Security update for podofo

This update for podofo fixes the following issues: CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection bsc1023190 CVE-2017-6840: Fixed invalid memory read in ColorChanger::GetColorFromStack colorchanger.cpp bsc1027787 CVE-2017-6841: Fixed NULL pointer dereference in...

Security update for Mesa

This update for Mesa fixes the following issues: CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId bsc1222040 CVE-2023-45919: Fixed buffer over-read in glXQueryServerString bsc1222041 CVE-2023-45922: Fixed segmentation violation in glXGetDrawableAttribute...

Security update for mozjs115

This update for mozjs115 fixes the following issues: CVE-2024-45490: Fixed negative len for XMLParseBuffer in embedded expat bnc1230036 CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat bnc1230037 CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in embedded...

Security update for redis7

This update for redis7 fixes the following issues: CVE-2024-31227: Fixed parsing issue leading to denail of service bsc1231266 CVE-2024-31228: Fixed unbounded recursive pattern matching bsc1231265 CVE-2024-31449: Fixed integer overflow bug in Lua bittohex bsc1231264 Patch Instructions: To install...

Security update for redis

This update for redis fixes the following issues: CVE-2024-31227: Fixed parsing issue leading to denail of service bsc1231266 CVE-2024-31228: Fixed unbounded recursive pattern matching bsc1231265 CVE-2024-31449: Fixed integer overflow bug in Lua bittohex bsc1231264 Patch Instructions: To install...

Security update for pcp

This update for pcp fixes the following issues: pcp was updated from version 5.3.7 to version 6.2.0 jscPED-8192, jscPED-8389: Security issues fixed: CVE-2024-45770: Fixed a symlink attack that allows escalating from the pcp to the root user bsc1230552 CVE-2024-45769: Fixed a heap corruption throu...

Security update for openvpn

This update for openvpn fixes the following issues: CVE-2024-28882: Fix multiple exit notifications from authenticated clients will extend the validity of a closing session bsc1227546 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for Mesa

This update for Mesa fixes the following issues: CVE-2023-45919: Fixed buffer over-read in glXQueryServerString bsc1222041. CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId bsc1222040. CVE-2023-45922: Fixed segmentation violation in glXGetDrawableAttribute...

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE bsc1230698 Patch Instructions: To install...

Security update for frr

This update for frr fixes the following issue: Arithmetic overflow when parsing attribute of update packet due to regression introduced by the fix for CVE-2017-15865. bsc1230866 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

Security update for cups-filters

This update for cups-filters fixes the following issues: cups-browsed would bind on UDP INADDRANY:631 and trust any packet from any source to trigger a Get-Printer-Attributes IPP request to an attacker controlled URL. This patch removes support for the legacy CUPS and LDAP protocolsbsc1230939,...

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.3.0 ESR MFSA-2024-47, bsc1230979: CVE-2024-8900: Clipboard write permission bypass CVE-2024-9392: Compromised content process can bypass site isolation CVE-2024-9393: Cross-origin access to P...

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.3.0 ESR MFSA-2024-47, bsc1230979: CVE-2024-8900: Clipboard write permission bypass CVE-2024-9392: Compromised content process can bypass site isolation CVE-2024-9393: Cross-origin access to P...

Security update for opensc

This update for opensc fixes the following issues: CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. bsc1230076 CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. bsc1230075 CVE-2024-45618: Uninitialized values after incorrect or missing...

Security update for libpcap

This update for libpcap fixes the following issues: CVE-2024-8006: NULL pointer dereference in function pcapfindalldevsex. bsc1230034 CVE-2023-7256: double free via struct addrinfo in function sockinitaddress. bsc1230020 Patch Instructions: To install this SUSE update use the SUSE recommended...

Security update for expat

This update for expat fixes the following issues: CVE-2024-45492: integer overflow in function nextScaffoldPart. bsc1229932 CVE-2024-45491: integer overflow in dtdCopy. bsc1229931 CVE-2024-45490: negative length for XMLParseBuffer not rejected. bsc1229930 Patch Instructions: To install this SUSE...

Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgrade to 15.8 bsc1229013 CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL. bsc1229013 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate ...

Security update for tomcat

This update for tomcat fixes the following issues: CVE-2024-38286: OutOfMemory exception triggered through abuse of the TLS handshake process. bsc1230986 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 128.2.3 MFSA 2024-43 bsc1229821 CVE-2024-8394: Crash when aborting verification of OTR chat. CVE-2024-8385: WASM type confusion involving ArrayTypes. CVE-2024-8381: Type confusion when looking up a property name in...

Security update for OpenIPMI

This update for OpenIPMI fixes the following issues: CVE-2024-42934: crash or message authentication bypass on IPMI simulator due to missing bounds check. bsc1229910 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

Security update for openvpn

This update for openvpn fixes the following issues: CVE-2024-28882: Fix multiple exit notifications from authenticated clients will extend the validity of a closing session bsc1227546 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE bsc1230698 Patch Instructions: To install...

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE bsc1230698 Patch Instructions: To install...