important: Security update for assimp

openSUSE Security Update: Security update for assimp
_______________________________

Announcement ID: openSUSE-SU-2025:0113-1
Rating: important
References: #1232322 #1232323 #1232324 #1233633 #1239220
#1239916 #1239920 #1240412 #1240413
Cross-References: CVE-2024-48423 CVE-2024-48424 CVE-2024-48425
CVE-2024-53425 CVE-2025-2151 CVE-2025-2591
CVE-2025-2592 CVE-2025-3015 CVE-2025-3016

CVSS scores:
CVE-2024-48423 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2024-48424 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2024-48425 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2024-53425 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2025-2151 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2025-2591 (SUSE): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2025-2592 (SUSE): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes 9 vulnerabilities is now available.

Description:

This update for assimp fixes the following issues:

- CVE-2024-48425: Fixed SEGV in
Assimp:SplitLargeMeshesProcess_Triangle:UpdateNode (boo#1232324)
- CVE-2024-48423: Fixed a arbitrary code execution via
CallbackToLogRedirector() (boo#1232322)
- CVE-2024-48424: Fixed a heap-buffer-overflow in
OpenDDLParser:parseStructure() (boo#1232323)
- CVE-2024-53425: Fixed a heap-based buffer overflow in
SkipSpacesAndLineEnd() (boo#1233633)
- CVE-2025-2592: Fixed a heap-based buffer overflow in
Assimp::CSMImporter::InternReadFile() (boo#1239916)
- CVE-2025-3015: Fixed out-of-bounds read caused by manipulation of the
argument mIndices (boo#1240412)
- CVE-2025-3016: Fixed a denial of service caused by manipulation of the
argument mWidth/mHeight (boo#1240413)
- CVE-2025-2591: Fixed a denial of service in
code/AssetLib/MDL/MDLLoader.cpp (boo#1239920)
- CVE-2025-2151: Fixed a stack-based buffer overflow in
Assimp::GetNextLine() (boo#1239220)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-113=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64):

assimp-devel-5.3.1-bp156.3.9.1
libassimp5-5.3.1-bp156.3.9.1

References:

https://www.suse.com/security/cve/CVE-2024-48423.html
https://www.suse.com/security/cve/CVE-2024-48424.html
https://www.suse.com/security/cve/CVE-2024-48425.html
https://www.suse.com/security/cve/CVE-2024-53425.html
https://www.suse.com/security/cve/CVE-2025-2151.html
https://www.suse.com/security/cve/CVE-2025-2591.html
https://www.suse.com/security/cve/CVE-2025-2592.html
https://www.suse.com/security/cve/CVE-2025-3015.html
https://www.suse.com/security/cve/CVE-2025-3016.html
https://bugzilla.suse.com/1232322
https://bugzilla.suse.com/1232323
https://bugzilla.suse.com/1232324
https://bugzilla.suse.com/1233633
https://bugzilla.suse.com/1239220
https://bugzilla.suse.com/1239916
https://bugzilla.suse.com/1239920
https://bugzilla.suse.com/1240412
https://bugzilla.suse.com/1240413

TigerVNC, Kernel, Freetype, and more updates for Oracle Linux

InspIRCd, Vim, Nginx, Linux kernel updates for Ubuntu

Warewulf4, Kernel, Govulncheck-Vulndb, Firefox updates for SUSE

SUSE-SU-2025:1094-1: important: Security update for warewulf4

SUSE-SU-2025:1104-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)

SUSE-SU-2025:1099-1: moderate: Security update for govulncheck-vulndb

openSUSE-SU-2025:14948-1: moderate: MozillaFirefox-136.0.4-1.1 on GA media

SUSE-SU-2025:1119-1: important: Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)

SUSE-SU-2025:1120-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP5)

SUSE-SU-2025:1114-1: important: Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)

SUSE-SU-2025:1121-1: important: Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)

openSUSE-SU-2025:0113-1: important: Security update for assimp

Windows

Linux

macOS

Community