5440 matches found
Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-150600237 fixes several issues. The following security issues were fixed: CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733...
Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059179 fixes several issues. The following security issues were fixed: CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1232637. Patch...
Security update for rsync
This update for rsync fixes the following issues: CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. bsc1234102 CVE-2024-12087: arbitrary file...
Security update for redis
This update for redis fixes the following issues: CVE-2024-46981: Fixed a bug where lua scripts can be used to manipulate the garbage collector, leading to remote code execution. bsc1235387 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005549 fixes several issues. The following security issues were fixed: CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1232637...
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird ESR 128.6 MFSA 2025-05, bsc1234991 Security fixes: CVE-2025-0237 bmo1915257 WebChannel APIs susceptible to confused deputy attack CVE-2025-0238 bmo1915535 Use-after-free when breaking lines in text...
Security update for gstreamer-plugins-good
This update for gstreamer-plugins-good fixes the following issues: CVE-2024-47530: Fixed an uninitialized stack memory in Matroska/WebM demuxer. boo1234421 CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c. boo1234414 CVE-2024-47539: Fixed an out-of-bounds write in converttos3341a...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2021-47594: mptcp: never allow the PM to close a listener subflow bsc1226560. CVE-2022-48879: efi: fix NULL-deref in init error path bsc1229556. CVE-2022-48956:...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2021-47594: mptcp: never allow the PM to close a listener subflow bsc1226560. CVE-2022-48983: iouring: Fix a null-ptr-deref in iotctxexitcb bsc1231959...
Security update for govulncheck-vulndb
This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20241209T183251 2024-12-09T18:32:51Z jscPED-11136 Go CVE Numbering Authority IDs added or updated with aliases: GO-2024-3284 GO-2024-3286 GO-2024-3287 GO-2024-3288 GO-2024-3289 GO-2024-3290 GO-2024-3291...
Security update for kernel-firmware
This update for kernel-firmware fixes the following issues: Update to version 20241128 git commit ea71da6f0690: i915: Update Xe2LPD DMC to v2.24 cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops iwlwifi: add Bz-gf FW for core89-91 release amdgpu: update smu 13.0.10 firmwar...
Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005562 fixes several issues. The following security issues were fixed: CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. CVE-2024-43861: Fix memor...
Security update for the Linux Kernel (Live Patch 58 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122222 fixes several issues. The following security issues were fixed: CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks bsc1229273. CVE-2024-41059: hfsplus: fix...
Security update for python-python-multipart
This update for python-python-multipart fixes the following issues: CVE-2024-53981: excessive logging for certain inputs when parsing form data. bsc1234115 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for xen
This update for xen fixes the following issues: CVE-2024-45818: Fixed deadlock in x86 HVM standard VGA handling XSA-463 bsc1232622. CVE-2024-45819: Fixed libxl data leaks to PVH guests via ACPI tables XSA-464 bsc1232624. Bug fixes: Remove usage of net-tools-deprecated from supportconfig plugin...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-48879: efi: fix NULL-deref in init error path bsc1229556. CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1231893. CVE-2022-48959: net: dsa:...
Security update for SUSE Manager Client Tools
This update fixes the following issues: golang-github-lusitaniae-apacheexporter was updated from version 1.0.1 to 1.0.8: Security issues fixed: CVE-2023-3978: Fixed security bug in x/net dependency in version 1.0.2 bsc1213933 Bugs fixed: Require Go 1.20 when building for RedHat derivatives Versio...
Security update for xen
This update for xen fixes the following issues: Security issues fixed: CVE-2024-45818: xen: Deadlock in x86 HVM standard VGA handling bsc1232622 CVE-2024-45819: xen: libxl leaks data to PVH guests via ACPI tables bsc1232624 CVE-2024-45817: xen: x86: Deadlock in vlapicerror bsc1230366 Non-security...
Security update for java-21-openjdk
This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.5+13 October 2024 CPU Security fixes JDK-8307383: Enhance DTLS connections JDK-8311208: Improve CDS Support JDK-8328286, CVE-2024-21208, bsc1231702: Enhance HTTP client JDK-8328544, CVE-2024-21210,...
Security update for go1.23-openssl
This update for go1.23-openssl fixes the following issues: This update ships go1.23-openssl version 1.23.2.2. jscSLE-18320 go1.23.2 released 2024-10-01 includes fixes to the compiler, cgo, the runtime, and the maps, os, os/exec, time, and unique packages. go69119 os: double close pidfd if caller...
Security update for curl
This update for curl fixes the following issues: CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry bsc1232528 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...
Security update for openssl-1_1
This update for openssl-11 fixes the following issues: Security fixes: CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262 Other fixes: FIPS: AES GCM external IV implementation bsc1228618 FIPS: Mark PBKDF2 and HKDF HMAC input keys with size = 112 bits as approved in the SLI. bsc1228623...
Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005559 fixes several issues. The following security issues were fixed: CVE-2024-35905: Fixed int overflow for stack access size bsc1226327. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2024-35863: Fixed potential UAF i...
Security update for the Linux Kernel (Live Patch 53 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122194 fixes several issues. The following security issues were fixed: CVE-2024-35863: Fixed potential UAF in isvalidoplockbreak bsc1225011. CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow bsc1225819. CVE-2024-35862: Fixed...
Security update for apache2
This update for apache2 fixes the following issues: CVE-2024-40725: Fixed source code disclosure of local content bsc1228097 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comman...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-48901: btrfs: do not start relocation until in progress drops are done bsc1229607. CVE-2022-48911: kabi: add nfqueuegetrefs for kabi compliance. bsc1229633...
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2021-47387: cpufreq: schedutil: Destroy mutex before kobjectput frees the memory bsc1225316. CVE-2022-48788: nvme-rdma: fix possible use-after-free in transport...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP6 CoCo kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow bsc1225487. CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900...
Security update for tracker-miners
This update for tracker-miners fixes the following issues: CVE-2026-1764: heap buffer overflow leads to denial of service or information disclosure when parsing MP3 files bsc1257606. CVE-2026-1765: denial of service and potential information disclosure via crafted MP3 files bsc1257607...
Security update for perl-DBI
This update for perl-DBI fixes the following issue CVE-2026-9698: DBI versions before 1.648 for Perl saved errors in a limited-sized buffer bsc1267957. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for perl-DBI
This update for perl-DBI fixes the following issues CVE-2026-9698: DBI versions before 1.648 for Perl saved errors in a limited-sized buffer bsc1267957. CVE-2026-10879: SQL statements with more than 9 binders can cause an heap overflow bsc1267849. Patch Instructions: To install this SUSE update u...
Security update for perl-DBI
This update for perl-DBI fixes the following issue CVE-2026-9698: DBI versions before 1.648 for Perl saved errors in a limited-sized buffer bsc1267957. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for gstreamer-plugins-bad
This update for gstreamer-plugins-bad fixes the following issue CVE-2026-52719: gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read via JPEG segment length validation in VA decoder bsc1268401. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods lik...
Security update for buildah
This update for buildah fixes the following issues CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267179. CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE input...
Security update for python-lxml
This update for python-lxml fixes the following issue CVE-2026-41066: information disclosure via untrusted XML input leading to local file read bsc1263254. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for python-tornado6
This update for python-tornado6 fixes the following issues CVE-2026-49853: authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient bsc1268395. CVE-2026-49854: out-of-bounds memory access via C extension bsc1268396. CVE-2026-49855: AsyncHTTPClient accumulates...
Security update for curl
This update for curl fixes the following issues CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. CVE-2026-5773: wrong reuse of SMB connection bsc1262633. CVE-2026-6253: proxy credentials leak over redirect-to...
Security update for sg3_utils
This update for sg3utils fixes the following issue Update to version 1.43+49.47792c16: sginq: --export output conformance for SCSI name string and ATA fields bsc1267823. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for sg3_utils
This update for sg3utils fixes the following issue Update to version 1.44763+20.e416e091: sginq: --export output conformance for SCSI name string and ATA fields bsc1267823. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update for bind
This update for bind fixes the following issues CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. CVE-2026-5946: Invalid handling of CLASS != IN bsc1265594. CVE-2026-595...
Security update for tomcat
This update for tomcat fixes the following issues Update to Tomcat 9.0.118: CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. CVE-2026-42498: WebSocket authentication header exposure bsc1265165...
Security update for libsolv, libzypp, zypper
This update for libsolv, libzypp, zypper fixes the following issues CVE-2026-9149: Heap buffer overflow in libsolv repoaddsolv via negative maxsize from crafted .solv file bsc1265935. CVE-2026-9150: Stack-based buffer overflow in libsolv's Debian metadata parser when handling SHA384/SHA512...
Security update for giflib
This update for giflib fixes the following issue CVE-2026-26740: heap out-of-bounds read when processing a specially crafted GIF file containing a GCE block with a truncated extension byte count bsc1259836. Patch Instructions: To install this SUSE update use the SUSE recommended installation...
Security update for clamav
This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: Support...
Security update for haproxy
This update for haproxy fixes the following issues CVE-2026-55203: integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers bsc1268557. CVE-2026-55204: null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl....
Security update for nodejs22
This update for nodejs22 fixes the following issues Update to 22.23.0: CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery bsc1268479. CVE-2026-9496: pacote: excessive CPU consumption in addGitSha when processing a specially...
Security update for apache-commons-configuration2, apache-commons-text
This update for apache-commons-configuration2, apache-commons-text fixes the following issues CVE-2026-45205: uncontrolled recursion leads to StackOverflowError when processing specially crafted configuration files bsc1265299. Changes for apache-commons-configuration2: Upgrade to version 2.15.0:...
Security update for containerd
This update for containerd fixes the following issues CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260296. CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZ...
Security update for containerd
This update for containerd fixes the following issues CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260296. CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZ...
Security update for podman
This update for podman fixes the following issues CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE input with a missing encrypted key can lead to a denial of service bsc1262856. CVE-2026-39829,CVE-2026-39830,CVE-2026-42508,CVE-2026-46598:...