5415 matches found
Security update for ruby2.5
This update for ruby2.5 fixes the following issues: CVE-2024-49761: ReDoS vulnerability in REXML gem bsc1232440 bsc1232441. CVE-2025-58767: denial of service when parsing XML containing multiple XML declarations bsc1250016. CVE-2026-27820: insufficient checks in zstreambufferungets can lead to a...
Security update for sqlite3
This update for sqlite3 fixes the following issues: Update sqlite3 to 3.51.3: CVE-2025-7709: Integer Overflow in FTS5 Extension bsc1254670. CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation bsc1259619. Changelog: Fix the WAL-reset database corruption...
Security update for frr
This update for frr fixes the following issues: Security issues: CVE-2025-61099: NULL Pointer Dereference in FRRouting bsc1252838. CVE-2025-61100: NULL Pointer Dereference in FRRouting bsc1252829. CVE-2025-61101: NULL Pointer Dereference in FRRouting bsc1252833. CVE-2025-61102: NULL Pointer...
Security update for systemd
This update for systemd fixes the following issues: CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method bsc1259650. CVE-2026-29111: local unprivileged user can trigger an assert in systemd bsc1259418. udev: check for invalid chars in various fields...
Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.133 fixes various security issues The following security issues were fixed: CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. CVE-2025-21738: ata: libata-sff: ensure that we cannot write...
Security update for tomcat
This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: CVE-2025-48989: HTTP/2 protocol including DNS over HTTPS is vulnerable to "MadeYouReset" DoS attack bsc1243895. CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM...
Security update for frr
This update for frr fixes the following issues: CVE-2025-61099: NULL Pointer Dereference in FRRouting bsc1252838. CVE-2025-61100: NULL Pointer Dereference in FRRouting bsc1252829. CVE-2025-61101: NULL Pointer Dereference in FRRouting bsc1252833. CVE-2025-61102: NULL Pointer Dereference in FRRouti...
Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.121 fixes various security issues The following security issues were fixed: CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. CVE-2023-53257: wifi: mac80211: check S1G action frame size...
Security update for vim
This update for vim fixes the following issues: Update Vim to version 9.2.0110: CVE-2025-53906: malicious zip archive may cause a path traversal in Vim's zip bsc1246602. CVE-2026-26269: Netbeans specialKeys stack buffer overflow bsc1258229. CVE-2026-28417: crafted URL parsed by netrw plugin can...
Security update for the Linux Kernel (Live Patch 77 for SUSE Linux Enterprise 12 SP5)
This update for the SUSE Linux Enterprise Kernel 4.12.14-122.293 fixes various security issues The following security issues were fixed: CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer bsc1257118. CVE-2025-68285: libceph: fix potential use-after-free in...
Security update for the Linux Kernel (Live Patch 70 for SUSE Linux Enterprise 12 SP5)
This update for the SUSE Linux Enterprise Kernel 4.12.14-122.266 fixes various security issues The following security issues were fixed: CVE-2022-50423: ACPICA: Fix use-after-free in acpiutcopyipackagetoipackage bsc1250785. CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant...
Security update for salt
This update for salt fixes the following issues: Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...
Security update 5.0.7 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...
Security update 5.0.7 for Multi-Linux Manager Client Tools
This update fixes the following issues: golang-github-QubitProducts-exporterexporter: Non-customer-facing optimization and update golang-github-boynux-squidexporter: Version update from 1.6.0 to 1.13.0 with the following highlighted changes and fixes jscPED-14971: Added compatibility for Squid 6...
Maintenance update for Multi-Linux Manager 5.0: Server, Proxy and Retail Branch Server
Description: This update fixes the following issues: branch-network-formula: Update to version 1.1.0 Enable containers on SLE15SP7 Exclude podman interfaces from sysctl setting cobbler: Compatibility fixes for tftpboot directory setup inter-server-sync: Version 0.3.10-0 Write log to a rotated fil...
Security update for giflib
This update for giflib fixes the following issues: CVE-2026-23868: double-free result of a shallow copy can lead to memory corruption bsc1259502. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively y...
Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.97 fixes various security issues The following security issues were fixed: CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. CVE-2023-53257: wifi: mac80211: check S1G action frame size...
Security update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise 15 SP4)
This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.173 fixes various security issues The following security issues were fixed: CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. CVE-2023-53781: smc: Fix use-after-free in tcpwritetimerhandl...
Security update for strongswan
This update for strongswan fixes the following issues: CVE-2026-25075: Fixed integer underflow when handling EAP-TTLS AVP bsc1259472. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run t...
Security update for the Linux Kernel (Live Patch 73 for SUSE Linux Enterprise 12 SP5)
This update for the SUSE Linux Enterprise Kernel 4.12.14-122.275 fixes various security issues The following security issues were fixed: CVE-2022-50423: ACPICA: Fix use-after-free in acpiutcopyipackagetoipackage bsc1250785. CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant...
Security update for gvfs
This update for gvfs fixes the following issues: CVE-2026-28295: information disclosure when processing untrusted PASV responses from FTP servers bsc1258953. CVE-2026-28296: arbitrary FTP command injection due to unsanitized CRLF sequences in user supplied file paths bsc1258954. Patch Instruction...
Security update for libssh
This update for libssh fixes the following issues: CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler bsc1259377. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternative...
Security update for 389-ds
This update for 389-ds fixes the following issues: Update to LTS branch 2.7 jscPED-14342: CVE-2025-14905: Fixed heap buffer overflow due to improper size calculation in schemaattrenumcallback callback bsc1258727. Bug fixes: Resolve python build error that caused lib389 to be missing some librarie...
Security update for dnsdist
This update for dnsdist fixes the following issues: Update to dnsdist 1.9.11: CVE-2025-8671: Add mitigations for the HTTP/2 MadeYouReset attack bsc1253852. CVE-2025-30187: denial of service via crafted DoH exchange bsc1250054. Patch Instructions: To install this SUSE update use the SUSE recommend...
Security update for libsoup2
This update for libsoup2 fixes the following issue: CVE-2026-0716: improper bounds handling may allow out-of-bounds read bsc1256418. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...
Security update for postgresql17
This update for postgresql17 fixes the following issues: Update to version 17.9 bsc1258754. Security issues fixed: CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory bsc1258008. CVE-2026-2004: intarray missing validation of type of input to...
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issue: CVE-2026-25799: Division-by-Zero in YUV sampling factor validation leads to crash bsc1258786. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for ImageMagick
This update for ImageMagick fixes the following issue: CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for util-linux
This update for util-linux fixes the following issues: CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for "login -h" bsc1258859. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for ImageMagick
This update for ImageMagick fixes the following issues: CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. CVE-2026-24485: denial of service via malforme...
Security update for grpc
This update for grpc fixes the following issue: CVE-2023-33953: unbounded memory and CPU consumption in the HPACK parser leads to remote DoS bsc1214148. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for wicked2nm,suse-migration-services,suse-migration-sle16-activation,SLES16-Migration,SLES16-SAP_Migration
This update for wicked2nm,suse-migration-services,suse-migration-sle16-activation,SLES16-Migration,SLES16-SAPMigration fixes the following issues: Changes for SLES16-SAPMigration: Bump version: 2.1.30 Changes for SLES16-Migration: Bump version: 2.1.30 Changes for suse-migration-sle16-activation:...
Security update for libxslt
This update for libxslt fixes the following issues: CVE-2025-10911: use-after-free will be fixed on libxml2 side instead bsc1250553. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...
Security update for postgresql14
This update for postgresql14 fixes the following issues: Update to version 14.22 bsc1258754. Security issues fixed: CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory bsc1258008. CVE-2026-2004: intarray missing validation of type of input to...
Security update for tracker-miners
This update for tracker-miners fixes the following issues: CVE-2026-1764: heap buffer overflow leads to denial of service or information disclosure when parsing MP3 files bsc1257606. CVE-2026-1765: denial of Service and potential information disclosure via crafted MP3 files bsc1257607...
Security update for cosign
This update for cosign fixes the following issues: Update to version 3.0.5 jscSLE-23879. Security issues fixed: CVE-2025-11065: github.com/go-viper/mapstructure/v2: sensitive Information leak in logs bsc1250620. CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause...
Security update for docker
This update for docker fixes the following issues: CVE-2025-58181: Fixed a bug in crypto/ssh where invalidated number of mechanisms can cause unbounded memory consumption. bsc1253904 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupda...
Security update for python311
This update for python311 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2025-12781: inadequate parameter check can cause data integrity issues bsc1257108. CVE-2025-15282:...
Security update for freerdp
This update for freerdp fixes the following issues: CVE-2026-24491: heap-use-after-free in videotimer bsc1257981. CVE-2026-24675: heap-use-after-free in urbselectinterface bsc1257982. CVE-2026-24676: heap-use-after-free in audioformatcompatible bsc1257983. CVE-2026-24677: heap-buffer-overflow in...
Security update for freerdp
This update for freerdp fixes the following issues: CVE-2026-22855: heap-buffer-overflow in smartcardunpacksetattribcall bsc1256721. CVE-2026-22857: heap-use-after-free in irpthreadfunc bsc1256723. CVE-2026-23533: improper validation can lead to heap buffer overflow in cleardecompressresidualdata...
Security update for go1.25-openssl
This update for go1.25-openssl fixes the following issues: Update to version 1.25.7. Security issues fixed: CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated...
Security update for busybox
This update for busybox fixes the following issues: CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries bsc1258167. Patch...
Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise kernel 6.4.0-150700.51 fixes one security issue The following security issue was fixed: CVE-2025-38129: pagepool: fix use-after-free in pagepoolrecycleinring bsc1258139. Patch Instructions: To install this SUSE update use the SUSE recommended installation...
Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP6)
This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.42 fixes one security issue The following security issue was fixed: CVE-2025-38129: pagepool: fix use-after-free in pagepoolrecycleinring bsc1258139. Patch Instructions: To install this SUSE update use the SUSE recommended...
Security update for gimp
This update for gimp fixes the following issues: CVE-2026-2044: lack of proper initialization of memory can allow remote attackers to execute arbitrary code bsc1258532. CVE-2026-2045: check offset in the colormap is valid before using it bsc1258533. CVE-2026-2048: lack of proper validation of...
Security update for redis7
This update for redis7 fixes the following issue: a user can manipulate data read by a connection by injecting sequences into a Redis error reply bsc1258706. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for expat
This update for expat fixes the following issues: CVE-2026-24515: Fixed a null dereference in XMLExternalEntityParserCreate. bsc1257144 CVE-2026-25210: Fixed an integer overflow in doContent. bsc1257496 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods...
Security update for openvswitch
This update for openvswitch fixes the following issues: CVE-2024-2182: Fixed insufficient validation of incoming BFD packets may lead to denial of service bsc1255435 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for protobuf
This update for protobuf fixes the following issues:i CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise 15 SP4)
This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.173 fixes various security issues The following security issues were fixed: CVE-2023-53321: wifi: mac80211hwsim: drop short frames bsc1250314. CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access bsc1249455...