Security advisory: A Denial-of-Service type of security issue in Qt XML module impacts Qt

A Denial-of-Service type of security issue in QDom classes of Qt XML module has been discovered and has been assigned the CVE id CVE-2025-30348. Affected versions: Up to 5.15.18, 6.0.0 to 6.5.8, and 6.6.0 to 6.7.3. Impact: When QDom classes are used to write XML with long text segments,...

Security update for xz

This update for xz fixes the following issues: CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset bsc1240414 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

Security update for govulncheck-vulndb

This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20250313T170021 2025-03-13T17:00:21Z jscPED-11136 GO-2025-3427 GO-2025-3442 GO-2025-3443 GO-2025-3508 GO-2025-3509 GO-2025-3510 GO-2025-3511 GO-2025-3512 GO-2025-3514 GO-2025-3515 Update to version...

Security update for pam

This update for pam fixes the following issues: CVE-2024-10963: Fixed improper hostname interpretation inpamaccess that could lead to access control bypass bsc1233078 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

Security update for emacs

This update for emacs fixes the following issues: CVE-2025-1244: improper handling of custom "man" URI schemes allow for shell command injections. bsc1237091 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Security update for dcmtk (important)

openSUSE Security Update: Security update for dcmtk Announcement ID: openSUSE-SU-2025:0053-1 Rating: important References: 1223925 1223943 1227235 1235810 1235811 Cross-References: CVE-2024-27628 CVE-2024-34508 CVE-2024-34509 CVE-2024-47796 CVE-2024-52333 Affected Products: openSUSE Backports...

CVE-2020-5239

In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untrusted users are most impacted. The master and 1.7 branches are patched on our git repository. All...

Security update for pam

This update for pam fixes the following issues: CVE-2024-10963: Fixed improper hostname interpretation in pamaccess that could lead to access control bypass bsc1233078. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

Security update for libjxl (moderate)

openSUSE Security Update: Security update for libjxl Announcement ID: openSUSE-SU-2025:0041-1 Rating: moderate References: 1233785 Cross-References: CVE-2024-11498 CVSS scores: CVE-2024-11498 SUSE: 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP5 A...

Security update for stb (important)

openSUSE Security Update: Security update for stb Announcement ID: openSUSE-SU-2025:0039-1 Rating: important References: 1216478 Cross-References: CVE-2019-13217 CVE-2019-13218 CVE-2019-13219 CVE-2019-13220 CVE-2019-13221 CVE-2019-13222 CVE-2019-13223 Affected Products: openSUSE Backports...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2025:0036-1 Rating: important References: 1236586 Cross-References: CVE-2025-0762 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: Chromium was...

Security update for go1.23

This update for go1.23 fixes the following issues: Update to go1.23.5 bsc1229122 CVE-2024-45341: Properly check for IPv6 hosts in URIs bsc1236045 CVE-2024-45336: Persist header stripping across repeated redirects bsc1236046 Patch Instructions: To install this SUSE update use the SUSE recommended...

Security update for python310

This update for python310 fixes the following issues: Update to 3.10.16 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: openSUSE Leap 15.4 zypper ...

Security update for openjpeg2

This update for openjpeg2 fixes the following issues: CVE-2024-56826: Fixed heap buffer overflow in bin/common/color.c bsc1235029 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: CVE-2024-56326: sandbox breakout through indirect reference to format method in template file. bsc1234809 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch...

SUSE CVE-2024-30251

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

Security update for vim

This update for vim fixes the following issues: CVE-2024-47814: Fixed use-after-free when closing buffers in Vim bsc1231373 CVE-2024-43374: Fixed use-after-free in alistadd bsc1229238 Other fixes: Updated to version 9.1.0836 Patch Instructions: To install this SUSE update use the SUSE recommended...

CosmWasm VM Incorrect metering

CWA-2024-007 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.1.0, = 2.0.0, = 2.1.0, = 2.0.0, query wasm libwasmvm-version. It must show 1.5...

Security update for docker-stable

This update for docker-stable fixes the following issues: Remove DOCKERNETWORKOPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases. Update --add-runtime to point to correct binary path. Further merge docker and...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2024:0378-1 Rating: important References: 1233534 Cross-References: CVE-2024-11395 CVSS scores: CVE-2024-11395 SUSE: 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP...