Explore top 10 tips to secure your open-source projects now. Read More
×
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-22140 http://linux.oracle.com/errata/ELSA-2026-22140.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: httpd-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm mod_http2-1.15.7-10.module+el8.10.0+90899+db89cbcc.5.x86_64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm mod_md-2.0.8-8.module+el8.10.0+90899+db89cbcc.2.x86_64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm aarch64: httpd-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm mod_http2-1.15.7-10.module+el8.10.0+90899+db89cbcc.5.aarch64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm mod_md-2.0.8-8.module+el8.10.0+90899+db89cbcc.2.aarch64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/httpd-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/mod_http2-1.15.7-10.module+el8.10.0+90899+db89cbcc.5.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/mod_md-2.0.8-8.module+el8.10.0+90899+db89cbcc.2.src.rpm Related CVEs: CVE-2025-53020 CVE-2026-28780 CVE-2026-33007 CVE-2026-33857 CVE-2026-34032 CVE-2026-34059 Description of changes: httpd [2.4.37-65.0.1.7] - Replace index.html with Oracle's index pageoracle_index.html mod_http2 [1.15.7-10.5] - Resolves: RHEL-166277 - httpd:2.4/httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase (CVE-2025-53020) mod_md [1:2.0.8-8.2] - Resolves: RHEL-134487 - httpd:2.4/httpd: Apache HTTP Server: mod_md (ACME), unintended retry intervals (CVE-2025-55753) _______________________________________________ El-errata mailing list
MGASA-2026-0129 - Updated apache packages fix security vulnerabilities. MGASA-2026-0129 - Updated apache packages fix security vulnerabilities Publication date: 13 May 2026 URL: https://advisories.mageia.org/MGASA-2026-0129.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-23918, CVE-2026-24072, CVE-2026-28780, CVE-2026-29168, CVE-2026-29169, CVE-2026-33006, CVE-2026-33007, CVE-2026-33523, CVE-2026-33857, CVE-2026-34032, CVE-2026-34059 Description: http2: double free and possible RCE on early reset. (CVE-2026-23918) mod_rewrite elevation of privileges via ap_expr. (CVE-2026-24072) buffer overflow in mod_proxy_ajp via ajp_msg_check_header(). (CVE-2026-28780) mod_md unrestricted OCSP response. (CVE-2026-29168) mod_dav_lock indirect lock crash. (CVE-2026-29169) mod_auth_digest timing attack. (CVE-2026-33006) mod_authn_socache crash. (CVE-2026-33007) HTTP response splitting forwarding malicious status line. (CVE-2026-33523) Off-by-one OOB reads in AJP getter functions. (CVE-2026-33857) Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string). (CVE-2026-34032) Heap Over-Read and memory disclosure in ajp_parse_data(). (CVE-2026-34059) References: - https://bugs.mageia.org/show_bug.cgi?id=35473 - http://www.slackware.com/security/viewer.php?l=slackware-security&y=2026&m=slackware-security.435691 - https://downloads.apache.org/httpd/CHANGES_2.4.67 - https://httpd.apache.org/security/vulnerabilities_24.html - https://www.openwall.com/lists/oss-security/2026/05/04/15 - https://www.openwall.com/lists/oss-security/2026/05/04/16 - https://www.openwall.com/lists/oss-security/2026/05/04/17 - https://www.openwall.com/lists/oss-security/2026/05/04/18 - https://www.openwall.com/lists/oss-security/2026/05/04/19 - https://www.openwall.com/lists/oss-security/2026/05/04/20 - https://www.openwall.com/lists/oss-security/2026/05/04/21 - https://www.openwall.com/lists/oss-security/2026/05/04/22 -https://www.openwall.com/lists/oss-security/2026/05/04/23 - https://www.openwall.com/lists/oss-security/2026/05/05/6 - https://www.openwall.com/lists/oss-security/2026/05/05/9 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23918 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24072 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28780 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29168 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29169 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33006 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33007 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33523 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33857 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34032 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34059 SRPMS: - 9/core/apache-2.4.67-1.mga9 . Updated apache packages for Mageia fix several security issues including RCE and buffer overflow vulnerabilities.. Mageia Apache Security RCE Buffer Overflow. . Severity: Important. LinuxSecurity.com Team
MGASA-2025-0322 - Updated apache packages fix security vulnerabilities. MGASA-2025-0322 - Updated apache packages fix security vulnerabilities Publication date: 08 Dec 2025 URL: https://advisories.mageia.org/MGASA-2025-0322.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-55753, CVE-2025-58098, CVE-2025-65082, CVE-2025-66200 Description: Apache HTTP Server: mod_md (ACME), unintended retry intervals. (CVE-2025-55753) Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. (CVE-2025-58098) Apache HTTP Server: CGI environment variable override. (CVE-2025-65082) Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo. (CVE-2025-66200) References: - https://bugs.mageia.org/show_bug.cgi?id=34803 - https://www.openwall.com/lists/oss-security/2025/12/04/4 - https://www.openwall.com/lists/oss-security/2025/12/04/5 - https://www.openwall.com/lists/oss-security/2025/12/04/7 - https://www.openwall.com/lists/oss-security/2025/12/04/8 - https://www.cve.org/CVERecord?id=CVE-2025-55753 - https://www.cve.org/CVERecord?id=CVE-2025-58098 - https://www.cve.org/CVERecord?id=CVE-2025-65082 - https://www.cve.org/CVERecord?id=CVE-2025-66200 SRPMS: - 9/core/apache-2.4.66-1.mga9 . Updated Apache packages for Mageia fix critical issues related to mod_cgid and security vulnerabilities.. Mageia Apache Security Fix, Apache Vulnerabilities Update, Mageia 9, Apache Mod Cgid, Security Advisory Mageia. . Severity: Important. LinuxSecurity.com Team
MGASA-2025-0301 - Updated apache packages fix security vulnerabilities. MGASA-2025-0301 - Updated apache packages fix security vulnerabilities Publication date: 18 Nov 2025 URL: https://advisories.mageia.org/MGASA-2025-0301.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-42516, CVE-2024-43204, CVE-2024-47252, CVE-2025-49630, CVE-2025-23048, CVE-2025-49812, CVE-2025-53020, CVE-2025-54090 Description: HTTP response splitting. (CVE-2024-42516) SSRF with mod_headers setting Content-Type header. (CVE-2024-43204) mod_ssl error log variable escaping. (CVE-2024-47252) mod_proxy_http2 denial of service. (CVE-2025-49630) mod_ssl access control bypass with session resumption. (CVE-2025-23048) mod_ssl TLS upgrade attack. (CVE-2025-49812) HTTP/2 DoS by Memory Increase. (CVE-2025-53020) 'RewriteCond expr' always evaluates to true in 2.4.64. (CVE-2025-54090) You will find the update delay sometimes causes a failure; just restart the service after the update. References: - https://bugs.mageia.org/show_bug.cgi?id=34464 - https://www.openwall.com/lists/oss-security/2025/07/10/2 - https://www.openwall.com/lists/oss-security/2025/07/10/3 - https://www.openwall.com/lists/oss-security/2025/07/10/4 - https://www.openwall.com/lists/oss-security/2025/07/10/6 - https://www.openwall.com/lists/oss-security/2025/07/10/7 - https://www.openwall.com/lists/oss-security/2025/07/10/8 - https://www.openwall.com/lists/oss-security/2025/07/10/9 - https://www.openwall.com/lists/oss-security/2025/07/10/10 - https://www.openwall.com/lists/oss-security/2025/07/24/2 - https://www.cve.org/CVERecord?id=CVE-2024-42516 - https://www.cve.org/CVERecord?id=CVE-2024-43204 - https://www.cve.org/CVERecord?id=CVE-2024-47252 - https://www.cve.org/CVERecord?id=CVE-2025-49630 - https://www.cve.org/CVERecord?id=CVE-2025-23048 - https://www.cve.org/CVERecord?id=CVE-2025-49812 - https://www.cve.org/CVERecord?id=CVE-2025-53020 - https://www.cve.org/CVERecord?id=CVE-2025-54090 SRPMS: - 9/core/apache-2.4.65-1.mga9 .Updated Apache packages fix important security issues including HTTP response splitting and a DoS threat on Mageia.. mageia advisory, apache update, security fix, http response splitting, DoS attack. . Severity: Important. LinuxSecurity.com Team
Apache Subversion could be made to crash if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-7818-1 October 13, 2025 subversion vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Apache Subversion could be made to crash if it opened a specially crafted file. Software Description: - subversion: Advanced version control system Details: It was discovered that Apache Subversion incorrectly parsed control characters in filenames. An attacker could possibly use this issue to commit a corrupted revision to a repository, leading to a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS subversion 1.9.3-2ubuntu1.3+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7818-1 CVE-2024-46901 . Apache Subversion in Ubuntu could crash when handling malformed files, causing denial of service. Update recommended.. Apache Subversion, Ubuntu Security, Denial of Service Vulnerability. . Severity: Critical. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-14178 http://linux.oracle.com/errata/ELSA-2025-14178.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: tomcat9-9.0.87-5.el10_0.3.noarch.rpm tomcat9-admin-webapps-9.0.87-5.el10_0.3.noarch.rpm tomcat9-docs-webapp-9.0.87-5.el10_0.3.noarch.rpm tomcat9-el-3.0-api-9.0.87-5.el10_0.3.noarch.rpm tomcat9-jsp-2.3-api-9.0.87-5.el10_0.3.noarch.rpm tomcat9-lib-9.0.87-5.el10_0.3.noarch.rpm tomcat9-servlet-4.0-api-9.0.87-5.el10_0.3.noarch.rpm tomcat9-webapps-9.0.87-5.el10_0.3.noarch.rpm aarch64: tomcat9-9.0.87-5.el10_0.3.noarch.rpm tomcat9-admin-webapps-9.0.87-5.el10_0.3.noarch.rpm tomcat9-docs-webapp-9.0.87-5.el10_0.3.noarch.rpm tomcat9-el-3.0-api-9.0.87-5.el10_0.3.noarch.rpm tomcat9-jsp-2.3-api-9.0.87-5.el10_0.3.noarch.rpm tomcat9-lib-9.0.87-5.el10_0.3.noarch.rpm tomcat9-servlet-4.0-api-9.0.87-5.el10_0.3.noarch.rpm tomcat9-webapps-9.0.87-5.el10_0.3.noarch.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/tomcat9-9.0.87-5.el10_0.3.src.rpm Related CVEs: CVE-2025-48976 CVE-2025-48988 CVE-2025-48989 CVE-2025-49125 CVE-2025-52434 CVE-2025-52520 CVE-2025-53506 Description of changes: [1:9.0.87-5.3] - Resolves: tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989) - Resolves: tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976) - Resolves: tomcat: Dos in multipart upload (CVE-2025-48988) - Resolves: tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125) - Resolves: tomcat: Denial of service (CVE-2025-52434) - Resolves: tomcat: Denial of service (CVE-2025-52520) - Resolves: tomcat: Denial of service (CVE-2025-53506) _______________________________________________ El-errata mailing list
* bsc#1243793 Cross-References: * CVE-2025-48734 . # Security update for apache-commons-beanutils Announcement ID: SUSE-SU-2025:01815-1 Release Date: 2025-06-04T17:02:10Z Rating: important References: * bsc#1243793 Cross-References: * CVE-2025-48734 CVSS scores: * CVE-2025-48734 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-48734 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP6 * Web and Scripting Module 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for apache-commons-beanutils fixes the following issues: Update to 1.11.0 * CVE-2025-48734: Fixed possible arbitrary code execution vulnerability (bsc#1243793) Fullchangelog: https://commons.apache.org/proper/commons-beanutils/changes.html#a1.11.0 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-1815=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1815=1 * Web and Scripting Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP6-2025-1815=1 * Web and Scripting Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2025-1815=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1815=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1815=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1815=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1815=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1815=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1815=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1815=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1815=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1815=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1815=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1815=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1815=1 ## Package List: * SUSE Enterprise Storage 7.1 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * openSUSE Leap 15.6 (noarch) * apache-commons-beanutils-javadoc-1.11.0-150200.3.9.1 * apache-commons-beanutils-1.11.0-150200.3.9.1 * Web and Scripting Module 15-SP6 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * Web and Scripting Module 15-SP7 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Manager Server 4.3 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 ## References: *https://www.suse.com/security/cve/CVE-2025-48734.html * https://bugzilla.suse.com/show_bug.cgi?id=1243793 . Important security patch addresses glide-commons-beanutils vulnerability, eliminating risk of unauthorized code execution. Please verify your installation.. apache-commons-beanutils, security update, arbitrary code execution, SUSE, openSUSE. . Severity: Critical. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for apache-commons-beanutils Announcement ID: SUSE-SU-2025:01815-1 Release Date: 2025-06-04T17:02:10Z Rating: important References: * bsc#1243793 Cross-References: * CVE-2025-48734 CVSS scores: * CVE-2025-48734 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-48734 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP6 * Web and Scripting Module 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for apache-commons-beanutils fixes the following issues: Update to 1.11.0 * CVE-2025-48734: Fixed possible arbitrary code execution vulnerability (bsc#1243793) Full changelog: https://commons.apache.org/proper/commons-beanutils/changes.html#a1.11.0 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-1815=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1815=1 * Web and Scripting Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP6-2025-1815=1 * Web and Scripting Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2025-1815=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1815=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1815=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1815=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1815=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1815=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1815=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1815=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1815=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1815=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1815=1 * SUSE Linux Enterprise Server for SAPApplications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1815=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1815=1 ## Package List: * SUSE Enterprise Storage 7.1 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * openSUSE Leap 15.6 (noarch) * apache-commons-beanutils-javadoc-1.11.0-150200.3.9.1 * apache-commons-beanutils-1.11.0-150200.3.9.1 * Web and Scripting Module 15-SP6 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * Web and Scripting Module 15-SP7 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 * SUSE Manager Server 4.3 (noarch) * apache-commons-beanutils-1.11.0-150200.3.9.1 ##References: * https://www.suse.com/security/cve/CVE-2025-48734.html * https://bugzilla.suse.com/show_bug.cgi?id=1243793 . Critical patch released for Ubuntu tackles significant issue in apache-commons-beanutils—solution provided.. openSUSE Security, apache commons code issue, important security update. . Severity: Critical. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.