5114 matches found
Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-150600105 fixes several issues. The following security issues were fixed: CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. CVE-2024-35949:...
Security update for redis
This update for redis fixes the following issues: CVE-2024-31228: Prevent unbounded recursive pattern matching. bsc1231265 CVE-2024-31449: Fixed an integer overflow bug in Lua bittohex. bsc1231264 CVE-2024-46981: Fixed a bug where lua scripts can be used to manipulate the garbage collector, leadi...
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird ESR 128.6 MFSA 2025-05, bsc1234991 Security fixes: CVE-2025-0237 bmo1915257 WebChannel APIs susceptible to confused deputy attack CVE-2025-0238 bmo1915535 Use-after-free when breaking lines in text...
Security update for logback
This update for logback fixes the following issues: CVE-2024-12798: Fixed arbitrary code execution via JaninoEventEvaluator bsc1234742 CVE-2024-12801: Fixed Server-Side Request Forgery in SaxEventRecorder bsc1234743 Patch Instructions: To install this SUSE update use the SUSE recommended...
Security update for dnsmasq
This update for dnsmasq fixes the following issues: Version update to 2.90: CVE-2023-50387: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. bsc1219823 CVE-2023-50868: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses...
Security update for gstreamer
This update for gstreamer fixes the following issues: CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes. boo1234449 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for gstreamer-plugins-base
This update for gstreamer-plugins-base fixes the following issues: CVE-2024-47538: Fixed a stack-buffer overflow in vorbishandleidentificationpacket. bsc1234415 CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser. bsc1234450 CVE-2024-47600: Fixed an out-of-bounds read in...
Security update for gstreamer-plugins-good
This update for gstreamer-plugins-good fixes the following issues: CVE-2024-47530: Fixed an uninitialized stack memory in Matroska/WebM demuxer. boo1234421 CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c. boo1234414 CVE-2024-47539: Fixed an out-of-bounds write in converttos3341a...
Security update for apptainer
This update for apptainer fixes the following issues: Update to version 1.3.6 CVE-2024-28180: Fixed an improper handling of highly compressed data in go-jose. bsc1235211 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for gstreamer-plugins-base
This update for gstreamer-plugins-base fixes the following issues: CVE-2024-47538: Fixed a stack-buffer overflow in vorbishandleidentificationpacket. bsc1234415 CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser. bsc1234450 CVE-2024-47600: Fixed an out-of-bounds read in...
Security update for gstreamer-plugins-good
This update for gstreamer-plugins-good fixes the following issues: CVE-2024-47530: Fixed an uninitialized stack memory in Matroska/WebM demuxer. boo1234421 CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c. boo1234414 CVE-2024-47539: Fixed an out-of-bounds write in converttos3341a...
Security update for gstreamer-plugins-good
This update for gstreamer-plugins-good fixes the following issues: CVE-2024-47530: Fixed an uninitialized stack memory in Matroska/WebM demuxer. boo1234421 CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c. boo1234414 CVE-2024-47543: Fixed an out-of-bounds write in...
Security update for gstreamer
This update for gstreamer fixes the following issues: CVE-2024-47606: Avoid integer overflow when allocating sysmem. bsc1234449. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for govulncheck-vulndb
This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20250108T191942 2025-01-08T19:19:42Z. Refs jscPED-11136 Go CVE Numbering Authority IDs added or updated with aliases: GO-2025-3371 GHSA-2r2v-9pf8-6342 GO-2025-3374 CVE-2025-22130 GHSA-j4jw-m6xr-fv6c Update to...
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 128.6.0 ESR Fixed: Various security fixes. MFSA 2025-02 bsc1234991 CVE-2025-0237 bmo1915257 WebChannel APIs susceptible to confused deputy attack CVE-2025-0238 bmo1915535 Use-after-free when breaking lines...
Security update for tomcat
This update for tomcat fixes the following issues: Update to Tomcat 9.0.98 Fixed CVEs: CVE-2024-54677: DoS in examples web application bsc1234664 CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation bsc1234663 CVE-2024-52317: Request/response mix-up with HTTP/2 bsc1233435 Catalina Add: Add...
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 128.6.0 ESR Fixed: Various security fixes. MFSA 2025-02 bsc1234991 CVE-2025-0237 bmo1915257 WebChannel APIs susceptible to confused deputy attack CVE-2025-0238 bmo1915535 Use-after-free when breaking lines...
Security update for gstreamer-plugins-good
This update for gstreamer-plugins-good fixes the following issues: CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes. boo1234449 CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c. boo1234414 CVE-2024-47539: Fixe...
Security update for gstreamer-plugins-base
This update for gstreamer-plugins-base fixes the following issues: CVE-2024-47538: Fixed a stack-buffer overflow in vorbishandleidentificationpacket. bsc1234415 CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser. bsc1234450 CVE-2024-47600: Fixed an out-of-bounds read in...
Security update for gstreamer
This update for gstreamer fixes the following issues: CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes. boo1234449 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for gstreamer-plugins-base
This update for gstreamer-plugins-base fixes the following issues: CVE-2024-47538: Fixed a stack-buffer overflow in vorbishandleidentificationpacket. bsc1234415 CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser. bsc1234450 CVE-2024-47615: Fixed an out-of-bounds write in Ogg...
Security update for gstreamer
This update for gstreamer fixes the following issues: CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes. boo1234449 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for libmfx
This update for libmfx fixes the following issues: CVE-2023-48368: Fixed an improper input validation. bsc1226897 CVE-2023-45221: Fixed an improper buffer restrictions. bsc1226898 CVE-2023-22656: Fixed an out-of-bounds read. bsc1226899 CVE-2023-47282: Fixed an out-of-bounds write. bsc1226900...
Security update for python310
This update for python310 fixes the following issues: Update to 3.10.16 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: openSUSE Leap 15.4 zypper ...
Security update for python312
This update for python312 fixes the following issues: Properly quote path names provided when creating a virtual environment bsc1232241, CVE-2024-9287 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for python39
This update for python39 fixes the following issue: Update to 3.9.21 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: openSUSE Leap 15.3 zypper in ...
Security update for openjpeg2
This update for openjpeg2 fixes the following issues: CVE-2024-56826: Fixed heap buffer overflow in bin/common/color.c bsc1235029 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.46.5 bsc1234851: Security fixes: CVE-2024-54479: Processing maliciously crafted web content may lead to an unexpected process crash CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected...
Security update for openjpeg2
This update for openjpeg2 fixes the following issues: CVE-2024-56826: Fixed heap buffer overflow in bin/common/color.c bsc1235029 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-48853: swiotlb: fix info leak with DMAFROMDEVICE bsc1228015. CVE-2024-26801: Bluetooth: Avoid potential use-after-free in hcierrorreset bsc1222413...
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The Linux Enterprise 12 SP5 kernel turned LTSS Extended Security The following security bugs were fixed: CVE-2021-46936: Fixed use-after-free in twtimerhandler bsc1220439. CVE-2021-47163: kABI fix for tipc:...
Security update for tomcat10
This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.34 Fixed CVEs: CVE-2024-54677: DoS in examples web application bsc1234664 CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation bsc1234663 CVE-2024-52317: Request/response mix-up with HTTP/2 bsc1233435 Catalina Add: A...
Security update for file-roller
This update for file-roller fixes the following issues: CVE-2020-36314: Fixed directory traversal via directory symlink pointing outside of the target directory bsc1189131 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypp...
Security update for gtk3
This update for gtk3 fixes the following issues: CVE-2024-6655: Fixed library injection from current working directory bsc1228120. Other fixes: - Updated to version 3.24.43 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method bsc1234809 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for sysstat
This update for sysstat fixes the following issues: CVE-2023-33204: Fixed a multiplication integer overflow in checkoverflow in common.c bsc1211507 CVE-2022-39377: Fixed arithmetic overflow in allocatestructures bsc1205224 Patch Instructions: To install this SUSE update use the SUSE recommended...
Security update for dpdk
This update for dpdk fixes the following issues: CVE-2024-11614: Fixed Denial Of Service from malicious guest on hypervisors using DPDK Vhost library bsc1234718 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: CVE-2024-56326: sandbox breakout through indirect reference to format method in template file. bsc1234809 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch...
Security update for sysstat
This update for sysstat fixes the following issues: CVE-2023-33204: Fixed a multiplication integer overflow in checkoverflow in common.c bsc1211507 CVE-2022-39377: Fixed arithmetic overflow in allocatestructures bsc1205224 Patch Instructions: To install this SUSE update use the SUSE recommended...
Security update for pcp
This update for pcp fixes the following issues: Upgrade to 6.2.0 bsc1217826 / PED8192: CVE-2024-45770: Fixed symlink race bsc1230552. CVE-2024-45769: Fixed pmstore corruption bsc1230551 CVE-2023-6917: Fixed local privilege escalation from pcp user to root bsc1217826. Bug fixes: Reintroduce libuv...
Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: CVE-2024-56201: Fixed sandbox breakout through malicious content and filename of a template bsc1234808 CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method bsc1234809 Patch Instructions: To install this SUSE...
Security update for liboqs, oqs-provider
This update for liboqs, oqs-provider fixes the following issues: This update supplies the new FIPS standardized ML-KEM, ML-DSA, SHL-DSA algorithms. This update liboqs to 0.12.0: This release updates the ML-DSA implementation to the final FIPS 204 version. This release still includes the NIST Roun...
Security update for grpc
This update for grpc fixes the following issues: CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. bsc1228919 CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821 Patch Instructions: To install this SUSE update use the SUSE...
Security update for poppler
This update for poppler fixes the following issues: CVE-2024-56378: out-of-bounds read within JBIG2Bitmap::combine, which can lead to an application crash. bsc1234795 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for govulncheck-vulndb
This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20241218T202206 2024-12-18T20:22:06Z. jscPED-11136 Go CVE Numbering Authority IDs added or updated with aliases: GO-2024-3333 Update to version 0.0.20241218T163557 2024-12-18T16:35:57Z. jscPED-11136 Go CVE...
Security update for poppler
This update for poppler fixes the following issues: CVE-2024-56378: Fixed out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc bsc1234795 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update for python-grpcio
This update for python-grpcio fixes the following issues: CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821 CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. bsc1228919 Patch Instructions: To install this SUSE update use t...
Security update for python-grpcio
This update for python-grpcio fixes the following issues: CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821 CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. bsc1228919 Patch Instructions: To install this SUSE update use t...
Security update for poppler
This update for poppler fixes the following issues: CVE-2024-56378: Fixed out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc bsc1234795 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update for poppler
This update for poppler fixes the following issues: CVE-2024-56378: out-of-bounds read within JBIG2Bitmap::combine, which can lead to an application crash. bsc1234795 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...