5411 matches found
Security update for go1.23
This update for go1.23 fixes the following issues: CVE-2025-22866: Fixed timing sidechannel for P-256 on ppc64le bsc1236801. Bug fixes: go1.23 release tracking bsc1229122 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zyppe...
Security update for MozillaFirefox
This update for MozillaFirefox to 128.7esr fixes the following issues: MFSA 2025-09 CVE-2025-1009 bmo1936613 Use-after-free in XSLT CVE-2025-1010 bmo1936982 Use-after-free in Custom Highlight CVE-2025-1011 bmo1936454 A bug in WebAssembly code generation could result in a crash CVE-2025-1012...
Security update for wget
This update for wget fixes the following issues: CVE-2021-31879: Authorization header disclosed upon redirects to different origins. bsc1185551 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you...
Security update for bind
This update for bind fixes the following issues: CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section bsc1236596 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively y...
Security update for ignition
This update for ignition fixes the following issues: CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 bsc1236518 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for krb5
This update for krb5 fixes the following issues: CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash bsc1236619. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate...
Security update for ignition
This update for ignition fixes the following issues: CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 bsc1236518 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for xrdp
This update for xrdp fixes the following issues: CVE-2024-39917: Enforce no login screen if requirecredentials is set bsc1227769 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for nvidia-open-driver-G06-signed
This update for nvidia-open-driver-G06-signed fixes the following issues: Make sure the correct FW package is installed on non-CUDA. only obsolete 555 CUDA driver/firmware packages For CUDA: update version to 565.57.01 Add 'dummy' firmware package on SLE to work around update issues. On SLE, the...
Security update for curl
This update for curl fixes the following issues: CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances bsc1234068 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypp...
Security update for avahi
This update for avahi fixes the following issues: CVE-2024-52616: Properly randomize query id of DNS packets bsc1233420. Bug fixes: No longer supply bogus services to callbacks bsc1226586. Tag hardening patches as PATCH-FEATURE-OPENSUSE Remove dependency on /usr/bin/python3 using %python3fixsheba...
Security update for python-requests
This update for python-requests contains the following fixes: Add patch to fix to inject the default CA bundles if they are not specified. bsc1226321, bsc1231500 Remove Requires on python-py, it should have been removed earlier. update to 2.32.3: Fixed bug breaking the ability to specify custom...
Security update for Mesa
This update for Mesa fixes the following issues: CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId bsc1222040. CVE-2023-45919: Fixed buffer over-read in glXQueryServerString bsc1222041. CVE-2023-45922: Fixed segmentation violation in glXGetDrawableAttribute...
Security update for podman
This update for podman fixes the following issues: CVE-2024-9676: Fixed a denial of service via a symlink traversal in the containers/storage library bsc1231698 CVE-2024-9341: Fixed FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library bsc1231230 CVE-2024-9675: Fixed caching...
Security update for tiff
This update for tiff fixes the following issues: CVE-2024-7006: Fix pointer deref in tifdirinfo.c bsc1228924 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for you...
Security update for libdb-4_8
This update for libdb-48 fixes the following issues: CVE-2019-2708: Fixed data store execution leading to partial DoS bsc1174414 Changes: libdb: Data store execution leads to partial DoS Backport the upsteam commits: Fixed several possible crashes when running dbverify on a corrupted database...
Security update for python311
This update for python311 fixes the following issues: CVE-2024-8088: Fixed a denial of service in zipfile bsc1229704 CVE-2024-6232: Fixed a ReDos via excessive backtracking while parsing header values bsc1230227 CVE-2024-7592: Fixed a denial of service in the http.cookies module bsc1229596 Patch...
Security update for orc
This update for orc fixes the following issues: CVE-2024-40897: Fixed a stack-based buffer overflow when formatting error messages bsc1228184 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you c...
Security update for containerized-data-importer
This update for containerized-data-importer fixes the following issues: Update to version 1.60.1 Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.60.1 Add registry path for SLE15 SP7 Bump to the latest tag 1.60.1-150600.3.9.1 Use the images based on SLE15 SP6...
Security update for kubevirt
This update for kubevirt fixes the following issues: Update to version 1.3.1 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.3.1 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.3.0 Fix DV error report via VM printable status Fix permission error in storage...
Security update for krb5
This update for krb5 fixes the following issues: CVE-2024-37370: Confidential GSS krb5 wrap tokens with invalid plaintext Extra Count fields were erroneously accepted during unwrap bsc1227186 CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields...
Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes. This release includes the first live patch. The following security bugs were fixed: CVE-2023-52489: mm/sparsemem: fix race in accessing memorysection-usage bsc1221326. CVE-2023-52581: netfilter: nftables:...
Security update for libxml2
This update for libxml2 fixes the following issues: CVE-2024-34459: Fixed buffer over-read in bsc1224282 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your...
Security update for selinux-policy
This update for selinux-policy fixes the following issues: Update to version 20230523+git25.ad22dd7f: Backport wtmpdb label change to have the same wtmpdb label as in SL Micro 6.1 bsc1229132 Add authrwwtmpdbloginrecords to domains using authmanageloginrecords Add authrwwtmpdbloginrecords to modul...
Security update for python-urllib3
This update for python-urllib3 fixes the following issues: CVE-2024-37891: Fixed issue where proxy-authorization request header was not stripped during cross-origin redirects bsc1226469 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: CVE-2024-34064, CVE-2024-22195: HTML attribute injection when passing user input as keys to xmlattr filter bsc1223980, bsc1218722 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for avahi
This update for avahi fixes the following issues: Security issues fixed: CVE-2023-38471: Extract host name using avahiunescapelabel bsc1216594. CVE-2023-38469: Reject overly long TXT resource records bsc1216598. Non-security issue fixed: no longer supply bogus services to callbacks bsc1226586...
Security update for ca-certificates-mozilla
This update for ca-certificates-mozilla fixes the following issues: Updated to 2.68 state of Mozilla SSL root CAs bsc1227525 Added: FIRMAPROFESIONAL CA ROOT-A WEB Distrust: GLOBALTRUST 2020 Updated to 2.66 state of Mozilla SSL root CAs bsc1220356 Added: CommScope Public Trust ECC Root-01 CommScop...
Security update for wget
This update for wget fixes the following issues: CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. bsc1226419 Update to GNU wget 1.24.5: Fix how subdomain matches are checked for HSTS. Wget will now also parse the srcset attribute in HTML tags Support reading...
Security update for less
This update for less fixes the following issues: CVE-2024-32487: Fix a bug where mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. bsc1222849 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate...
Security update for util-linux
This update for util-linux fixes the following issues: Security issue fixed: CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. bsc1221831 Non-security issues fixed: Fix hang of lscpu -e bsc1225598 lscpu: Add more ARM cores bsc1223605 Document that...
Security update for ignition
This update for ignition fixes the following issues: CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 bsc1236518 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for apptainer
This update for apptainer fixes the following issues: CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 bsc1236528 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for ignition
This update for ignition fixes the following issues: CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 bsc1236518 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for ignition
This update for ignition fixes the following issues: CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 bsc1236518 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for shadow
This update for shadow fixes the following issues: Fixed not copying of skel files bsc1228770 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE...
Security update for openvpn
This update for openvpn fixes the following issues: CVE-2024-5594: Fixed wrong handling of null bytes and invalid characters in control messages bsc1235147 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-15040024108 fixes several issues. The following security issues were fixed: CVE-2024-36971: Fixed dstnegativeadvice race bsc1226324. CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2022-48956: ipv...
Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005552 fixes several issues. The following security issues were fixed: CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefileswithdrawcookie bsc1229275. CVE-2024-36971: Fixed dstnegativeadvice race bsc1226324. CVE-2024-50264: vsock/virtio:...
Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-15040024116 fixes several issues. The following security issues were fixed: CVE-2024-36971: Fixed dstnegativeadvice race bsc1226324. CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2022-48956: ipv...
Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059158 fixes several issues. The following security issues were fixed: CVE-2024-36971: Fixed dstnegativeadvice race bsc1226324. CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2022-48956: ipv6...
Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059161 fixes several issues. The following security issues were fixed: CVE-2024-36971: Fixed dstnegativeadvice race bsc1226324. CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2022-48956: ipv6...
Security update for nodejs20
This update for nodejs20 fixes the following issues: Update to 20.18.2: CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251 CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 CVE-2025-22150: Fixed insufficiently random...
Security update for nodejs20
This update for nodejs20 fixes the following issues: Update to 20.18.2: CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251 CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 CVE-2025-22150: Fixed insufficiently random...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-49035: media: s5pcec: limit msg.len to CECMAXMSGSIZE bsc1215304. CVE-2024-53146: NFSD: Prevent a potential integer overflow bsc1234853. CVE-2024-53156: wif...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver bsc1203332. CVE-2022-48742: rtnetlink: make sure to refresh masterdev/mops in...
Security update for rsync
This update for rsync fixes the following issues: CVE-2024-12084: heap buffer overflow in checksum parsing. bsc1234100 CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 CVE-2024-12086: leak of a client machine's file contents through the...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfcworkerwakeup bsc1225820. CVE-2024-27397: netfilter: nftables: use timestamp to check for set element...
Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2017-14051: scsi/qla2xxx: Fix an integer overflow in sysfs code. bsc1056588 CVE-2024-53146: NFSD: Prevent a potential integer overflow bsc1234853. CVE-2024-53156:...
Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005562 fixes several issues. The following security issues were fixed: CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1232637...