5440 matches found
Security update for libavif
This update for libavif fixes the following issues: update to 1.3.0: CVE-2025-48175: Fixed an integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes. bsc1243270 CVE-2025-48174: Fixed an integer overflow and resultant buffer overflow in stream-offset+size...
Security update for ruby2.5
This update for ruby2.5 fixes the following issues: CVE-2024-35221: Fixed remote denial of service via YAML manifest bsc1225905 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for podman
This update for podman fixes the following issues: CVE-2025-6032: Fixed machine init command failing to verify TLS certificate bsc1245320 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can r...
Security update for cairo
This update for cairo fixes the following issues: CVE-2019-6462: Fixed a potentially infinite loop bsc1122321. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for...
Security update for kubernetes1.23
This update for kubernetes1.23 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for openssl-3
This update for openssl-3 fixes the following issues: CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed fo...
Security update for libssh
This update for libssh fixes the following issues: CVE-2025-5372: sshkdf returns a success code on certain failures bsc1245314 CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend bsc1245317 CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions...
Security update for libxslt
This update for libxslt fixes the following issues: CVE-2025-7424: Fixed type confusion in xmlNode.psvi between stylesheet and source nodes bsc1246360 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for poppler
This update for poppler fixes the following issues: CVE-2025-50420: Fixed Denial of Service in pdfseparate utility bsc1247590 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...
Security update for poppler
This update for poppler fixes the following issues: CVE-2025-50420: Fixed Denial of Service in pdfseparate utility bsc1247590 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...
Security update for apache-commons-lang3
This update for apache-commons-lang3 fixes the following issues: CVE-2025-48924: Fixed an uncontrolled recursion vulnerability that may lead to a DoS. bsc1246397 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for tiff
This update for tiff fixes the following issues: Updated TIFFMergeFieldInfo with readcount=writecount=0 for FIELDIGNORE bsc1243503 CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c bsc1247108 CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow when processing...
Security update for sccache
This update for sccache fixes the following issues: Update to version 0.4.24: CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode. bsc1243868 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for go1.24
This update for go1.24 fixes the following issues: Update to go1.24.6: CVE-2025-47906: Fixed LookPath returning unexpected paths bsc1247719 CVE-2025-47907: Fixed incorrect results returned from Rows.Scan bsc1247720 go73800 runtime: RSS seems to have increased in Go 1.24 while the runtime accounti...
Security update for libssh
This update for libssh fixes the following issues: CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. CVE-2025-5318: Fixed likely read beyond bounds in sftp server handl...
Security update for postgresql14
This update for postgresql14 fixes the following issues: Upgrade to 14.18: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Patch Instructions: To install this SUSE update use the SUSE recommended...
Security update for ruby2.5
This update for ruby2.5 fixes the following issues: CVE-2025-6442: Fixed readheader HTTP Request Smuggling Vulnerability in WEBrick bsc1245254 CVE-2025-27221: Fixed userinfo leakage in URIjoin, URImerge and URI+ bsc1237805 Patch Instructions: To install this SUSE update use the SUSE recommended...
Security update for grub2
This update for grub2 fixes the following issues: CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grubcryptomemcmp bsc1234959 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for djvulibre
This update for djvulibre fixes the following issues: CVE-2025-53367: Fixed a bug where a crafted document may lead to an out of bound write. bsc1245773 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for redis
This update for redis fixes the following issues: CVE-2025-32023: Fixed out-of-bounds write when working with HyperLogLog commands can lead to remote code execution. bsc1246059 CVE-2025-48367: Fixed unauthenticated connection causing repeated IP protocol erros can lead to client starvation and Do...
Security update for libxml2
This update for libxml2 fixes the following issues: CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr bsc1246296 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for gnutls
This update for gnutls fixes the following issues: CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK bsc1246299 CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName bsc1246232 CVE-2025-32989: Fix...
Security update for python311
This update for python311 fixes the following issues: CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. Update to 3.11.13: Security gh-135034: Fixes multiple issues that allowed tarfile extraction filters filter="data...
Security update for kernel-livepatch-MICRO-6-0-RT_Update_6
This update for kernel-livepatch-MICRO-6-0-RTUpdate6 fixes the following issues: CVE-2025-22115: btrfs: fix block group refcount race in btrfscreatependingblockgroups bsc1241579 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update 5.1.0 GM for Multi-Linux Manager Client Tools
This update fixes the following issues: spacecmd: Version update from 5.1.6-0 to 5.1.8-0 with the following key change: Update translation strings uyuni-tools: Version 5.1.14-0: Fix mgradm backup create handling of images and systemd files bsc1244563 migrate existing TLS certificates from 4.3...
Security update for libarchive
This update for libarchive fixes the following issues: CVE-2025-5914: Fixed double free due to an integer overflow in the archivereadformatrarseekdata function bsc1244272 CVE-2025-5915: Fixed heap buffer over read in copyfromlzsswindow at archivereadsupportformatrar.c bsc1244273 CVE-2025-5916:...
Security update for ignition
This update for ignition fixes the following issues: CVE-2025-22870: golang.org/x/net/http/httpproxy: Fixed proxy bypass using IPv6 zone IDs bsc1238681 CVE-2025-22868: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing bsc1239192 Patch Instructions: To install this...
Security update for docker
This update for docker fixes the following issues: Update to Go 1.24 for builds, to match upstream. Update to Docker 28.3.2-ce. See upstream changelog online at Update to Docker 28.3.1-ce. See upstream changelog online at Update to Docker 28.3.0-ce. See upstream changelog online at bsc1246556...
Security update for grub2
This update for grub2 fixes the following issues: CVE-2025-4382: Fixed TPM auto-decryption data exposure bsc1242971 Filter out the non-subvolume btrfs mount points when creating the relative path bsc1239674 CVE-2024-45781: Fixed ufs strcpy overflow bsc1233617 CVE-2024-56737: Fixed heap-based buff...
Security update for pam-config
This update for pam-config fixes the following issues: CVE-2025-6018: Stop adding pamenv in AUTH stack, and be sure to put this module at the really end of the SESSION stack. bsc1243226 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for docker
This update for docker fixes the following issues: Update to Go 1.24 for builds, to match upstream. Update to Docker 28.3.2-ce. See upstream changelog online at Update to Docker 28.3.1-ce. See upstream changelog online at Update to Docker 28.3.0-ce. See upstream changelog online at bsc1246556...
Security update for polkit
This update for polkit fixes the following issues: CVE-2025-7519: Fixed a XML policy file with a large number of nested elements that may lead to out-of-bounds write. bsc1246472 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update for libarchive
This update for libarchive fixes the following issues: CVE-2025-5916, Fixed integer overflow while reading warc files at archivereadsupportformatwarc.c bsc1244270 CVE-2025-5914: Fixed double free due to an integer overflow in the archivereadformatrarseekdata function bsc1244272 Patch Instructions...
Security update for jq
This update for jq fixes the following issues: CVE-2024-23337: Fixed signed integer overflow in jv.c:jvparraywrite bsc1243450 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...
Security update for python-requests
This update for python-requests fixes the following issues: Avoid problems with certificate caching in sslcontext. bsc1246104, ghpsf/requests6767 Update to 2.32.4: CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong...
Security update for ImageMagick
This update for ImageMagick fixes the following issues: CVE-2025-53014: Fixed an off-by-one error may cause an out-of-bounds memory access bsc1246530 CVE-2025-53019: Fixed format specifiers in a filename template may cause a memory leak bsc1246534 CVE-2025-53101: Fixed input manipulation may lead...
Security update for the Linux Kernel (Live Patch 60 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122228 fixes several issues. The following security issues were fixed: CVE-2024-53146: NFSD: Prevent a potential integer overflow bsc1234854. CVE-2022-49465: blk-throttle: Set BIOTHROTTLED when bio has been throttled bsc1238920. CVE-2024-53214: vfio/pci:...
Security update 5.0.5 for Multi-Linux Manager Client Tools, Salt and Salt Bundle
This update fixes the following issues: golang-github-prometheus-nodeexporter: Security issues fixed: CVE-2025-22870: Prevent a matching of hosts against proxy patterns to improperly treat an IPv6 zone ID as a hostname component bsc1238686 Other bugs fixed: Fixed Darwin memory leak pressure: Fix...
Security update for salt
This update for salt fixes the following issues: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal vulnerability...
Security update for salt
This update for salt fixes the following issues: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal vulnerability...
Security update 5.0.5 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal...
Security update 5.0.5 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal...
Security update 5.0.5 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal...
Maintenance update for Multi-Linux Manager 4.3: Server, Proxy and Retail Branch Server
Description: This update fixes the following issues: mgr-daemon: Version 4.3.12-0: Updated translation strings proxy-helm: Version 4.3.17: Chart rebuilt to the newest version with updated dependencies for SUSE Manager 4.3.16 proxy-httpd-image: Version 4.3.18: Image rebuilt to the newest version...
Security update for php8
This update for php8 fixes the following issues: CVE-2025-1220: Fixed null byte termination in hostnames bsc1246167 CVE-2025-1735: Fixed pgsql extension does not check for errors during escaping bsc1246146 CVE-2025-6491: Fixed NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace...
Security update for kubernetes1.24
This update for kubernetes1.24 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for kubernetes1.23
This update for kubernetes1.23 fixes the following issues: CVE-2021-25743: Escape terminal special characters in kubectl output bsc1194400. CVE-2023-2431: Prevent pods to bypass the seccomp profile enforcement bsc1212493. CVE-2024-0793: Advance autoscaling v2 as the preferred API version...
Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-150600108 fixes several issues. The following security issues were fixed: CVE-2024-53146: NFSD: Prevent a potential integer overflow bsc1234854. CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability bsc1235005. CVE-2024-53173: NFSv4....
Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005568 fixes several issues. The following security issues were fixed: CVE-2024-53146: NFSD: Prevent a potential integer overflow bsc1234854. CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability bsc1235005. CVE-2024-53173:...
Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005594 fixes one issue. The following security issue was fixed: CVE-2025-21772: partitions: mac: fix handling of bogus partition table bsc1238912. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...