Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024167 fixes several issues. The following security issues were fixed: CVE-2025-38678: netfilter: nftables: reject duplicate device on updates bsc1249534. CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns...

Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024141 fixes several issues. The following security issues were fixed: CVE-2025-38678: netfilter: nftables: reject duplicate device on updates bsc1249534. CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns...

Security update for the Linux Kernel

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE...

Security update for the Linux Kernel (Live Patch 70 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122266 fixes one issue. The following security issue was fixed: CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for kernel-livepatch-MICRO-6-0_Update_6

This update for kernel-livepatch-MICRO-6-0Update6 fixes the following issues: CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245505 CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579 CVE-2025-38001: netsched: hfsc: Address reentrant enqueue adding class to eltree twi...

Security update for the Linux Kernel

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE...

Security update for apache2

This update for apache2 fixes the following issues: CVE-2024-42516: Fixed HTTP response splitting. bsc1246477 CVE-2024-43204: Fixed a SSRF when modproxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. bsc1246305 CVE-2024-47252: Fixed insufficient...

Security update for apache2

This update for apache2 fixes the following issues: CVE-2024-42516: Fixed HTTP response splitting. bsc1246477 CVE-2024-43204: Fixed a SSRF when modproxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. bsc1246305 CVE-2024-47252: Fixed insufficient...

Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002333 fixes several issues. The following security issues were fixed: CVE-2024-56664: bpf, sockmap: Fix race between element replace and close bsc1235250. CVE-2025-37797: netsched: hfsc: Fix a UAF vulnerability in class handling bsc1245793...

Security update for apache2

This update for apache2 fixes the following issues: CVE-2024-42516: Fixed HTTP response splitting. bsc1246477 CVE-2024-43204: Fixed a SSRF when modproxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. bsc1246305 CVE-2024-47252: Fixed insufficient...

Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059179 fixes several issues. The following security issues were fixed: CVE-2024-53146: NFSD: Prevent a potential integer overflow bsc1234854. CVE-2022-49465: blk-throttle: Set BIOTHROTTLED when bio has been throttled bsc1238920. CVE-2024-53214: vfio/pc...

Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002333 fixes several issues. The following security issues were fixed: CVE-2025-22115: btrfs: fix block group refcount race in btrfscreatependingblockgroups bsc1241579. CVE-2025-21772: partitions: mac: fix handling of bogus partition table bsc1238912...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-57982: xfrm: state: fix out-of-bounds read during lookup bsc1237913. CVE-2024-58053: rxrpc: Fix handling of received connection abort bsc1238982...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching bsc1242006. CVE-2024-35840: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconnect bsc122459...

Security update for python311

This update for python311 fixes the following issues: Skip PGO with %wantreproduciblebuilds bsc1239210 CVE-2025-0938: Disallows square brackets and in domain names for parsed URLs bsc1236705. Configure externallymanaged with a bcond bsc1228165. Update to 3.11.11: Tools/Demos gh-123418: Update...

Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005568 fixes several issues. The following security issues were fixed: CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefileswithdrawcookie bsc1229275. CVE-2024-36971: Fixed dstnegativeadvice race bsc1226324. CVE-2024-50264: vsock/virtio:...

Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: CVE-2024-47538: Fixed a stack-buffer overflow in vorbishandleidentificationpacket. bsc1234415 CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser. bsc1234450 CVE-2024-47600: Fixed an out-of-bounds read in...

Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024119 fixes several issues. The following security issues were fixed: CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. CVE-2024-35905: Fixed int overflow for stack...

Security update for the Linux Kernel RT (Live Patch 10 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505001335 fixes several issues. The following security issues were fixed: CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. CVE-2024-43861: Fix memor...

Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...

Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005549 fixes several issues. The following security issues were fixed: CVE-2024-35905: Fixed int overflow for stack access size bsc1226327. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2024-35863: Fixed potential UAF i...

Security update for the Linux Kernel RT (Live Patch 11 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505001338 fixes several issues. The following security issues were fixed: CVE-2024-35905: Fixed int overflow for stack access size bsc1226327. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2024-35863: Fixed potential UAF i...

Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002317 fixes several issues. The following security issues were fixed: CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails bsc1227808 CVE-2024-40909: bpf: Fix a potential use-after-free in bpflinkfree bsc1228349. Patch...

Security update for the Linux Kernel RT (Live Patch 17 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505001361 fixes several issues. The following security issues were fixed: CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails bsc1227808 CVE-2024-41059: hfsplus: fix uninit-value in copyname bsc1228573. CVE-2024-40909: bpf:...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-48901: btrfs: do not start relocation until in progress drops are done bsc1229607. CVE-2022-48911: kabi: add nfqueuegetrefs for kabi compliance. bsc1229633...

Security update for ldns

This update for ldns fixes the following issue CVE-2026-10846: When ldns is used by applications for stub resolving, it does not sufficiently verify that received responses belong to a sent query bsc1267670. Patch Instructions: To install this SUSE update use the SUSE recommended installation...

Security update for frr

This update for frr fixes the following issues CVE-2026-5107: Fixed an improper access controls in EVPN Type-2 Route Handler bsc1261013. CVE-2026-28532: Harden TE/SR TLV iteration against malformed lengths bsc1263859. CVE-2026-37457: Fix off-by-one error in FlowSpec operator array bounds check...

Security update for frr

This update for frr fixes the following issues Update to frr 8.5.7: CVE-2026-5107: Fixed an improper access controls in EVPN Type-2 Route Handler bsc1261013. CVE-2026-28532: Harden TE/SR TLV iteration against malformed lengths bsc1263859. CVE-2026-37457: Fix off-by-one error in FlowSpec operator...

Security update for rootlesskit

This update for rootlesskit rebuilds it against the current go security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux...

Security update for helm

This update for helm rebuilds it against the current go security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux Enterprise Hi...

Security update for hplip

This update for hplip fixes the following issues Update to HPLIP 3.26.4: Security issues: CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation bsc1266031. CVE-2026-8631: escalation of privileges and/or arbitrary...

Security update for avahi

This update for avahi fixes the following issue: CVE-2026-24401: uncontrolled recursion in lookuphandlecname can crash the avahi-daemon bsc1257235. CVE-2026-34933: reachable assertion in transportflagsfromdomain can crash the avahi-daemon bsc1261546. Patch Instructions: To install this SUSE updat...

Security update for tomcat

This update for tomcat fixes the following issues Update to Tomcat 9.0.118: CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. CVE-2026-42498: WebSocket authentication header exposure bsc1265165...

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues CreateSaverWindow Use-After-Free Information Disclosure. bsc1266301 DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write. bsc1266302 Font Alias Stack-based Buffer Overflow. bsc1266294 GLX ChangeDrawableAttributes Out-Of-Bounds...

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues CreateSaverWindow Use-After-Free Information Disclosure. bsc1266301 DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write. bsc1266302 Font Alias Stack-based Buffer Overflow. bsc1266294 GLX ChangeDrawableAttributes Out-Of-Bounds...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. CVE-2025-68310: s390/pci: Use pciueventers in PCI recovery bsc1255160. CVE-2025-71183: btrfs: always detect...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-49979: net: fix refcount bug in skpsockget bsc1245109. CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. CVE-2026-23239: espintcp: Fix race condition in...

Security update for busybox

This update for busybox fixes the following issue CVE-2026-29004: a crafted DHCPv6 response can lead to a heap buffer overflow in the DHCPv6 client bsc1263989. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Security update for strongswan

This update for strongswan fixes the following issues: CVE-2026-35328: infinite loop when handling supported versions TLS extension bsc1261712. CVE-2026-35329: null pointer dereference when processing padding in PKCS7 bsc1261717. CVE-2026-35330: integer underflow when handling EAP-SIM/AKA...

Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.6 fixes various security issues The following security issues were fixed: CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. CVE-2026-23243: RDMA/umad: Reject negative datalen in ibumadwrite bsc1259798. CVE-2026-23274:...

Security update for the Linux Kernel (Live Patch 76 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.290 fixes various security issues The following security issues were fixed: CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. CVE-2026-23243: RDMA/umad: Reject negative datalen in ibumadwrite bsc1259798. CVE-2026-46300:...

Security update for xz

This update for xz fixes the following issue CVE-2026-34743: buffer overflow in lzmaindexappend bsc1261280. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your...

Security update for perl-Net-CIDR-Lite

This update for perl-Net-CIDR-Lite fixes the following issues CVE-2026-45190: improper validation of trailing newlines or non-ASCII digits can lead to IP ACL bypass bsc1264710. CVE-2026-45191: extraneous leading zeros in CIDR mask values can lead to IP ACL bypass bsc1264709. CVE-2026-40198: missi...

Security update for google-guest-agent

This update for google-guest-agent fixes the following issue CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like Ya...

Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues Security issues: CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. CVE-2026-39817: cmd/go: "go tool pack" do...

Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues Security issues: CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. CVE-2026-39817: cmd/go: "go tool pack" do...

Security update for python312

This update for python312 fixes the following issues CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. CVE-2026-4786: Incomplete mitigation of %action expansion for command injection to webbrowser.open bsc1262319. CVE-2026-6019: BaseCookie.jsoutput does not...

Security update for busybox

This update for busybox fixes the following issue CVE-2026-29004: Heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVERS option handler in networking/udhcp/d6dhcpc.c bsc1263989. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...

Security update for xz

This update for xz fixes the following issue CVE-2026-34743: buffer overflow in lzmaindexappend bsc1261280. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your...

Security update for buildah

This update for buildah rebuilds it against the current go security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: openSUSE Leap 15.5...