Explore top 10 tips to secure your open-source projects now. Read More
×
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-13537 http://linux.oracle.com/errata/ELSA-2026-13537.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: thunderbird-140.10.0-1.0.1.el8_10.x86_64.rpm aarch64: thunderbird-140.10.0-1.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/thunderbird-140.10.0-1.0.1.el8_10.src.rpm Related CVEs: CVE-2026-6746 CVE-2026-6747 CVE-2026-6748 CVE-2026-6749 CVE-2026-6750 CVE-2026-6751 CVE-2026-6752 CVE-2026-6753 CVE-2026-6754 CVE-2026-6757 CVE-2026-6759 CVE-2026-6761 CVE-2026-6762 CVE-2026-6763 CVE-2026-6764 CVE-2026-6765 CVE-2026-6766 CVE-2026-6767 CVE-2026-6769 CVE-2026-6770 CVE-2026-6771 CVE-2026-6772 CVE-2026-6776 CVE-2026-6785 CVE-2026-6786 Description of changes: [140.10.0-1.0.1] - Fix prefs for new nss [Orabug: 37079820] - Add Oracle prefs file [140.10.0] - Add OpenELA debranding [140.10.0-1] - Update to 140.10.0 ESR _______________________________________________ El-errata mailing list
An update that solves five vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:20499-1 Release Date: 2026-02-19T09:17:44Z Rating: important References: * bsc#1249205 * bsc#1249455 * bsc#1249480 * bsc#1253439 * bsc#1253473 Cross-References: * CVE-2025-38111 * CVE-2025-38352 * CVE-2025-39742 * CVE-2025-40129 * CVE-2025-40186 CVSS scores: * CVE-2025-38111 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38111 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38111 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-38352 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38352 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39742 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39742 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39742 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40129 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40129 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40186 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40186 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-24.1 fixes various security issues The following security issues were fixed: * CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1249455). * CVE-2025-38352: posix-cpu-timers: fix racebetween handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1249205). * CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249480). * CVE-2025-40129: sunrpc: fix null pointer dereference on zero-length checksum (bsc#1253473). * CVE-2025-40186: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request() (bsc#1253439). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-270=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-24-default-17-1.2 * kernel-livepatch-6_4_0-24-default-debuginfo-17-1.2 * kernel-livepatch-MICRO-6-0_Update_4-debugsource-17-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38111.html * https://www.suse.com/security/cve/CVE-2025-38352.html * https://www.suse.com/security/cve/CVE-2025-39742.html * https://www.suse.com/security/cve/CVE-2025-40129.html * https://www.suse.com/security/cve/CVE-2025-40186.html * https://bugzilla.suse.com/show_bug.cgi?id=1249205 * https://bugzilla.suse.com/show_bug.cgi?id=1249455 * https://bugzilla.suse.com/show_bug.cgi?id=1249480 * https://bugzilla.suse.com/show_bug.cgi?id=1253439 * https://bugzilla.suse.com/show_bug.cgi?id=1253473 . Update for SUSE Linux Enterprise Micro 6.0 addresses five important security issues with the kernel, enhancing system safety.. SUSE Linux Kernel Patch Update Live Security Fix. . Severity: Important. LinuxSecurity.com Team
An update that solves five vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:20500-1 Release Date: 2026-02-19T09:17:44Z Rating: important References: * bsc#1249205 * bsc#1249455 * bsc#1249480 * bsc#1253439 * bsc#1253473 Cross-References: * CVE-2025-38111 * CVE-2025-38352 * CVE-2025-39742 * CVE-2025-40129 * CVE-2025-40186 CVSS scores: * CVE-2025-38111 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38111 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38111 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-38352 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38352 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39742 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39742 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39742 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40129 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40129 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40186 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40186 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: * CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1249455). * CVE-2025-38352: posix-cpu-timers: fix racebetween handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1249205). * CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249480). * CVE-2025-40129: sunrpc: fix null pointer dereference on zero-length checksum (bsc#1253473). * CVE-2025-40186: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request() (bsc#1253439). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-271=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-25-default-debuginfo-15-1.2 * kernel-livepatch-6_4_0-25-default-15-1.2 * kernel-livepatch-MICRO-6-0_Update_5-debugsource-15-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38111.html * https://www.suse.com/security/cve/CVE-2025-38352.html * https://www.suse.com/security/cve/CVE-2025-39742.html * https://www.suse.com/security/cve/CVE-2025-40129.html * https://www.suse.com/security/cve/CVE-2025-40186.html * https://bugzilla.suse.com/show_bug.cgi?id=1249205 * https://bugzilla.suse.com/show_bug.cgi?id=1249455 * https://bugzilla.suse.com/show_bug.cgi?id=1249480 * https://bugzilla.suse.com/show_bug.cgi?id=1253439 * https://bugzilla.suse.com/show_bug.cgi?id=1253473 . An important security update for SUSE Linux Enterprise Micro 6.0 fixes critical issues in the kernel affecting various components.. SUSE Linux Kernel Patch Important Update Security. . Severity: Important. LinuxSecurity.com Team
An update that solves six vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6) Announcement ID: SUSE-SU-2025:03566-1 Release Date: 2025-10-12T07:04:09Z Rating: important References: * bsc#1233072 * bsc#1237048 * bsc#1240744 * bsc#1243650 * bsc#1245509 * bsc#1247315 Cross-References: * CVE-2024-50154 * CVE-2024-53168 * CVE-2025-21692 * CVE-2025-21791 * CVE-2025-38089 * CVE-2025-38477 CVSS scores: * CVE-2024-50154 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50154 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50154 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50154 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53168 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53168 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21692 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21791 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38089 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38089 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38477( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_23_25 fixes several issues. The following security issues were fixed: * CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315). * CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650). * CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233072). * CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744). * CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (bsc#1245509). * CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3566=1 SUSE-2025-3565=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3566=1 SUSE-SLE- Module-Live-Patching-15-SP6-2025-3565=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_5-debugsource-17-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_4-debugsource-18-150600.2.1 * kernel-livepatch-6_4_0-150600_23_25-default-17-150600.2.1 * kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-18-150600.2.1 * kernel-livepatch-6_4_0-150600_23_22-default-18-150600.2.1 *kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-17-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_5-debugsource-17-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_4-debugsource-18-150600.2.1 * kernel-livepatch-6_4_0-150600_23_25-default-17-150600.2.1 * kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-18-150600.2.1 * kernel-livepatch-6_4_0-150600_23_22-default-18-150600.2.1 * kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-17-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-50154.html * https://www.suse.com/security/cve/CVE-2024-53168.html * https://www.suse.com/security/cve/CVE-2025-21692.html * https://www.suse.com/security/cve/CVE-2025-21791.html * https://www.suse.com/security/cve/CVE-2025-38089.html * https://www.suse.com/security/cve/CVE-2025-38477.html * https://bugzilla.suse.com/show_bug.cgi?id=1233072 * https://bugzilla.suse.com/show_bug.cgi?id=1237048 * https://bugzilla.suse.com/show_bug.cgi?id=1240744 * https://bugzilla.suse.com/show_bug.cgi?id=1243650 * https://bugzilla.suse.com/show_bug.cgi?id=1245509 * https://bugzilla.suse.com/show_bug.cgi?id=1247315 . This update for openSUSE addresses six important kernel vulnerabilities, enhancing security and stability.. openSUSE kernel update, security advisory important, kernel vulnerabilities fix. . Severity: Important. LinuxSecurity.com Team
* bsc#1241274 * bsc#1241275 * bsc#1241276 Cross-References: . # Security update for java-17-openjdk Announcement ID: SUSE-SU-2025:01490-1 Release Date: 2025-06-04T10:12:32Z Rating: important References: * bsc#1241274 * bsc#1241275 * bsc#1241276 Cross-References: * CVE-2025-21587 * CVE-2025-30691 * CVE-2025-30698 CVSS scores: * CVE-2025-21587 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-21587 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-21587 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-30691 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-30691 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-30691 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-30698 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-30698 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-30698 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * Legacy Module 15-SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.15+6 (April 2025 CPU) CVEs: * CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data (bsc#1241274) * CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access (bsc#1241275) * CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS (bsc#1241276) Changes: + JDK-6355567: AdobeMarkerSegment causes failure to read valid JPEG + JDK-8065099: [macos] javax/swing/PopupFactory/6276087/ /NonOpaquePopupMenuTest.java fails: no background shine through +JDK-8179502: Enhance OCSP, CRL and Certificate Fetch Timeouts + JDK-8198237: [macos] Test java/awt/Frame/ /ExceptionOnSetExtendedStateTest/ /ExceptionOnSetExtendedStateTest.java fails + JDK-8198666: Many java/awt/Modal/OnTop/ test fails on mac + JDK-8208565: [TEST_BUG] javax/swing/PopupFactory/6276087/ /NonOpaquePopupMenuTest.java throws NPE + JDK-8226933: [TEST_BUG]GTK L&F: There is no swatches or RGB tab in JColorChooser + JDK-8226938: [TEST_BUG]GTK L&F: There is no Details button in FileChooser Dialog + JDK-8266435: WBMPImageReader.read() should not truncate the input stream + JDK-8267893: Improve jtreg test failure handler do get native/mixed stack traces for cores and live processes + JDK-8270961: [TESTBUG] Move GotWrongOOMEException into vm.share.gc package + JDK-8274893: Update java.desktop classes to use try-with-resources + JDK-8276202: LogFileOutput.invalid_file_vm asserts when being executed from a read only working directory + JDK-8277240: java/awt/Graphics2D/ScaledTransform/ /ScaledTransform.java dialog does not get disposed + JDK-8281234: The -protected option is not always checked in keytool and jarsigner + JDK-8282314: nsk/jvmti/SuspendThread/suspendthrd003 may leak memory + JDK-8283387: [macos] a11y : Screen magnifier does not show selected Tab + JDK-8283404: [macos] a11y : Screen magnifier does not show JMenu name + JDK-8283664: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/PrintTextTest.java + JDK-8286779: javax.crypto.CryptoPolicyParser#isConsistent always returns 'true' + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8290400: Must run exe installers in jpackage jtreg tests without UI + JDK-8292588: [macos] Multiscreen/MultiScreenLocationTest/ /MultiScreenLocationTest.java: Robot.mouseMove test failed on Screen #0 +JDK-8292704: sun/security/tools/jarsigner/compatibility/ /Compatibility.java use wrong key size for EC + JDK-8292848: AWT_Mixing and TrayIcon tests fail on el8 with hard-coded isOel7 + JDK-8293345: SunPKCS11 provider checks on PKCS11 Mechanism are problematic + JDK-8293412: Remove unnecessary java.security.egd overrides + JDK-8294067: [macOS] javax/swing/JComboBox/6559152/ /bug6559152.java Cannot select an item from popup with the ENTER key. + JDK-8294316: SA core file support is broken on macosx-x64 starting with macOS 12.x + JDK-8295087: Manual Test to Automated Test Conversion + JDK-8295176: some langtools test pollutes source tree + JDK-8296591: Signature benchmark + JDK-8296818: Enhance JMH tests java/security/Signatures.java + JDK-8299077: [REDO] JDK-4512626 Non-editable JTextArea provides no visual indication of keyboard focus + JDK-8299127: [REDO] JDK-8194048 Regression automated test '/open/test/jdk/javax/swing/text/DefaultCaret/HidingSelection/ /HidingSelectionTest.java' fails + JDK-8299128: [REDO] JDK-8213562 Test javax/swing/text/ /DefaultCaret/HidingSelection/MultiSelectionTest.java fails + JDK-8299739: HashedPasswordFileTest.java and ExceptionTest.java can fail with java.lang.NullPointerException + JDK-8299994: java/security/Policy/Root/Root.java fails when home directory is read-only + JDK-8301989: new javax.swing.text.DefaultCaret().setBlinkRate(N) results in NPE + JDK-8302111: Serialization considerations + JDK-8305853: java/text/Format/DateFormat/ /DateFormatRegression.java fails with "Uncaught exception thrown in test method Test4089106" + JDK-8306711: Improve diagnosis of `IntlTest` framework + JDK-8308341: JNI_GetCreatedJavaVMs returns a partially initialized JVM + JDK-8309171: Test vmTestbase/nsk/jvmti/scenarios/ /jni_interception/JI05/ji05t001/TestDescription.java fails after JDK-8308341 +JDK-8309231: ProblemList vmTestbase/nsk/jvmti/scenarios/ /jni_interception/JI05/ji05t001/TestDescription.java + JDK-8309740: Expand timeout windows for tests in JDK-8179502 + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8310234: Refactor Locale tests to use JUnit + JDK-8310629: java/security/cert/CertPathValidator/OCSP/ /OCSPTimeout.java fails with RuntimeException: Server not ready + JDK-8311306: Test com/sun/management/ThreadMXBean/ /ThreadCpuTimeArray.java failed: out of expected range + JDK-8311546: Certificate name constraints improperly validated with leading period + JDK-8311663: Additional refactoring of Locale tests to JUnit + JDK-8312416: Tests in Locale should have more descriptive names + JDK-8312518: [macos13] setFullScreenWindow() shows black screen on macOS 13 & above + JDK-8313633: [macOS] java/awt/dnd/NextDropActionTest/ /NextDropActionTest.java fails with java.lang.RuntimeException: wrong next drop action! + JDK-8313710: jcmd: typo in the documentation of JFR.start and JFR.dump + JDK-8314225: SIGSEGV in JavaThread::is_lock_owned + JDK-8314610: hotspot can't compile with the latest of gtest because of + JDK-8314752: Use google test string comparison macros + JDK-8314909: tools/jpackage/windows/Win8282351Test.java fails with java.lang.AssertionError: Expected [0]. Actual [1618]: + JDK-8314975: JavadocTester should set source path if not specified + JDK-8315486: vmTestbase/nsk/jdwp/ThreadReference/ /ForceEarlyReturn/forceEarlyReturn002/forceEarlyReturn002.java timed out + JDK-8315825: Open some swing tests + JDK-8315882: Open some swing tests 2 + JDK-8315883: Open source several Swing JToolbar tests + JDK-8315952: Open source several Swing JToolbar JTooltip JTree tests + JDK-8316056: Open source several Swing JTree tests + JDK-8316146: Open some swing tests 4 + JDK-8316149: Open source several Swing JTree JViewport KeyboardManager tests + JDK-8316218: Open some swing tests 5 + JDK-8316371: Open some swing tests 6 + JDK-8316559: Refactor some util/Calendar tests to JUnit + JDK-8316627: JViewport Test headless failure + JDK-8316696: Remove the testing base classes: IntlTest and CollatorTest + JDK-8317631: Refactor ChoiceFormat tests to use JUnit + JDK-8317636: Improve heap walking API tests to verify correctness of field indexes + JDK-8318442: java/net/httpclient/ManyRequests2.java fails intermittently on Linux + JDK-8319567: Update java/lang/invoke tests to support vm flags + JDK-8319568: Update java/lang/reflect/exeCallerAccessTest/ /CallerAccessTest.java to accept vm flags + JDK-8319569: Several java/util tests should be updated to accept VM flags + JDK-8319647: Few java/lang/System/LoggerFinder/modules tests ignore vm flags + JDK-8319648: java/lang/SecurityManager tests ignore vm flags + JDK-8319672: Several classloader tests ignore VM flags + JDK-8319673: Few security tests ignore VM flags + JDK-8319676: A couple of jdk/modules/incubator/ tests ignore VM flags + JDK-8319677: Test jdk/internal/misc/VM/RuntimeArguments.java should be marked as flagless + JDK-8319818: Address GCC 13.2.0 warnings (stringop-overflow and dangling-pointer) + JDK-8320372: test/jdk/sun/security/x509/DNSName/ /LeadingPeriod.java validity check failed + JDK-8320676: Manual printer tests have no Pass/Fail buttons, instructions close set 1 + JDK-8320691: Timeout handler on Windows takes 2 hours to complete + JDK-8320714: java/util/Locale/LocaleProvidersRun.java and java/util/ResourceBundle/modules/visibility/ /VisibilityTest.java timeout after passing + JDK-8320916: jdk/jfr/event/gc/stacktrace/ /TestParallelMarkSweepAllocationPendingStackTrace.java failed with "OutOfMemoryError: GC overheadlimit exceeded" + JDK-8321818: vmTestbase/nsk/stress/strace/strace015.java failed with 'Cannot read the array length because " " is null' + JDK-8323196: jdk/jfr/api/consumer/filestream/TestOrdered.java failed with "Events are not ordered! Reuse = false" + JDK-8324672: Update jdk/java/time/tck/java/time/TCKInstant.java now() to be more robust + JDK-8324807: Manual printer tests have no Pass/Fail buttons, instructions close set 2 + JDK-8325024: java/security/cert/CertPathValidator/OCSP( /OCSPTimeout.java incorrect comment information + JDK-8325042: Remove unused JVMDITools test files + JDK-8325529: Remove unused imports from `ModuleGenerator` test file + JDK-8325659: Normalize Random usage by incubator vector tests + JDK-8325906: Problemlist vmTestbase/vm/mlvm/meth/stress/ /compiler/deoptimize/Test.java#id1 until JDK-8320865 is fixed + JDK-8325908: Finish removal of IntlTest and CollatorTest + JDK-8325937: runtime/handshake/HandshakeDirectTest.java causes "monitor end should be strictly below the frame pointer" assertion failure on AArch64 + JDK-8326421: Add jtreg test for large arrayCopy disjoint case. + JDK-8326525: com/sun/tools/attach/BasicTests.java does not verify AgentLoadException case + JDK-8327098: GTest needs larger combination limit + JDK-8327476: Upgrade JLine to 3.26.1 + JDK-8327505: Test com/sun/jmx/remote/ /NotificationMarshalVersions/TestSerializationMismatch.java fails + JDK-8327857: Remove applet usage from JColorChooser tests Test4222508 + JDK-8327859: Remove applet usage from JColorChooser tests Test4319113 + JDK-8327986: ASAN reports use-after-free in DirectivesParserTest.empty_object_vm + JDK-8328005: Convert java/awt/im/JTextFieldTest.java applet test to main + JDK-8328085: C2: Use after free in PhaseChaitin::Register_Allocate() + JDK-8328121: Remove applet usage from JColorChoosertests Test4759306 + JDK-8328130: Remove applet usage from JColorChooser tests Test4759934 + JDK-8328185: Convert java/awt/image/MemoryLeakTest/ /MemoryLeakTest.java applet test to main + JDK-8328227: Remove applet usage from JColorChooser tests Test4887836 + JDK-8328368: Convert java/awt/image/multiresolution/ /MultiDisplayTest/MultiDisplayTest.java applet test to main + JDK-8328370: Convert java/awt/print/Dialog/PrintApplet.java applet test to main + JDK-8328380: Remove applet usage from JColorChooser tests Test6348456 + JDK-8328387: Convert java/awt/Frame/FrameStateTest/ /FrameStateTest.html applet test to main + JDK-8328403: Remove applet usage from JColorChooser tests Test6977726 + JDK-8328553: Get rid of JApplet in test/jdk/sanity/client/lib/SwingSet2/src/DemoModule.java + JDK-8328558: Convert javax/swing/JCheckBox/8032667/ /bug8032667.java applet test to main + JDK-8328717: Convert javax/swing/JColorChooser/8065098/ /bug8065098.java applet test to main + JDK-8328719: Convert java/awt/print/PageFormat/SetOrient.html applet test to main + JDK-8328730: Convert java/awt/print/bug8023392/bug8023392.html applet test to main + JDK-8328753: Open source few Undecorated Frame tests + JDK-8328819: Remove applet usage from JFileChooser tests bug6698013 + JDK-8328827: Convert java/awt/print/PrinterJob/ /PrinterDialogsModalityTest/PrinterDialogsModalityTest.html applet test to main + JDK-8329210: Delete Redundant Printer Dialog Modality Test + JDK-8329320: Simplify awt/print/PageFormat/NullPaper.java test + JDK-8329322: Convert PageFormat/Orient.java to use PassFailJFrame + JDK-8329692: Add more details to FrameStateTest.java test instructions + JDK-8330702: Update failure handler to don't generate Error message if cores actions are empty + JDK-8331153: JFR: Improve logging of jdk/jfr/api/consumer/filestream/TestOrdered.java + JDK-8331735: UpcallLinker::on_exit races with GC when copying frame anchor + JDK-8331959: Update PKCS#11 Cryptographic Token Interface to v3.1 + JDK-8332158: [XWayland] test/jdk/java/awt/Mouse/ /EnterExitEvents/ResizingFrameTest.java + JDK-8332917: failure_handler should execute gdb "info threads" command on linux + JDK-8333360: PrintNullString.java doesn't use float arguments + JDK-8333391: Test com/sun/jdi/InterruptHangTest.java failed: Thread was never interrupted during sleep + JDK-8333403: Write a test to check various components events are triggered properly + JDK-8333427: langtools/tools/javac/newlines/NewLineTest.java is failing on Japanese Windows + JDK-8334305: Remove all code for nsk.share.Log verbose mode + JDK-8334490: Normalize string with locale invariant `toLowerCase()` + JDK-8334777: Test javax/management/remote/mandatory/notif/ /NotifReconnectDeadlockTest.java failed with NullPointerException + JDK-8335150: Test LogGeneratedClassesTest.java fails on rpmbuild mock enviroment + JDK-8335172: Add manual steps to run security/auth/callback/ /TextCallbackHandler/Password.java test + JDK-8335789: [TESTBUG] XparColor.java test fails with Error. Parse Exception: Invalid or unrecognized bugid: @ + JDK-8336012: Fix usages of jtreg-reserved properties + JDK-8336498: [macos] [build]: install-file macro may run into permission denied error + JDK-8336692: Redo fix for JDK-8284620 + JDK-8336942: Improve test coverage for class loading elements with annotations of different retentions + JDK-8337222: gc/TestDisableExplicitGC.java fails due to unexpected CodeCache GC + JDK-8337494: Clarify JarInputStream behavior + JDK-8337692: Better TLS connection support + JDK-8337826: Improve logging in OCSPTimeout and SimpleOCSPResponder to help diagnose JDK-8309754 +JDK-8337886: java/awt/Frame/MaximizeUndecoratedTest.java fails in OEL due to a slight color difference + JDK-8337951: Test sun/security/validator/samedn.sh CertificateNotYetValidException: NotBefore validation + JDK-8338100: C2: assert(!n_loop-> is_member(get_loop(lca))) failed: control must not be back in the loop + JDK-8338426: Test java/nio/channels/Selector/WakeupNow.java failed + JDK-8338430: Improve compiler transformations + JDK-8338571: [TestBug] DefaultCloseOperation.java test not working as expected wrt instruction after JDK-8325851 fix + JDK-8338595: Add more linesize for MIME decoder in macro bench test Base64Decode + JDK-8338668: Test javax/swing/JFileChooser/8080628/ /bug8080628.java doesn't test for GTK L&F + JDK-8339154: Cleanups and JUnit conversion of test/jdk/java/util/zip/Available.java + JDK-8339261: Logs truncated in test javax/net/ssl/DTLS/DTLSRehandshakeTest.java + JDK-8339356: Test javax/net/ssl/SSLSocket/Tls13PacketSize.java failed with java.net.SocketException: An established connection was aborted by the software in your host machine + JDK-8339524: Clean up a few ExtendedRobot tests + JDK-8339687: Rearrange reachabilityFence()s in jdk.test.lib.util.ForceGC + JDK-8339728: [Accessibility,Windows,JAWS] Bug in the getKeyChar method of the AccessBridge class + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339883: Open source several AWT/2D related tests + JDK-8339902: Open source couple TextField related tests + JDK-8339943: Frame not disposed in java/awt/dnd/DropActionChangeTest.java + JDK-8340078: Open source several 2D tests + JDK-8340116: test/jdk/sun/security/tools/jarsigner/ /PreserveRawManifestEntryAndDigest.java can fail due to regex + JDK-8340411: open source several 2D imaging tests + JDK-8340480: Bad copyright notices in changesfrom JDK-8339902 + JDK-8340687: Open source closed frame tests #1 + JDK-8340719: Open source AWT List tests + JDK-8340969: jdk/jfr/startupargs/TestStartDuration.java should be marked as flagless + JDK-8341037: Use standard layouts in DefaultFrameIconTest.java and MenuCrash.java + JDK-8341111: open source several AWT tests including menu shortcut tests + JDK-8341316: [macos] javax/swing/ProgressMonitor/ /ProgressMonitorEscapeKeyPress.java fails sometimes in macos + JDK-8341412: Various test failures after JDK-8334305 + JDK-8341424: GHA: Collect hs_errs from build time failures + JDK-8341453: java/awt/a11y/AccessibleJTableTest.java fails in some cases where the test tables are not visible + JDK-8341722: Fix some warnings as errors when building on Linux with toolchain clang + JDK-8341881: [REDO] java/nio/file/attribute/ /BasicFileAttributeView/CreationTime.java#tmp fails on alinux3 + JDK-8341978: Improve JButton/bug4490179.java + JDK-8341982: Simplify JButton/bug4323121.java + JDK-8342098: Write a test to compare the images + JDK-8342145: File libCreationTimeHelper.c compile fails on Alpine + JDK-8342270: Test sun/security/pkcs11/Provider/ /RequiredMechCheck.java needs write access to src tree + JDK-8342498: Add test for Allocation elimination after use as alignment reference by SuperWord + JDK-8342508: Use latch in BasicMenuUI/bug4983388.java instead of delay + JDK-8342541: Exclude List/KeyEventsTest/KeyEventsTest.java from running on macOS + JDK-8342562: Enhance Deflater operations + JDK-8342602: Remove JButton/PressedButtonRightClickTest test + JDK-8342607: Enhance register printing on x86_64 platforms + JDK-8342609: jpackage test helper function incorrectly removes a directory instead of its contents only + JDK-8342634: javax/imageio/plugins/wbmp/ /WBMPStreamTruncateTest.java creates temp file in src dir +JDK-8342635: javax/swing/JFileChooser/FileSystemView/ /WindowsDefaultIconSizeTest.java creates tmp file in src dir + JDK-8342704: GHA: Report truncation is broken after JDK-8341424 + JDK-8342811: java/net/httpclient/PlainProxyConnectionTest.java failed: Unexpected connection count: 5 + JDK-8342858: Make target mac-jdk-bundle fails on chmod command + JDK-8342988: GHA: Build JTReg in single step + JDK-8343007: Enhance Buffered Image handling + JDK-8343100: Consolidate EmptyFolderTest and EmptyFolderPackageTest jpackage tests into single java file + JDK-8343101: Rework BasicTest.testTemp test cases + JDK-8343118: [TESTBUG] java/awt/PrintJob/PrintCheckboxTest/ /PrintCheckboxManualTest.java fails with Error. Can't find HTML file PrintCheckboxManualTest.html + JDK-8343128: PassFailJFrame.java test result: Error. Bad action for script: build} + JDK-8343129: Disable unstable check of ThreadsListHandle.sanity_vm ThreadList values + JDK-8343178: Test BasicTest.java javac compile fails cannot find symbol + JDK-8343378: Exceptions in javax/management DeadLockTest.java do not cause test failure + JDK-8343491: javax/management/remote/mandatory/connection/ /DeadLockTest.java failing with NoSuchObjectException: no such object in table + JDK-8343599: Kmem limit and max values swapped when printing container information + JDK-8343724: [PPC64] Disallow OptoScheduling + JDK-8343882: BasicAnnoTests doesn't handle multiple annotations at the same position + JDK-8344581: [TESTBUG] java/awt/Robot/ /ScreenCaptureRobotTest.java failing on macOS + JDK-8344589: Update IANA Language Subtag Registry to Version 2024-11-19 + JDK-8344646: The libjsig deprecation warning should go to stderr not stdout + JDK-8345296: AArch64: VM crashes with SIGILL when prctl is disallowed + JDK-8345368: java/io/File/createTempFile/SpecialTempFile.java fails onWindows Server 2025 + JDK-8345371: Bump update version for OpenJDK: jdk-17.0.15 + JDK-8345375: Improve debuggability of test/jdk/java/net/Socket/CloseAvailable.java + JDK-8345414: Google CAInterop test failures + JDK-8345468: test/jdk/javax/swing/JScrollBar/4865918/ /bug4865918.java fails in ubuntu22.04 + JDK-8346055: javax/swing/text/StyledEditorKit/4506788/ /bug4506788.java fails in ubuntu22.04 + JDK-8346324: javax/swing/JScrollBar/4865918/bug4865918.java fails in CI + JDK-8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs + JDK-8346671: java/nio/file/Files/probeContentType/Basic.java fails on Windows 2025 + JDK-8346828: javax/swing/JScrollBar/4865918/bug4865918.java still fails in CI + JDK-8346887: DrawFocusRect() may cause an assertion failure + JDK-8346908: Update JDK 17 javadoc man page + JDK-8346972: Test java/nio/channels/FileChannel/ /LoopingTruncate.java fails sometimes with IOException: There is not enough space on the disk + JDK-8347424: Fix and rewrite sun/security/x509/DNSName/LeadingPeriod.java test + JDK-8347427: JTabbedPane/8134116/Bug8134116.java has no license header + JDK-8347740: java/io/File/createTempFile/SpecialTempFile.java failing + JDK-8347847: Enhance jar file support + JDK-8347965: (tz) Update Timezone Data to 2025a + JDK-8348625: [21u, 17u] Revert JDK-8185862 to restore old java.awt.headless behavior on Windows + JDK-8348675: TrayIcon tests fail in Ubuntu 24.10 Wayland + JDK-8349603: [21u, 17u, 11u] Update GHA JDKs after Jan/25 updates + JDK-8352097: (tz) zone.tab update missed in 2025a backport + JDK-8353905: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.15 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for yourproduct: * Legacy Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2025-1490=1 ## Package List: * Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-devel-17.0.15.0-150400.3.54.1 * java-17-openjdk-demo-17.0.15.0-150400.3.54.1 * java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-17.0.15.0-150400.3.54.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21587.html * https://www.suse.com/security/cve/CVE-2025-30691.html * https://www.suse.com/security/cve/CVE-2025-30698.html * https://bugzilla.suse.com/show_bug.cgi?id=1241274 * https://bugzilla.suse.com/show_bug.cgi?id=1241275 * https://bugzilla.suse.com/show_bug.cgi?id=1241276 . A critical update for SUSE's python3-setuptools resolves issues related to unauthorized access and denial-of-service vulnerabilities.. SUSE Java Update, OpenJDK Security, DoS Vulnerability, Unauthorized Access, SUSE Security Advisory. . Severity: Important. LinuxSecurity.com Team
* bsc#1234100 * bsc#1234101 * bsc#1234102 * bsc#1234103 * bsc#1234104 . # Security update for rsync Announcement ID: SUSE-SU-2025:20122-1 Release Date: 2025-02-04T08:59:16Z Rating: critical References: * bsc#1234100 * bsc#1234101 * bsc#1234102 * bsc#1234103 * bsc#1234104 * bsc#1235475 Cross-References: * CVE-2024-12084 * CVE-2024-12085 * CVE-2024-12086 * CVE-2024-12087 * CVE-2024-12088 * CVE-2024-12747 CVSS scores: * CVE-2024-12084 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-12084 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-12084 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-12085 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-12085 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-12085 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-12086 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-12086 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2024-12086 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N * CVE-2024-12087 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-12087 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-12087 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-12088 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2024-12088 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-12088 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-12747 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2024-12747 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2024-12747 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: *SUSE Linux Micro 6.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for rsync fixes the following issues: * CVE-2024-12084: Fixed Heap Buffer Overflow in Checksum Parsing (bsc#1234100). * CVE-2024-12085: Fixed Info Leak via uninitialized Stack contents defeating ASLR (bsc#1234101). * CVE-2024-12086: Fixed server leaking arbitrary client files (bsc#1234102). * CVE-2024-12087: Fixed server use of symbolic links to make client write files outside of destination directory (bsc#1234103). * CVE-2024-12088: Fixed --safe-links bypass (bsc#1234104). * CVE-2024-12747: Fixed Race Condition in rsync Handling Symbolic Links (bsc#1235475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-203=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * rsync-debuginfo-3.2.7-4.1 * rsync-3.2.7-4.1 * rsync-debugsource-3.2.7-4.1 ## References: * https://www.suse.com/security/cve/CVE-2024-12084.html * https://www.suse.com/security/cve/CVE-2024-12085.html * https://www.suse.com/security/cve/CVE-2024-12086.html * https://www.suse.com/security/cve/CVE-2024-12087.html * https://www.suse.com/security/cve/CVE-2024-12088.html * https://www.suse.com/security/cve/CVE-2024-12747.html * https://bugzilla.suse.com/show_bug.cgi?id=1234100 * https://bugzilla.suse.com/show_bug.cgi?id=1234101 * https://bugzilla.suse.com/show_bug.cgi?id=1234102 * https://bugzilla.suse.com/show_bug.cgi?id=1234103 * https://bugzilla.suse.com/show_bug.cgi?id=1234104 * https://bugzilla.suse.com/show_bug.cgi?id=1235475 . Important SUSE patch for rsync fixes several vulnerabilities, featuring a buffer overflow and a data exposure. Update your system immediately!. rsync update,SUSE critical,security fix,bufferoverflow,info leak. . Severity: Critical. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-7903 http://linux.oracle.com/errata/ELSA-2025-7903.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable LinuxNetwork: x86_64: kernel-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-abi-stablelists-5.14.0-570.17.1.0.1.el9_6.noarch.rpm kernel-core-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-debug-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-debug-core-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-debug-devel-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-debug-devel-matched-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-core-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-extra-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-debug-uki-virt-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-devel-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-devel-matched-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-doc-5.14.0-570.17.1.0.1.el9_6.noarch.rpm kernel-headers-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-modules-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-modules-core-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-modules-extra-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-tools-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-tools-libs-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-uki-virt-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-uki-virt-addons-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm perf-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm python3-perf-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm rtla-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm rv-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-cross-headers-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-tools-libs-devel-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm libperf-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm aarch64: kernel-headers-5.14.0-570.17.1.0.1.el9_6.aarch64.rpm kernel-tools-5.14.0-570.17.1.0.1.el9_6.aarch64.rpm kernel-tools-libs-5.14.0-570.17.1.0.1.el9_6.aarch64.rpm perf-5.14.0-570.17.1.0.1.el9_6.aarch64.rpm python3-perf-5.14.0-570.17.1.0.1.el9_6.aarch64.rpm rtla-5.14.0-570.17.1.0.1.el9_6.aarch64.rpm rv-5.14.0-570.17.1.0.1.el9_6.aarch64.rpm kernel-cross-headers-5.14.0-570.17.1.0.1.el9_6.aarch64.rpm kernel-tools-libs-devel-5.14.0-570.17.1.0.1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-570.17.1.0.1.el9_6.src.rpm Related CVEs: CVE-2025-21756 CVE-2025-21966 CVE-2025-37749 Description of changes: [5.14.0-570.17.1.0.1.el9_6.OL9] - nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 thread on tctx errors (CKI Backport Bot) [RHEL-87264] {CVE-2025-21633} - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (Chris Leech) [RHEL-86915] {CVE-2025-21927} - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (CKI Backport Bot) [RHEL-86840] {CVE-2025-21993} - certs: Add ECDSA signature verification self-test (Herbert Xu) [RHEL-82247] - certs: Move RSA self-test data to separate file (Herbert Xu) [RHEL-82247] - certs: Break circular dependency when selftest is modular (Herbert Xu) [RHEL-82247] - KEYS: Include linux/errno.h in linux/verification.h (Herbert Xu) [RHEL-82247] - crypto: certs: fix FIPS selftest dependency (Herbert Xu) [RHEL-82247] - New configs in certs/Kconfig (Fedora Kernel Team) [RHEL-82247] - certs: Add support for using elliptic curve keys for signing modules (Herbert Xu) [RHEL-82247] - certs: Trigger creation of RSA module signing key if it's not an RSA key (Herbert Xu) [RHEL-82247] - tpm: Change to kvalloc() in eventlog/acpi.c (Å tÄpán HoráÄek) [RHEL-82147] {CVE-2024-58005} [5.14.0-570.13.1.el9_6] - scsi: storvsc: Set correct data length for sending SCSI command without payload (Cathy Avery) [RHEL-83049] - hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (Maxim Levitsky) [RHEL-85942] - net: netvsc: Update default VMBus channels (Maxim Levitsky) [RHEL-85942] - net: mana: cleanup mana struct afterdebugfs_remove() (Maxim Levitsky) [RHEL-85942] - net: mana: Cleanup "mana" debugfs dir after cleanup of all children (Maxim Levitsky) [RHEL-85942] - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (Maxim Levitsky) [RHEL-85942] - net: mana: Fix memory leak in mana_gd_setup_irqs (Maxim Levitsky) [RHEL-85942] - net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (Maxim Levitsky) [RHEL-85942] - net: mana: use ethtool string helpers (Maxim Levitsky) [RHEL-85942] - net: mana: Enable debugfs files for MANA device (Maxim Levitsky) [RHEL-85942] - net: mana: Add get_link and get_link_ksettings in ethtool (Maxim Levitsky) [RHEL-85942] - net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (Maxim Levitsky) [RHEL-85942] - net: mana: Improve mana_set_channels() in low mem conditions (Maxim Levitsky) [RHEL-85942] - net: mana: Implement get_ringparam/set_ringparam for mana (Maxim Levitsky) [RHEL-85942] - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (Maxim Levitsky) [RHEL-85942] - ice: Fix signedness bug in ice_init_interrupt_scheme() (Petr Oros) [RHEL-80557] - ice: init flow director before RDMA (Petr Oros) [RHEL-80557] - ice: simplify VF MSI-X managing (Petr Oros) [RHEL-80557] - ice: enable_rdma devlink param (Petr Oros) [RHEL-80557] - ice: treat dyn_allowed only as suggestion (Petr Oros) [RHEL-80557] - ice, irdma: move interrupts code to irdma (Petr Oros) [RHEL-80557] - ice: get rid of num_lan_msix field (Petr Oros) [RHEL-80557] - ice: remove splitting MSI-X between features (Petr Oros) [RHEL-80557] - ice: devlink PF MSI-X max and min parameter (Petr Oros) [RHEL-80557] - ice: ice_probe: init ice_adapter after HW init (Petr Oros) [RHEL-80557] - ice: minor: rename goto labels from err to unroll (Petr Oros) [RHEL-80557] - ice: split ice_init_hw() out from ice_init_dev() (Petr Oros) [RHEL-80557] - ice: c827: move wait for FW to ice_init_hw() (Petr Oros) [RHEL-80557] - smb: client: don't retry IO on failed negprotos with soft mounts (Jay Shin) [RHEL-85524] - cgroup: Remove stealtime from usage_usec (Waiman Long) [RHEL-85398] - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (CKI Backport Bot) [RHEL-85395] {CVE-2024-58069} _______________________________________________ El-errata mailing list
An update that solves three vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP5) Announcement ID: SUSE-SU-2025:01692-1 Release Date: 2025-05-23T11:34:04Z Rating: important References: * bsc#1229504 * bsc#1233019 * bsc#1234847 Cross-References: * CVE-2024-43882 * CVE-2024-50115 * CVE-2024-53156 CVSS scores: * CVE-2024-43882 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-43882 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-43882 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50115 ( SUSE ): 4.5 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H * CVE-2024-50115 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H * CVE-2024-50115 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-53156 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53156 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53156 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Serverfor SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_73 fixes several issues. The following security issues were fixed: * CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234847). * CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage (bsc#1229504). * CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1233019). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-1692=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1692=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1687=1 SUSE-2025-1688=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-1687=1 SUSE-SLE- Module-Live-Patching-15-SP4-2025-1688=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-1686=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-1686=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_44-debugsource-17-150300.2.2 * kernel-livepatch-5_3_18-150300_59_161-default-17-150300.2.2 * kernel-livepatch-5_3_18-150300_59_161-default-debuginfo-17-150300.2.2 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_161-preempt-debuginfo-17-150300.2.2 * kernel-livepatch-5_3_18-150300_59_161-preempt-17-150300.2.2 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_161-default-17-150300.2.2 * openSUSE Leap15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_119-default-17-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_27-debugsource-15-150400.2.2 * kernel-livepatch-5_14_21-150400_24_119-default-debuginfo-17-150400.2.2 * kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-15-150400.2.2 * kernel-livepatch-5_14_21-150400_24_122-default-15-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_26-debugsource-17-150400.2.2 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_119-default-17-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_27-debugsource-15-150400.2.2 * kernel-livepatch-5_14_21-150400_24_119-default-debuginfo-17-150400.2.2 * kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-15-150400.2.2 * kernel-livepatch-5_14_21-150400_24_122-default-15-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_26-debugsource-17-150400.2.2 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_73-default-debuginfo-10-150500.2.2 * kernel-livepatch-5_14_21-150500_55_73-default-10-150500.2.2 * kernel-livepatch-SLE15-SP5_Update_17-debugsource-10-150500.2.2 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_73-default-debuginfo-10-150500.2.2 * kernel-livepatch-5_14_21-150500_55_73-default-10-150500.2.2 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le x86_64) * kernel-livepatch-SLE15-SP5_Update_17-debugsource-10-150500.2.2 ## References: * https://www.suse.com/security/cve/CVE-2024-43882.html * https://www.suse.com/security/cve/CVE-2024-50115.html * https://www.suse.com/security/cve/CVE-2024-53156.html * https://bugzilla.suse.com/show_bug.cgi?id=1229504 * https://bugzilla.suse.com/show_bug.cgi?id=1233019 * https://bugzilla.suse.com/show_bug.cgi?id=1234847 . Critical security patch released for the Linux Kernel addressing several vulnerabilities in openSUSE environments. Prompt implementationrecommended.. Linux Kernel Update, openSUSE Security, Kernel Patch Instructions, Security Advisory, Threat Mitigation. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.