5428 matches found
Security update for transfig
This update for transfig fixes the following issues: Update to fig2dev version 3.2.9a CVE-2025-31162: Fixed a floating point exception in fig2dev in getslope function bsc1240380. CVE-2025-31163: Fixed a segmentation fault in fig2dev in putpatternarc function bsc1240381. CVE-2025-31164: Fixed a he...
Security update for libraw
This update for libraw fixes the following issues: CVE-2025-43961: Fixed out-of-bounds read in the Fujifilm 0xf00c tag parser in metadata/tiff.cpp bsc1241643 CVE-2025-43962: Fixed out-of-bounds read when tag 0x412 processing in phaseonecorrect function bsc1241585 CVE-2025-43963: Fixed out-of-buff...
Security update for openvpn
This update for openvpn fixes the following issues: CVE-2025-2704: Fixed remote DoS due to possible ASSERT on OpenVPN servers using --tls-crypt-v2 bsc1240392 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for screen
This update for screen fixes the following issues: This update also ships screen to SL Micro 6.1 Extras. also use tty fd passing after a suspend MSGCONT do not chmod the tty for multiattach, rely on tty fd passing instead bsc1242269 CVE-2025-46802 fix resume after suspend in multiuser mode Patch...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak bsc1243423 CVE-2025-4948: Fixed integer underflow in soupmultipartnewfrommessage leading to denial of service bsc1243332 CVE-2025-4476: Fixed NULL pointer dereference may le...
Security update for python3-setuptools
This update for python3-setuptools fixes the following issues: CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write bsc1243313. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2025-4948: Fixed integer underflow in soupmultipartnewfrommessage leading to denial of service bsc1243332 CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak bsc1243423 CVE-2025-32906: Fixed out of bounds reads in...
Security update for postgresql, postgresql16, postgresql17
This update for postgresql, postgresql16, postgresql17 fixes the following issues: This update ships postgresql17 , and fixes security issues with postgresql16: bsc1230423: Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane confirme...
Security update for sqlite3
This update for sqlite3 fixes the following issues: CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function bsc1241020 CVE-2025-29088: Fixed integer overflow through the SQLITEDBCONFIGLOOKASIDE component bsc1241078 Other fixes: Updated to version 3.49.1 from Factory...
Security update for postgresql14
This update for postgresql14 fixes the following issues: Upgrade to 14.18: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Patch Instructions: To install this SUSE update use the SUSE recommended...
Security update for postgresql17
This update for postgresql17 fixes the following issues: Upgrade to 17.5: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/17.5/ Patch Instructions: To...
Security update for postgresql16
This update for postgresql16 fixes the following issues: Upgrade to 16.9: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/16.9/ Patch Instructions: To...
Security update for postgresql14
This update for postgresql14 fixes the following issues: Upgrade to 14.18: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Patch Instructions: To install this SUSE update use the SUSE recommended...
Security update for postgresql16
This update for postgresql16 fixes the following issues: Upgrade to 16.9: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/16.9/ Patch Instructions: To...
Security update for augeas
This update for augeas fixes the following issues: CVE-2025-2588: Check for NULL pointers when calling recaseexpand in function faexpandnocase. bsc1239909 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for brotli
This update for brotli fixes the following issues: CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB bsc1175825. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can r...
Security update for open-vm-tools
This update for open-vm-tools fixes the following issues: Update to 12.5.2: Security fixes: CVE-2025-22247: Fixed Insecure file handling bsc1243106 Other fixes: Fixed GCC 15 compile time error bsc1241938 Fix building with containerd 1.7.25+ bsc1237147 Full changelog:...
Security update for python-cryptography
This update for python-cryptography fixes the following issues: CVE-2025-3416: openssl: use-after-free in Md::fetch and Cipher::fetch when Some... value passed as properties argument to either function bsc1242631. Patch Instructions: To install this SUSE update use the SUSE recommended installati...
Security update for slurm
This update for slurm fixes the following issues: Update to version 24.11.5. Security issues fixed: CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to Administrator bsc1243666. Other changes and issues fixed:...
Security update for postgresql15
This update for postgresql15 fixes the following issues: Upgrade to 15.13: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/15.13/ Patch Instructions: T...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2. Security issues fixed: CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website bsc1243282. CVE-2025-31204: improper memory handling when processing certain web content m...
Security update for dnsdist
This update for dnsdist fixes the following issues: Update to version 1.9.10. CVE-2025-30194: illegal memory access double-free when processing specially crafted DoH exchanges leads to a denial-of-service bsc1242028. CVE-2025-30193: stack exhaustion when processing too many queries on incoming TC...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2025-2784: Fixed Heap buffer over-read in skipinsignificantspace when sniffing content bsc1240750 CVE-2025-32050: Fixed Integer overflow in appendparamquoted bsc1240752 CVE-2025-32051: Fixed Segmentation fault when parsing malformed data URI...
Security update for wxWidgets-3_2
This update for wxWidgets-32 fixes the following issues: CVE-2024-58249: Fixed crash when connection is refused in wxWebRequestCURL bsc1239902 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2. Security issues fixed: CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website bsc1243282. CVE-2025-31204: improper memory handling when processing certain web content m...
Security update for kernel-livepatch-MICRO-6-0_Update_2
This update for kernel-livepatch-MICRO-6-0Update2 fixes the following issues: CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678 CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847 CVE-2024-50115: KVM: nSVM:...
Security update for kernel-livepatch-MICRO-6-0_Update_5
This update for kernel-livepatch-MICRO-6-0Update5 fixes the following issues: CVE-2024-57882: mptcp: fix TCP options overflow. bsc1235916 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can r...
Security update for kernel-livepatch-MICRO-6-0_Update_3
This update for kernel-livepatch-MICRO-6-0Update3 fixes the following issues: CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678 CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847 CVE-2024-50115: KVM: nSVM:...
Security update for libxml2
This update for libxml2 fixes the following issues: CVE-2025-32414: Fixed out-of-bounds read when parsing text via the Python API bsc1241551. CVE-2025-32415: Fixed heap-based buffer under-read via crafted XML documents bsc1241453. Patch Instructions: To install this SUSE update use the SUSE...
Security update for skopeo
This update for skopeo fixes the following issues: CVE-2024-6104: url might write sensitive information to log file bsc1227056. CVE-2023-45288: close connections when receiving too many headers bsc1236483. CVE-2025-27144: Go JOSE's Parsing Vulnerable to Denial of Service bsc1237613. Patch...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2. Security issues fixed: CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website bsc1243282. CVE-2025-31204: improper memory handling when processing certain web content m...
Security update for python-setuptools
This update for python-setuptools fixes the following issues: CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write bsc1243313. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for docker
This update for docker fixes the following issues: Update to docker-buildx v0.22.0: CVE-2025-0495: buildx: credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration bsc1239765. CVE-2025-22868: golang.org/x/oauth2/jws:...
Security update for unbound
This update for unbound fixes the following issues: Update to 1.22.0: CVE-2024-8508: Fixed unbounded name compression that could have led to a denial of service bsc1231284. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update for postgresql14
This update for postgresql14 fixes the following issues: Upgrade to 14.18: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Patch Instructions: To install this SUSE update use the SUSE recommended...
Security update for xen
This update for xen fixes the following issues: Update to Xen 4.18.5: Security fixes: CVE-2024-28956: Fixed Intel CPU Indirect Target Selection ITS bsc1243117 Other fixes: Fixed boot failing with XEN kernel on DL580 Gen12 bsc1242490 Added missing upstream bug fixes bsc1027519 Special Instructions...
Security update for python311
This update for python311 fixes the following issues: Updated to 3.11.12: gh-131809: Updated bundled libexpat to 2.7.1 gh-131261: Upgraded to libexpat 2.7.0 CVE-2025-0938: Fixed functions urllib.parse.urlsplit and urlparse accepting domain names including square brackets bsc1236705 gh-121284: Fix...
Security update for s390-tools
This update for s390-tools fixes the following issues: Revendored vendor.tar.zst CVE-2025-3416: Fixed use-after-free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242622 Added the new IBM z17 9175 processor type The package is built with the new 4096bit RSA secure boot signing key. Pat...
Security update for s390-tools
This update for s390-tools fixes the following issues: CVE-2025-3416: s390-tools: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242622 Amended the .spec file Updated the 'service' file Removed the obsolete file 'cargoconfig' Updated 'cputype' and...
Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005562 fixes several issues. The following security issues were fixed: CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847. CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage bsc1229504...
Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-1506002314 fixes several issues. The following security issues were fixed: CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678. CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice...
Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005565 fixes several issues. The following security issues were fixed: CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847. CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage bsc1229504...
Security update for open-vm-tools
This update for open-vm-tools fixes the following issues: Update to 12.5.2: Security fixes: CVE-2025-22247: Fixed Insecure file handling bsc1243106 Other fixes: Fixed GCC 15 compile time error bsc1241938 Fixed building with containerd 1.7.25+ bsc1237147 Ensure vmtoolsd.service and vgauthd.service...
Security update for kernel-livepatch-MICRO-6-0-RT_Update_4
This update for kernel-livepatch-MICRO-6-0-RTUpdate4 fixes the following issues: CVE-2024-53237: Bluetooth: fix use-after-free in deviceforeachchild bsc1235008 CVE-2024-56650: netfilter: xtables: fix LED ID check in ledtgcheck bsc1235431 CVE-2024-56600: net: inet6: do not leave a dangling sk...
Security update for kernel-livepatch-MICRO-6-0-RT_Update_2
This update for kernel-livepatch-MICRO-6-0-RTUpdate2 fixes the following issues: CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678 CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847 CVE-2024-50115: KVM: nSVM:...
Security update for kernel-livepatch-MICRO-6-0-RT_Update_5
This update for kernel-livepatch-MICRO-6-0-RTUpdate5 fixes the following issues: CVE-2024-57882: mptcp: fix TCP options overflow. bsc1235916 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...
Security update for kernel-livepatch-MICRO-6-0-RT_Update_4
This update for kernel-livepatch-MICRO-6-0-RTUpdate4 fixes the following issues: CVE-2024-53237: Bluetooth: fix use-after-free in deviceforeachchild bsc1235008 CVE-2024-56650: netfilter: xtables: fix LED ID check in ledtgcheck bsc1235431 CVE-2024-56600: net: inet6: do not leave a dangling sk...
Security update for perl
This update for perl fixes the following issues: CVE-2024-56406: Fixed heap buffer overflow with tr// bsc1241083 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for...
Security update for postgresql17
This update for postgresql17 fixes the following issues: Upgrade to 17.5: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/17.5/ Patch Instructions: To...
Security update for libwebp
This update for libwebp fixes the following issues: CVE-2016-9969: freeing of uninitialized memory pointer in SetFrame of AnimEncoder can lead to double free bsc1136199. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...