Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves 25 vulnerabilities can now be installed.. # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2026:21180-1 Release Date: 2026-04-13T11:47:50Z Rating: important References: * bsc#1259934 * bsc#1259935 * bsc#1259936 * bsc#1259937 * bsc#1259938 * bsc#1259939 * bsc#1259940 * bsc#1259941 * bsc#1259942 * bsc#1259943 * bsc#1259944 * bsc#1259945 * bsc#1259946 * bsc#1259947 * bsc#1259948 * bsc#1259949 * bsc#1259950 * bsc#1261172 * bsc#1261173 * bsc#1261174 * bsc#1261175 * bsc#1261176 * bsc#1261177 * bsc#1261178 * bsc#1261179 Cross-References: * CVE-2023-43010 * CVE-2025-31223 * CVE-2025-31277 * CVE-2025-43213 * CVE-2025-43214 * CVE-2025-43433 * CVE-2025-43438 * CVE-2025-43441 * CVE-2025-43457 * CVE-2025-43511 * CVE-2025-46299 * CVE-2026-20608 * CVE-2026-20635 * CVE-2026-20636 * CVE-2026-20643 * CVE-2026-20644 * CVE-2026-20652 * CVE-2026-20664 * CVE-2026-20665 * CVE-2026-20676 * CVE-2026-20691 * CVE-2026-28857 * CVE-2026-28859 * CVE-2026-28861 * CVE-2026-28871 CVSS scores: * CVE-2023-43010 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-43010 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-43010 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31223 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-31223 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31223 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31277 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-31277 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31277 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43213 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43213 ( NVD ): 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43214 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43214 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43214 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43433 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43433 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43433 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43438 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43438 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43438 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43441 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-43441 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43441 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43457 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43457 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43457 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43511 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43511 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43511 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-46299 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-46299 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-46299 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-20608 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20608 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H *CVE-2026-20608 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20635 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20635 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20635 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-20636 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20636 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20636 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20643 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-20643 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-20644 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20644 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20652 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20652 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20652 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20652 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20664 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20664 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-20665 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-20665 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-20676 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-20676 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-20676 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-20676 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-20691 ( SUSE ): 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-20691 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28857 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28857 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28859 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-28859 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28861 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-28861 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28871 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28871 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves 25 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.52.1. Security issues fixed: * CVE-2025-43213: processing maliciously crafted web content may lead to an unexpected crash due to improper memory handling (bsc#1259947). * CVE-2025-43214: processing maliciously crafted web content may lead to an unexpected crash due to improper memory handling (bsc#1259946). * CVE-2025-43457: processing maliciously crafted web content may lead to an unexpected crash due to use-after-free (bsc#1259942). * CVE-2025-43511: processing maliciously crafted web content may lead to an unexpected process crash due to use-after-free (bsc#1259941). * CVE-2025-46299: processing maliciously crafted web content may disclose internal states of an app due to improper memory initialization (bsc#1259940). * CVE-2026-20608: processing maliciously crafted web content may lead to an unexpected process crash due to improper state management (bsc#1259939). * CVE-2026-20635: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1259938). * CVE-2026-20636: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1259937). * CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy due to improper input validation (bsc#1261172). * CVE-2026-20644: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1259936). * CVE-2026-20652: a remote attacker may be able to cause a denial-of-service due to improper memory handling (bsc#1259935). * CVE-2026-20664: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1261173). * CVE-2026-20665: processing maliciously crafted web content may prevent Content Security Policy from being enforced due to improper state management (bsc#1261174). * CVE-2026-20676: a website may be able to track users through web extensions due to improper state management (bsc#1259934). * CVE-2026-20691: a maliciously crafted webpage may be able to fingerprint users due to improper state management (bsc#1261175). * CVE-2026-28857: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1261176). * CVE-2026-28859: a malicious website may be able to process restricted web content outside the sandbox due to improper memory management (bsc#1261177). * CVE-2026-28861: a malicious website may be able to access script message handlers intended for other origins due to improper state management (bsc#1261178). * CVE-2026-28871: visiting a maliciously crafted website may lead to a cross- site scripting attack due to missing checks (bsc#1261179). Other updates and bugfixes: * Version 2.52.1: * Reduce the amount of useless MPRIS notifications produced by MediaSession when the information about media beingplayed is incomplete. * Support turning off USE_GSTREAMER to configure the build with all multimedia features disabled. * Add Sysprof marks for mouse events. * Fix MediaSession icon for iheart.com not being displayed. * Fix the build with USE_GSTREAMER_GL disabled. * Fix the build with librice version 0.3.0 or newer. * Fix several crashes and rendering issues. * Translation updates: Georgian. * Version 2.52.0: * Make scrolling with touch input smoother for small movements. * Fix estimated load progress of downloads when Content-Length value is wrong. * Ensure that "scrollend" events are correctly emitted after scroll animations. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-540=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-540=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * WebKitGTK-6.0-lang-2.52.1-160000.1.1 * WebKitGTK-4.1-lang-2.52.1-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_1-injected-bundles-2.52.1-160000.1.1 * typelib-1_0-WebKit2-4_1-2.52.1-160000.1.1 * libwebkitgtk-6_0-4-debuginfo-2.52.1-160000.1.1 * webkit2gtk4-minibrowser-debuginfo-2.52.1-160000.1.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.1-160000.1.1 * webkit-jsc-6.0-debuginfo-2.52.1-160000.1.1 * webkit-jsc-4.1-debuginfo-2.52.1-160000.1.1 * webkit-jsc-6.0-2.52.1-160000.1.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.1-160000.1.1 * webkit2gtk3-minibrowser-debuginfo-2.52.1-160000.1.1 * webkit2gtk3-minibrowser-2.52.1-160000.1.1 * libwebkitgtk-6_0-4-2.52.1-160000.1.1 * libjavascriptcoregtk-4_1-0-2.52.1-160000.1.1 * webkit2gtk4-minibrowser-2.52.1-160000.1.1 *webkit2gtk-4_1-injected-bundles-debuginfo-2.52.1-160000.1.1 * webkit-jsc-4.1-2.52.1-160000.1.1 * typelib-1_0-JavaScriptCore-6_0-2.52.1-160000.1.1 * libwebkit2gtk-4_1-0-2.52.1-160000.1.1 * typelib-1_0-JavaScriptCore-4_1-2.52.1-160000.1.1 * webkitgtk-6_0-injected-bundles-2.52.1-160000.1.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-160000.1.1 * libjavascriptcoregtk-6_0-1-2.52.1-160000.1.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.52.1-160000.1.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.1-160000.1.1 * typelib-1_0-WebKit-6_0-2.52.1-160000.1.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.1-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * WebKitGTK-6.0-lang-2.52.1-160000.1.1 * WebKitGTK-4.1-lang-2.52.1-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * webkit2gtk-4_1-injected-bundles-2.52.1-160000.1.1 * typelib-1_0-WebKit2-4_1-2.52.1-160000.1.1 * libwebkitgtk-6_0-4-debuginfo-2.52.1-160000.1.1 * webkit2gtk4-minibrowser-debuginfo-2.52.1-160000.1.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.1-160000.1.1 * webkit-jsc-6.0-debuginfo-2.52.1-160000.1.1 * webkit-jsc-4.1-debuginfo-2.52.1-160000.1.1 * webkit-jsc-6.0-2.52.1-160000.1.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.1-160000.1.1 * webkit2gtk3-minibrowser-debuginfo-2.52.1-160000.1.1 * webkit2gtk3-minibrowser-2.52.1-160000.1.1 * libwebkitgtk-6_0-4-2.52.1-160000.1.1 * libjavascriptcoregtk-4_1-0-2.52.1-160000.1.1 * webkit2gtk4-minibrowser-2.52.1-160000.1.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.1-160000.1.1 * webkit-jsc-4.1-2.52.1-160000.1.1 * typelib-1_0-JavaScriptCore-6_0-2.52.1-160000.1.1 * libwebkit2gtk-4_1-0-2.52.1-160000.1.1 * typelib-1_0-JavaScriptCore-4_1-2.52.1-160000.1.1 * webkitgtk-6_0-injected-bundles-2.52.1-160000.1.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-160000.1.1 * libjavascriptcoregtk-6_0-1-2.52.1-160000.1.1 *webkitgtk-6_0-injected-bundles-debuginfo-2.52.1-160000.1.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.1-160000.1.1 * typelib-1_0-WebKit-6_0-2.52.1-160000.1.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.1-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43010.html * https://www.suse.com/security/cve/CVE-2025-31223.html * https://www.suse.com/security/cve/CVE-2025-31277.html * https://www.suse.com/security/cve/CVE-2025-43213.html * https://www.suse.com/security/cve/CVE-2025-43214.html * https://www.suse.com/security/cve/CVE-2025-43433.html * https://www.suse.com/security/cve/CVE-2025-43438.html * https://www.suse.com/security/cve/CVE-2025-43441.html * https://www.suse.com/security/cve/CVE-2025-43457.html * https://www.suse.com/security/cve/CVE-2025-43511.html * https://www.suse.com/security/cve/CVE-2025-46299.html * https://www.suse.com/security/cve/CVE-2026-20608.html * https://www.suse.com/security/cve/CVE-2026-20635.html * https://www.suse.com/security/cve/CVE-2026-20636.html * https://www.suse.com/security/cve/CVE-2026-20643.html * https://www.suse.com/security/cve/CVE-2026-20644.html * https://www.suse.com/security/cve/CVE-2026-20652.html * https://www.suse.com/security/cve/CVE-2026-20664.html * https://www.suse.com/security/cve/CVE-2026-20665.html * https://www.suse.com/security/cve/CVE-2026-20676.html * https://www.suse.com/security/cve/CVE-2026-20691.html * https://www.suse.com/security/cve/CVE-2026-28857.html * https://www.suse.com/security/cve/CVE-2026-28859.html * https://www.suse.com/security/cve/CVE-2026-28861.html * https://www.suse.com/security/cve/CVE-2026-28871.html * https://bugzilla.suse.com/show_bug.cgi?id=1259934 * https://bugzilla.suse.com/show_bug.cgi?id=1259935 * https://bugzilla.suse.com/show_bug.cgi?id=1259936 * https://bugzilla.suse.com/show_bug.cgi?id=1259937 * https://bugzilla.suse.com/show_bug.cgi?id=1259938 * https://bugzilla.suse.com/show_bug.cgi?id=1259939 *https://bugzilla.suse.com/show_bug.cgi?id=1259940 * https://bugzilla.suse.com/show_bug.cgi?id=1259941 * https://bugzilla.suse.com/show_bug.cgi?id=1259942 * https://bugzilla.suse.com/show_bug.cgi?id=1259943 * https://bugzilla.suse.com/show_bug.cgi?id=1259944 * https://bugzilla.suse.com/show_bug.cgi?id=1259945 * https://bugzilla.suse.com/show_bug.cgi?id=1259946 * https://bugzilla.suse.com/show_bug.cgi?id=1259947 * https://bugzilla.suse.com/show_bug.cgi?id=1259948 * https://bugzilla.suse.com/show_bug.cgi?id=1259949 * https://bugzilla.suse.com/show_bug.cgi?id=1259950 * https://bugzilla.suse.com/show_bug.cgi?id=1261172 * https://bugzilla.suse.com/show_bug.cgi?id=1261173 * https://bugzilla.suse.com/show_bug.cgi?id=1261174 * https://bugzilla.suse.com/show_bug.cgi?id=1261175 * https://bugzilla.suse.com/show_bug.cgi?id=1261176 * https://bugzilla.suse.com/show_bug.cgi?id=1261177 * https://bugzilla.suse.com/show_bug.cgi?id=1261178 * https://bugzilla.suse.com/show_bug.cgi?id=1261179 . SUSE updates webkit2gtk3 addressing 25 issues; critical memory handling flaws pose crash risks. Update now!. SUSE webkit2gtk3 vulnerabilities memory handling. . Severity: Important. LinuxSecurity.com Team
An update that solves four vulnerabilities can now be installed.. # Security update for xkbcomp Announcement ID: SUSE-SU-2025:4407-1 Release Date: 2025-12-15T16:54:15Z Rating: moderate References: * bsc#1105832 Cross-References: * CVE-2018-15853 * CVE-2018-15859 * CVE-2018-15861 * CVE-2018-15863 CVSS scores: * CVE-2018-15853 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15853 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15853 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15859 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15859 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15859 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15861 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15861 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15861 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15863 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15863 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15863 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for xkbcomp fixes the following issues: * CVE-2018-15863: NULL pointer dereference triggered by a a crafted keymap file with a no-op modmask expression can lead to a crash (bsc#1105832). * CVE-2018-15861: NULL pointer dereference triggered by a crafted keymap file that induces an `xkb_intern_atom` failure can lead to a crash (bsc#1105832). * CVE-2018-15859: NULL pointer dereference triggered by a specially a crafted keymap file can lead to a crash(bsc#1105832). * CVE-2018-15853: endless recursion triggered by a crafted keymap file that induces boolean negation can lead to a crash (bsc#1105832). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-4407=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * xkbcomp-1.2.4-11.3.1 * xkbcomp-devel-1.2.4-11.3.1 * xkbcomp-debugsource-1.2.4-11.3.1 * xkbcomp-debuginfo-1.2.4-11.3.1 ## References: * https://www.suse.com/security/cve/CVE-2018-15853.html * https://www.suse.com/security/cve/CVE-2018-15859.html * https://www.suse.com/security/cve/CVE-2018-15861.html * https://www.suse.com/security/cve/CVE-2018-15863.html * https://bugzilla.suse.com/show_bug.cgi?id=1105832 . Four vulnerabilities addressed in SUSE's xkbcomp update—critical for maintaining system security and stability.. xkbcomp update, SUSE Linux security, moderate security issue, system stability fix. . LinuxSecurity.com Team
Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash (CVE-2024-7347). Thanks to Nils Bars.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-6ba57fd2a3 2024-08-26 02:04:05.151864 -------------------------------------------------------------------------------- Name : nginx-mod-modsecurity Product : Fedora 40 Version : 1.0.3 Release : 13.fc40 URL : https://github.com/owasp-modsecurity/ModSecurity-nginx Summary : ModSecurity v3 nginx connector Description : The ModSecurity-nginx connector is the connection point between nginx and libmodsecurity (ModSecurity v3). Said another way, this project provides a communication channel between nginx and libmodsecurity. This connector is required to use LibModSecurity with nginx. The ModSecurity-nginx connector takes the form of an nginx module. The module simply serves as a layer of communication between nginx and ModSecurity -------------------------------------------------------------------------------- Update Information: Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash (CVE-2024-7347). Thanks to Nils Bars. -------------------------------------------------------------------------------- ChangeLog: * Sat Aug 17 2024 Felix Kaechele - 1.0.3-13 - Rebuild for nginx 1.26.2 * Thu Jul 18 2024 Fedora Release Engineering - 1.0.3-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2305156 - CVE-2024-7347 nginx: Nginx: Specially crafted file may cause Denial of Service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2305156 -------------------------------------------------------------------------------- This update can be installedwith the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-6ba57fd2a3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
PyMongo could be made to crash or expose sensitive information if it received a crafted BSON.. ========================================================================== Ubuntu Security Notice USN-6904-1 July 22, 2024 pymongo vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: PyMongo could be made to crash or expose sensitive information if it received a crafted BSON. Software Description: - pymongo: Python interface to the MongoDB document-oriented database Details: It was discovered that PyMongo incorrectly handled certain BSON. An attacker could possibly use this issue to read sensitive information or cause a crash. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS python3-bson 3.11.0-1ubuntu0.24.04.1 python3-bson-ext 3.11.0-1ubuntu0.24.04.1 Ubuntu 22.04 LTS python3-bson 3.11.0-1ubuntu0.22.04.1 python3-bson-ext 3.11.0-1ubuntu0.22.04.1 Ubuntu 20.04 LTS python3-bson 3.10.1-0ubuntu2.1 python3-bson-ext 3.10.1-0ubuntu2.1 Ubuntu 18.04 LTS python-bson 3.6.1+dfsg1-1ubuntu0.1~esm1 Available with Ubuntu Pro python-bson-ext 3.6.1+dfsg1-1ubuntu0.1~esm1 Available with Ubuntu Pro python3-bson 3.6.1+dfsg1-1ubuntu0.1~esm1 Available with Ubuntu Pro python3-bson-ext 3.6.1+dfsg1-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS python-bson 3.2-1ubuntu0.1~esm1 Available with Ubuntu Pro python-bson-ext 3.2-1ubuntu0.1~esm1 Available with Ubuntu Pro python3-bson 3.2-1ubuntu0.1~esm1 Available with Ubuntu Pro python3-bson-ext 3.2-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6904-1 CVE-2024-5629 Package Information: https://launchpad.net/ubuntu/+source/pymongo/3.11.0-1ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/pymongo/3.11.0-1ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/pymongo/3.10.1-0ubuntu2.1 . PyMongo vulnerability alert emphasizing potential crash and data leak threats across various Ubuntu LTS editions.. Ubuntu LTS, PyMongo Security, Information Exposure, Crash Risk. . Severity: Critical. LinuxSecurity.com Team
A vulnerability has been discovered in LZ4, which can lead to memory corruption.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202406-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: LZ4: Memory Corruption Date: June 22, 2024 Bugs: #791952 ID: 202406-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in LZ4, which can lead to memory corruption. Background ========== LZ4 is a lossless compression algorithm, providing compression speed > 500 MB/s per core, scalable with multi-cores CPU. It features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems. Affected packages ================= Package Vulnerable Unaffected ------------ ------------ ------------ app-arch/lz4 < 1.9.3-r1 > = 1.9.3-r1 Description =========== An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. Impact ====== The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well. Workaround ========== There is no known workaround at this time. Resolution ========== All LZ4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-arch/lz4-1.9.3-r1" References ========== [ 1 ] CVE-2021-3520 https://nvd.nist.gov/vuln/detail/CVE-2021-3520 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202406-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
The system could be made to crash under certain conditions.. ========================================================================== Ubuntu Security Notice USN-6706-1 March 20, 2024 linux-oem-6.1 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: The system could be made to crash under certain conditions. Software Description: - linux-oem-6.1: Linux kernel for OEM systems Details: It was discovered that the Microchip USB Ethernet driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash). Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-6.1.0-1036-oem 6.1.0-1036.36 linux-image-oem-22.04a 6.1.0.1036.37 linux-image-oem-22.04b 6.1.0.1036.37 linux-image-oem-22.04c 6.1.0.1036.37 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6706-1 CVE-2023-6039 Package Information: https://launchpad.net/ubuntu/+source/linux-oem-6.1/6.1.0-1036.36 . Ubuntu Security Patch USN-6707-2 addresses a critical stability issue linked to linux-oem-6.2 vulnerability impacting Ubuntu 20.04 LTS.. Ubuntu Vulnerability, Linux Kernel Issue,OEM Security Risk. . Severity: Critical. LinuxSecurity.com Team
* bsc#1215940 * bsc#1216001 * bsc#1216167 * bsc#1216696 . # Security update for vim Announcement ID: SUSE-SU-2023:4587-1 Rating: important References: * bsc#1215940 * bsc#1216001 * bsc#1216167 * bsc#1216696 Cross-References: * CVE-2023-46246 * CVE-2023-5344 * CVE-2023-5441 * CVE-2023-5535 CVSS scores: * CVE-2023-46246 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-46246 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5344 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5344 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5344 ( NVD ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5441 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5441 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-5441 ( NVD ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5535 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5535 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5535 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves four vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) * CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) * CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) * CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4587=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4587=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4587=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4587=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4587=1 * SUSE LinuxEnterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4587=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4587=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4587=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4587=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4587=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4587=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4587=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4587=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4587=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4587=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4587=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4587=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4587=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4587=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4587=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSELinux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4587=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4587=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4587=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * openSUSE Leap Micro 5.4 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * openSUSE Leap 15.4 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 *vim-small-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * Basesystem Module 15-SP4 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 *gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server15 SP2 LTSS 15-SP2 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Enterprise Storage 7.1 (aarch64x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * vim-small-debuginfo-9.0.2103-150000.5.57.1 * SUSE Enterprise Storage 7.1 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE CaaS Platform 4.0 (x86_64) * gvim-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * gvim-debuginfo-9.0.2103-150000.5.57.1 * vim-9.0.2103-150000.5.57.1 * SUSE CaaS Platform 4.0 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * vim-data-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * vim-data-common-9.0.2103-150000.5.57.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.2103-150000.5.57.1 * vim-debuginfo-9.0.2103-150000.5.57.1 * vim-debugsource-9.0.2103-150000.5.57.1 * vim-small-9.0.2103-150000.5.57.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46246.html * https://www.suse.com/security/cve/CVE-2023-5344.html * https://www.suse.com/security/cve/CVE-2023-5441.html * https://www.suse.com/security/cve/CVE-2023-5535.html *https://bugzilla.suse.com/show_bug.cgi?id=1215940 * https://bugzilla.suse.com/show_bug.cgi?id=1216001 * https://bugzilla.suse.com/show_bug.cgi?id=1216167 * https://bugzilla.suse.com/show_bug.cgi?id=1216696 . Critical vim update addresses security vulnerabilities in openSUSE with patch instructions for users.. openSUSE Patch,vim Security Update,Buffer Overflow Fix,Security Advisory. . Severity: Important. LinuxSecurity.com Team
It was discovered that ntpd in ntpsec, a secure, hardened, and improved implementation derived from the original NTP project, could crash if NTS is disabled and an NTS-enabled client request (mode 3) is received. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5466-1
Get the latest Linux and open source security news straight to your inbox.