Webkit2GTK, Go, Thunderbird, Govulncheck-Vulndb, Xen updates for SUSE

SUSE 5306 Published by

SUSE Linux has been updated with several security enhancements, including moderate updates for webkit2gtk3, go1.24, Mozilla Thunderbird, govulncheck-vulndb, and xen:

SUSE-SU-2025:1149-1: moderate: Security update for webkit2gtk3
SUSE-SU-2025:1153-1: important: Security update for go1.24
SUSE-SU-2025:1157-1: important: Security update for MozillaThunderbird
SUSE-SU-2025:1155-1: moderate: Security update for govulncheck-vulndb
SUSE-SU-2025:1162-1: moderate: Security update for xen




SUSE-SU-2025:1149-1: moderate: Security update for webkit2gtk3


# Security update for webkit2gtk3

Announcement ID: SUSE-SU-2025:1149-1
Release Date: 2025-04-07T07:12:51Z
Rating: moderate
References:

* bsc#1239863
* bsc#1239864
* bsc#1239950

Cross-References:

* CVE-2024-44192
* CVE-2024-54467
* CVE-2025-24201

CVSS scores:

* CVE-2024-44192 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-44192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-44192 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-44192 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-54467 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-54467 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2024-54467 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2024-54467 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-24201 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-24201 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-24201 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* Desktop Applications Module 15-SP6
* Development Tools Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for webkit2gtk3 fixes the following issues:

* CVE-2024-44192: Fixed unexpected process crash due to processing maliciously
crafted web content (bsc#1239863)
* CVE-2024-54467: Fixed information disclosure via data cross-origin
exfiltration due to a cookie management issue (bsc#1239864)

Other fixes:

* Update to version 2.48.0:
* Move tiles rendering to worker threads when rendering with the GPU.
* Fix preserve-3D intersection rendering.
* Added new function for creating Promise objects to JavaScripotCore GLib API.
* The MediaRecorder backend gained WebM support (requires at least GStreamer
1.24.9) and audio bitrate configuration support.
* Fix invalid DPI-aware font size conversion.
* Bring back support for OpenType-SVG fonts using Skia SVG module.
* Add metadata (title and creation/modification date) to the PDF document
generated for printing.
* Propagate the font’s computed locale to HarfBuzz.
* The GPU process build is now enabled for WebGL, but the web process is still
used by default. The runtime flag UseGPUProcessForWebGL can be used to use
the GPU process for WebGL.
* Security fixes: CVE-2024-44192, CVE-2024-54467, CVE-2025-24201.
* Disable speech synthesis. It has been disabled until now, and we don't have
flite or spiel in SLE.
* Add gcc13-PIE to BuildRequires (bsc#1239950).
* Backport upstream patch to stop using IOChannel in NetworkCache: hopefully
fixes crashes in the network process.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1149=1 SUSE-2025-1149=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1149=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-1149=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-1149=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* WebKitGTK-6.0-lang-2.48.0-150600.12.33.1
* WebKitGTK-4.1-lang-2.48.0-150600.12.33.1
* WebKitGTK-4.0-lang-2.48.0-150600.12.33.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libjavascriptcoregtk-6_0-1-debuginfo-2.48.0-150600.12.33.1
* webkitgtk-6_0-injected-bundles-debuginfo-2.48.0-150600.12.33.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.48.0-150600.12.33.1
* libwebkit2gtk-4_1-0-debuginfo-2.48.0-150600.12.33.1
* webkit2gtk3-soup2-devel-2.48.0-150600.12.33.1
* libjavascriptcoregtk-4_0-18-2.48.0-150600.12.33.1
* webkit2gtk3-soup2-debugsource-2.48.0-150600.12.33.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.48.0-150600.12.33.1
* webkit2gtk3-soup2-minibrowser-debuginfo-2.48.0-150600.12.33.1
* typelib-1_0-WebKit2WebExtension-4_1-2.48.0-150600.12.33.1
* typelib-1_0-JavaScriptCore-4_0-2.48.0-150600.12.33.1
* typelib-1_0-WebKit2WebExtension-4_0-2.48.0-150600.12.33.1
* webkit-jsc-4.1-2.48.0-150600.12.33.1
* webkit2gtk3-soup2-minibrowser-2.48.0-150600.12.33.1
* webkit-jsc-4-debuginfo-2.48.0-150600.12.33.1
* webkit2gtk3-minibrowser-2.48.0-150600.12.33.1
* typelib-1_0-WebKit2-4_0-2.48.0-150600.12.33.1
* typelib-1_0-WebKit-6_0-2.48.0-150600.12.33.1
* webkit2gtk3-debugsource-2.48.0-150600.12.33.1
* webkit2gtk3-minibrowser-debuginfo-2.48.0-150600.12.33.1
* webkit2gtk-4_0-injected-bundles-2.48.0-150600.12.33.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.48.0-150600.12.33.1
* typelib-1_0-JavaScriptCore-6_0-2.48.0-150600.12.33.1
* webkit2gtk4-debugsource-2.48.0-150600.12.33.1
* webkit-jsc-6.0-debuginfo-2.48.0-150600.12.33.1
* webkit-jsc-6.0-2.48.0-150600.12.33.1
* libwebkit2gtk-4_0-37-debuginfo-2.48.0-150600.12.33.1
* typelib-1_0-WebKitWebProcessExtension-6_0-2.48.0-150600.12.33.1
* webkit2gtk4-minibrowser-debuginfo-2.48.0-150600.12.33.1
* webkit-jsc-4.1-debuginfo-2.48.0-150600.12.33.1
* webkit2gtk4-devel-2.48.0-150600.12.33.1
* typelib-1_0-JavaScriptCore-4_1-2.48.0-150600.12.33.1
* webkit2gtk-4_1-injected-bundles-2.48.0-150600.12.33.1
* libwebkitgtk-6_0-4-debuginfo-2.48.0-150600.12.33.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.48.0-150600.12.33.1
* libjavascriptcoregtk-6_0-1-2.48.0-150600.12.33.1
* libwebkit2gtk-4_1-0-2.48.0-150600.12.33.1
* libwebkitgtk-6_0-4-2.48.0-150600.12.33.1
* webkit2gtk3-devel-2.48.0-150600.12.33.1
* libwebkit2gtk-4_0-37-2.48.0-150600.12.33.1
* webkit2gtk4-minibrowser-2.48.0-150600.12.33.1
* webkitgtk-6_0-injected-bundles-2.48.0-150600.12.33.1
* webkit-jsc-4-2.48.0-150600.12.33.1
* typelib-1_0-WebKit2-4_1-2.48.0-150600.12.33.1
* libjavascriptcoregtk-4_1-0-2.48.0-150600.12.33.1
* openSUSE Leap 15.6 (x86_64)
* libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.48.0-150600.12.33.1
* libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.48.0-150600.12.33.1
* libjavascriptcoregtk-4_1-0-32bit-2.48.0-150600.12.33.1
* libwebkit2gtk-4_1-0-32bit-2.48.0-150600.12.33.1
* libwebkit2gtk-4_0-37-32bit-2.48.0-150600.12.33.1
* libwebkit2gtk-4_1-0-32bit-debuginfo-2.48.0-150600.12.33.1
* libwebkit2gtk-4_0-37-32bit-debuginfo-2.48.0-150600.12.33.1
* libjavascriptcoregtk-4_0-18-32bit-2.48.0-150600.12.33.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libwebkit2gtk-4_1-0-64bit-2.48.0-150600.12.33.1
* libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.48.0-150600.12.33.1
* libwebkit2gtk-4_0-37-64bit-2.48.0-150600.12.33.1
* libwebkit2gtk-4_1-0-64bit-debuginfo-2.48.0-150600.12.33.1
* libwebkit2gtk-4_0-37-64bit-debuginfo-2.48.0-150600.12.33.1
* libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.48.0-150600.12.33.1
* libjavascriptcoregtk-4_1-0-64bit-2.48.0-150600.12.33.1
* libjavascriptcoregtk-4_0-18-64bit-2.48.0-150600.12.33.1
* Basesystem Module 15-SP6 (noarch)
* WebKitGTK-6.0-lang-2.48.0-150600.12.33.1
* WebKitGTK-4.0-lang-2.48.0-150600.12.33.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libwebkitgtk-6_0-4-debuginfo-2.48.0-150600.12.33.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.48.0-150600.12.33.1
* webkit2gtk4-debugsource-2.48.0-150600.12.33.1
* webkitgtk-6_0-injected-bundles-debuginfo-2.48.0-150600.12.33.1
* libwebkit2gtk-4_0-37-debuginfo-2.48.0-150600.12.33.1
* webkit2gtk3-soup2-devel-2.48.0-150600.12.33.1
* typelib-1_0-JavaScriptCore-4_0-2.48.0-150600.12.33.1
* libwebkitgtk-6_0-4-2.48.0-150600.12.33.1
* libjavascriptcoregtk-6_0-1-2.48.0-150600.12.33.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.48.0-150600.12.33.1
* libwebkit2gtk-4_0-37-2.48.0-150600.12.33.1
* typelib-1_0-WebKit2WebExtension-4_0-2.48.0-150600.12.33.1
* webkitgtk-6_0-injected-bundles-2.48.0-150600.12.33.1
* typelib-1_0-WebKit2-4_0-2.48.0-150600.12.33.1
* libjavascriptcoregtk-4_0-18-2.48.0-150600.12.33.1
* webkit2gtk3-soup2-debugsource-2.48.0-150600.12.33.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.48.0-150600.12.33.1
* webkit2gtk-4_0-injected-bundles-2.48.0-150600.12.33.1
* Desktop Applications Module 15-SP6 (noarch)
* WebKitGTK-4.1-lang-2.48.0-150600.12.33.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* webkit2gtk-4_1-injected-bundles-debuginfo-2.48.0-150600.12.33.1
* typelib-1_0-WebKit2WebExtension-4_1-2.48.0-150600.12.33.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.48.0-150600.12.33.1
* libwebkit2gtk-4_1-0-2.48.0-150600.12.33.1
* webkit2gtk3-devel-2.48.0-150600.12.33.1
* typelib-1_0-WebKit2-4_1-2.48.0-150600.12.33.1
* typelib-1_0-JavaScriptCore-4_1-2.48.0-150600.12.33.1
* libwebkit2gtk-4_1-0-debuginfo-2.48.0-150600.12.33.1
* libjavascriptcoregtk-4_1-0-2.48.0-150600.12.33.1
* webkit2gtk3-debugsource-2.48.0-150600.12.33.1
* webkit2gtk-4_1-injected-bundles-2.48.0-150600.12.33.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* webkit2gtk4-debugsource-2.48.0-150600.12.33.1
* typelib-1_0-WebKitWebProcessExtension-6_0-2.48.0-150600.12.33.1
* webkit2gtk4-devel-2.48.0-150600.12.33.1
* typelib-1_0-WebKit-6_0-2.48.0-150600.12.33.1
* typelib-1_0-JavaScriptCore-6_0-2.48.0-150600.12.33.1

## References:

* https://www.suse.com/security/cve/CVE-2024-44192.html
* https://www.suse.com/security/cve/CVE-2024-54467.html
* https://www.suse.com/security/cve/CVE-2025-24201.html
* https://bugzilla.suse.com/show_bug.cgi?id=1239863
* https://bugzilla.suse.com/show_bug.cgi?id=1239864
* https://bugzilla.suse.com/show_bug.cgi?id=1239950



SUSE-SU-2025:1153-1: important: Security update for go1.24


# Security update for go1.24

Announcement ID: SUSE-SU-2025:1153-1
Release Date: 2025-04-07T08:15:54Z
Rating: important
References:

* bsc#1236217
* bsc#1239182
* bsc#1240550

Cross-References:

* CVE-2025-22871

CVSS scores:

* CVE-2025-22871 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-22871 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* Development Tools Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability and has two security fixes can now be
installed.

## Description:

This update for go1.24 fixes the following issues:

* Update to go1.24.2
* CVE-2025-22871: Fix an issue with request smuggling through invalid chunked
data. (bsc#1240550)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1153=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-1153=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.24-1.24.2-150000.1.17.1
* go1.24-race-1.24.2-150000.1.17.1
* go1.24-doc-1.24.2-150000.1.17.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* go1.24-1.24.2-150000.1.17.1
* go1.24-race-1.24.2-150000.1.17.1
* go1.24-doc-1.24.2-150000.1.17.1

## References:

* https://www.suse.com/security/cve/CVE-2025-22871.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236217
* https://bugzilla.suse.com/show_bug.cgi?id=1239182
* https://bugzilla.suse.com/show_bug.cgi?id=1240550



SUSE-SU-2025:1157-1: important: Security update for MozillaThunderbird


# Security update for MozillaThunderbird

Announcement ID: SUSE-SU-2025:1157-1
Release Date: 2025-04-07T08:27:15Z
Rating: important
References:

* bsc#1240083

Cross-References:

* CVE-2025-3028
* CVE-2025-3029
* CVE-2025-3030

CVSS scores:

* CVE-2025-3028 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2025-3028 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2025-3029 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-3029 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-3030 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-3030 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Workstation Extension 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for MozillaThunderbird fixes the following issues:

* Mozilla Thunderbird ESR 128.9 MFSA 2025-24 (bsc#1240083)
* CVE-2025-3028: Use-after-free triggered by XSLTProcessor
* CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters
* CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137,
Firefox ESR 128.9, and Thunderbird 128.9

Other fixes:

* new: Thunderbird now has a notification system for real-time desktop alerts
* fixed: Data corruption occurred when compacting IMAP Drafts folder after
saving a message
* fixed: Right-clicking "Decrypt and Save As..." on an attachment file failed.
* fixed: Thunderbird could crash when importing mail
* fixed: Sort indicators were missing on the calendar events list.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1157=1

* SUSE Linux Enterprise Workstation Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-1157=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1157=1

## Package List:

* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x)
* MozillaThunderbird-debuginfo-128.9.0-150200.8.206.1
* MozillaThunderbird-translations-common-128.9.0-150200.8.206.1
* MozillaThunderbird-translations-other-128.9.0-150200.8.206.1
* MozillaThunderbird-debugsource-128.9.0-150200.8.206.1
* MozillaThunderbird-128.9.0-150200.8.206.1
* SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
* MozillaThunderbird-debuginfo-128.9.0-150200.8.206.1
* MozillaThunderbird-translations-common-128.9.0-150200.8.206.1
* MozillaThunderbird-translations-other-128.9.0-150200.8.206.1
* MozillaThunderbird-debugsource-128.9.0-150200.8.206.1
* MozillaThunderbird-128.9.0-150200.8.206.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* MozillaThunderbird-debuginfo-128.9.0-150200.8.206.1
* MozillaThunderbird-translations-common-128.9.0-150200.8.206.1
* MozillaThunderbird-translations-other-128.9.0-150200.8.206.1
* MozillaThunderbird-debugsource-128.9.0-150200.8.206.1
* MozillaThunderbird-128.9.0-150200.8.206.1

## References:

* https://www.suse.com/security/cve/CVE-2025-3028.html
* https://www.suse.com/security/cve/CVE-2025-3029.html
* https://www.suse.com/security/cve/CVE-2025-3030.html
* https://bugzilla.suse.com/show_bug.cgi?id=1240083



SUSE-SU-2025:1155-1: moderate: Security update for govulncheck-vulndb


# Security update for govulncheck-vulndb

Announcement ID: SUSE-SU-2025:1155-1
Release Date: 2025-04-07T08:16:12Z
Rating: moderate
References:

* jsc#PED-11136

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that contains one feature can now be installed.

## Description:

This update for govulncheck-vulndb fixes the following issues:

* Update to version 0.0.20250402T160203 2025-04-02T16:02:03Z (jsc#PED-11136)
* GO-2025-3443
* GO-2025-3581
* GO-2025-3582
* GO-2025-3583
* GO-2025-3584
* GO-2025-3585
* GO-2025-3586
* GO-2025-3587
* GO-2025-3588

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1155=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1155=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* govulncheck-vulndb-0.0.20250402T160203-150000.1.52.1
* SUSE Package Hub 15 15-SP6 (noarch)
* govulncheck-vulndb-0.0.20250402T160203-150000.1.52.1

## References:

* https://jira.suse.com/browse/PED-11136



SUSE-SU-2025:1162-1: moderate: Security update for xen


# Security update for xen

Announcement ID: SUSE-SU-2025:1162-1
Release Date: 2025-04-07T16:08:51Z
Rating: moderate
References:

* bsc#1027519
* bsc#1219354
* bsc#1233796
* bsc#1237692
* bsc#1238043

Cross-References:

* CVE-2025-1713

CVSS scores:

* CVE-2025-1713 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
* CVE-2025-1713 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability and has four security fixes can now be
installed.

## Description:

This update for xen fixes the following issues:

* CVE-2025-1713: Fixed potential deadlock with VT-d and legacy PCI device
pass-through (bsc#1238043)

Other fixes:

* Xen channels and domU console (bsc#1219354)
* Fixed attempting to start guest vm's libxl fills disk with errors
(bsc#1237692)
* Xen call trace and APIC Error found after reboot operation on AMD machines
(bsc#1233796).
* Upstream bug fixes (bsc#1027519).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-1162=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1162=1 openSUSE-SLE-15.6-2025-1162=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1162=1

## Package List:

* Server Applications Module 15-SP6 (x86_64)
* xen-tools-debuginfo-4.18.4_06-150600.3.20.1
* xen-4.18.4_06-150600.3.20.1
* xen-devel-4.18.4_06-150600.3.20.1
* xen-tools-4.18.4_06-150600.3.20.1
* xen-debugsource-4.18.4_06-150600.3.20.1
* Server Applications Module 15-SP6 (noarch)
* xen-tools-xendomains-wait-disk-4.18.4_06-150600.3.20.1
* openSUSE Leap 15.6 (aarch64 x86_64 i586)
* xen-tools-domU-4.18.4_06-150600.3.20.1
* xen-devel-4.18.4_06-150600.3.20.1
* xen-libs-debuginfo-4.18.4_06-150600.3.20.1
* xen-tools-domU-debuginfo-4.18.4_06-150600.3.20.1
* xen-debugsource-4.18.4_06-150600.3.20.1
* xen-libs-4.18.4_06-150600.3.20.1
* openSUSE Leap 15.6 (x86_64)
* xen-libs-32bit-debuginfo-4.18.4_06-150600.3.20.1
* xen-libs-32bit-4.18.4_06-150600.3.20.1
* openSUSE Leap 15.6 (aarch64 x86_64)
* xen-tools-debuginfo-4.18.4_06-150600.3.20.1
* xen-4.18.4_06-150600.3.20.1
* xen-tools-4.18.4_06-150600.3.20.1
* xen-doc-html-4.18.4_06-150600.3.20.1
* openSUSE Leap 15.6 (noarch)
* xen-tools-xendomains-wait-disk-4.18.4_06-150600.3.20.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* xen-libs-64bit-debuginfo-4.18.4_06-150600.3.20.1
* xen-libs-64bit-4.18.4_06-150600.3.20.1
* Basesystem Module 15-SP6 (x86_64)
* xen-tools-domU-4.18.4_06-150600.3.20.1
* xen-libs-debuginfo-4.18.4_06-150600.3.20.1
* xen-tools-domU-debuginfo-4.18.4_06-150600.3.20.1
* xen-debugsource-4.18.4_06-150600.3.20.1
* xen-libs-4.18.4_06-150600.3.20.1

## References:

* https://www.suse.com/security/cve/CVE-2025-1713.html
* https://bugzilla.suse.com/show_bug.cgi?id=1027519
* https://bugzilla.suse.com/show_bug.cgi?id=1219354
* https://bugzilla.suse.com/show_bug.cgi?id=1233796
* https://bugzilla.suse.com/show_bug.cgi?id=1237692
* https://bugzilla.suse.com/show_bug.cgi?id=1238043


GIMP and LibXSLT updates for AlmaLinux

Ruby, Linux Kernel, FIS-GT.M, Apache HTTP Server, Vim, GNU Binutils updates for Ubuntu

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...