Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.14+7 January 2025 CPU: Security fixes: CVE-2025-21502: Enhance array handling JDK-8330045, bsc1236278 Other changes: JDK-7093691: Nimbus LAF: disabled JComboBox using renderer has bad font color JDK-802812...

Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.26+4 January 2025 CPU Security fixes: CVE-2025-21502: Enhance array handling JDK-8330045, bsc1236278 Other changes: JDK-8224624: Inefficiencies in CodeStrings::addcomment cause - timeouts JDK-8225045:...

Security update for bind

This update for bind fixes the following issues: CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section bsc1236596 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively y...

Security update for xrdp

This update for xrdp fixes the following issues: CVE-2024-39917: Enforce no login screen if requirecredentials is set bsc1227769 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

Security update for xrdp

This update for xrdp fixes the following issues: CVE-2024-39917: Enforce no login screen if requirecredentials is set bsc1227769 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

Security update for clamav

This update for clamav fixes the following issues: New version 1.4.2: CVE-2025-20128, bsc1236307: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service DoS condition. Start clamonacc with --fdpass to avoid errors due to clamd not being able to acce...

Security update for clamav

This update for clamav fixes the following issues: New version 1.4.2: CVE-2025-20128, bsc1236307: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service DoS condition. Start clamonacc with --fdpass to avoid errors due to clamd not being able to acce...

Security update for clamav

This update for clamav fixes the following issues: New version 1.4.2: CVE-2025-20128, bsc1236307: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service DoS condition. Start clamonacc with --fdpass to avoid errors due to clamd not being able to acce...

Security update for python-dnspython

This update for python-dnspython fixes the following issues: CVE-2023-29483: Fixed potential DoS via the Tudoor mechanism bsc1222693. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run t...

Security update for dnsmasq

This update for dnsmasq fixes the following issues: Update to 2.90: CVE-2023-50387, CVE-2023-50868: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses bsc1219823, bsc1219826. Fix reversion in --rev-server introduced in 2.88 which caused breakage if the prefix...

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2024-40896: Fixed XML external entity vulnerability bsc1234812 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command list...

Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: CVE-2024-56201: Fixed sandbox breakout through malicious content and filename of a template bsc1234808 CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method bsc1234809 Patch Instructions: To install this SUSE...

Security update for docker

This update for docker fixes the following issues: Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker which...

Security update for nvidia-open-driver-G06-signed

This update for nvidia-open-driver-G06-signed fixes the following issues: Make sure the correct FW package is installed on non-CUDA. only obsolete 555 CUDA driver/firmware packages For CUDA: update version to 565.57.01 Add 'dummy' firmware package on SLE to work around update issues. On SLE, the...

Security update for buildkit

This update for buildkit fixes the following issues: Update to version 0.12.5: update runc to v1.1.12 exec: add extra validation for submount sources fixes CVE-2024-23651, bsc1219267 oci: fix error handling on submount calls executor: recheck mount stub path within root after container run fixes...

Security update for curl

This update for curl fixes the following issues: CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances bsc1234068 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypp...

Security update for pam

This update for pam fixes the following issues: CVE-2024-10963: Fixed improper hostname interpretation in pamaccess that could lead to access control bypass bsc1233078. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285. CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292. CVE-2024-52532: Fixed infini...

Security update for avahi

This update for avahi fixes the following issues: CVE-2024-52616: Properly randomize query id of DNS packets bsc1233420. Bug fixes: No longer supply bogus services to callbacks bsc1226586. Tag hardening patches as PATCH-FEATURE-OPENSUSE Remove dependency on /usr/bin/python3 using %python3fixsheba...

Security update for haproxy

This update for haproxy fixes the following issues: Update to version 2.8.11+git0.01c1056a4: VUL-0: CVE-2024-53008: haproxy: HTTP/3 request smuggling via malformed HTTP headers forwarded to a HTTP/1.1 non-compliant back-end server bsc1233973 BUG/MINOR: cfgparse-listen: fix option httpslog overrid...

Security update for wget

This update for wget fixes the following issues: CVE-2024-10524: Drop support for shorthand URLs bsc1233773. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for you...

Security update for python-tornado6

This update for python-tornado6 fixes the following issues: CVE-2024-52804: Avoid quadratic performance of cookie parsing bsc1233668. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run t...

Security update for glib2

This update for glib2 fixes the following issues: CVE-2024-52533: Fix a single byte buffer overflow bsc1233282. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for...

Security update for python-requests

This update for python-requests contains the following fixes: Add patch to fix to inject the default CA bundles if they are not specified. bsc1226321, bsc1231500 Remove Requires on python-py, it should have been removed earlier. update to 2.32.3: Fixed bug breaking the ability to specify custom...

Security update for ucode-intel

This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20241112 release bsc1233313 CVE-2024-21853: Faulty finite state machines FSMs in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially enabl...

Security update for cups

This update for cups fixes the following issues: Version upgrade to 2.4.11: See https://github.com/openprinting/cups/releases CUPS 2.4.11 brings several bug fixes regarding IPP response validation, processing PPD values, Web UI support checkbox support, modifying printers and others fixes. Detail...

Security update for containerd

This update for containerd fixes the following issues: Update to containerd v1.7.21. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.21 Fixes CVE-2023-47108. bsc1217070 Fixes CVE-2023-45142. bsc1228553 Update to containerd v1.7.17. Upstream release notes:...

Security update for wpa_supplicant

This update for wpasupplicant fixes the following issues: CVE-2023-52160: Fixed WiFi authentication bypass bsc1219975. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command list...

Security update for libndp

This update for libndp fixes the following issues: CVE-2024-5564: Fixed buffer overflow in route information length field bsc1225771. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run t...

Security update for libarchive

This update for libarchive fixes the following issues: CVE-2024-48958: Fixed out-of-bounds access in executefilterdelta bsc1231624. CVE-2024-20697: Fixed out-of-bounds remote code execution vulnerability bsc1225972. CVE-2024-48957: Fixed out-of-bounds access in executefilteraudio bsc1231544. Patc...

Security update for expat

This update for expat fixes the following issues: CVE-2024-50602: Fixed possible denial-of-service vulnerability inside XMLResumeParser bsc1232579. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

Security update for skopeo

This update for skopeo fixes the following issues: CVE-2024-9676: Fixed symlink traversal vulnerability in the containers/storage library that could have let to a denial-of-service attack bsc1231698. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods lik...

Security update for curl

This update for curl fixes the following issues: CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry bsc1232528 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...

Security update for Mesa

This update for Mesa fixes the following issues: CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId bsc1222040. CVE-2023-45919: Fixed buffer over-read in glXQueryServerString bsc1222041. CVE-2023-45922: Fixed segmentation violation in glXGetDrawableAttribute...

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2024-41996: Fixed a denial of service in the Diffie-Hellman Key Agreement Protocol bsc1230698. CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262 Patch Instructions: To install this SUSE update use the SUSE recommended installatio...

Security update for podman

This update for podman fixes the following issues: CVE-2024-9676: Fixed a denial of service via a symlink traversal in the containers/storage library bsc1231698 CVE-2024-9341: Fixed FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library bsc1231230 CVE-2024-9675: Fixed caching...

Security update for qemu

This update for qemu fixes the following issues: Bugfixes and CVEs: hw/usb/hcd-ohci: Fix 1510, 303: pid not IN or OUT bsc1230834, CVE-2024-8354 softmmu: Support concurrent bounce buffers bsc1230915, CVE-2024-8612 system/physmem: Per-AddressSpace bounce buffering bsc1230915, CVE-2024-8612...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52610: net/sched: actct: fix skb leak and crash on ooo frags bsc1221610. CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow...

Security update for patch

This update for patch fixes the following issues: CVE-2019-20633: Fix double-free/OOB read in pch.c bsc1167721 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for...

Security update for iperf

This update for iperf fixes the following issues: update to 3.17.1 bsc1224262, CVE-2024-26306: BREAKING CHANGE: iperf3's authentication features, when used with OpenSSL prior to 3.2.0, contain a vulnerability to a side-channel timing attack. To address this flaw, a change has been made to the...

Security update for protobuf

This update for protobuf fixes the following issues: CVE-2024-7254: Fixed a stack overflow vulnerability in protocol buffers bsc1230778 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52610: net/sched: actct: fix skb leak and crash on ooo frags bsc1221610. CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow...

Security update for opensc

This update for opensc fixes the following issues: CVE-2024-8443: Fixed heap buffer overflow in OpenPGP driver when generating key bsc1230364 CVE-2024-45620: Fixed incorrect handling of the length of buffers or files in pkcs15init bsc1230076 CVE-2024-45619: Fixed incorrect handling length of...

Security update for sevctl

This update for sevctl fixes the following issues: Security issue fixed: CVE-2023-50711: Fixed out of bounds memory accesses in a vendored dependency bsc1218502 Non-security issue fixed: Update vendored dependencies and re-enable cargo update obs service bsc1229953 Patch Instructions: To install...

Security update for tiff

This update for tiff fixes the following issues: CVE-2024-7006: Fix pointer deref in tifdirinfo.c bsc1228924 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for you...

Security update for libdb-4_8

This update for libdb-48 fixes the following issues: CVE-2019-2708: Fixed data store execution leading to partial DoS bsc1174414 Changes: libdb: Data store execution leads to partial DoS Backport the upsteam commits: Fixed several possible crashes when running dbverify on a corrupted database...

Security update for SUSE Manager Client Tools and Salt Bundle

This update for SUSE Manager Client Tools and Salt Bundle the following issues: uyuni-tools: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent...

Security update for python311

This update for python311 fixes the following issues: CVE-2024-8088: Fixed a denial of service in zipfile bsc1229704 CVE-2024-6232: Fixed a ReDos via excessive backtracking while parsing header values bsc1230227 CVE-2024-7592: Fixed a denial of service in the http.cookies module bsc1229596 Patch...

Security update for orc

This update for orc fixes the following issues: CVE-2024-40897: Fixed a stack-based buffer overflow when formatting error messages bsc1228184 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you c...

Security update for libpcap

This update for libpcap fixes the following issues: CVE-2024-8006: Fixed NULL pointer dereference in pcapfindalldevsex bsc1230034 CVE-2023-7256: Fixed double free via addrinfo in sockinitaddress bsc1230020 Patch Instructions: To install this SUSE update use the SUSE recommended installation metho...