5411 matches found
Security update for alloy
This update for alloy fixes the following issues: Upgrade to version 1.12.1. Security issues fixed: CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents bsc1251509. CVE-2025-47913: golang.org/x/crypto: early client process termination...
Security update for python3
This update for python3 fixes the following issues: CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service bsc1254997 CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response bsc1254400 CVE-2025-13837: Fixed plistlib module denial of...
Security update for apache2
This update for apache2 fixes the following issues: CVE-2025-55753: Fixed modmd ACME unintended retry intervals bsc1254511 CVE-2025-65082: Fixed CGI environment variable override bsc1254514 CVE-2025-58098: Fixed Server Side Includes adding query string to exec cmd=... bsc1254512 CVE-2025-66200:...
Security update for pgadmin4
This update for pgadmin4 fixes the following issues: CVE-2025-12765: insufficient checks in the LDAP authentication flow allow a for bypass of TLS certificate validation that can lead to the stealing of bind credentials and the altering of directory responses bsc1253478. CVE-2025-12764: improper...
Security update for pgadmin4
This update for pgadmin4 fixes the following issues: CVE-2025-12765: insufficient checks in the LDAP authentication flow allow a for bypass of TLS certificate validation that can lead to the stealing of bind credentials and the altering of directory responses bsc1253478. CVE-2025-12764: improper...
Security update for xen
This update for xen fixes the following issues: Security issues fixed: CVE-2025-27466: NULL pointer dereference in the Viridian interface when updating the reference TSC area bsc1248807. CVE-2025-58142: NULL pointer dereference in the Viridian interface due to assumption that the SIM page is mapp...
Security update for ImageMagick
This update for ImageMagick fixes the following issues: CVE-2025-65955: possible use-after-free/double-free in Options::fontFamily when clearing a family can lead to crashes or memory corruption bsc1254435. CVE-2025-66628: possible integer overflow in the TIM image parser's ReadTIMImage function...
Security update for python-tornado6
This update for python-tornado6 fixes the following issues: CVE-2025-67724: unescaped reason argument used in HTTP headers and in HTML default error pages can be used by attackers to launch header injection or XSS attacks bsc1254903. CVE-2025-67725: quadratic complexity of string concatenation...
Security update for python36
This update for python36 fixes the following issues: CVE-2025-12084: quadratic complexity when building nested elements using xml.dom.minidom methods that depend on clearidcache can lead to availability issues when building excessively nested documents bsc1254997. CVE-2025-13836: use of...
Security update for podman
This update for podman fixes the following issues: CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed SSH Agent that could cause a panic due to an out-of-bounds read with non-validated message sizes bsc1253993 Patch Instructions: To install this SUSE update use the SUSE recommended installation...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.50.4. Security issues fixed: CVE-2025-14174: processing maliciously crafted web content may lead to memory corruption due to improper validation bsc1255497. CVE-2025-43501: processing maliciously crafted web content may...
Security update for python39
This update for python39 fixes the following issues: CVE-2025-12084: quadratic complexity when building nested elements using xml.dom.minidom methods that depend on clearidcache can lead to availability issues when building excessively nested documents bsc1254997. CVE-2025-13836: use of...
Security update for mariadb
This update for mariadb fixes the following issues: CVE-2025-13699: Fixed MariaDB mariadb-dump utility vulnerable to Path Traversal and Remote Code Execution bsc1254313 Other fixes: Update to 10.11.15 Add %license tags to license files bsc1252162 Add INSTALLDOCREADMEDIR cmake flag to install read...
Security update for postgresql13
This update for postgresql13 fixes the following issues: Upgraded to 13.23: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...
Security update for grafana
This update for grafana fixes the following issues: grafana was updated from version 11.5.5 to 11.5.10: Security issues fixed: CVE-2025-64751: Dropped experimental implementation of authorization Zanzana server/client version 11.5.10 bsc1254113 CVE-2025-47911: Fixed parsing HTML documents version...
Security update for golang-github-prometheus-alertmanager
This update for golang-github-prometheus-alertmanager fixes the following issues: Update to version 0.28.1 jscPED-13285: Improved performance of inhibition rules when using Equal labels. Improve the documentation on escaping in UTF-8 matchers. Update alertmanagerconfighash metric help to document...
Security update 5.0.6 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...
Security update 5.0.6 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...
Security update 5.0.6 for Multi-Linux Manager Client Tools
This update fixes the following issues: dracut-saltboot: Update to version 1.0.0 Reboot on salt key timeout bsc1237495 Fixed parsing files with space in the name bsc1252100 grafana was updated from version 11.5.5 to 11.5.10: Security issues fixed: CVE-2025-47911: Fix parsing HTML documents...
Security update 5.1.1.1 for Multi-Linux Manager Client Tools
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...
Security update 5.1.1.1 for Multi-Linux Manager Client Tools
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...
Security update 5.1.1.1 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...
Security update for libpng12
This update for libpng12 fixes the following issues: CVE-2025-64505: Fixed heap buffer over-read in pngdoquantize via malformed palette index bsc1254157 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for cups
This update for cups fixes the following issues: Security issues fixed: CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other clients bsc1244057. Other issues fixed: Update the CVE-2025-58436 patch to fix a regression that causes GTK...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.50.3. Security issues fixed: CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a UIProcess crash due to an out-of-bounds read and an integer underflow bsc1254208...
Security update for libssh
This update for libssh fixes the following issues: CVE-2025-8114: Fixed a NULL pointer dereference when calculating session ID during KEX. bsc1246974 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternative...
Security update for xkbcomp
This update for xkbcomp fixes the following issues: CVE-2018-15863: NULL pointer dereference triggered by a a crafted keymap file with a no-op modmask expression can lead to a crash bsc1105832. CVE-2018-15861: NULL pointer dereference triggered by a crafted keymap file that induces an xkbinternat...
Security update for unbound
This update for unbound fixes the following issues: CVE-2025-11411: Fixed domain hijacking due to promiscuous records bsc1252525 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for postgresql16
This update for postgresql16 fixes the following issues: Upgraded to 16.11: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...
Security update for libpng12
This update for libpng12 fixes the following issues: CVE-2025-64505: Fixed heap buffer over-read in pngdoquantize via malformed palette index bsc1254157 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for container-suseconnect
This update for container-suseconnect rebuilds it against current go security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: Containers...
Security update for postgresql14
This update for postgresql14 fixes the following issues: Upgraded to 14.20: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...
Security update for python310
This update for python310 fixes the following issues: Update to 3.10.19: CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars. bsc1252974 CVE-2025-8291: Check the validity the ZIP64 End of Central Directory EOCD. bsc1251305 Patch Instructions: To install this SUS...
Security update for gnutls
This update for gnutls fixes the following issues: CVE-2025-9820: Fixed buffer overflow in gnutlspkcs11tokeninit. bsc1254132 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comman...
Security update for cups
This update for cups fixes the following issues: The fix for CVE-2025-58436 causes a regression where GTK applications will hang. bsc1254353 See also https://github.com/OpenPrinting/cups/issues/1429 The fix has been temporary disabled. Patch Instructions: To install this SUSE update use the SUSE...
Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-50116: Update config files. Disable NGSM bsc1244824 jscPED-8240. CVE-2022-50252: igb: Do not free qvector unless new one was allocated bsc1249846. CVE-2022-50381:...
Security update for glib2
This update for glib2 fixes the following issues: CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via gettmpfile bsc1249055 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternativel...
Security update for grub2
This update for grub2 fixes the following issues: CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-free bsc1252930 CVE-2025-61662: Fixed missing unregister call for...
Security update for curl
This update for curl fixes the following issues: CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for python311
This update for python311 fixes the following issues: Update to 3.11.14: CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars bsc1252974 CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory EOCD not checked by the 'zipfile' module bsc1251305 Patch...
Security update for cups
This update for cups fixes the following issues: CVE-2025-61915: Fixed a local denial-of-service via cupsd.conf update and related issues. bsc1253783 CVE-2025-58436: Fixed an issue where a slow client communication leads to a possible DoS attack. bsc1244057 Patch Instructions: To install this SUS...
Security update for cups
This update for cups fixes the following issues: CVE-2025-61915: Fixed local denial-of-service via cupsd.conf update bsc1253783 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for java-25-openjdk
This update for java-25-openjdk fixes the following issues: Update to upstream tag jdk-25.0.1+8 October 2025 CPU Security fixes: JDK-8360937, CVE-2025-53057, bsc1252414: Enhance certificate handling JDK-8356294, CVE-2025-53066, bsc1252417: Enhance Path Factories JDK-8359454, CVE-2025-61748,...
Security update for python313
This update for python313 fixes the following issues: Update to 3.13.9: CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars bsc1252974 CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory EOCD not checked by the 'zipfile' module bsc1251305 Other...
Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 15 SP6)
This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.33 fixes various security issues The following security issues were fixed: CVE-2025-23145: mptcp: fix NULL pointer in canacceptnewsubflow bsc1242882. CVE-2025-38500: xfrm: interface: fix use-after-free after changing collectmd xfrm...
Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.97 fixes various security issues The following security issues were fixed: CVE-2024-53141: netfilter: ipset: add missing range check in bitmapipuadt bsc1245778. CVE-2025-23145: mptcp: fix NULL pointer in canacceptnewsubflow...
Security update for amazon-ssm-agent
This update for amazon-ssm-agent fixes the following issues: CVE-2025-47913: Fixed a bug in the client process termination when receiving an unexpected message type in response to a key listing or signing request. bsc1253598 Patch Instructions: To install this SUSE update use the SUSE recommended...
Security update for the Linux Kernel (Live Patch 25 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.100 fixes various security issues The following security issues were fixed: CVE-2024-53141: netfilter: ipset: add missing range check in bitmapipuadt bsc1245778. CVE-2025-23145: mptcp: fix NULL pointer in canacceptnewsubflow...
Security update for the Linux Kernel (Live Patch 44 for SUSE Linux Enterprise 15 SP4)
This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.176 fixes one security issue The following security issue was fixed: CVE-2023-53673: Bluetooth: hcievent: call disconnect callback before deleting conn bsc1251983. Patch Instructions: To install this SUSE update use the SUSE...
Security update for curl
This update for curl fixes the following issues: CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...