Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: Internal changes to fix build issues with no impact for customers spacecmd: Version 5.1.13-0 Updated translation strings venv-salt-minion: Security issues fixed: CVE-2026-31958: Security patch for Salt vendored...

Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: Internal changes to fix build issues with no impact for customers spacecmd: Version 5.1.13-0 Updated translation strings uyuni-tools: Version 5.1.26-0 Fixed applying PTF with images from RPMs bsc1252548 Ssl Key file...

SUSE-SU-2026:1519-1 Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Internal changes to fix build issues with no impact for customers spacecmd: - Version 5.1.13-0 Updated translation strings uyuni-tools: - Version 5.1.26-0 Fixed applying PTF with images from RPMs bsc1252548 Ssl Key...

Security update for php8

This update for php8 fixes the following issues: Security fixes: CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. CVE-2025-14178: heap buffer overflow occurs in arraymerge when the total element cou...

Security update for qatengine, qatlib

This update for qatengine, qatlib fixes the following issues: Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities: bsc1233363 CVE-2024-28885 bsc1233365 CVE-2024-31074 bsc1233366 CVE-2024-33617 Update to 1.7.0: ipp-crypto name change to cryptography-primitives QATSW G...

Security update for openssl-1_1-livepatches

This update for openssl-11-livepatches fixes the following issues: Add livepatch for CVE-2025-9230 bsc1250410. Use strong externalization for ssl3setupreadbuffer and ssl3releasereadbuffer Use strong externalization for osslstatemfatal. Add livepatch for CVE-2024-4741 bsc1225552. Drop trigger rule...

EUVD-2025-27925

Malicious code in bioql PyPI...

CVE-2025-38596

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF in panthorgemcreatewithhandle debugfs code The object is potentially already gone after the drmgemobjectput. In general the object should be fully constructed before calling drmgemhandlecreate, except the...

CVE-2025-43212

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash...

SUSE SLES15 Security Update : rabbitmq-server (SUSE-SU-2025:01466-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01466-1 advisory. - CVE-2025-30219: Fixed XSS in an error message in Management UI bsc1240071 Other fixes: - Disable parallel make, this causes build failure...

CVE-2025-24213

This issue was addressed with improved handling of floats. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A type confusion issue could lead to memory corruption...

CVE-2024-54551

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing web content may lead to a denial-of-service...

Build corruption when using `PYO3_CONFIG_FILE` environment variable

In PyO3 0.23.0 the PYO3CONFIGFILE environment variable used to configure builds regressed such that changing the environment variable would no longer trigger PyO3 to reconfigure and recompile. In combination with workflows using tools such as maturin to build for multiple versions in a single...

SUSE-SU-2024:2933-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSLselectnextproto with an empty supported client protocols buffer bsc1227138 Other fixes: - Build with no-afalgeng. bsc1226463 - Fixed C99 violations to allow the package to build with GCC...

CVE-2024-27851

The issue was addressed with improved bounds checks. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing maliciously crafted web content may lead to arbitrary code execution...

CVE-2024-27838

The issue was addressed by adding additional logic. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. A maliciously crafted webpage may be able to fingerprint the user...

SUSE-SU-2024:1074-1 Security update for qpid-proton

This update for qpid-proton fixes the following issues: - CVE-2019-0223: Fixed TLS Man in the Middle Vulnerability bsc1133158. The following non-security bugs were fixed: - Fix build with OpenSSL 3.0.0 bsc1172267 - Sort linked .o files to make package build reproducible bsc1041090 - Fix build wit...

SUSE-SU-2024:0487-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Do not strip if SUSE Linux Enterprise 15 SP3 - Exclude debug for Red Hat Enterprise Linux = 8 - Build with Go = 1.20 when the OS is not Red Hat Enterprise Linux mgr-daemon: - Version 4.3.8-1 Update translation...

CVE-2023-39323 Arbitrary code execution during build via line directives in cmd/go

Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...

SUSE-SU-2023:3898-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.3.0 ESR MFSA 2023-42, bsc1215575: Security fixes: - CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1 bmo1846683. - CVE-2023-5169: Out-of-bounds write in PathOps bmo1846685. - CVE-2023-517...