Explore top 10 tips to secure your open-source projects now. Read More
×* bsc#1227903 * bsc#1232908 * bsc#1232929 * bsc#1233680 * bsc#1233708 . # Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3) Announcement ID: SUSE-SU-2025:02124-1 Release Date: 2025-06-26T10:03:52Z Rating: important References: * bsc#1227903 * bsc#1232908 * bsc#1232929 * bsc#1233680 * bsc#1233708 * bsc#1235062 * bsc#1235231 * bsc#1238730 Cross-References: * CVE-2022-49545 * CVE-2024-40937 * CVE-2024-50125 * CVE-2024-50127 * CVE-2024-50279 * CVE-2024-50301 * CVE-2024-56601 * CVE-2024-56605 CVSS scores: * CVE-2022-49545 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49545 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40937 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50125 ( SUSE ): 7.5 CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50125 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50125 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50125 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50127 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50127 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50127 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50127 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50279 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-50279 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-50301 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-50301 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-56601 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56601 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56601 ( NVD ): 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56601 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56605 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_167 fixes several issues. The following security issues were fixed: * CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231). * CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232908). * CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233708). * CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233680). * CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235062). * CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232929). * CVE-2024-40937: gve: Clear napi-> skb before dev_kfree_skb_any() (bsc#1227903). * CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patchSUSE-2025-2124=1 SUSE-2025-2130=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2124=1 SUSE-SLE- Module-Live-Patching-15-SP3-2025-2130=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_46-debugsource-15-150300.2.2 * kernel-livepatch-5_3_18-150300_59_167-default-debuginfo-15-150300.2.2 * kernel-livepatch-5_3_18-150300_59_164-default-16-150300.2.2 * kernel-livepatch-5_3_18-150300_59_164-default-debuginfo-16-150300.2.2 * kernel-livepatch-5_3_18-150300_59_167-default-15-150300.2.2 * kernel-livepatch-SLE15-SP3_Update_45-debugsource-16-150300.2.2 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_164-preempt-debuginfo-16-150300.2.2 * kernel-livepatch-5_3_18-150300_59_164-preempt-16-150300.2.2 * kernel-livepatch-5_3_18-150300_59_167-preempt-debuginfo-15-150300.2.2 * kernel-livepatch-5_3_18-150300_59_167-preempt-15-150300.2.2 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_164-default-16-150300.2.2 * kernel-livepatch-5_3_18-150300_59_167-default-15-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2022-49545.html * https://www.suse.com/security/cve/CVE-2024-40937.html * https://www.suse.com/security/cve/CVE-2024-50125.html * https://www.suse.com/security/cve/CVE-2024-50127.html * https://www.suse.com/security/cve/CVE-2024-50279.html * https://www.suse.com/security/cve/CVE-2024-50301.html * https://www.suse.com/security/cve/CVE-2024-56601.html * https://www.suse.com/security/cve/CVE-2024-56605.html * https://bugzilla.suse.com/show_bug.cgi?id=1227903 * https://bugzilla.suse.com/show_bug.cgi?id=1232908 * https://bugzilla.suse.com/show_bug.cgi?id=1232929 * https://bugzilla.suse.com/show_bug.cgi?id=1233680 * https://bugzilla.suse.com/show_bug.cgi?id=1233708 * https://bugzilla.suse.com/show_bug.cgi?id=1235062 *https://bugzilla.suse.com/show_bug.cgi?id=1235231 * https://bugzilla.suse.com/show_bug.cgi?id=1238730 . This bulletin highlights ten critical concerns in the Linux Kernel for Fedora, recommending prompt upgrades to safeguard system integrity.. SUSE Linux, Kernel Update, Security Management, Patch Updates. . Severity: Important. LinuxSecurity.com Team
* bsc#1243976 * bsc#1243978 Cross-References: * CVE-2025-47947 . # Security update for apache2-mod_security2 Announcement ID: SUSE-SU-2025:02052-1 Release Date: 2025-06-20T13:05:01Z Rating: important References: * bsc#1243976 * bsc#1243978 Cross-References: * CVE-2025-47947 * CVE-2025-48866 CVSS scores: * CVE-2025-47947 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-47947 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47947 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-48866 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-48866 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-48866 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for apache2-mod_security2 fixes the following issues: * CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes (bsc#1243978). * CVE-2025-48866: Fixed denial of service via excessive number of arguments in sanitiseArg (bsc#1243976). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-2052=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2052=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64ppc64le s390x x86_64) * apache2-mod_security2-debugsource-2.8.0-7.9.1 * apache2-mod_security2-debuginfo-2.8.0-7.9.1 * apache2-mod_security2-2.8.0-7.9.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * apache2-mod_security2-debugsource-2.8.0-7.9.1 * apache2-mod_security2-debuginfo-2.8.0-7.9.1 * apache2-mod_security2-2.8.0-7.9.1 ## References: * https://www.suse.com/security/cve/CVE-2025-47947.html * https://www.suse.com/security/cve/CVE-2025-48866.html * https://bugzilla.suse.com/show_bug.cgi?id=1243976 * https://bugzilla.suse.com/show_bug.cgi?id=1243978 . Essential security patch for apache2-mod_security2 targeting denial of service vulnerabilities in SUSE environments.. apache2 security update,SUSE patch,security advisory,DenialOfService fix. . Severity: Important. LinuxSecurity.com Team
* bsc#1242269 Cross-References: * CVE-2025-46802 . # Security update for screen Announcement ID: SUSE-SU-2025:20403-1 Release Date: 2025-06-05T15:44:22Z Rating: moderate References: * bsc#1242269 Cross-References: * CVE-2025-46802 CVSS scores: * CVE-2025-46802 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-46802 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2025-46802 ( NVD ): 5.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-46802 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Micro Extras 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for screen fixes the following issues: This update also ships screen to SL Micro 6.1 Extras. * also use tty fd passing after a suspend (MSG_CONT) * do not chmod the tty for multiattach, rely on tty fd passing instead [bsc#1242269] [CVE-2025-46802] * fix resume after suspend in multiuser mode ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-135=1 ## Package List: * SUSE Linux Micro Extras 6.1 (aarch64 ppc64le s390x x86_64) * utempter-debugsource-1.2.1-slfo.1.1_1.3 * screen-debuginfo-4.9.1-slfo.1.1_2.1 * screen-4.9.1-slfo.1.1_2.1 * libutempter0-debuginfo-1.2.1-slfo.1.1_1.3 * screen-debugsource-4.9.1-slfo.1.1_2.1 * libutempter0-1.2.1-slfo.1.1_1.3 ## References: * https://www.suse.com/security/cve/CVE-2025-46802.html * https://bugzilla.suse.com/show_bug.cgi?id=1242269 . Patch for graphical interface resolves concerns identified in SUSE Linux Micro Extras 6.1with moderate impact.. screen update, SUSE security advisory, vulnerability patch. . LinuxSecurity.com Team
* bsc#1238324 * bsc#1238788 * bsc#1238790 * bsc#1239077 . # Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3) Announcement ID: SUSE-SU-2025:01956-1 Release Date: 2025-06-13T16:04:12Z Rating: important References: * bsc#1238324 * bsc#1238788 * bsc#1238790 * bsc#1239077 Cross-References: * CVE-2022-49080 * CVE-2022-49563 * CVE-2022-49564 * CVE-2024-57996 CVSS scores: * CVE-2022-49080 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49080 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49563 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49563 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49563 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-49564 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49564 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49564 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-57996 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-57996 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_195 fixes several issues. The following security issues were fixed: * CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238324). * CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239077). * CVE-2022-49563:crypto: qat - add param check for RSA (bsc#1238788). * CVE-2022-49564: crypto: qat - add param check for DH (bsc#1238790). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-1956=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1956=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_195-default-debuginfo-2-150300.2.2 * kernel-livepatch-SLE15-SP3_Update_54-debugsource-2-150300.2.2 * kernel-livepatch-5_3_18-150300_59_195-default-2-150300.2.2 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_195-preempt-debuginfo-2-150300.2.2 * kernel-livepatch-5_3_18-150300_59_195-preempt-2-150300.2.2 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_195-default-2-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2022-49080.html * https://www.suse.com/security/cve/CVE-2022-49563.html * https://www.suse.com/security/cve/CVE-2022-49564.html * https://www.suse.com/security/cve/CVE-2024-57996.html * https://bugzilla.suse.com/show_bug.cgi?id=1238324 * https://bugzilla.suse.com/show_bug.cgi?id=1238788 * https://bugzilla.suse.com/show_bug.cgi?id=1238790 * https://bugzilla.suse.com/show_bug.cgi?id=1239077 . SUSE has revealed an important security patch for the Linux Kernel addressing severe vulnerabilities. Users are urged to update immediately.. Linux Kernel update, SUSE security advisory, Linux vulnerabilities, SUSE updates, openSUSE security. . Severity: Important. LinuxSecurity.com Team
Backport fixes for CVE-2025-4476, CVE-2025-4948, CVE-2025-4969, CVE-2025-46420, CVE-2025-46421, CVE-2025-4945. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c04e5b95f1 2025-06-08 01:30:39.027160+00:00 -------------------------------------------------------------------------------- Name : mingw-libsoup Product : Fedora 42 Version : 2.74.3 Release : 12.fc42 URL : https://wiki.gnome.org/Projects/libsoup Summary : MinGW library for HTTP and XML-RPC functionality Description : Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it). This is the MinGW build of Libsoup -------------------------------------------------------------------------------- Update Information: Backport fixes for CVE-2025-4476, CVE-2025-4948, CVE-2025-4969, CVE-2025-46420, CVE-2025-46421, CVE-2025-4945 -------------------------------------------------------------------------------- ChangeLog: * Fri May 30 2025 Sandro Mani - 2.74.3-12 - Backport fixes for CVE-2025-4476, CVE-2025-4948, CVE-2025-4969, CVE-2025-46420, CVE-2025-46421, CVE-2025-4945 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2357076 - CVE-2025-32049 mingw-libsoup: Denial of Service attack to websocket server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2357076 [ 2 ] Bug #2361967 - CVE-2025-46420 mingw-libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c[fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2361967 [ 3 ] Bug #2361969 - CVE-2025-46421 mingw-libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2361969 [ 4 ] Bug #2366519 - CVE-2025-4476 mingw-libsoup: Null pointer dereference in libsoup may lead to Denial Of Service [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2366519 [ 5 ] Bug #2366523 - CVE-2025-4476 mingw-libsoup: Null pointer dereference in libsoup may lead to Denial Of Service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366523 [ 6 ] Bug #2367178 - CVE-2025-4945 mingw-libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2367178 [ 7 ] Bug #2367190 - CVE-2025-4948 mingw-libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2367190 [ 8 ] Bug #2367555 - CVE-2025-4969 mingw-libsoup: Off-by-One Out-of-Bounds Read in find_boundary() in soup-multipart.c [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2367555 [ 9 ] Bug #2367558 - CVE-2025-4969 mingw-libsoup: Off-by-One Out-of-Bounds Read in find_boundary() in soup-multipart.c [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2367558 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c04e5b95f1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Vulnerabilities was discovered in MariaDB, a SQL database server compatible with MySQL. CVE-2025-30693 . From: Otto Kekäläinen To:
* bsc#1233313 Cross-References: * CVE-2024-21820 * CVE-2024-21853 . # Security update for ucode-intel Announcement ID: SUSE-SU-2025:20092-1 Release Date: 2025-02-03T09:11:18Z Rating: important References: * bsc#1233313 Cross-References: * CVE-2024-21820 * CVE-2024-21853 * CVE-2024-23918 * CVE-2024-23984 * CVE-2024-24968 CVSS scores: * CVE-2024-21820 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N * CVE-2024-21820 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2024-21820 ( NVD ): 8.5 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-21820 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2024-21853 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-21853 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-21853 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-21853 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-23918 ( SUSE ): 8.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2024-23918 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2024-23918 ( NVD ): 8.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-23918 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2024-23984 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2024-23984 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2024-23984 ( NVD ): 6.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-23984 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2024-24968 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-24968 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2024-24968 ( NVD ): 5.6 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-24968 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Intel CPU Microcode was updated to the 20241112 release (bsc#1233313) * CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially enable denial of service via local access. * CVE-2024-23918: Improper conditions check in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access. * CVE-2024-21820: Incorrect default permissions in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access. * CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access. * CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access. * Update for functional issues. Updated Platforms: Processor Stepping F-M-S/PI Old Ver New Ver Products ADL C0 06-97-02/07 00000036 00000037 Core Gen12 ADL H0 06-97-05/07 00000036 00000037 Core Gen12 ADL L0 06-9a-03/80 00000434 00000435 Core Gen12 ADL R0 06-9a-04/80 00000434 00000435 Core Gen12 EMR-SP A0 06-cf-01/87 21000230 21000283 Xeon Scalable Gen5 EMR-SP A1 06-cf-02/87 21000230 21000283 Xeon Scalable Gen5 MTL C0 06-aa-04/e6 0000001f 00000020 Core⢠Ultra Processor RPL-H/P/PX 6+8 J0 06-ba-02/e0 00004122 00004123 Core Gen13 RPL-HX/S C0 06-bf-02/07 00000036 00000037 Core Gen13/Gen14 RPL-S H0 06-bf-05/07 00000036 00000037 Core Gen13/Gen14 RPL-U 2+8 Q0 06-ba-03/e0 00004122 00004123 Core Gen13 SPR-SP E3 06-8f-06/87 2b0005c0 2b000603 Xeon Scalable Gen4 SPR-SP E4/S2 06-8f-07/87 2b0005c0 2b000603 Xeon Scalable Gen4 SPR-SP E5/S3 06-8f-08/87 2b0005c0 2b000603 Xeon Scalable Gen4 New Disclosures Updated in Prior Releases: Processor Stepping F-M-S/PI Old Ver New Ver Products ICL-D B0 06-6c-01/10 010002b0 N/A Xeon D-17xx/D-18xx, D-27xx/D-28xx ICX-SP Dx/M1 06-6a-06/87 0d0003e7 N/A Xeon Scalable Gen3 * Intel CPU Microcode was updated to the 20241029 release Update for functional issues. Updated Platforms: Processor Stepping F-M-S/PI Old Ver New Ver Products RPL-E/HX/S B0 06-b7-01/32 00000129 0000012b Core Gen13/Gen14 ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-189=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * ucode-intel-20241112-1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-21820.html * https://www.suse.com/security/cve/CVE-2024-21853.html *https://www.suse.com/security/cve/CVE-2024-23918.html * https://www.suse.com/security/cve/CVE-2024-23984.html * https://www.suse.com/security/cve/CVE-2024-24968.html * https://bugzilla.suse.com/show_bug.cgi?id=1233313 . Crucial ucode-intel patch for SUSE addresses major operational issues on Intel chips.. Intel Microcode Update,SUSE Kernel Patch,Security Bulletin. . Severity: Important. LinuxSecurity.com Team
Update to version 22.15.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-61ad6e65b3 2025-05-28 02:30:03.185993+00:00 -------------------------------------------------------------------------------- Name : nodejs22 Product : Fedora 41 Version : 22.15.1 Release : 1.fc41 URL : https://nodejs.org/en/ Summary : JavaScript runtime Description : Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed devices.} -------------------------------------------------------------------------------- Update Information: Update to version 22.15.1 -------------------------------------------------------------------------------- ChangeLog: * Thu May 15 2025 tjuhasz - 1:22.15.1-1 - Update to version 22.15.1 (rhbz#2366364) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2367230 - CVE-2025-23165 nodejs22: Memory Leak in Node.js ReadFileUtf8 Binding Leading to DoS [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2367230 [ 2 ] Bug #2367232 - CVE-2025-23165 nodejs22: Memory Leak in Node.js ReadFileUtf8 Binding Leading to DoS [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2367232 [ 3 ] Bug #2367237 - CVE-2025-23166 nodejs22: Remote Crash via SignTraits::DeriveBits() in Node.js [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2367237 [ 4 ] Bug #2367241 - CVE-2025-23166 nodejs22: Remote Crash via SignTraits::DeriveBits() in Node.js [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2367241 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program.Use su -c 'dnf upgrade --advisory FEDORA-2025-61ad6e65b3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.