Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.52.1. Security issues fixed: CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy bsc1261172. CVE-2026-20664: processing maliciously crafted web content may lead to an unexpected proces...

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.52.1. Security issues fixed: CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy bsc1261172. CVE-2026-20664: processing maliciously crafted web content may lead to an unexpected proces...

OPENSUSE-SU-2026:20409-1 Security update for harfbuzz

This update for harfbuzz fixes the following issues: Update to version 11.4.5: Security fixes: - CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create bsc1256459. Other fixes: - Bug fixes for “AAT” shaping, and other shaping micro optimizations. - Fix a shaping...

OPENSUSE-SU-2026:20199-1 Security update for micropython

This update for micropython fixes the following issues: Changes in micropython: - CVE-2026-1998: Fixed segmentation fault in mpmaplookup via mpimportall bsc1257803. - Version 1.26.1 esp32: update esptinyusb component to v1.7.6 tools: add an environment variable MICROPYMAINTAINERBUILD esp32: add I...

CVE-2025-66277 QTS, QuTS hero

A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build...

SUSE-SU-2026:20096-1 Security update for cargo-c

This update for cargo-c fixes the following issues: - CVE-2025-4574: crossbeam-channel: Fixed double-free on drop in Channel::discardallmessages bsc1243179 - CVE-2025-58160: tracing-subscriber: Fixed log pollution bsc1249012 - CVE-2024-12224: idna: Fixed improper validation of Punycode labels...

Qnap QTS and QuTS hero Improper Neutralization of Special Elements used in an SQL Command (CVE-2025-62849)

An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and...

Qnap QTS and QuTs hero Improper Neutralization of Input During Web Page Generation (CVE-2023-32969)

A cross-site scripting XSS vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651...

OPENSUSE-SU-2025:20049-1 Security update for tiff

This update for tiff fixes the following issues: tiff was updated to 4.7.1: Software configuration changes: Define HAVEJPEGTURBODUALMODE812 and LERCSTATIC in tifconfig.h. CMake: define WORDSBIGENDIAN via tifconfig.h doc/CMakeLists.txt: remove useless cmakeminimumrequired CMake: fix build with...

Fedora 43 : singularity-ce (2025-a6641a44f2)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-a6641a44f2 advisory. Upgrade to 4.3.4 upstream version. Go 1.25.2 for build fixes multiple go CVEs. BZ2408346 BZ2408744 BZ2409819 BZ2410769 BZ2411665 Tenable has extract...

SUSE SLES15 Security Update : openssl-1_1-livepatches (SUSE-SU-2025:03632-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03632-1 advisory. - Add livepatch for CVE-2025-9230 bsc1250410. - Use strong externalization for ssl3setupreadbuffer and ssl3releasereadbuffer - Use strong...

Security update for openssl-1_1-livepatches

This update for openssl-11-livepatches fixes the following issues: Add livepatch for CVE-2025-9230 bsc1250410. Use strong externalization for ssl3setupreadbuffer and ssl3releasereadbuffer Use strong externalization for osslstatemfatal. Add livepatch for CVE-2024-4741 bsc1225552. Drop trigger rule...

SUSE-SU-2025:03632-1 Security update for openssl-1_1-livepatches

This update for openssl-11-livepatches fixes the following issues: - Add livepatch for CVE-2025-9230 bsc1250410. - Use strong externalization for ssl3setupreadbuffer and ssl3releasereadbuffer - Use strong externalization for osslstatemfatal. - Add livepatch for CVE-2024-4741 bsc1225552. - Drop...

Security update for cairo

This update for cairo fixes the following issues: CVE-2025-50422: Fixed Poppler crash on malformed input bsc1247589 Update to version 1.18.4: The dependency on LZO has been made optional through a build time configuration toggle. You can build Cairo against a Freetype installation that does not...

SUSE-SU-2025:02770-1 Security update for tiff

This update for tiff fixes the following issues: - Updated TIFFMergeFieldInfo with readcount=writecount=0 for FIELDIGNORE bsc1243503 - CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c bsc1247108 - CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow when...

SUSE-SU-2024:1451-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging JDK-8319851,bsc1222979 - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation JDK-8322122,bsc1222983 - CVE-2024-21085: Fixed Pack200...

SUSE-SU-2023:2294-1 Security update for rmt-server

This update for rmt-server fixes the following issues: Updated to version 2.13: - CVE-2023-28120: Fixed a potential XSS issue in an embedded dependency bsc1209507. - CVE-2023-27530: Fixed a denial of service issue in multipart request parsing bsc1209096. Non-security fixes: - Fixed transactional...

SUSE-SU-2022:2893-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: - Upgrade to 10.22: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension bsc1202368. - Upgrade to 10.21: - CVE-2022-1552: Confined additional operations within 'security restricted...

SUSE-RU-2022:2145-1 Recommended update for SUSE Manager Proxy 4.1

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: - Adapted to build on Enterprise Linux. - Fix build for Red Hat 7 - Require Go = 1.14 also for CentOS - Add support for CentOS - Replace %?systemdrequires with %?systemdordering...

OPENSUSE-SU-2020:1790-1 Security update for binutils

This update for binutils fixes the following issues: binutils was updated to version 2.35. jscECO-2373 Update to binutils 2.35: The assembler can now produce DWARF-5 format line number tables. Readelf now has a 'lint' mode to enable extra checks of the files it is processing. Readelf will now...