Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: CVE-2025-3887: Fixed possible RCE vulnerability via buffer overflow in H265 Codec Parsing bsc1242809. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

Security update for mariadb

This update for mariadb fixes the following issues: Update to version 10.11.11. CVE-2025-21490: vulnerability allows high privileged attacker with network access to cause hangs and frequent crashes on affected servers bsc1243356. Patch Instructions: To install this SUSE update use the SUSE...

Security update for postgresql13

This update for postgresql13 fixes the following issues: Upgrade to 13.21: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/13.21/ Patch Instructions: T...

Security update for glibc

This update for glibc fixes the following issues: CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LDLIBRARYPATH bsc1243317. Patch Instructions: To install this SUSE update use the SUSE recommended...

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.10.1 ESR. MFSA 2025-37 bsc1243303 CVE-2025-4918: Out-of-bounds access when resolving Promise objects CVE-2025-4919: Out-of-bounds access when optimizing linear sums Patch Instructions: To...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching bsc1242006. CVE-2024-35840: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconnec...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching bsc1242006. CVE-2024-35840: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconnec...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching bsc1242006. CVE-2024-35840: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconnect...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching bsc1242006. CVE-2024-35840: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconnect...

Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002317 fixes several issues. The following security issues were fixed: CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678. CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice...

Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005583 fixes several issues. The following security issues were fixed: CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847. CVE-2024-50115: KVM: nSVM: Ignore nCR34:0 when loading PDPTEs from memory bsc1233019...

Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059185 fixes one issue. The following security issue was fixed: CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods...

Security update for python-cryptography

This update for python-cryptography fixes the following issues: CVE-2025-3416: openssl: use-after-free in Md::fetch and Cipher::fetch when Some... value passed as properties argument to either function bsc1242631. Patch Instructions: To install this SUSE update use the SUSE recommended installati...

Security update for postgresql14

This update for postgresql14 fixes the following issues: Upgrade to 14.18: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Patch Instructions: To install this SUSE update use the SUSE recommended...

Security update for open-vm-tools

This update for open-vm-tools fixes the following issues: Update to 12.5.2: Security fixes: CVE-2025-22247: Fixed Insecure file handling bsc1243106 Other fixes: Fixed GCC 15 compile time error bsc1241938 Fixed building with containerd 1.7.25+ bsc1237147 Ensure vmtoolsd.service and vgauthd.service...

Security update for kernel-livepatch-MICRO-6-0-RT_Update_5

This update for kernel-livepatch-MICRO-6-0-RTUpdate5 fixes the following issues: CVE-2024-57882: mptcp: fix TCP options overflow. bsc1235916 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...

Security update for kernel-livepatch-MICRO-6-0-RT_Update_2

This update for kernel-livepatch-MICRO-6-0-RTUpdate2 fixes the following issues: CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678 CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847 CVE-2024-50115: KVM: nSVM:...

Security update for kernel-livepatch-MICRO-6-0-RT_Update_3

This update for kernel-livepatch-MICRO-6-0-RTUpdate3 fixes the following issues: CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678 CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847 CVE-2024-50115: KVM: nSVM:...

Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005568 fixes several issues. The following security issues were fixed: CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847. CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage bsc1229504...

Security update for ucode-intel

This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20250512 release bsc1243123 CVE-2024-28956: Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel Processors may allow an authenticated user...

Security update for runc

This update for runc fixes the following issues: Update to runc v1.2.6. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.2.6 CVE-2024-45310: Fixed runc can be tricked into creating empty files/directories on host bsc1230092 Patch Instructions: To install...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2025-21726: padata: avoid UAF for reorderwork bsc1238865. CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array bsc1238747. CVE-2025-21791...

Security update for grub2

This update for grub2 rebuilds the existing package with the new 4k RSA secure boot key for IBM Power and Z. Note: the signing key of x86 / x8664 and aarch64 architectures are unchanged. Also the following issue were fixed: CVE-2025-4382: TPM auto-decryption data exposure bsc1242971 Fix...

Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024144 fixes one issue. The following security issue was fixed: CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods...

Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059167 fixes several issues. The following security issues were fixed: CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847. CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage bsc1229504...

Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-150600105 fixes several issues. The following security issues were fixed: CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678. CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice...

Security update for helm

This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release. Changelog Unarchiving fix e4da497 Matt Farina Patch Instructions: To install this SUSE update use the SUSE...

Security update for the Linux Kernel (Live Patch 62 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122234 fixes several issues. The following security issues were fixed: CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847. CVE-2024-50115: KVM: nSVM: Ignore nCR34:0 when loading PDPTEs from memory bsc1233019. Patch...

Security update for apache2-mod_auth_openidc

This update for apache2-modauthopenidc fixes the following issues: CVE-2025-3891: denial of service via POST requests with an empty Content-Type header and with OIDCPreservePost On bsc1242015. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for cargo-c

This update for cargo-c fixes the following issues: CVE-2025-3416: use-after-free in Md::fetch and Cipher::fetch of rust-openssl crate bsc1242675. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

Security update for libraw

This update for libraw fixes the following issues: CVE-2025-43961: Fixed out-of-bounds read in the Fujifilm 0xf00c tag parser in metadata/tiff.cpp bsc1241643 CVE-2025-43962: Fixed out-of-bounds read when tag 0x412 processing in phaseonecorrect function bsc1241585 CVE-2025-43963: Fixed out-of-buff...

Security update for libraw

This update for libraw fixes the following issues: CVE-2025-43961: Fixed out-of-bounds read in the Fujifilm 0xf00c tag parser in metadata/tiff.cpp bsc1241643 CVE-2025-43962: Fixed out-of-bounds read when tag 0x412 processing in phaseonecorrect function bsc1241585 CVE-2025-43963: Fixed out-of-buff...

Security update for valkey

This update for valkey fixes the following issues: CVE-2025-21605: Fixed output buffer denial of service bsc1241708 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed...

Security update for nvidia-open-driver-G06-signed

This update for nvidia-open-driver-G06-signed fixes the following issues: Update CUDA variant to 570.133.20 Update non-CUDA variant to 570.144 bsc1241231 Update non-CUDA variant to 570.133.07 bsc1239653 removed obsolete kernel-firmware-nvidia-gspx-G06-cuda; firmware has moved to nvidia-common-G06...

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation bsc1236136. Other bugfixes: Non approved PBKDF parameters wrongly resulting as approved bsc1236771. Patch Instructions: To install this SUSE update use the SUSE...

Security update for go1.22-openssl

This update for go1.22-openssl fixes the following issues: Update to version 1.22.12 bsc1218424: Security fixes: CVE-2024-45336: net/http: sensitive headers incorrectly sent after cross-domain redirect bsc1236046 CVE-2024-45341: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints...

Security update for apparmor

This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...

Security update for rabbitmq-server313

This update for rabbitmq-server313 fixes the following issues: CVE-2025-30219: incorrectly escaped virtual hostname present in error message could lead to XSS attack. bsc1240071 Non-security fixes: Require rabbitmq-server313-plugins rather then rabbitmq-server-plugins. bsc1231656, bsc1234763 Patc...

Security update for transfig

This update for transfig fixes the following issues: CVE-2025-31164: Fixed heap-buffer overflow in fig2dev createlinewithspline function bsc1240379 CVE-2025-31162: Fixed floating point exception in fig2dev getslope function bsc1240380 CVE-2025-31163: Fixed segmentation fault in fig2dev...

Security update for augeas

This update for augeas fixes the following issues: CVE-2025-2588: Check for NULL pointers when calling recaseexpand in function faexpandnocase. bsc1239909 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Security update for glib2

This update for glib2 fixes the following issues: CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with gdatetimenewfromiso8601 bsc1240897. Patch Instructions: To install this SUSE update use the SUSE recommended installation metho...

Security update for freetype2

This update for freetype2 fixes the following issues: CVE-2025-23022: signed integer overflow in cf2doFlex in cff/cf2intrp.c. bsc1235670 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can ru...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing content bsc1240750 CVE-2025-32050: Fixed Integer overflow in appendparamquoted bsc1240752 CVE-2025-32052: Fixed heap buffer overflow in sniffunknown bsc1240756...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 CVE-2024-52532: Fixed infinite...

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation bsc1236136. Other bugfixes: Non approved PBKDF parameters wrongly resulting as approved bsc1236771. Patch Instructions: To install this SUSE update use the SUSE...

Security update for apparmor

This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...

Security update for apparmor

This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...

Security update for apparmor

This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 CVE-2025-32051: Fixed segmentation fault when parsing malformed data URI...

Security update for libxslt

This update for libxslt fixes the following issues: CVE-2025-24855: Fixed use-after-free of XPath context node bsc1239625 CVE-2024-55549: Fixed use-after-free related to excluded namespaces bsc1239637 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods li...