Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 2,134 articles for you...
217

Oracle Linux 8 Thunderbird Security Update ELSA-2026-13537 CVE-2026-6746

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-13537 http://linux.oracle.com/errata/ELSA-2026-13537.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: thunderbird-140.10.0-1.0.1.el8_10.x86_64.rpm aarch64: thunderbird-140.10.0-1.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/thunderbird-140.10.0-1.0.1.el8_10.src.rpm Related CVEs: CVE-2026-6746 CVE-2026-6747 CVE-2026-6748 CVE-2026-6749 CVE-2026-6750 CVE-2026-6751 CVE-2026-6752 CVE-2026-6753 CVE-2026-6754 CVE-2026-6757 CVE-2026-6759 CVE-2026-6761 CVE-2026-6762 CVE-2026-6763 CVE-2026-6764 CVE-2026-6765 CVE-2026-6766 CVE-2026-6767 CVE-2026-6769 CVE-2026-6770 CVE-2026-6771 CVE-2026-6772 CVE-2026-6776 CVE-2026-6785 CVE-2026-6786 Description of changes: [140.10.0-1.0.1] - Fix prefs for new nss [Orabug: 37079820] - Add Oracle prefs file [140.10.0] - Add OpenELA debranding [140.10.0-1] - Update to 140.10.0 ESR _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Updated Thunderbird package for Oracle Linux 8 addresses important security issues. Immediate patching is advised to mitigate risks.. Oracle Linux 8, Thunderbird, security advisory, important update, patch management. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 06, 2026 Important Oracle
100

SUSE Linux Mini 7.3 Key Refresh Vital Update SUSE-SU-2026-50815-3

An update that solves five vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:20499-1 Release Date: 2026-02-19T09:17:44Z Rating: important References: * bsc#1249205 * bsc#1249455 * bsc#1249480 * bsc#1253439 * bsc#1253473 Cross-References: * CVE-2025-38111 * CVE-2025-38352 * CVE-2025-39742 * CVE-2025-40129 * CVE-2025-40186 CVSS scores: * CVE-2025-38111 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38111 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38111 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-38352 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38352 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39742 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39742 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39742 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40129 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40129 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40186 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40186 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-24.1 fixes various security issues The following security issues were fixed: * CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1249455). * CVE-2025-38352: posix-cpu-timers: fix racebetween handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1249205). * CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249480). * CVE-2025-40129: sunrpc: fix null pointer dereference on zero-length checksum (bsc#1253473). * CVE-2025-40186: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request() (bsc#1253439). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-270=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-24-default-17-1.2 * kernel-livepatch-6_4_0-24-default-debuginfo-17-1.2 * kernel-livepatch-MICRO-6-0_Update_4-debugsource-17-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38111.html * https://www.suse.com/security/cve/CVE-2025-38352.html * https://www.suse.com/security/cve/CVE-2025-39742.html * https://www.suse.com/security/cve/CVE-2025-40129.html * https://www.suse.com/security/cve/CVE-2025-40186.html * https://bugzilla.suse.com/show_bug.cgi?id=1249205 * https://bugzilla.suse.com/show_bug.cgi?id=1249455 * https://bugzilla.suse.com/show_bug.cgi?id=1249480 * https://bugzilla.suse.com/show_bug.cgi?id=1253439 * https://bugzilla.suse.com/show_bug.cgi?id=1253473 . Update for SUSE Linux Enterprise Micro 6.0 addresses five important security issues with the kernel, enhancing system safety.. SUSE Linux Kernel Patch Update Live Security Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 27, 2026 Important SuSE
100

SUSE Linux Micro 6.0 Kernel Important Threat 20500-1 CVE-2025-38111

An update that solves five vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:20500-1 Release Date: 2026-02-19T09:17:44Z Rating: important References: * bsc#1249205 * bsc#1249455 * bsc#1249480 * bsc#1253439 * bsc#1253473 Cross-References: * CVE-2025-38111 * CVE-2025-38352 * CVE-2025-39742 * CVE-2025-40129 * CVE-2025-40186 CVSS scores: * CVE-2025-38111 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38111 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38111 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-38352 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38352 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39742 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39742 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39742 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40129 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40129 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40186 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40186 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: * CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1249455). * CVE-2025-38352: posix-cpu-timers: fix racebetween handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1249205). * CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249480). * CVE-2025-40129: sunrpc: fix null pointer dereference on zero-length checksum (bsc#1253473). * CVE-2025-40186: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request() (bsc#1253439). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-271=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-25-default-debuginfo-15-1.2 * kernel-livepatch-6_4_0-25-default-15-1.2 * kernel-livepatch-MICRO-6-0_Update_5-debugsource-15-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38111.html * https://www.suse.com/security/cve/CVE-2025-38352.html * https://www.suse.com/security/cve/CVE-2025-39742.html * https://www.suse.com/security/cve/CVE-2025-40129.html * https://www.suse.com/security/cve/CVE-2025-40186.html * https://bugzilla.suse.com/show_bug.cgi?id=1249205 * https://bugzilla.suse.com/show_bug.cgi?id=1249455 * https://bugzilla.suse.com/show_bug.cgi?id=1249480 * https://bugzilla.suse.com/show_bug.cgi?id=1253439 * https://bugzilla.suse.com/show_bug.cgi?id=1253473 . An important security update for SUSE Linux Enterprise Micro 6.0 fixes critical issues in the kernel affecting various components.. SUSE Linux Kernel Patch Important Update Security. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 27, 2026 Important SuSE
202

openSUSE 15.6: Kernel Important Security Fix 2025:03566-1 CVE-2025-21791

An update that solves six vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6) Announcement ID: SUSE-SU-2025:03566-1 Release Date: 2025-10-12T07:04:09Z Rating: important References: * bsc#1233072 * bsc#1237048 * bsc#1240744 * bsc#1243650 * bsc#1245509 * bsc#1247315 Cross-References: * CVE-2024-50154 * CVE-2024-53168 * CVE-2025-21692 * CVE-2025-21791 * CVE-2025-38089 * CVE-2025-38477 CVSS scores: * CVE-2024-50154 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50154 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50154 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50154 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53168 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53168 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53168 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21692 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21791 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38089 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38089 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38477( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_23_25 fixes several issues. The following security issues were fixed: * CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315). * CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650). * CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233072). * CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744). * CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (bsc#1245509). * CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3566=1 SUSE-2025-3565=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3566=1 SUSE-SLE- Module-Live-Patching-15-SP6-2025-3565=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_5-debugsource-17-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_4-debugsource-18-150600.2.1 * kernel-livepatch-6_4_0-150600_23_25-default-17-150600.2.1 * kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-18-150600.2.1 * kernel-livepatch-6_4_0-150600_23_22-default-18-150600.2.1 *kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-17-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_5-debugsource-17-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_4-debugsource-18-150600.2.1 * kernel-livepatch-6_4_0-150600_23_25-default-17-150600.2.1 * kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-18-150600.2.1 * kernel-livepatch-6_4_0-150600_23_22-default-18-150600.2.1 * kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-17-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-50154.html * https://www.suse.com/security/cve/CVE-2024-53168.html * https://www.suse.com/security/cve/CVE-2025-21692.html * https://www.suse.com/security/cve/CVE-2025-21791.html * https://www.suse.com/security/cve/CVE-2025-38089.html * https://www.suse.com/security/cve/CVE-2025-38477.html * https://bugzilla.suse.com/show_bug.cgi?id=1233072 * https://bugzilla.suse.com/show_bug.cgi?id=1237048 * https://bugzilla.suse.com/show_bug.cgi?id=1240744 * https://bugzilla.suse.com/show_bug.cgi?id=1243650 * https://bugzilla.suse.com/show_bug.cgi?id=1245509 * https://bugzilla.suse.com/show_bug.cgi?id=1247315 . This update for openSUSE addresses six important kernel vulnerabilities, enhancing security and stability.. openSUSE kernel update, security advisory important, kernel vulnerabilities fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Oct 13, 2025 Important OpenSUSE
100

SUSE 15 SP7: 2025:01490-1 critical: java-17-openjdk unauthorized access

* bsc#1241274 * bsc#1241275 * bsc#1241276 Cross-References: . # Security update for java-17-openjdk Announcement ID: SUSE-SU-2025:01490-1 Release Date: 2025-06-04T10:12:32Z Rating: important References: * bsc#1241274 * bsc#1241275 * bsc#1241276 Cross-References: * CVE-2025-21587 * CVE-2025-30691 * CVE-2025-30698 CVSS scores: * CVE-2025-21587 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-21587 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-21587 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-30691 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-30691 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-30691 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-30698 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-30698 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-30698 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * Legacy Module 15-SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.15+6 (April 2025 CPU) CVEs: * CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data (bsc#1241274) * CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access (bsc#1241275) * CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS (bsc#1241276) Changes: + JDK-6355567: AdobeMarkerSegment causes failure to read valid JPEG + JDK-8065099: [macos] javax/swing/PopupFactory/6276087/ /NonOpaquePopupMenuTest.java fails: no background shine through +JDK-8179502: Enhance OCSP, CRL and Certificate Fetch Timeouts + JDK-8198237: [macos] Test java/awt/Frame/ /ExceptionOnSetExtendedStateTest/ /ExceptionOnSetExtendedStateTest.java fails + JDK-8198666: Many java/awt/Modal/OnTop/ test fails on mac + JDK-8208565: [TEST_BUG] javax/swing/PopupFactory/6276087/ /NonOpaquePopupMenuTest.java throws NPE + JDK-8226933: [TEST_BUG]GTK L&F: There is no swatches or RGB tab in JColorChooser + JDK-8226938: [TEST_BUG]GTK L&F: There is no Details button in FileChooser Dialog + JDK-8266435: WBMPImageReader.read() should not truncate the input stream + JDK-8267893: Improve jtreg test failure handler do get native/mixed stack traces for cores and live processes + JDK-8270961: [TESTBUG] Move GotWrongOOMEException into vm.share.gc package + JDK-8274893: Update java.desktop classes to use try-with-resources + JDK-8276202: LogFileOutput.invalid_file_vm asserts when being executed from a read only working directory + JDK-8277240: java/awt/Graphics2D/ScaledTransform/ /ScaledTransform.java dialog does not get disposed + JDK-8281234: The -protected option is not always checked in keytool and jarsigner + JDK-8282314: nsk/jvmti/SuspendThread/suspendthrd003 may leak memory + JDK-8283387: [macos] a11y : Screen magnifier does not show selected Tab + JDK-8283404: [macos] a11y : Screen magnifier does not show JMenu name + JDK-8283664: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/PrintTextTest.java + JDK-8286779: javax.crypto.CryptoPolicyParser#isConsistent always returns 'true' + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8290400: Must run exe installers in jpackage jtreg tests without UI + JDK-8292588: [macos] Multiscreen/MultiScreenLocationTest/ /MultiScreenLocationTest.java: Robot.mouseMove test failed on Screen #0 +JDK-8292704: sun/security/tools/jarsigner/compatibility/ /Compatibility.java use wrong key size for EC + JDK-8292848: AWT_Mixing and TrayIcon tests fail on el8 with hard-coded isOel7 + JDK-8293345: SunPKCS11 provider checks on PKCS11 Mechanism are problematic + JDK-8293412: Remove unnecessary java.security.egd overrides + JDK-8294067: [macOS] javax/swing/JComboBox/6559152/ /bug6559152.java Cannot select an item from popup with the ENTER key. + JDK-8294316: SA core file support is broken on macosx-x64 starting with macOS 12.x + JDK-8295087: Manual Test to Automated Test Conversion + JDK-8295176: some langtools test pollutes source tree + JDK-8296591: Signature benchmark + JDK-8296818: Enhance JMH tests java/security/Signatures.java + JDK-8299077: [REDO] JDK-4512626 Non-editable JTextArea provides no visual indication of keyboard focus + JDK-8299127: [REDO] JDK-8194048 Regression automated test '/open/test/jdk/javax/swing/text/DefaultCaret/HidingSelection/ /HidingSelectionTest.java' fails + JDK-8299128: [REDO] JDK-8213562 Test javax/swing/text/ /DefaultCaret/HidingSelection/MultiSelectionTest.java fails + JDK-8299739: HashedPasswordFileTest.java and ExceptionTest.java can fail with java.lang.NullPointerException + JDK-8299994: java/security/Policy/Root/Root.java fails when home directory is read-only + JDK-8301989: new javax.swing.text.DefaultCaret().setBlinkRate(N) results in NPE + JDK-8302111: Serialization considerations + JDK-8305853: java/text/Format/DateFormat/ /DateFormatRegression.java fails with "Uncaught exception thrown in test method Test4089106" + JDK-8306711: Improve diagnosis of `IntlTest` framework + JDK-8308341: JNI_GetCreatedJavaVMs returns a partially initialized JVM + JDK-8309171: Test vmTestbase/nsk/jvmti/scenarios/ /jni_interception/JI05/ji05t001/TestDescription.java fails after JDK-8308341 +JDK-8309231: ProblemList vmTestbase/nsk/jvmti/scenarios/ /jni_interception/JI05/ji05t001/TestDescription.java + JDK-8309740: Expand timeout windows for tests in JDK-8179502 + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8310234: Refactor Locale tests to use JUnit + JDK-8310629: java/security/cert/CertPathValidator/OCSP/ /OCSPTimeout.java fails with RuntimeException: Server not ready + JDK-8311306: Test com/sun/management/ThreadMXBean/ /ThreadCpuTimeArray.java failed: out of expected range + JDK-8311546: Certificate name constraints improperly validated with leading period + JDK-8311663: Additional refactoring of Locale tests to JUnit + JDK-8312416: Tests in Locale should have more descriptive names + JDK-8312518: [macos13] setFullScreenWindow() shows black screen on macOS 13 & above + JDK-8313633: [macOS] java/awt/dnd/NextDropActionTest/ /NextDropActionTest.java fails with java.lang.RuntimeException: wrong next drop action! + JDK-8313710: jcmd: typo in the documentation of JFR.start and JFR.dump + JDK-8314225: SIGSEGV in JavaThread::is_lock_owned + JDK-8314610: hotspot can't compile with the latest of gtest because of + JDK-8314752: Use google test string comparison macros + JDK-8314909: tools/jpackage/windows/Win8282351Test.java fails with java.lang.AssertionError: Expected [0]. Actual [1618]: + JDK-8314975: JavadocTester should set source path if not specified + JDK-8315486: vmTestbase/nsk/jdwp/ThreadReference/ /ForceEarlyReturn/forceEarlyReturn002/forceEarlyReturn002.java timed out + JDK-8315825: Open some swing tests + JDK-8315882: Open some swing tests 2 + JDK-8315883: Open source several Swing JToolbar tests + JDK-8315952: Open source several Swing JToolbar JTooltip JTree tests + JDK-8316056: Open source several Swing JTree tests + JDK-8316146: Open some swing tests 4 + JDK-8316149: Open source several Swing JTree JViewport KeyboardManager tests + JDK-8316218: Open some swing tests 5 + JDK-8316371: Open some swing tests 6 + JDK-8316559: Refactor some util/Calendar tests to JUnit + JDK-8316627: JViewport Test headless failure + JDK-8316696: Remove the testing base classes: IntlTest and CollatorTest + JDK-8317631: Refactor ChoiceFormat tests to use JUnit + JDK-8317636: Improve heap walking API tests to verify correctness of field indexes + JDK-8318442: java/net/httpclient/ManyRequests2.java fails intermittently on Linux + JDK-8319567: Update java/lang/invoke tests to support vm flags + JDK-8319568: Update java/lang/reflect/exeCallerAccessTest/ /CallerAccessTest.java to accept vm flags + JDK-8319569: Several java/util tests should be updated to accept VM flags + JDK-8319647: Few java/lang/System/LoggerFinder/modules tests ignore vm flags + JDK-8319648: java/lang/SecurityManager tests ignore vm flags + JDK-8319672: Several classloader tests ignore VM flags + JDK-8319673: Few security tests ignore VM flags + JDK-8319676: A couple of jdk/modules/incubator/ tests ignore VM flags + JDK-8319677: Test jdk/internal/misc/VM/RuntimeArguments.java should be marked as flagless + JDK-8319818: Address GCC 13.2.0 warnings (stringop-overflow and dangling-pointer) + JDK-8320372: test/jdk/sun/security/x509/DNSName/ /LeadingPeriod.java validity check failed + JDK-8320676: Manual printer tests have no Pass/Fail buttons, instructions close set 1 + JDK-8320691: Timeout handler on Windows takes 2 hours to complete + JDK-8320714: java/util/Locale/LocaleProvidersRun.java and java/util/ResourceBundle/modules/visibility/ /VisibilityTest.java timeout after passing + JDK-8320916: jdk/jfr/event/gc/stacktrace/ /TestParallelMarkSweepAllocationPendingStackTrace.java failed with "OutOfMemoryError: GC overheadlimit exceeded" + JDK-8321818: vmTestbase/nsk/stress/strace/strace015.java failed with 'Cannot read the array length because " " is null' + JDK-8323196: jdk/jfr/api/consumer/filestream/TestOrdered.java failed with "Events are not ordered! Reuse = false" + JDK-8324672: Update jdk/java/time/tck/java/time/TCKInstant.java now() to be more robust + JDK-8324807: Manual printer tests have no Pass/Fail buttons, instructions close set 2 + JDK-8325024: java/security/cert/CertPathValidator/OCSP( /OCSPTimeout.java incorrect comment information + JDK-8325042: Remove unused JVMDITools test files + JDK-8325529: Remove unused imports from `ModuleGenerator` test file + JDK-8325659: Normalize Random usage by incubator vector tests + JDK-8325906: Problemlist vmTestbase/vm/mlvm/meth/stress/ /compiler/deoptimize/Test.java#id1 until JDK-8320865 is fixed + JDK-8325908: Finish removal of IntlTest and CollatorTest + JDK-8325937: runtime/handshake/HandshakeDirectTest.java causes "monitor end should be strictly below the frame pointer" assertion failure on AArch64 + JDK-8326421: Add jtreg test for large arrayCopy disjoint case. + JDK-8326525: com/sun/tools/attach/BasicTests.java does not verify AgentLoadException case + JDK-8327098: GTest needs larger combination limit + JDK-8327476: Upgrade JLine to 3.26.1 + JDK-8327505: Test com/sun/jmx/remote/ /NotificationMarshalVersions/TestSerializationMismatch.java fails + JDK-8327857: Remove applet usage from JColorChooser tests Test4222508 + JDK-8327859: Remove applet usage from JColorChooser tests Test4319113 + JDK-8327986: ASAN reports use-after-free in DirectivesParserTest.empty_object_vm + JDK-8328005: Convert java/awt/im/JTextFieldTest.java applet test to main + JDK-8328085: C2: Use after free in PhaseChaitin::Register_Allocate() + JDK-8328121: Remove applet usage from JColorChoosertests Test4759306 + JDK-8328130: Remove applet usage from JColorChooser tests Test4759934 + JDK-8328185: Convert java/awt/image/MemoryLeakTest/ /MemoryLeakTest.java applet test to main + JDK-8328227: Remove applet usage from JColorChooser tests Test4887836 + JDK-8328368: Convert java/awt/image/multiresolution/ /MultiDisplayTest/MultiDisplayTest.java applet test to main + JDK-8328370: Convert java/awt/print/Dialog/PrintApplet.java applet test to main + JDK-8328380: Remove applet usage from JColorChooser tests Test6348456 + JDK-8328387: Convert java/awt/Frame/FrameStateTest/ /FrameStateTest.html applet test to main + JDK-8328403: Remove applet usage from JColorChooser tests Test6977726 + JDK-8328553: Get rid of JApplet in test/jdk/sanity/client/lib/SwingSet2/src/DemoModule.java + JDK-8328558: Convert javax/swing/JCheckBox/8032667/ /bug8032667.java applet test to main + JDK-8328717: Convert javax/swing/JColorChooser/8065098/ /bug8065098.java applet test to main + JDK-8328719: Convert java/awt/print/PageFormat/SetOrient.html applet test to main + JDK-8328730: Convert java/awt/print/bug8023392/bug8023392.html applet test to main + JDK-8328753: Open source few Undecorated Frame tests + JDK-8328819: Remove applet usage from JFileChooser tests bug6698013 + JDK-8328827: Convert java/awt/print/PrinterJob/ /PrinterDialogsModalityTest/PrinterDialogsModalityTest.html applet test to main + JDK-8329210: Delete Redundant Printer Dialog Modality Test + JDK-8329320: Simplify awt/print/PageFormat/NullPaper.java test + JDK-8329322: Convert PageFormat/Orient.java to use PassFailJFrame + JDK-8329692: Add more details to FrameStateTest.java test instructions + JDK-8330702: Update failure handler to don't generate Error message if cores actions are empty + JDK-8331153: JFR: Improve logging of jdk/jfr/api/consumer/filestream/TestOrdered.java + JDK-8331735: UpcallLinker::on_exit races with GC when copying frame anchor + JDK-8331959: Update PKCS#11 Cryptographic Token Interface to v3.1 + JDK-8332158: [XWayland] test/jdk/java/awt/Mouse/ /EnterExitEvents/ResizingFrameTest.java + JDK-8332917: failure_handler should execute gdb "info threads" command on linux + JDK-8333360: PrintNullString.java doesn't use float arguments + JDK-8333391: Test com/sun/jdi/InterruptHangTest.java failed: Thread was never interrupted during sleep + JDK-8333403: Write a test to check various components events are triggered properly + JDK-8333427: langtools/tools/javac/newlines/NewLineTest.java is failing on Japanese Windows + JDK-8334305: Remove all code for nsk.share.Log verbose mode + JDK-8334490: Normalize string with locale invariant `toLowerCase()` + JDK-8334777: Test javax/management/remote/mandatory/notif/ /NotifReconnectDeadlockTest.java failed with NullPointerException + JDK-8335150: Test LogGeneratedClassesTest.java fails on rpmbuild mock enviroment + JDK-8335172: Add manual steps to run security/auth/callback/ /TextCallbackHandler/Password.java test + JDK-8335789: [TESTBUG] XparColor.java test fails with Error. Parse Exception: Invalid or unrecognized bugid: @ + JDK-8336012: Fix usages of jtreg-reserved properties + JDK-8336498: [macos] [build]: install-file macro may run into permission denied error + JDK-8336692: Redo fix for JDK-8284620 + JDK-8336942: Improve test coverage for class loading elements with annotations of different retentions + JDK-8337222: gc/TestDisableExplicitGC.java fails due to unexpected CodeCache GC + JDK-8337494: Clarify JarInputStream behavior + JDK-8337692: Better TLS connection support + JDK-8337826: Improve logging in OCSPTimeout and SimpleOCSPResponder to help diagnose JDK-8309754 +JDK-8337886: java/awt/Frame/MaximizeUndecoratedTest.java fails in OEL due to a slight color difference + JDK-8337951: Test sun/security/validator/samedn.sh CertificateNotYetValidException: NotBefore validation + JDK-8338100: C2: assert(!n_loop-> is_member(get_loop(lca))) failed: control must not be back in the loop + JDK-8338426: Test java/nio/channels/Selector/WakeupNow.java failed + JDK-8338430: Improve compiler transformations + JDK-8338571: [TestBug] DefaultCloseOperation.java test not working as expected wrt instruction after JDK-8325851 fix + JDK-8338595: Add more linesize for MIME decoder in macro bench test Base64Decode + JDK-8338668: Test javax/swing/JFileChooser/8080628/ /bug8080628.java doesn't test for GTK L&F + JDK-8339154: Cleanups and JUnit conversion of test/jdk/java/util/zip/Available.java + JDK-8339261: Logs truncated in test javax/net/ssl/DTLS/DTLSRehandshakeTest.java + JDK-8339356: Test javax/net/ssl/SSLSocket/Tls13PacketSize.java failed with java.net.SocketException: An established connection was aborted by the software in your host machine + JDK-8339524: Clean up a few ExtendedRobot tests + JDK-8339687: Rearrange reachabilityFence()s in jdk.test.lib.util.ForceGC + JDK-8339728: [Accessibility,Windows,JAWS] Bug in the getKeyChar method of the AccessBridge class + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339883: Open source several AWT/2D related tests + JDK-8339902: Open source couple TextField related tests + JDK-8339943: Frame not disposed in java/awt/dnd/DropActionChangeTest.java + JDK-8340078: Open source several 2D tests + JDK-8340116: test/jdk/sun/security/tools/jarsigner/ /PreserveRawManifestEntryAndDigest.java can fail due to regex + JDK-8340411: open source several 2D imaging tests + JDK-8340480: Bad copyright notices in changesfrom JDK-8339902 + JDK-8340687: Open source closed frame tests #1 + JDK-8340719: Open source AWT List tests + JDK-8340969: jdk/jfr/startupargs/TestStartDuration.java should be marked as flagless + JDK-8341037: Use standard layouts in DefaultFrameIconTest.java and MenuCrash.java + JDK-8341111: open source several AWT tests including menu shortcut tests + JDK-8341316: [macos] javax/swing/ProgressMonitor/ /ProgressMonitorEscapeKeyPress.java fails sometimes in macos + JDK-8341412: Various test failures after JDK-8334305 + JDK-8341424: GHA: Collect hs_errs from build time failures + JDK-8341453: java/awt/a11y/AccessibleJTableTest.java fails in some cases where the test tables are not visible + JDK-8341722: Fix some warnings as errors when building on Linux with toolchain clang + JDK-8341881: [REDO] java/nio/file/attribute/ /BasicFileAttributeView/CreationTime.java#tmp fails on alinux3 + JDK-8341978: Improve JButton/bug4490179.java + JDK-8341982: Simplify JButton/bug4323121.java + JDK-8342098: Write a test to compare the images + JDK-8342145: File libCreationTimeHelper.c compile fails on Alpine + JDK-8342270: Test sun/security/pkcs11/Provider/ /RequiredMechCheck.java needs write access to src tree + JDK-8342498: Add test for Allocation elimination after use as alignment reference by SuperWord + JDK-8342508: Use latch in BasicMenuUI/bug4983388.java instead of delay + JDK-8342541: Exclude List/KeyEventsTest/KeyEventsTest.java from running on macOS + JDK-8342562: Enhance Deflater operations + JDK-8342602: Remove JButton/PressedButtonRightClickTest test + JDK-8342607: Enhance register printing on x86_64 platforms + JDK-8342609: jpackage test helper function incorrectly removes a directory instead of its contents only + JDK-8342634: javax/imageio/plugins/wbmp/ /WBMPStreamTruncateTest.java creates temp file in src dir +JDK-8342635: javax/swing/JFileChooser/FileSystemView/ /WindowsDefaultIconSizeTest.java creates tmp file in src dir + JDK-8342704: GHA: Report truncation is broken after JDK-8341424 + JDK-8342811: java/net/httpclient/PlainProxyConnectionTest.java failed: Unexpected connection count: 5 + JDK-8342858: Make target mac-jdk-bundle fails on chmod command + JDK-8342988: GHA: Build JTReg in single step + JDK-8343007: Enhance Buffered Image handling + JDK-8343100: Consolidate EmptyFolderTest and EmptyFolderPackageTest jpackage tests into single java file + JDK-8343101: Rework BasicTest.testTemp test cases + JDK-8343118: [TESTBUG] java/awt/PrintJob/PrintCheckboxTest/ /PrintCheckboxManualTest.java fails with Error. Can't find HTML file PrintCheckboxManualTest.html + JDK-8343128: PassFailJFrame.java test result: Error. Bad action for script: build} + JDK-8343129: Disable unstable check of ThreadsListHandle.sanity_vm ThreadList values + JDK-8343178: Test BasicTest.java javac compile fails cannot find symbol + JDK-8343378: Exceptions in javax/management DeadLockTest.java do not cause test failure + JDK-8343491: javax/management/remote/mandatory/connection/ /DeadLockTest.java failing with NoSuchObjectException: no such object in table + JDK-8343599: Kmem limit and max values swapped when printing container information + JDK-8343724: [PPC64] Disallow OptoScheduling + JDK-8343882: BasicAnnoTests doesn't handle multiple annotations at the same position + JDK-8344581: [TESTBUG] java/awt/Robot/ /ScreenCaptureRobotTest.java failing on macOS + JDK-8344589: Update IANA Language Subtag Registry to Version 2024-11-19 + JDK-8344646: The libjsig deprecation warning should go to stderr not stdout + JDK-8345296: AArch64: VM crashes with SIGILL when prctl is disallowed + JDK-8345368: java/io/File/createTempFile/SpecialTempFile.java fails onWindows Server 2025 + JDK-8345371: Bump update version for OpenJDK: jdk-17.0.15 + JDK-8345375: Improve debuggability of test/jdk/java/net/Socket/CloseAvailable.java + JDK-8345414: Google CAInterop test failures + JDK-8345468: test/jdk/javax/swing/JScrollBar/4865918/ /bug4865918.java fails in ubuntu22.04 + JDK-8346055: javax/swing/text/StyledEditorKit/4506788/ /bug4506788.java fails in ubuntu22.04 + JDK-8346324: javax/swing/JScrollBar/4865918/bug4865918.java fails in CI + JDK-8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs + JDK-8346671: java/nio/file/Files/probeContentType/Basic.java fails on Windows 2025 + JDK-8346828: javax/swing/JScrollBar/4865918/bug4865918.java still fails in CI + JDK-8346887: DrawFocusRect() may cause an assertion failure + JDK-8346908: Update JDK 17 javadoc man page + JDK-8346972: Test java/nio/channels/FileChannel/ /LoopingTruncate.java fails sometimes with IOException: There is not enough space on the disk + JDK-8347424: Fix and rewrite sun/security/x509/DNSName/LeadingPeriod.java test + JDK-8347427: JTabbedPane/8134116/Bug8134116.java has no license header + JDK-8347740: java/io/File/createTempFile/SpecialTempFile.java failing + JDK-8347847: Enhance jar file support + JDK-8347965: (tz) Update Timezone Data to 2025a + JDK-8348625: [21u, 17u] Revert JDK-8185862 to restore old java.awt.headless behavior on Windows + JDK-8348675: TrayIcon tests fail in Ubuntu 24.10 Wayland + JDK-8349603: [21u, 17u, 11u] Update GHA JDKs after Jan/25 updates + JDK-8352097: (tz) zone.tab update missed in 2025a backport + JDK-8353905: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.15 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for yourproduct: * Legacy Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2025-1490=1 ## Package List: * Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-devel-17.0.15.0-150400.3.54.1 * java-17-openjdk-demo-17.0.15.0-150400.3.54.1 * java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1 * java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1 * java-17-openjdk-headless-17.0.15.0-150400.3.54.1 ## References: * https://www.suse.com/security/cve/CVE-2025-21587.html * https://www.suse.com/security/cve/CVE-2025-30691.html * https://www.suse.com/security/cve/CVE-2025-30698.html * https://bugzilla.suse.com/show_bug.cgi?id=1241274 * https://bugzilla.suse.com/show_bug.cgi?id=1241275 * https://bugzilla.suse.com/show_bug.cgi?id=1241276 . A critical update for SUSE's python3-setuptools resolves issues related to unauthorized access and denial-of-service vulnerabilities.. SUSE Java Update, OpenJDK Security, DoS Vulnerability, Unauthorized Access, SUSE Security Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 04, 2025 Important SuSE
100

SUSE Linux Micro 6.0: 2025:20122-1 critical: rsync security update

* bsc#1234100 * bsc#1234101 * bsc#1234102 * bsc#1234103 * bsc#1234104 . # Security update for rsync Announcement ID: SUSE-SU-2025:20122-1 Release Date: 2025-02-04T08:59:16Z Rating: critical References: * bsc#1234100 * bsc#1234101 * bsc#1234102 * bsc#1234103 * bsc#1234104 * bsc#1235475 Cross-References: * CVE-2024-12084 * CVE-2024-12085 * CVE-2024-12086 * CVE-2024-12087 * CVE-2024-12088 * CVE-2024-12747 CVSS scores: * CVE-2024-12084 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-12084 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-12084 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-12085 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-12085 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-12085 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-12086 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-12086 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2024-12086 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N * CVE-2024-12087 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-12087 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-12087 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-12088 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2024-12088 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-12088 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-12747 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2024-12747 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2024-12747 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: *SUSE Linux Micro 6.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for rsync fixes the following issues: * CVE-2024-12084: Fixed Heap Buffer Overflow in Checksum Parsing (bsc#1234100). * CVE-2024-12085: Fixed Info Leak via uninitialized Stack contents defeating ASLR (bsc#1234101). * CVE-2024-12086: Fixed server leaking arbitrary client files (bsc#1234102). * CVE-2024-12087: Fixed server use of symbolic links to make client write files outside of destination directory (bsc#1234103). * CVE-2024-12088: Fixed --safe-links bypass (bsc#1234104). * CVE-2024-12747: Fixed Race Condition in rsync Handling Symbolic Links (bsc#1235475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-203=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * rsync-debuginfo-3.2.7-4.1 * rsync-3.2.7-4.1 * rsync-debugsource-3.2.7-4.1 ## References: * https://www.suse.com/security/cve/CVE-2024-12084.html * https://www.suse.com/security/cve/CVE-2024-12085.html * https://www.suse.com/security/cve/CVE-2024-12086.html * https://www.suse.com/security/cve/CVE-2024-12087.html * https://www.suse.com/security/cve/CVE-2024-12088.html * https://www.suse.com/security/cve/CVE-2024-12747.html * https://bugzilla.suse.com/show_bug.cgi?id=1234100 * https://bugzilla.suse.com/show_bug.cgi?id=1234101 * https://bugzilla.suse.com/show_bug.cgi?id=1234102 * https://bugzilla.suse.com/show_bug.cgi?id=1234103 * https://bugzilla.suse.com/show_bug.cgi?id=1234104 * https://bugzilla.suse.com/show_bug.cgi?id=1235475 . Important SUSE patch for rsync fixes several vulnerabilities, featuring a buffer overflow and a data exposure. Update your system immediately!. rsync update,SUSE critical,security fix,bufferoverflow,info leak. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 04, 2025 Critical SuSE
217

Oracle Linux 9 ELSA-2025-7903 Important: Kernel Update and Threats

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-7903 http://linux.oracle.com/errata/ELSA-2025-7903.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable LinuxNetwork: x86_64: kernel-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-abi-stablelists-5.14.0-570.17.1.0.1.el9_6.noarch.rpm kernel-core-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-debug-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-debug-core-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-debug-devel-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-debug-devel-matched-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-core-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-extra-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-debug-uki-virt-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-devel-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-devel-matched-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-doc-5.14.0-570.17.1.0.1.el9_6.noarch.rpm kernel-headers-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-modules-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-modules-core-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-modules-extra-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-tools-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-tools-libs-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-uki-virt-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-uki-virt-addons-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm perf-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm python3-perf-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm rtla-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm rv-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-cross-headers-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm kernel-tools-libs-devel-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm libperf-5.14.0-570.17.1.0.1.el9_6.x86_64.rpm aarch64: kernel-headers-5.14.0-570.17.1.0.1.el9_6.aarch64.rpm kernel-tools-5.14.0-570.17.1.0.1.el9_6.aarch64.rpm kernel-tools-libs-5.14.0-570.17.1.0.1.el9_6.aarch64.rpm perf-5.14.0-570.17.1.0.1.el9_6.aarch64.rpm python3-perf-5.14.0-570.17.1.0.1.el9_6.aarch64.rpm rtla-5.14.0-570.17.1.0.1.el9_6.aarch64.rpm rv-5.14.0-570.17.1.0.1.el9_6.aarch64.rpm kernel-cross-headers-5.14.0-570.17.1.0.1.el9_6.aarch64.rpm kernel-tools-libs-devel-5.14.0-570.17.1.0.1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-570.17.1.0.1.el9_6.src.rpm Related CVEs: CVE-2025-21756 CVE-2025-21966 CVE-2025-37749 Description of changes: [5.14.0-570.17.1.0.1.el9_6.OL9] - nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 thread on tctx errors (CKI Backport Bot) [RHEL-87264] {CVE-2025-21633} - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (Chris Leech) [RHEL-86915] {CVE-2025-21927} - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (CKI Backport Bot) [RHEL-86840] {CVE-2025-21993} - certs: Add ECDSA signature verification self-test (Herbert Xu) [RHEL-82247] - certs: Move RSA self-test data to separate file (Herbert Xu) [RHEL-82247] - certs: Break circular dependency when selftest is modular (Herbert Xu) [RHEL-82247] - KEYS: Include linux/errno.h in linux/verification.h (Herbert Xu) [RHEL-82247] - crypto: certs: fix FIPS selftest dependency (Herbert Xu) [RHEL-82247] - New configs in certs/Kconfig (Fedora Kernel Team) [RHEL-82247] - certs: Add support for using elliptic curve keys for signing modules (Herbert Xu) [RHEL-82247] - certs: Trigger creation of RSA module signing key if it's not an RSA key (Herbert Xu) [RHEL-82247] - tpm: Change to kvalloc() in eventlog/acpi.c (Štěpán Horáček) [RHEL-82147] {CVE-2024-58005} [5.14.0-570.13.1.el9_6] - scsi: storvsc: Set correct data length for sending SCSI command without payload (Cathy Avery) [RHEL-83049] - hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (Maxim Levitsky) [RHEL-85942] - net: netvsc: Update default VMBus channels (Maxim Levitsky) [RHEL-85942] - net: mana: cleanup mana struct afterdebugfs_remove() (Maxim Levitsky) [RHEL-85942] - net: mana: Cleanup "mana" debugfs dir after cleanup of all children (Maxim Levitsky) [RHEL-85942] - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (Maxim Levitsky) [RHEL-85942] - net: mana: Fix memory leak in mana_gd_setup_irqs (Maxim Levitsky) [RHEL-85942] - net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (Maxim Levitsky) [RHEL-85942] - net: mana: use ethtool string helpers (Maxim Levitsky) [RHEL-85942] - net: mana: Enable debugfs files for MANA device (Maxim Levitsky) [RHEL-85942] - net: mana: Add get_link and get_link_ksettings in ethtool (Maxim Levitsky) [RHEL-85942] - net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (Maxim Levitsky) [RHEL-85942] - net: mana: Improve mana_set_channels() in low mem conditions (Maxim Levitsky) [RHEL-85942] - net: mana: Implement get_ringparam/set_ringparam for mana (Maxim Levitsky) [RHEL-85942] - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (Maxim Levitsky) [RHEL-85942] - ice: Fix signedness bug in ice_init_interrupt_scheme() (Petr Oros) [RHEL-80557] - ice: init flow director before RDMA (Petr Oros) [RHEL-80557] - ice: simplify VF MSI-X managing (Petr Oros) [RHEL-80557] - ice: enable_rdma devlink param (Petr Oros) [RHEL-80557] - ice: treat dyn_allowed only as suggestion (Petr Oros) [RHEL-80557] - ice, irdma: move interrupts code to irdma (Petr Oros) [RHEL-80557] - ice: get rid of num_lan_msix field (Petr Oros) [RHEL-80557] - ice: remove splitting MSI-X between features (Petr Oros) [RHEL-80557] - ice: devlink PF MSI-X max and min parameter (Petr Oros) [RHEL-80557] - ice: ice_probe: init ice_adapter after HW init (Petr Oros) [RHEL-80557] - ice: minor: rename goto labels from err to unroll (Petr Oros) [RHEL-80557] - ice: split ice_init_hw() out from ice_init_dev() (Petr Oros) [RHEL-80557] - ice: c827: move wait for FW to ice_init_hw() (Petr Oros) [RHEL-80557] - smb: client: don't retry IO on failed negprotos with soft mounts (Jay Shin) [RHEL-85524] - cgroup: Remove stealtime from usage_usec (Waiman Long) [RHEL-85398] - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (CKI Backport Bot) [RHEL-85395] {CVE-2024-58069} _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Red Hat Security Advisory ELSA-2025-1234 emphasizes vital system enhancements to mitigate vulnerabilities in the operating system.. Oracle Linux Kernel Update, Security Advisory, Important Patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 27, 2025 Important Oracle
202

openSUSE 15: 2025 Kernel Update 01692-1 Tackles Serious Security Threats

An update that solves three vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP5) Announcement ID: SUSE-SU-2025:01692-1 Release Date: 2025-05-23T11:34:04Z Rating: important References: * bsc#1229504 * bsc#1233019 * bsc#1234847 Cross-References: * CVE-2024-43882 * CVE-2024-50115 * CVE-2024-53156 CVSS scores: * CVE-2024-43882 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-43882 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-43882 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50115 ( SUSE ): 4.5 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H * CVE-2024-50115 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H * CVE-2024-50115 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-53156 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53156 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53156 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Serverfor SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_73 fixes several issues. The following security issues were fixed: * CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234847). * CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage (bsc#1229504). * CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1233019). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-1692=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1692=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1687=1 SUSE-2025-1688=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-1687=1 SUSE-SLE- Module-Live-Patching-15-SP4-2025-1688=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-1686=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-1686=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_44-debugsource-17-150300.2.2 * kernel-livepatch-5_3_18-150300_59_161-default-17-150300.2.2 * kernel-livepatch-5_3_18-150300_59_161-default-debuginfo-17-150300.2.2 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_161-preempt-debuginfo-17-150300.2.2 * kernel-livepatch-5_3_18-150300_59_161-preempt-17-150300.2.2 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_161-default-17-150300.2.2 * openSUSE Leap15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_119-default-17-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_27-debugsource-15-150400.2.2 * kernel-livepatch-5_14_21-150400_24_119-default-debuginfo-17-150400.2.2 * kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-15-150400.2.2 * kernel-livepatch-5_14_21-150400_24_122-default-15-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_26-debugsource-17-150400.2.2 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_119-default-17-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_27-debugsource-15-150400.2.2 * kernel-livepatch-5_14_21-150400_24_119-default-debuginfo-17-150400.2.2 * kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-15-150400.2.2 * kernel-livepatch-5_14_21-150400_24_122-default-15-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_26-debugsource-17-150400.2.2 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_73-default-debuginfo-10-150500.2.2 * kernel-livepatch-5_14_21-150500_55_73-default-10-150500.2.2 * kernel-livepatch-SLE15-SP5_Update_17-debugsource-10-150500.2.2 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_73-default-debuginfo-10-150500.2.2 * kernel-livepatch-5_14_21-150500_55_73-default-10-150500.2.2 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le x86_64) * kernel-livepatch-SLE15-SP5_Update_17-debugsource-10-150500.2.2 ## References: * https://www.suse.com/security/cve/CVE-2024-43882.html * https://www.suse.com/security/cve/CVE-2024-50115.html * https://www.suse.com/security/cve/CVE-2024-53156.html * https://bugzilla.suse.com/show_bug.cgi?id=1229504 * https://bugzilla.suse.com/show_bug.cgi?id=1233019 * https://bugzilla.suse.com/show_bug.cgi?id=1234847 . Critical security patch released for the Linux Kernel addressing several vulnerabilities in openSUSE environments. Prompt implementationrecommended.. Linux Kernel Update, openSUSE Security, Kernel Patch Instructions, Security Advisory, Threat Mitigation. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 23, 2025 Important OpenSUSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200