5387 matches found
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching bsc1242006. CVE-2024-35840: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconnect bsc1224597...
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2021-47659: drm/plane: Move range check for formatcount earlier bsc1237839. CVE-2022-49044: dm integrity: fix memory corruption when tagsize is less than digest si...
Security update for python-h11, python-httpcore
This update for python-h11, python-httpcore fixes the following issues: python-h11: - Update 0.16.0: CVE-2025-43859: Fixed accepting of malformed Chunked-Encoding bodies bsc1241872 - 0.15.0: Reject Content-Lengths = 1 zettabyte 1 billion terabytes early, without attempting to parse the integer...
Security update for the Linux Kernel (Live Patch 63 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122237 fixes one issue. The following security issue was fixed: CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...
Security update for microcode_ctl
This update for microcodectl fixes the following issues: Intel CPU Microcode was updated to the 20250512 release bsc1243123 CVE-2024-28956: Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel Processors may allow an authenticated use...
Security update for elemental-operator
This update for elemental-operator fixes the following issues: Updated to v1.7.2: Updated header year CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs bsc1238700 CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the Key Exchange of...
Security update for wget
This update for wget fixes the following issues: CVE-2024-10524: Drop support for shorthand URLs bsc1233773. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for you...
Security update for go1.24
This update for go1.24 fixes the following issues: Update to go1.24.3 bsc1236217: Security fixes: CVE-2025-22873: Fixed os.Root permits access to parent directory bsc1242715 Changelog: go73556 go73555 security: fix CVE-2025-22873 os: Root permits access to parent directory go73082 os: Root.Open...
Security update for expat
This update for expat fixes the following issues: Version update to 2.7.1: Bug fixes: 980 989 Restore event pointer behavior from Expat 2.6.4 that the fix to CVE-2024-8176 changed in 2.7.0; affected API functions are: - XMLGetCurrentByteCount - XMLGetCurrentByteIndex - XMLGetCurrentColumnNumber -...
Security update for freetype2
This update for freetype2 fixes the following issues: Update to 2.13.2: Some fields in the FTOutline structure have been changed from signed to unsigned type, which better reflects the actual usage. It is also an additional means to protect against malformed input. Rare double-free crashes in the...
Security update for gimp
This update for gimp fixes the following issues: CVE-2025-2761: unvalidated user input in FLI file parsing may lead to an out-of-bounds write bsc1241691. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for avahi
This update for avahi fixes the following issues: CVE-2024-52616: Fixed predictable transaction IDs for Wide-Area DNS bsc1233420 Drop rcFOO symlinks jscPED-266. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for java-1_8_0-openjdk
This update for java-180-openjdk fixes the following issues: Update to version jdk8u452 icedtea-3.35.0 Security issues fixed: CVE-2025-21587: unauthorized creation, deletion or modification of critical data through the JSSE component. bsc1241274 CVE-2025-30691: unauthorized update, insert or dele...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 CVE-2025-32051: Fixed segmentation fault when parsing malformed data URI...
Security update for openvpn
This update for openvpn fixes the following issues: CVE-2025-2704: Fixed remote DoS due to possible ASSERT on OpenVPN servers using --tls-crypt-v2 bsc1240392 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird ESR 128.10 update bsc1241621: CVE-2025-4082: WebGL shader attribute memory corruption in Thunderbird for macOS. CVE-2025-4087: Unsafe attribute access during XPath parsing. CVE-2025-4093: Memory safety bug fixed in...
Security update for libsoup2
This update for libsoup2 fixes the following issues: CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 CVE-2025-32052: Fixed heap buffer overflow in sniffunknown bsc1240756...
Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059179 fixes several issues. The following security issues were fixed: CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in applyconstrainttosize bsc1233294. CVE-2024-56650: netfilter: xtables: fix LED ID check in ledtgcheck bsc1235431. Patch...
Security update for libva
This update for libva fixes the following issues: Update to libva version 2.20.0, which includes security fix for: uncontrolled search path may allow an authenticated user to escalate privilege via local access CVE-2023-39929, bsc1224413, jscPED-11066 This includes latest version of one of the...
Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-1506002325 fixes several issues. The following security issues were fixed: CVE-2024-53237: Bluetooth: fix use-after-free in deviceforeachchild bsc1235008. CVE-2024-53082: virtionet: Add hashkeylength check bsc1233677. CVE-2024-8805: Bluetooth: hcievent: Alig...
Security update for apache2-mod_auth_openidc
This update for apache2-modauthopenidc fixes the following issues: CVE-2025-31492: Fixed a bug where OIDCProviderAuthRequestMethod POSTs can leak protected data. bsc1240893 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update for ImageMagick
This update for ImageMagick fixes the following issues: CVE-2025-43965: Fixed mishandling of image depth after SetQuantumFormat is used in MIFF image processing. bsc1241659 CVE-2025-46393: Fixed mishandling of packetsize leads to rendering of channels in arbitrary order in multispectral MIFF imag...
Security update for libva
This update for libva fixes the following issues: Update to libva version 2.20.0, which includes security fix for: CVE-2023-39929: uncontrolled search path may allow an authenticated user to escalate privilege via local access bsc1224413, jscPED-11066 This includes latest version of one of the...
Security update for libva
This update for libva fixes the following issues: Update to libva version 2.20.0, which includes security fix for: uncontrolled search path may allow an authenticated user to escalate privilege via local access CVE-2023-39929, bsc1224413, jscPED-11066 This includes latest version of one of the...
Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-15040024141 fixes several issues. The following security issues were fixed: CVE-2024-8805: Bluetooth: hcievent: Align BR/EDR JUSTWORKS paring with LE bsc1240840. CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in applyconstrainttosize bsc1233294...
Security update for libxml2
This update for libxml2 fixes the following issues: CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. bsc1241551 CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. bsc1241453 Patch Instructions: To install this SUSE update use...
Security update for libxml2
This update for libxml2 fixes the following issues: CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. bsc1241551 CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. bsc1241453 Patch Instructions: To install this SUSE update use...
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 128.10.0 ESR MFSA 2025-29 bsc1241621: CVE-2025-2817: Potential privilege escalation in Firefox Updater CVE-2025-4082: WebGL shader attribute memory corruption in Firefox for macOS CVE-2025-4083: Process...
Security update for redis
This update for redis fixes the following issues: CVE-2025-21605: Fixed an output buffer denial of service. bsc1241708 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command list...
Security update for redis
This update for redis fixes the following issues: CVE-2025-21605: Fixed an output buffer denial of service. bsc1241708 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command list...
Security update for govulncheck-vulndb
This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20250424T181457 jscPED-11136 GO-2025-3603 GO-2025-3604 GO-2025-3607 GO-2025-3608 GO-2025-3609 GO-2025-3610 GO-2025-3611 GO-2025-3612 GO-2025-3615 GO-2025-3618 GO-2025-3619 GO-2025-3620 GO-2025-3621 GO-2025-3622...
Security update for redis
This update for redis fixes the following issues: CVE-2025-21605: Fixed an output buffer denial of service. bsc1241708 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command list...
Security update for kernel-livepatch-MICRO-6-0_Update_3
This update for kernel-livepatch-MICRO-6-0Update3 fixes the following issues: CVE-2024-53237: Fixed bluetooth: fix use-after-free in deviceforeachchild bsc1235008 CVE-2024-53082: Fixed virtionet: Add hashkeylength check bsc1233677 CVE-2024-8805: Fixed BlueZ HID over GATT Profile Improper Access...
Security update for kernel-livepatch-MICRO-6-0_Update_2
This update for kernel-livepatch-MICRO-6-0Update2 fixes the following issues: CVE-2024-53237: Fixed bluetooth: fix use-after-free in deviceforeachchild bsc1235008 CVE-2024-53082: Fixed virtionet: Add hashkeylength check bsc1233677 CVE-2024-8805: Fixed BlueZ HID over GATT Profile Improper Access...
Security update for u-boot
This update for u-boot fixes the following issues: CVE-2024-57256: Fixed integer overflow in U-Boot's ext4 symlink resolution function bsc1237284 CVE-2024-57258: Fixed multiple integer overflows in U-Boot's memory allocator bsc1237287 Patch Instructions: To install this SUSE update use the SUSE...
Security update for expat
This update for expat fixes the following issues: Version update to 2.7.1: Bug fixes: Restore event pointer behavior from Expat 2.6.4 that the fix to CVE-2024-8176 changed in 2.7.0; affected API functions are: XMLGetCurrentByteCount XMLGetCurrentByteIndex XMLGetCurrentColumnNumber...
Security update for gnutls
This update for gnutls fixes the following issues: CVE-2024-12243: Fixed inefficient DER Decoding in libtasn1 which could lead to remote DoS bsc1236974. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for runc
This update for runc fixes the following issues: CVE-2024-45310: Fixed unintentional creation of empty files/directories on host bsc1230092 Other fixes: Update to runc v1.2.6. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-27415: netfilter: brnetfilter: skip conntrack input hook for promisc packets bsc1224757. CVE-2024-50038: netfilter: xtables: fix typo causing so...
Security update for freetype2
This update for freetype2 fixes the following issues: Update to 2.13.2: Some fields in the FTOutline structure have been changed from signed to unsigned type, which better reflects the actual usage. It is also an additional means to protect against malformed input. Rare double-free crashes in the...
Security update for glib2
This update for glib2 fixes the following issues: CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with gdatetimenewfromiso8601 bsc1240897 Patch Instructions: To install this SUSE update use the SUSE recommended installation method...
Security update for mozjs60
This update for mozjs60 fixes the following issues: CVE-2024-56431: Fixed a negative shift in huffdec.c bsc1234837. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed...
Security update for pam_pkcs11
This update for pampkcs11 fixes the following issues: CVE-2025-24031: Fixed segmentation fault on ctrl-c/ctrl-d when asked for PIN bsc1237058. CVE-2025-24032: Fixed authentication bypass with default value for certpolicy none bsc1237062. Patch Instructions: To install this SUSE update use the SUS...
Security update for iperf
This update for iperf fixes the following issues: CVE-2024-53580: Fixed segmentation violation via the iperfexchangeparameters function bsc1234705. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...
Security update for libxslt
This update for libxslt fixes the following issues: CVE-2025-24855: Fix use-after-free of XPath context node bsc1239625 CVE-2024-55549: Fix UAF related to excluded namespaces bsc1239637 CVE-2023-40403: Make generate-id deterministic bsc1238591 Patch Instructions: To install this SUSE update use t...
Security update for orc
This update for orc fixes the following issues: CVE-2024-40897: Fixed stack-based buffer overflow inside the orc compiler when formatting error messages for certain input files bsc1228184. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for erlang26
This update for erlang26 fixes the following issues: CVE-2025-30211: Fixed KEX init error results with excessive memory usage bsc1240390 CVE-2025-32433: Fixed unauthenticated remote code execution in Erlang/OTP SSH bsc1241300 Patch Instructions: To install this SUSE update use the SUSE recommende...
Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52927: netfilter: allow exp not to be removed in nfctfindexpectation bsc1239644. CVE-2024-26708: mptcp: fix inconsistent state on fastopen race...
Security update for docker
This update for docker fixes the following issues: Update to docker-buildx v0.22.0 CVE-2025-0495: Fixed an integer overflow in User ID handling in containerd. bsc1239765 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for mozjs52
This update for mozjs52 fixes the following issues: CVE-2024-56431: Fixed a negative shift in huffdec.c bsc1234837. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed...