Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.3.0 ESR MFSA-2024-47, bsc1230979: CVE-2024-8900: Clipboard write permission bypass CVE-2024-9392: Compromised content process can bypass site isolation CVE-2024-9393: Cross-origin access to P...

Security update for opensc

This update for opensc fixes the following issues: CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. bsc1230076 CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. bsc1230075 CVE-2024-45618: Uninitialized values after incorrect or missing...

Security update for libpcap

This update for libpcap fixes the following issues: CVE-2024-8006: NULL pointer dereference in function pcapfindalldevsex. bsc1230034 CVE-2023-7256: double free via struct addrinfo in function sockinitaddress. bsc1230020 Patch Instructions: To install this SUSE update use the SUSE recommended...

Security update for expat

This update for expat fixes the following issues: CVE-2024-45492: integer overflow in function nextScaffoldPart. bsc1229932 CVE-2024-45491: integer overflow in dtdCopy. bsc1229931 CVE-2024-45490: negative length for XMLParseBuffer not rejected. bsc1229930 Patch Instructions: To install this SUSE...

Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgrade to 15.8 bsc1229013 CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL. bsc1229013 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate ...

Security update for tomcat

This update for tomcat fixes the following issues: CVE-2024-38286: OutOfMemory exception triggered through abuse of the TLS handshake process. bsc1230986 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 128.2.3 MFSA 2024-43 bsc1229821 CVE-2024-8394: Crash when aborting verification of OTR chat. CVE-2024-8385: WASM type confusion involving ArrayTypes. CVE-2024-8381: Type confusion when looking up a property name in...

Security update for OpenIPMI

This update for OpenIPMI fixes the following issues: CVE-2024-42934: crash or message authentication bypass on IPMI simulator due to missing bounds check. bsc1229910 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

Security update for openvpn

This update for openvpn fixes the following issues: CVE-2024-28882: Fix multiple exit notifications from authenticated clients will extend the validity of a closing session bsc1227546 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE bsc1230698 Patch Instructions: To install...

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE bsc1230698 Patch Instructions: To install...