5387 matches found
Security update for sudo
This update for sudo fixes the following issues: CVE-2025-32462: Fixed a possible local privilege escalation via the --host option bsc1245274. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you...
Security update for sqlite3
This update for sqlite3 fixes the following issues: CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function bsc1241020 CVE-2025-29088: Fixed integer overflow through the SQLITEDBCONFIGLOOKASIDE component bsc1241078 Other fixes: Updated to version 3.49.1 from Factory...
Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059174 fixes several issues. The following security issues were fixed: CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inetcreate bsc1235231. CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing...
Security update for icu
This update for icu fixes the following issues: CVE-2025-5222: Stack buffer overflow in the SRBRoot:addTag function bsc1243721. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for apache-commons-beanutils
This update for apache-commons-beanutils fixes the following issues: Update to 1.11.0: Fixed Bugs: BeanComparator.compareT, T now throws IllegalArgumentException instead of RuntimeException to wrap all cases of ReflectiveOperationException. MappedMethodReference.get now throws IllegalStateExcepti...
Security update for gstreamer-plugins-good
This update for gstreamer-plugins-good fixes the following issues: CVE-2024-47537: Fixed OOB-write in isomp4/qtdemux.c bsc1234414 CVE-2024-47539: Fixed OOB-write in converttos3341a bsc1234417 CVE-2024-47540: Fixed uninitialized stack memory in Matroska/WebM demuxer bsc1234421 CVE-2024-47543: Fixe...
Security update for Multi-Linux Manager Client Tools
This update fixes the following issues: golang-github-prometheus-prometheus was updated to version 2.53.4: Security issues fixed: CVE-2023-45288: Require Go = 1.23 for building bsc1236516 CVE-2025-22870: Bumped golang.org/x/net to version 0.39.0 bsc1238686 Other bugs fixes from version 2.53.4:...
Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues: CVE-2025-49175: Out-of-bounds access in X Rendering extension Animated cursors bsc1244082. CVE-2025-49176: Integer overflow in Big Requests Extension bsc1244084. CVE-2025-49177: Data leak in XFIXES Extension 6 XFixesSetClientDisconnectMo...
Security update for apache2-mod_auth_openidc
This update for apache2-modauthopenidc fixes the following issues: CVE-2025-3891: Fixed denial of service via an empty POST request when OIDCPreservePost is enabled bsc1242015. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-15040024128 fixes several issues. The following security issues were fixed: CVE-2022-49080: mm/mempolicy: fix mpolnew leak in sharedpolicyreplace bsc1238324. CVE-2024-57996: netsched: schsfq: do not allow 1 packet limit bsc1239077. Patch Instructions: To...
Security update for kubernetes-old
This update for kubernetes-old fixes the following issues: CVE-2025-22872: Fixed golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction bsc1241781 This update to version 1.31.9 jscPED-11105 Find full changelog...
Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005597 fixes several issues. The following security issues were fixed: CVE-2024-58013: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmtremoveadvmonitorsync bsc1239096. CVE-2024-57996: netsched: schsfq: do not allow 1 packet limit bsc1239077. Patch...
Security update for sqlite3
This update for sqlite3 fixes the following issues: Update to release 3.49.1: Improve portability of makefiles and configure scripts. CVE-2025-29087: Fixed Integer Overflow in SQLite concat Function bsc1241020 CVE-2025-29088: Fixed integer overflow through the SQLITEDBCONFIGLOOKASIDE component...
Security update for openssh
This update for openssh fixes the following issue: Security fixes: CVE-2025-32728: Fixed logic error in DisableForwarding option bsc1241012 Other fixes: - Fix ssh client segfault with GSSAPIKeyExchange=yes in sshkex2 due to gssapi proposal not being correctly initialized bsc1236826. The problem...
Security update for apache-commons-beanutils
This update for apache-commons-beanutils fixes the following issues: Update to 1.11.0 CVE-2025-48734: Fixed possible arbitrary code execution vulnerability bsc1243793 Full changelog: https://commons.apache.org/proper/commons-beanutils/changes.htmla1.11.0 Patch Instructions: To install this SUSE...
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Update to Mozilla Firefox ESR 128.11 MFSA 2025-44, bsc1243353: MFSA-TMP-2025-0001: Double-free in libvpx encoder bmo1962421 CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content bmo1960745...
Security update for java-17-openjdk
This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.15+6 April 2025 CPU CVEs: CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data bsc1241274 CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access...
Security update for java-1_8_0-ibm
This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 45. Security issues fixed: Oracle April 15 2025 CPU bsc1242208 CVE-2025-21587: unauthorized access, deletion and modification of critical data via the JSSE component bsc1241274. CVE-2025-30691:...
Security update for postgresql15
This update for postgresql15 fixes the following issues: Upgrade to 15.13: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/15.13/ Patch Instructions: T...
Security update for slurm_24_11
This update for slurm2411 fixes the following issues: Update to version 24.11.5. Security issues fixed: CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to Administrator bsc1243666. Other changes and issues fixe...
Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-1506001017 fixes several issues. The following security issues were fixed: CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678. CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice...
Security update for runc
This update for runc fixes the following issues: Update to runc v1.2.6. Upstream changelog is available from . Update to runc v1.2.0rc3. Upstream changelog is available from . CVE-2024-45310: Fixed that runc can be tricked into creating empty files/directories on host bsc1230092 Patch Instruction...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2025-21726: padata: avoid UAF for reorderwork bsc1238865. CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array bsc1238747...
Security update for containerd
This update for containerd fixes the following issues: CVE-2024-40635: Fixed integer overflow in User ID handling bsc1239749 Other fixes: - Update to containerd v1.7.27. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for govulncheck-vulndb
This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20250402T160203 2025-04-02T16:02:03Z jscPED-11136 GO-2025-3443 GO-2025-3581 GO-2025-3582 GO-2025-3583 GO-2025-3584 GO-2025-3585 GO-2025-3586 GO-2025-3587 GO-2025-3588 Patch Instructions: To install this SUSE upda...
Security update for tomcat
This update for tomcat fixes the following issues: CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 Update to Tomcat 9.0.102 Fixes: launch with java 17 bsc1239676 Catalina Fix: Weak etags in the If-Range header should not match as strong eta...
Security update for python3
This update for python3 fixes the following issues: CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses bsc1233307. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can r...
Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52778: mptcp: deal with large GSO size bsc1224948. CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking...
Security update for build
This update for build fixes the following issues: - CVE-2024-22038: Fixed DoS attacks, information leaks with crafted Git repositories bnc1230469 Other fixes: - Fixed behaviour when using "--shell" aka "osc shell" option in a VM build. Startup is faster and permissions stay intact now. fixes for...
Security update for openvswitch3
This update for openvswitch3 fixes the following issues: CVE-2025-0650: Fixed egress ACLs that may be bypassed via specially crafted UDP packet bsc1236353. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for openssh
This update for openssh fixes the following issues: CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. Add a s390 specific ioctl for ECC hardware support bsc1225637: for migration to openssh 8.4: write active/enabled switch over files only if not yet...
Security update for postgresql14
This update for postgresql14 fixes the following issues: Upgrade to 14.17: CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for postgresql17
This update for postgresql17 fixes the following issues: Upgrade to 17.4: CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for postgresql13
This update for postgresql13 fixes the following issues: Upgrade to 13.20: CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for grub2
This update for grub2 fixes the following issues: CVE-2024-45781: Fixed strcpy overflow in ufs. bsc1233617 CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. bsc1234958 CVE-2024-45782: Fixed strcpy overflow in hfs. bsc1233615 CVE-2024-45780: Fixed an overflow in tar/cpio. bsc1233614...
Security update for grub2
This update for grub2 fixes the following issues: CVE-2024-45781: Fixed strcpy overflow in ufs. bsc1233617 CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. bsc1234958 CVE-2024-45782: Fixed strcpy overflow in hfs. bsc1233615 CVE-2024-45780: Fixed an overflow in tar/cpio. bsc1233614...
Security update for grafana
This update for grafana fixes the following issues: grafana was updated from version 9.5.18 to 10.4.13 jscPED-11591,jscPED-11649: Security issues fixed: CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback by upgrading golang.org/x/crypto bsc1234554 CVE-2023-3128: Fixed...
Security update for SUSE Manager Client Tools
This update fixes the following issues: dracut-saltboot was updated to version 0.1.1728559936.c16d4fb: Added MAC based terminal naming option jscSUMA-314 golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 jscPED-11649: Security issues fixed: CVE-2024-51744: Updated...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref bsc1236703. CVE-2025-21678: gtp: Destroy device along with udp socket's netns...
Security update for krb5
This update for krb5 fixes the following issues: CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash bsc1236619. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate...
Security update for docker
This update for docker fixes the following issues: Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker which...
Security update for buildkit
This update for buildkit fixes the following issues: Update to version 0.12.5: update runc to v1.1.12 exec: add extra validation for submount sources fixes CVE-2024-23651, bsc1219267 oci: fix error handling on submount calls executor: recheck mount stub path within root after container run fixes...
Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52610: net/sched: actct: fix skb leak and crash on ooo frags bsc1221610. CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow...
Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52610: net/sched: actct: fix skb leak and crash on ooo frags bsc1221610. CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow...
Security update for expat
This update for expat fixes the following issues: CVE-2024-45492: detect integer overflow in function nextScaffoldPart bsc1229932 CVE-2024-45491: detect integer overflow in dtdCopy bsc1229931 CVE-2024-45490: reject negative len for XMLParseBuffer bsc1229930 CVE-2024-28757: XML Entity Expansion...
Security update for hplip
This update for hplip fixes the following issues: This update for hplip fixes the following security issues: CVE-2020-6923: Fixed a memory buffer overflow in the HP Linux Imaging and Printing HPLIP. bsc1234745 This update for hplip fixes the following issues: Update to hplip 3.24.4 jscPED-5846...
Security update for nginx
This update for nginx fixes the following issues: CVE-2023-44487: Mitigate HTTP/2 Rapid Reset Attack bsc1216171 CVE-2024-7347: Fixed worker crashes on special crafted mp4 files containing invalid chunk information bsc1229155 Patch Instructions: To install this SUSE update use the SUSE recommended...
Security update for nodejs18
This update for nodejs18 fixes the following issues: Update to 18.20.6: CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici bsc1236258 Patc...
Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059161 fixes several issues. The following security issues were fixed: CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1232637...
Security update for the Linux Kernel (Live Patch 58 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122222 fixes several issues. The following security issues were fixed: CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1232637...