5124 matches found
Security update for augeas
This update for augeas fixes the following issues: CVE-2025-2588: Check for NULL pointers when calling recaseexpand in function faexpandnocase. bsc1239909 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for iputils
This update for iputils fixes the following issues: CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior bsc1242300 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for transfig
This update for transfig fixes the following issues: Update to fig2dev version 3.2.9a CVE-2025-31162: Fixed a floating point exception in fig2dev in getslope function bsc1240380. CVE-2025-31163: Fixed a segmentation fault in fig2dev in putpatternarc function bsc1240381. CVE-2025-31164: Fixed a he...
Security update for less
This update for less fixes the following issues: Updated to version 668 Fixed crash when using --header on command line Fixed possible crash when scrolling left/right or toggling -S Fixed bug when using stop in a lesskey file Fixed bug when using --shift or --match-shift on command line with a...
Security update for iputils
This update for iputils fixes the following issues: CVE-2025-47268: Fixed integer overflow in RTT calculation leading to undefined behavior bsc1242300 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for open-vm-tools
This update for open-vm-tools fixes the following issues: Updated to 12.5.2: CVE-2025-22247: Fixed insecure file handling bsc1243106 Fixed gcc15 compile time error bsc1241938 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update for helm-mirror
This update for helm-mirror fixes the following issues: CVE-2025-32386: Fixed denial of service due to memory exhaustion after loading a specially crafter chart bsc1241028 CVE-2025-32387: Fixed stack overflow due to parser recursion that can exceed the stack size limit bsc1241031 Patch...
Security update for libraw
This update for libraw fixes the following issues: CVE-2025-43961: Fixed out-of-bounds read in the Fujifilm 0xf00c tag parser in metadata/tiff.cpp bsc1241643 CVE-2025-43962: Fixed out-of-bounds read when tag 0x412 processing in phaseonecorrect function bsc1241585 CVE-2025-43963: Fixed out-of-buff...
Security update for libraw
This update for libraw fixes the following issues: CVE-2025-43961: Fixed out-of-bounds read in the Fujifilm 0xf00c tag parser in metadata/tiff.cpp bsc1241643 CVE-2025-43962: Fixed out-of-bounds read when tag 0x412 processing in phaseonecorrect function bsc1241585 CVE-2025-43963: Fixed out-of-buff...
Security update for iputils
This update for iputils fixes the following issues: Security fixes: CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior bsc1242300. Other bug fixes: Fixed incorrect IPV4 TTL value when using SOCKDGRAM on big endian systems bsc1243284. Patch Instructions: To...
Security update for gnutls
This update for gnutls fixes the following issues: CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS bsc1236974. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for openvpn
This update for openvpn fixes the following issues: CVE-2025-2704: Fixed remote DoS due to possible ASSERT on OpenVPN servers using --tls-crypt-v2 bsc1240392 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for openssh
This update for openssh fixes the following issue: Security fixes: CVE-2025-32728: Fixed logic error in DisableForwarding option bsc1241012 Other fixes: - Fix ssh client segfault with GSSAPIKeyExchange=yes in sshkex2 due to gssapi proposal not being correctly initialized bsc1236826. The problem...
Security update for python-tornado
This update for python-tornado fixes the following issues: CVE-2025-47287: excessive logging when parsing malformed multipart/form-data can lead to a denial-of-service bsc1243268. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate ...
Security update for screen
This update for screen fixes the following issues: This update also ships screen to SL Micro 6.1 Extras. also use tty fd passing after a suspend MSGCONT do not chmod the tty for multiattach, rely on tty fd passing instead bsc1242269 CVE-2025-46802 fix resume after suspend in multiuser mode Patch...
Security update for gimp
This update for gimp fixes the following issues: CVE-2025-2761: unvalidated user input in FLI file parsing may lead to an out-of-bounds write bsc1241691. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for python-cryptography
This update for python-cryptography fixes the following issues: CVE-2025-3416: openssl: use-after-free in Md::fetch and Cipher::fetch when Some... value passed as properties argument to either function bsc1242631. Patch Instructions: To install this SUSE update use the SUSE recommended installati...
Security update for opensaml
This update for opensaml fixes the following issues: CVE-2025-31335: Fixed a bug where parameter manipulation allows the forging of signed SAML messages. bsc1239889 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for docker
This update for docker fixes the following issues: Always clear SUSEConnect suse secrets when starting containers regardless of whether the daemon was built with SUSEConnect support. Not doing this causes containers from SUSEConnect-enabled daemons to fail to start when running with...
Security update for docker
This update for docker fixes the following issues: Always clear SUSEConnect suse secrets when starting containers regardless of whether the daemon was built with SUSEConnect support. Not doing this causes containers from SUSEConnect-enabled daemons to fail to start when running with...
Security update for java-1_8_0-openjdk
This update for java-180-openjdk fixes the following issues: Update to version jdk8u452 icedtea-3.35.0 Security issues fixed: CVE-2025-21587: unauthorized creation, deletion or modification of critical data through the JSSE component. bsc1241274 CVE-2025-30691: unauthorized update, insert or dele...
Security update for python-setuptools
This update for python-setuptools fixes the following issues: CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write bsc1243313. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak bsc1243423 CVE-2025-4948: Fixed integer underflow in soupmultipartnewfrommessage leading to denial of service bsc1243332 CVE-2025-4476: Fixed NULL pointer dereference may le...
Security update for libcryptopp
This update for libcryptopp fixes the following issues: CVE-2024-28285: Fixed potential leak of secret key of ElGamal encryption via fault injection bsc1224280 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for apache-commons-beanutils
This update for apache-commons-beanutils fixes the following issues: Update to 1.11.0 CVE-2025-48734: Fixed possible arbitrary code execution vulnerability bsc1243793 Full changelog: https://commons.apache.org/proper/commons-beanutils/changes.htmla1.11.0 Patch Instructions: To install this SUSE...
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Update to Mozilla Firefox ESR 128.11 MFSA 2025-44, bsc1243353: MFSA-TMP-2025-0001: Double-free in libvpx encoder bmo1962421 CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content bmo1960745...
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.10.2 MFSA 2025-40, bsc1243303: Security fixes: CVE-2025-4918: Out-of-bounds access when resolving Promise objects bmo1966612 CVE-2025-4919: Out-of-bounds access when optimizing linear sums bmo1966614...
Security update for postgresql16
This update for postgresql16 fixes the following issues: Upgrade to 16.9: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/16.9/ Patch Instructions: To...
Security update for java-17-openjdk
This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.15+6 April 2025 CPU CVEs: CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data bsc1241274 CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak bsc1243423 CVE-2025-4948: Fixed integer underflow in soupmultipartnewfrommessage leading to denial of service bsc1243332 CVE-2025-4476: Fixed NULL pointer dereference may le...
Security update for gnuplot
This update for gnuplot fixes the following issues: CVE-2025-31176: invalid read leads to segmentation fault on plot3dpoints bsc1240325. CVE-2025-31177: improper bounds check leads to heap-buffer overflow on utf8copyone bsc1240326. CVE-2025-31178: unvalidated user input leads to segmentation faul...
Security update for python3-setuptools
This update for python3-setuptools fixes the following issues: CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write bsc1243313. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for govulncheck-vulndb
This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20250529T205903 2025-05-29T20:59:03Z jscPED-11136 Go CVE Numbering Authority IDs added or updated with aliases: GO-2025-3717 GO-2025-3718 GO-2025-3719 GO-2025-3720 GO-2025-3721 Update to version 0.0.20250527T2047...
Security update for glibc
This update for glibc fixes the following issues: CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LDLIBRARYPATH bsc1243317. Patch Instructions: To install this SUSE update use the SUSE recommended...
Security update for 389-ds
This update for 389-ds fixes the following issues: Security fixes: CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242666 Other fixes: Enable memory accounting as SUSE disables it by default bsc1241016. Fix dsidm service getdn option failing bsc1241988...
Security update for 389-ds
This update for 389-ds fixes the following issues: Security fixes: CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242666 Other fixes: Enable memory accounting as SUSE disables it by default bsc1241016. Fix dsidm service getdn option failing bsc1241988...
Security update for gnuplot
This update for gnuplot fixes the following issues: CVE-2025-31178: unvalidated user input leads to segmentation fault on GetAnnotateString bsc1240327. CVE-2025-31179: improper verification of time values leads to segmentation fault on xstrftime bsc1240328. CVE-2025-31181: double fclose call lead...
Security update for rubygem-rack
This update for rubygem-rack fixes the following issues: CVE-2025-46727: possible memory exhaustion due to unbounded parameter parsing in Rack::QueryParser bsc1242894. CVE-2025-32441: deleted sessions can be restored and occupied by unauthenticated users when the Rack::Session::Pool middleware is...
Security update for python311
This update for python311 fixes the following issues: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS. bsc1243273 Update to 3.11.12: gh-105704: When using urllib.parse.urlsplit and urllib.parse.urlparse host parsing would not reject domain names containin...
Security update for elemental-toolkit
This update for elemental-toolkit fixes the following issues: Updated to v2.2.3: Adapted .golangci.yml format to a new version Simplified podman calls in CI steup Switched GHA runners to Ubuntu 24.04 Updated year in headers Vendored go.mod libraries CVE-2025-22870: golang.org/x/net/proxy: Fixed...
Security update for libsoup2
This update for libsoup2 fixes the following issues: CVE-2025-4948: Fixed integer underflow in soupmultipartnewfrommessage leading to denial of service bsc1243332 CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak bsc1243423 CVE-2025-32906: Fixed out of bounds reads in...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2025-4948: Fixed integer underflow in soupmultipartnewfrommessage leading to denial of service bsc1243332 CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak bsc1243423 CVE-2025-32906: Fixed out of bounds reads in...
Security update for postgresql, postgresql16, postgresql17
This update for postgresql, postgresql16, postgresql17 fixes the following issues: This update ships postgresql17 , and fixes security issues with postgresql16: bsc1230423: Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane confirme...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2025-4948: Fixed integer underflow in soupmultipartnewfrommessage leading to denial of service bsc1243332 CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak bsc1243423 CVE-2025-32906: Fixed out of bounds reads in...
Security update for dnsdist
This update for dnsdist fixes the following issues: CVE-2025-30193: stack exhaustion when processing too many queries on incoming TCP connections leads to a denial-of-service bsc1243378. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for java-1_8_0-ibm
This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 45. Security issues fixed: Oracle April 15 2025 CPU bsc1242208 CVE-2025-21587: unauthorized access, deletion and modification of critical data via the JSSE component bsc1241274. CVE-2025-30691:...
Security update for sqlite3
This update for sqlite3 fixes the following issues: CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function bsc1241020 CVE-2025-29088: Fixed integer overflow through the SQLITEDBCONFIGLOOKASIDE component bsc1241078 Other fixes: Updated to version 3.49.1 from Factory...
Security update for java-11-openjdk
This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.27+6 April 2025 CPU CVEs: CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data bsc1241274 CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access...
Security update for bind
This update for bind fixes the following issues: Update to version 9.20.9. Security issues fixed: CVE-2025-40775: denial-of-service due to assertion failure caused by the processing of a NS message with an invalid TSIG bsc1243361. CVE-2024-12705: CPU and memory exhaustion due to DNS-over-HTTPS...
Security update for postgresql14
This update for postgresql14 fixes the following issues: Upgrade to 14.18: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Patch Instructions: To install this SUSE update use the SUSE recommended...