Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2025:0202-1 Rating: important References: 1244452 Cross-References: CVE-2025-5958 CVE-2025-5959 CVSS scores: CVE-2025-5958 SUSE: 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2025-5959 SUSE: 8.8...

Security update for the Linux Kernel

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE...

Security update for sudo

This update for sudo fixes the following issues: CVE-2025-32462: Fixed a possible local privilege escalation via the --host option bsc1245274. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you...

Security update for the Linux Kernel

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE...

Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes

This update fixes the following issues: release-notes-susemanager: Update to SUSE Manager 4.3.15.2 SUSE Manager 4.3 will transition to LTS after June 2025 CVE Fixed CVE-2023-45288, CVE-2024-11741, CVE-2024-45337, CVE-2024-45339 CVE-2024-51744, CVE-2024-9264, CVE-2024-9476, CVE-2025-22870...

Security update for the Linux Kernel

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE...

Security update for the Linux Kernel

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE...

Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005583 fixes several issues. The following security issues were fixed: CVE-2022-49080: mm/mempolicy: fix mpolnew leak in sharedpolicyreplace bsc1238324. CVE-2024-49855: nbd: fix race between timeout and normal completion bsc1232900. CVE-2024-58013:...

Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005573 fixes several issues. The following security issues were fixed: CVE-2022-49080: mm/mempolicy: fix mpolnew leak in sharedpolicyreplace bsc1238324. CVE-2024-49855: nbd: fix race between timeout and normal completion bsc1232900. CVE-2024-58013:...

Security update for openssh

This update for openssh fixes the following issue: Security fixes: CVE-2025-32728: Fixed logic error in DisableForwarding option bsc1241012 Other fixes: - Fix ssh client segfault with GSSAPIKeyExchange=yes in sshkex2 due to gssapi proposal not being correctly initialized bsc1236826. The problem...

Security update for postgresql14

This update for postgresql14 fixes the following issues: Upgrade to 14.18: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Patch Instructions: To install this SUSE update use the SUSE recommended...

CVE-2024-8756

The Quform - WordPress Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.20.0 via the 'saveUploadedFile' function. This makes it possible for unauthenticated attackers to extract sensitive data, such as Personally Identifiabl...

CVE-2023-32078

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...

CVE-2023-26476

XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to LiveTableResults and WikisLiveTableResultsMacros. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version ...

Security update for govulncheck-vulndb

This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20250506T153719 2025-05-06T15:37:19Z jscPED-11136 GO-2025-3656 GO-2025-3661 GO-2025-3662 GO-2025-3663 GO-2025-3665 Update to version 0.0.20250505T161433 2025-05-05T16:14:33Z jscPED-11136 GO-2025-3645 GO-2025-3646...

Security update for redis

This update for redis fixes the following issues: CVE-2025-21605: Fixed an output buffer denial of service. bsc1241708 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command list...

Security update for govulncheck-vulndb

This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20250422T181640 2025-04-22T18:16:40Z jscPED-11136 GO-2025-3603 GO-2025-3604 GO-2025-3607 GO-2025-3608 GO-2025-3609 GO-2025-3610 GO-2025-3611 GO-2025-3612 GO-2025-3615 GO-2025-3618 GO-2025-3619 GO-2025-3620...

Security update for docker

This update for docker fixes the following issues: Updated to docker-buildx v0.22.0. Updated to Docker 27.5.1-ce. CVE-2025-0495: buildx: Fixed credential leakage to telemetry endpoints bsc1239765 CVE-2025-22868: Fixed golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2025:0120-1 Rating: important References: 1238826 1239780 1240968 Cross-References: CVE-2025-3066 Affected Products: openSUSE Backports SLE-15-SP6 An update that solves one vulnerability and has two fixes is now...

Advisory ROSA-SA-2025-2821

Software: perl-HTTP-Tiny 0.074 OS: ROSA Virtualization 3.0 packageevrstring: perl-HTTP-Tiny-0.074-3.rv30 CVE-ID: CVE-2023-31486 BDU-ID: 2023-03872 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Perl HTTP::Tiny programming language library is related to errors in the TLS certificate authenticati...