5263 matches found
Security update for libpcap
This update for libpcap fixes the following issues: CVE-2025-11961: missing validation of provided MAC-48 address string in pcapetheraton can lead to out-of-bounds read and write bsc1255765. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for libpcap
This update for libpcap fixes the following issues: CVE-2025-11961: missing validation of provided MAC-48 address string in pcapetheraton can lead to out-of-bounds read and write bsc1255765. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for curl
This update for curl fixes the following issues: CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. CVE-2025-14819: libssh global knownhost override bsc1255732. CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. CVE-2025-15224: OpenSSL partial chain...
Security update for qemu
This update for qemu fixes the following issues: CVE-2024-6505: qemu-kvm: virtio-net: Fixed queue index out-of-bounds access in software RSS bsc1227397 CVE-2025-12464: net: pad packets to minimum length in qemureceivepacket bsc1253002 CVE-2025-11234: qemu-kvm: Fixed use-after-free in websocket...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-50280: pnode: terminate at peers of source bsc1249806. CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251786...
Security update for alloy
This update for alloy fixes the following issues: Upgrade to version 1.12.1. Security issues fixed: CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents bsc1251509. CVE-2025-47913: golang.org/x/crypto: early client process termination...
Security update for qemu
This update for qemu fixes the following issues: Security issues fixed: CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host bsc1253002. CVE-2025-11234: use-after-free in WebSocket...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.50.4. Security issues fixed: CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a UIProcess crash due to an out-of-bounds read and an integer underflow bsc1254208...
Security update for apache2
This update for apache2 fixes the following issues: CVE-2025-55753: Fixed modmd ACME unintended retry intervals bsc1254511 CVE-2025-65082: Fixed CGI environment variable override bsc1254514 CVE-2025-58098: Fixed Server Side Includes adding query string to exec cmd=... bsc1254512 CVE-2025-66200:...
Security update for pgadmin4
This update for pgadmin4 fixes the following issues: CVE-2025-12765: insufficient checks in the LDAP authentication flow allow a for bypass of TLS certificate validation that can lead to the stealing of bind credentials and the altering of directory responses bsc1253478. CVE-2025-12764: improper...
Security update for pgadmin4
This update for pgadmin4 fixes the following issues: CVE-2025-12765: insufficient checks in the LDAP authentication flow allow a for bypass of TLS certificate validation that can lead to the stealing of bind credentials and the altering of directory responses bsc1253478. CVE-2025-12764: improper...
Security update for xen
This update for xen fixes the following issues: Security issues fixed: CVE-2025-27466: NULL pointer dereference in the Viridian interface when updating the reference TSC area bsc1248807. CVE-2025-58142: NULL pointer dereference in the Viridian interface due to assumption that the SIM page is mapp...
Security update for python-tornado6
This update for python-tornado6 fixes the following issues: CVE-2025-67724: unescaped reason argument used in HTTP headers and in HTML default error pages can be used by attackers to launch header injection or XSS attacks bsc1254903. CVE-2025-67725: quadratic complexity of string concatenation...
Security update for rsync
This update for rsync fixes the following issues: CVE-2025-10158: Fixed out of bounds array access via negative index bsc1254441 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for podman
This update for podman fixes the following issues: CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed SSH Agent that could cause a panic due to an out-of-bounds read with non-validated message sizes bsc1253993 Patch Instructions: To install this SUSE update use the SUSE recommended installation...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.50.4. Security issues fixed: CVE-2025-14174: processing maliciously crafted web content may lead to memory corruption due to improper validation bsc1255497. CVE-2025-43501: processing maliciously crafted web content may...
Security update for gnutls
This update for gnutls fixes the following issues: CVE-2025-9820: Fixed buffer overflow in gnutlspkcs11tokeninit. bsc1254132 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comman...
Security update for python39
This update for python39 fixes the following issues: CVE-2025-12084: quadratic complexity when building nested elements using xml.dom.minidom methods that depend on clearidcache can lead to availability issues when building excessively nested documents bsc1254997. CVE-2025-13836: use of...
Security update for apache2
This update for apache2 fixes the following issues: CVE-2025-55753: Fixed modmd ACME unintended retry intervals bsc1254511 CVE-2025-65082: Fixed CGI environment variable override bsc1254514 CVE-2025-58098: Fixed Server Side Includes adding query string to exec cmd=... bsc1254512 CVE-2025-66200:...
Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251786. Special Instructions and Notes: Please reboot the system after installing...
Security update for mariadb
This update for mariadb fixes the following issues: CVE-2025-13699: Fixed MariaDB mariadb-dump utility vulnerable to Path Traversal and Remote Code Execution bsc1254313 Other fixes: Update to 10.11.15 Add %license tags to license files bsc1252162 Add INSTALLDOCREADMEDIR cmake flag to install read...
Security update for netty
This update for netty fixes the following issues: Update to upstream version 4.1.130. Security issues fixed: CVE-2025-67735: lack of URI sanitization in HttpRequestEncoder allows for CRLF injection through a request URI and can lead to request smuggling bsc1255048. Other updates and bugfixes:...
Security update for postgresql13
This update for postgresql13 fixes the following issues: Upgraded to 13.23: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...
Security update for postgresql14
This update for postgresql14 fixes the following issues: Upgraded to 14.20: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...
Security update for postgresql15
This update for postgresql15 fixes the following issues: Upgraded to 15.15: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...
Security update 5.0.6 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...
Security update 5.0.6 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...
Security update 5.1.1.1 for Multi-Linux Manager Client Tools
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...
Security update 5.1.1.1 for Multi-Linux Manager Client Tools
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...
Security update 5.1.1.1 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...
Security update for libpng12
This update for libpng12 fixes the following issues: CVE-2025-64505: Fixed heap buffer over-read in pngdoquantize via malformed palette index bsc1254157 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for xkbcomp
This update for xkbcomp fixes the following issues: CVE-2018-15863: NULL pointer dereference triggered by a a crafted keymap file with a no-op modmask expression can lead to a crash bsc1105832. CVE-2018-15861: NULL pointer dereference triggered by a crafted keymap file that induces an xkbinternat...
Security update for cups
This update for cups fixes the following issues: Security issues fixed: CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other clients bsc1244057. Other issues fixed: Update the CVE-2025-58436 patch to fix a regression that causes GTK...
Security update for libssh
This update for libssh fixes the following issues: CVE-2025-8114: Fixed a NULL pointer dereference when calculating session ID during KEX. bsc1246974 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternative...
Security update for python3
This update for python3 fixes the following issues: Security issues fixed: CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities on os.path.expandvars bsc1252974. CVE-2025-8291: Fixed missing validity checks of the ZIP64 End of Central Directory EOCD bsc1251305. Other issues fixed: Add...
Security update for unbound
This update for unbound fixes the following issues: CVE-2025-11411: Fixed domain hijacking due to promiscuous records bsc1252525 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for python
This update for python fixes the following issues: CVE-2025-6075: quadratic complexity in os.path.expandvars can lead to performance degradation when values passed to it are user-controlled bsc1252974. CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory EOCD record allows...
Security update for postgresql16
This update for postgresql16 fixes the following issues: Upgraded to 16.11: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...
Security update for libpng12
This update for libpng12 fixes the following issues: CVE-2025-64505: Fixed heap buffer over-read in pngdoquantize via malformed palette index bsc1254157 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for container-suseconnect
This update for container-suseconnect rebuilds it against current go security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: Containers...
Security update for postgresql17, postgresql18
This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: Fix build with uring for post SLE15 code streams. Update to 18.1: https://www.postgresql.org/about/news/p-3171/ https://www.postgresql.org/docs/release/18.1/ bsc1253332, CVE-2025-12817: Missing check f...
Security update for go1.24
This update for go1.24 fixes the following issues: go1.24.11 released 2025-12-02 includes two security fixes to the crypto/x509 package, as well as bug fixes to the runtime. bsc1236217 CVE-2025-61727 CVE-2025-61729: go76460 go76445 bsc1254431 security: fix CVE-2025-61729 crypto/x509: excessive...
Security update for gnutls
This update for gnutls fixes the following issues: CVE-2025-9820: Fixed buffer overflow in gnutlspkcs11tokeninit. bsc1254132 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comman...
Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-50116: Update config files. Disable NGSM bsc1244824 jscPED-8240. CVE-2022-50252: igb: Do not free qvector unless new one was allocated bsc1249846. CVE-2022-50381:...
Security update for python
This update for python fixes the following issues: CVE-2025-8291: Check the validity the ZIP64 End of Central Directory EOCD. bsc1251305 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can ru...
Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.16 fixes one security issue The following security issue was fixed: CVE-2025-38616: tls: handle data disappearing from under the TLS ULP bsc1249537. Patch Instructions: To install this SUSE update use the SUSE recommended installati...
Security update for glib2
This update for glib2 fixes the following issues: CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via gettmpfile bsc1249055 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternativel...
Security update for grub2
This update for grub2 fixes the following issues: CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-free bsc1252930 CVE-2025-61662: Fixed missing unregister call for...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP6 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister...
Security update for python311
This update for python311 fixes the following issues: Update to 3.11.14: CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars bsc1252974 CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory EOCD not checked by the 'zipfile' module bsc1251305 Patch...