Security update for xen

This update for xen fixes the following issues: CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing XSA-477 bsc1256745 CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation XSA-479 bsc1256747 Special Instructions and Notes: Please reboot the system after installing this update...

Security update for xen

This update for xen fixes the following issues: Security fixes: CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing XSA-477 bsc1256745 CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation XSA-479 bsc1256747 CVE-2025-58149: Fixed incorrect removal od permissions on PCI device...

Security update for openCryptoki

This update for openCryptoki fixes the following issues: CVE-2026-22791: Fixed supplying malformed compressed EC public key can lead to heap corruption or denial-of-service bsc1256673. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for openvswitch3

This update for openvswitch3 fixes the following issues: Update to v3.1.7: CVE-2023-3966: openvswitch, openvswitch3: Invalid memory access in Geneve with HW offload bsc1219465. CVE-2024-2182: openvswitch: ov: insufficient validation of incoming BFD packets may lead to denial of service bsc1255435...

Security update for openvswitch

This update for openvswitch fixes the following issues: Update to v3.1.7: CVE-2023-3966: openvswitch, openvswitch3: Invalid memory access in Geneve with HW offload bsc1219465. CVE-2024-2182: openvswitch: ov: insufficient validation of incoming BFD packets may lead to denial of service bsc1255435...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-38321: smb: Log an error when closeallcacheddirs fails bsc1246328. CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd bsc1249256. CVE-2025-39977...

Security update for glib2

This update for glib2 fixes the following issues: CVE-2026-0988: Fixed a potential integer overflow in gbufferedinputstreampeek bsc1257049. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can...

Security update for avahi

This update for avahi fixes the following issues: CVE-2025-68276: Fixed refuse to create wide-area record browsers when wide-area is off bsc1256498 CVE-2025-68471: Fixed DoS bug by changing assert to return bsc1256500 CVE-2025-68468: Fixed DoS bug by removing incorrect assertion bsc1256499 Patch...

Security update for python-urllib3

This update for python-urllib3 fixes the following issues: CVE-2026-21441: Fixed excessive resource consumption during decompression of data in HTTP redirect responses bsc1256331 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate o...

Security update for libsoup2

This update for libsoup2 fixes the following issues: CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. CVE-2026-0719: Fixed overflow for password md4sum bsc1256399 Patch Instructions: To install this SUSE update use the SUSE recommended installation method...

Security update for python-pyasn1

This update for python-pyasn1 fixes the following issues: CVE-2026-23490: Fixed Denial-of-Service issue that may lead to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets bsc1256902 Patch Instructions: To install this SUSE update use the SUSE recommended installatio...

Security update for wireshark

This update for wireshark fixes the following issues: CVE-2026-0959: IEEE 802.11 dissector crash bsc1256734. CVE-2026-0960: HTTP3 dissector infinite loop bsc1256736. CVE-2026-0962: SOME/IP-SD dissector crash bsc1256739. Patch Instructions: To install this SUSE update use the SUSE recommended...

Security update for python-marshmallow

This update for python-marshmallow fixes the following issues: CVE-2025-68480: Fixed possible DoS when using Schema.loaddata, many=True bsc1255473. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

Security update for libtasn1

This update for libtasn1 fixes the following issues: CVE-2025-13151: stack-based buffer overflow in asn1expendoctetstring bsc1256341. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run t...

Security update for python-tornado

This update for python-tornado fixes the following issues: CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values bsc1254905. CVE-2025-67726: Denial of Service DoS via maliciously crafted HTTP request caused by the HTTPHeaders.add method bsc1254904. Patch Instruction...

Security update for curl

This update for curl fixes the following issues: CVE-2025-14017: Fixed broken TLS options for threaded LDAPS bsc1256105. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command...

Security update for python-filelock

This update for python-filelock fixes the following issues: CVE-2025-68146: TOCTOU race condition may allow local attackers to corrupt or truncate arbitrary user files bsc1255244. CVE-2026-22701: TOCTOU race condition in the SoftFileLock implementation bsc1256457. Patch Instructions: To install...

Security update for go1.24

This update for go1.24 fixes the following issues: Update to go1.24.12 released 2026-01-15 bsc1236217 Security fixes: CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level bsc1256821. CVE-2025-68119: cmd/go: unexpected code execution when invoking...

Security update for go1.25

This update for go1.25 fixes the following issues: Update to go1.25.6 released 2026-01-15 bsc1244485 Security fixes: CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level bsc1256821. CVE-2025-68119: cmd/go: unexpected code execution when invoking...

Security update for keylime

This update for keylime fixes the following issues: CVE-2025-13609: avoid re-registration of clients with same UUID but with different TPM identity bsc1254199. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.11 fixes various security issues The following security issues were fixed: CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. CVE-2025-38608: bpf, ktls: Fix data corruption when using...

Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.73 fixes various security issues The following security issues were fixed: CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. CVE-2025-40204: sctp: Fix MAC comparison to be constant-time...

Security update for ovmf

This update for ovmf fixes the following issues: CVE-2023-45231: Fixed out of bounds read when handling a ND Redirect message with truncated options bsc1218881. CVE-2023-45232: Fixed infinite loop when parsing unknown options in the Destination Options header bsc1218882. CVE-2023-45233: Fixed...

Security update for libvirt

This update for libvirt fixes the following issues: CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML bsc1253278 Patch Instructions: To install this SUSE update use the SUSE...

Security update for the Linux Kernel (Live Patch 45 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.179 fixes various security issues The following security issues were fixed: CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1254451. CVE-2022-50490: bpf: Propagate error from htablockbucket to userspa...

Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.7.3 fixes various security issues The following security issues were fixed: CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. CVE-2025-38476: rpl: Fix use-after-free in rpldosrhinline...

Security update for the Linux Kernel (Live Patch 42 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.170 fixes various security issues The following security issues were fixed: CVE-2022-50233: bluetooth: device name can cause reading kernel memory by not supplying terminal \0 bsc1249242. CVE-2022-50327: ACPI: processor: idle: Che...

Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.147 fixes various security issues The following security issues were fixed: CVE-2022-50233: bluetooth: device name can cause reading kernel memory by not supplying terminal \0 bsc1249242. CVE-2022-50327: ACPI: processor: idle: Che...

Security update for the Linux Kernel (Live Patch 72 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.272 fixes various security issues The following security issues were fixed: CVE-2022-50233: bluetooth: device name can cause reading kernel memory by not supplying terminal \0 bsc1249242. CVE-2022-50327: ACPI: processor: idle: Check...

Security update for the Linux Kernel (Live Patch 63 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.237 fixes various security issues The following security issues were fixed: CVE-2022-50233: bluetooth: device name can cause reading kernel memory by not supplying terminal \0 bsc1249242. CVE-2022-50327: ACPI: processor: idle: Check...

Security update for python

This update for python fixes the following issues: CVE-2025-8291: check validity of the ZIP64 End of Central Directory EOCD in the 'zipfile' module bsc1251305. CVE-2025-12084: prevent quadratic behavior in node ID cache clearing bsc1254997. CVE-2025-13836: prevent reading an HTTP response from a...

Security update for poppler

This update for poppler fixes the following issues: CVE-2025-11896: Fixed infinite recursion leading to stack overflow due to object loop in PDF CMap bsc1252337 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Security update for podman

This update for podman fixes the following issues: CVE-2025-47914: Fixed ssh-agent that could cause a panic due to an out-of-bounds read with non validated message size bsc1253993 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate ...

Security update for ovmf

This update for ovmf fixes the following issues: CVE-2022-36765: Fixed integer overflow to buffer overflow via local network vulnerability bsc1218680. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Security update for util-linux

This update for util-linux fixes the following issues: CVE-2025-14104: Fixed heap buffer overread in setpwnam when processing 256-byte usernames bsc1254666. lscpu: Add support for NVIDIA Olympus arm64 core jscPED-13682. Patch Instructions: To install this SUSE update use the SUSE recommended...

Security update for util-linux

This update for util-linux fixes the following issues: CVE-2025-14104: Fixed heap buffer overread in setpwnam when processing 256-byte usernames bsc1254666. lscpu: Add support for NVIDIA Olympus arm64 core jscPED-13682. Patch Instructions: To install this SUSE update use the SUSE recommended...

Security update for the Linux Kernel (Live Patch 31 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.124 fixes one security issue The following security issue was fixed: CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading bsc1251984. Patch Instructions: To install this SUSE update use the SUSE recommended...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2025-68618: read a malicious SVG file may result in a DoS attack bsc1255821. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can ru...

Security update for php8

This update for php8 fixes the following issues: Security fixes: CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. CVE-2025-14178: heap buffer overflow occurs in arraymerge when the total element cou...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2025-68618: read a malicious SVG file may result in a DoS attack bsc1255821. CVE-2025-68950: check for circular references in mvg files may lead to stack overflow bsc1255822. Patch Instructions: To install this SUSE update use the SUSE...

Security update for php8

This update for php8 fixes the following issues: Security fixes: CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. CVE-2025-14178: heap buffer overflow occurs in arraymerge when the total element cou...

Security update for libpcap

This update for libpcap fixes the following issues: CVE-2025-11961: missing validation of provided MAC-48 address string in pcapetheraton can lead to out-of-bounds read and write bsc1255765. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for alloy

This update for alloy fixes the following issues: Upgrade to version 1.12.1. Security issues fixed: CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents bsc1251509. CVE-2025-47913: golang.org/x/crypto: early client process termination...

Security update for python3

This update for python3 fixes the following issues: CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service bsc1254997 CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response bsc1254400 CVE-2025-13837: Fixed plistlib module denial of...

Security update for apache2

This update for apache2 fixes the following issues: CVE-2025-55753: Fixed modmd ACME unintended retry intervals bsc1254511 CVE-2025-65082: Fixed CGI environment variable override bsc1254514 CVE-2025-58098: Fixed Server Side Includes adding query string to exec cmd=... bsc1254512 CVE-2025-66200:...

Security update for pgadmin4

This update for pgadmin4 fixes the following issues: CVE-2025-12765: insufficient checks in the LDAP authentication flow allow a for bypass of TLS certificate validation that can lead to the stealing of bind credentials and the altering of directory responses bsc1253478. CVE-2025-12764: improper...

Security update for pgadmin4

This update for pgadmin4 fixes the following issues: CVE-2025-12765: insufficient checks in the LDAP authentication flow allow a for bypass of TLS certificate validation that can lead to the stealing of bind credentials and the altering of directory responses bsc1253478. CVE-2025-12764: improper...

Security update for xen

This update for xen fixes the following issues: Security issues fixed: CVE-2025-27466: NULL pointer dereference in the Viridian interface when updating the reference TSC area bsc1248807. CVE-2025-58142: NULL pointer dereference in the Viridian interface due to assumption that the SIM page is mapp...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2025-65955: possible use-after-free/double-free in Options::fontFamily when clearing a family can lead to crashes or memory corruption bsc1254435. CVE-2025-66628: possible integer overflow in the TIM image parser's ReadTIMImage function...

Security update for python-tornado6

This update for python-tornado6 fixes the following issues: CVE-2025-67724: unescaped reason argument used in HTTP headers and in HTML default error pages can be used by attackers to launch header injection or XSS attacks bsc1254903. CVE-2025-67725: quadratic complexity of string concatenation...