5114 matches found
Security update for python
This update for python fixes the following issues: CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses bsc1233307 Other fixes: - Add ipaddress module from https://github.com/phihag/ipaddress - Remove -IVendor/ from python-config bsc1231795 - Stop using %%defattr, it seems...
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 128.5 fixed: IMAP could crash when reading cached messages fixed: Enabling "Show Folder Size" on Maildir profile could render Thunderbird unusable fixed: Messages corrupted by folder compaction were only fixed by...
Security update for php7
This update for php7 fixes the following issues: CVE-2024-11233: Single byte overread with convert.quoted-printable-decode filter bsc1233702. CVE-2024-11234: Configuring a proxy in a stream context might allow for CRLF injection in URIs bsc1233703. CVE-2024-8929: Leak partial content of the heap...
Security update for wget
This update for wget fixes the following issues: CVE-2024-10524: Fixed SSRF via shorthand HTTP URL bsc1233773 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for yo...
Security update for python3-virtualenv
This update for python3-virtualenv fixes the following issues: Security issue fixed: CVE-2024-53899: Fixed a command injection through activation scripts bsc1233706 Non-security issue fixed: Relax version requirements that cannot be provided bsc1232072 Patch Instructions: To install this SUSE...
Security update for wireshark
This update for wireshark fixes the following issues: CVE-2024-11595: FiveCo RAP dissector infinite loop bsc1233594. CVE-2024-11596: ECMP dissector crash bsc1233593. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505001324 fixes several issues. The following security issues were fixed: CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. CVE-2024-43861: Fix memor...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2021-47589: igbvf: fix double free in igbvfprobe bsc1226557. CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1231893. CVE-2022-48960: net: hisilicon:...
Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-150600105 fixes several issues. The following security issues were fixed: CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks bsc1229273. CVE-2023-52752: smb: client: fix...
Security update for wget
This update for wget fixes the following issues: CVE-2024-10524: Fixed SSRF via shorthand HTTP URL bsc1233773 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for yo...
Security update for python-tornado6
This update for python-tornado6 fixes the following issues: CVE-2024-52804: Fixed a denial of service caused by quadratic performance of cookie parsing bsc1233668 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for php8
This update for php8 fixes the following issues: CVE-2024-11233: Single byte overread with convert.quoted-printable-decode filter bsc1233702. CVE-2024-11234: Configuring a proxy in a stream context might allow for CRLF injection in URIs bsc1233703. CVE-2024-8929: Leak partial content of the heap...
Security update for python39
This update for python39 fixes the following issues: CVE-2024-11168: Improper validation of IPv6 and IPvFuture addresses bsc1233307. Bug fixes: Remove -IVendor/ from python-config bsc1231795. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-43854: Initialize integrity buffer to zero before writing it to media bsc1229345 CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core...
Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-1506008 fixes several issues. The following security issues were fixed: CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. CVE-2024-35949: btrfs: make sure that WRITTEN is s...
Security update for the Linux Kernel RT (Live Patch 17 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505001361 fixes several issues. The following security issues were fixed: CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. CVE-2021-47598: schcake: do not cal...
Security update for the Linux Kernel RT (Live Patch 16 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505001358 fixes several issues. The following security issues were fixed: CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. CVE-2024-43861: Fix memor...
Security update for the Linux Kernel RT (Live Patch 15 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505001355 fixes several issues. The following security issues were fixed: CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. CVE-2024-43861: Fix memor...
Security update for the Linux Kernel RT (Live Patch 13 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505001347 fixes several issues. The following security issues were fixed: CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. CVE-2024-43861: Fix memor...
Security update for the Linux Kernel RT (Live Patch 11 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505001338 fixes several issues. The following security issues were fixed: CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. CVE-2024-43861: Fix memor...
Security update for the Linux Kernel RT (Live Patch 10 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505001335 fixes several issues. The following security issues were fixed: CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. CVE-2024-43861: Fix memor...
Security update for the Linux Kernel RT (Live Patch 9 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505001330 fixes several issues. The following security issues were fixed: CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. CVE-2024-43861: Fix memor...
Security update for postgresql14
This update for postgresql14 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.46.3 bsc1232747, including fixes for: CVE-2024-44308: Fixed arbitrary code execution by not allocating DFG register after a slow path bsc1233631. CVE-2024-44309: Fixed a data isolation bypass vulnerability bsc1233632...
Security update for xen
This update for xen fixes the following issues: CVE-2024-45818: Fixed deadlock in x86 HVM standard VGA handling XSA-463 bsc1232622. CVE-2024-45819: Fixed libxl data leaks to PVH guests via ACPI tables XSA-464 bsc1232624. Bug fixes: Remove usage of net-tools-deprecated from supportconfig plugin...
Security update for postgresql13
This update for postgresql13 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...
Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: CVE-2024-52304: Fixed request smuggling due to incorrect parsing of chunk extensions bsc1233447 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for libuv
This update for libuv fixes the following issues: CVE-2024-24806: Fixed improper Domain Lookup that potentially leads to SSRF attacks bsc1219724 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively yo...
Security update for python-waitress
This update for python-waitress fixes the following issues: CVE-2024-49769: Fixed a denial of service caused by incorrect connection clean up bsc1232554 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for tomcat
This update for tomcat fixes the following issues: Update to Tomcat 9.0.97 Fixed CVEs: CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 status bsc1233434 Catalina Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints. markt Add: 55470:...
Security update for tomcat10
This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.33 Fixed CVEs: CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 status bsc1233434 Catalina Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints. markt Add: 5547...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2021-47589: igbvf: fix double free in igbvfprobe bsc1226557. CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1231893. CVE-2022-48960: net:...
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The Linux Enterprise 12 SP5 kernel turned LTSS Extended Security The following security bugs were fixed: CVE-2021-46936: Fixed use-after-free in twtimerhandler bsc1220439. CVE-2021-47163: kABI fix for tipc:...
Security update for postgresql12
This update for postgresql12 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...
Security update for postgresql15
This update for postgresql15 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...
Security update for postgresql12
This update for postgresql12 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...
Security update for postgresql14
This update for postgresql14 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...
Security update for postgresql15
This update for postgresql15 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...
Security update for qemu
This update for qemu fixes the following issues: Security fixes: CVE-2024-8354: Fixed assertion failure in usbepget bsc1230834 CVE-2024-8612: Fixed information leak in virtio devices bsc1230915 Update version to 8.2.7: Security fixes: CVE-2024-7409: Fixed denial of service via improper...
Security update for python-virtualenv
This update for python-virtualenv fixes the following issues: CVE-2024-53899: Fixed a command injection through activation scripts bsc1233706 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you c...
Security update for frr
This update for frr fixes the following issues: Update to frr 8.5.6 jscPED-PED-11092 including fixes for: CVE-2024-44070,CVE-2024-34088,CVE-2024-31951,CVE-2024-31950, CVE-2024-31948,CVE-2024-27913,CVE-2023-47235,CVE-2023-47234, CVE-2023-46753,CVE-2023-46752,CVE-2023-41909,CVE-2023-41360,...
Security update for hplip
This update for hplip fixes the following issues: hpmud: sanitize printer serial number bsc1209401 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product:...
Security update for ovmf
This update for ovmf fixes the following issues: CVE-2024-1298: Fixed potential UINT32 overflow in S3 ResumeCount bsc1225889. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 128.5.0 ESR, fixed various security fixes and other quality improvements, MFSA 2024-64 bsc1233695: CVE-2024-11691: Memory corruption in Apple GPU drivers CVE-2024-11692: Select list elements could be shown...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.46.3 bsc1232747: CVE-2024-44244: Processing maliciously crafted web content may lead to an unexpected process crash. CVE-2024-44296: Processing maliciously crafted web content may prevent Content Security Policy from bein...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-48879: efi: fix NULL-deref in init error path bsc1229556. CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1231893. CVE-2022-48959: net: dsa:...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1231893. CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2rx bsc1231979...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.46.3 bsc1232747: CVE-2024-44244: Processing maliciously crafted web content may lead to an unexpected process crash. CVE-2024-44296: Processing maliciously crafted web content may prevent Content Security Policy from bein...
Security update for glib2
This update for glib2 fixes the following issues: CVE-2024-52533: Fixed a single byte buffer overflow bsc1233282. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed fo...
Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: CVE-2024-52304: Fixed request smuggling due to incorrect parsing of chunk extensions bsc1233447 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...