SUSE-SU-2026:0483-1 Security update for zabbix

This update for zabbix fixes the following issues: - CVE-2024-36469: Introduced clamping for mitigation of timing attacks. bsc1240676 - CVE-2024-42325: Restricted access to user fields using user.get API method for users of User and Admin type, and restricted access to alert entities using...

CVE-2025-22234 Spring Security - BCrypt Password Encoder maximum password length breaks timing attack mitigation

The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations...

CVE-2025-68704

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

Pad Credit Card Info to Protect Customers' Wallets

We take a look at a recently-assessed API, to see how it avoided the problem that helped the Allies beat the Axis powers in World War II...