SUSE-SLE-Module-Server-Applications-15-SP7-2025-1500 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for opensaml fixes the following issues: - CVE-2025-31335: Fixed a bug where parameter manipulation allows the forging of signed SAML messages. (bsc#1239889) libsaml-devel-3.1.0-150300.3.3.1.x86_64.rpm libsaml11-3.1.0-150300.3.3.1.x86_64.rpm opensaml-3.1.0-150300.3.3.1.src.rpm opensaml-schemas-3.1.0-150300.3.3.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-1698 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for wsmancli fixes the following issue: - Fix connecting with TLS (bsc#1237243). wsmancli-2.6.0-150300.7.6.2.src.rpm wsmancli-2.6.0-150300.7.6.2.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-1548 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for rabbitmq-server313 fixes the following issues: - CVE-2025-30219: incorrectly escaped virtual hostname present in error message could lead to XSS attack. (bsc#1240071) Non-security fixes: - Require rabbitmq-server313-plugins rather then rabbitmq-server-plugins. (bsc#1231656, bsc#1234763) erlang-rabbitmq-client313-3.13.1-150600.13.8.1.x86_64.rpm rabbitmq-server313-3.13.1-150600.13.8.1.src.rpm rabbitmq-server313-3.13.1-150600.13.8.1.x86_64.rpm rabbitmq-server313-bash-completion-3.13.1-150600.13.8.1.noarch.rpm rabbitmq-server313-plugins-3.13.1-150600.13.8.1.x86_64.rpm rabbitmq-server313-zsh-completion-3.13.1-150600.13.8.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-1466 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for rabbitmq-server fixes the following issues: - CVE-2025-30219: Fixed XSS in an error message in Management UI (bsc#1240071) Other fixes: - Disable parallel make, this causes build failures erlang-rabbitmq-client-3.8.11-150300.3.19.1.x86_64.rpm rabbitmq-server-3.8.11-150300.3.19.1.src.rpm rabbitmq-server-3.8.11-150300.3.19.1.x86_64.rpm rabbitmq-server-plugins-3.8.11-150300.3.19.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-1685 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for sysstat fixes the following issues: - Removed cron dependency in favour of systemd timers (bsc#1239297) - Removed sysstat.cron.suse sysstat-12.0.2-150000.3.40.1.src.rpm sysstat-isag-12.0.2-150000.3.40.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-1733 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for krb5 fixes the following issue: - Remove references to the LMDB backend in the kdc.conf manpage (bsc#1242060). krb5-1.20.1-150600.11.11.2.src.rpm krb5-plugin-kdb-ldap-1.20.1-150600.11.11.2.x86_64.rpm krb5-server-1.20.1-150600.11.11.2.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-1511 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for apparmor fixes the following issues: - Add dac_read_search capability for unix_chkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. (bsc#1241678) apache2-mod_apparmor-3.1.7-150600.5.9.1.x86_64.rpm apparmor-3.1.7-150600.5.9.1.src.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-1606 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for librdkafka fixes the following issues: - Avoid endless loops under certain circumstances (bsc#1242842) librdkafka-0.11.6-150600.16.3.1.src.rpm librdkafka-devel-0.11.6-150600.16.3.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-1779 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for iputils fixes the following issues: Security fixes: - CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300). Other bug fixes: - Fixed incorrect IPV4 TTL value when using SOCK_DGRAM on big endian systems (bsc#1243284). iputils-20211215-150400.3.19.1.src.rpm rarpd-20211215-150400.3.19.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-1811 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for gnuplot fixes the following issues: - CVE-2025-31176: invalid read leads to segmentation fault on plot3d_points (bsc#1240325). - CVE-2025-31177: improper bounds check leads to heap-buffer overflow on utf8_copy_one (bsc#1240326). - CVE-2025-31178: unvalidated user input leads to segmentation fault on GetAnnotateString (bsc#1240327). - CVE-2025-31179: improper verification of time values leads to segmentation fault on xstrftime (bsc#1240328). - CVE-2025-31180: unchecked invalid pointer access leads to segmentation fault on CANVAS_text (bsc#1240329). - CVE-2025-31181: double fclose() call leads to segmentation fault on X11_graphics (bsc#1240330). - CVE-2025-3359: out-of-bounds read when parsing font names may lead to a segmentation fault (bsc#1241684). gnuplot-5.4.3-150400.3.3.1.src.rpm gnuplot-5.4.3-150400.3.3.1.x86_64.rpm gnuplot-doc-5.4.3-150400.3.3.1.noarch.rpm gnuplot-doc-5.4.3-150400.3.3.1.src.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-1766 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for postgresql16 fixes the following issues: Upgrade to 16.9: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931) Changelog: https://www.postgresql.org/docs/release/16.9/ postgresql16-16.9-150600.16.18.1.src.rpm postgresql16-16.9-150600.16.18.1.x86_64.rpm postgresql16-server-16.9-150600.16.18.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-1644 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for postgresql17 fixes the following issues: Upgrade to 17.5: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931) Changelog: https://www.postgresql.org/docs/release/17.5/ libecpg6-17.5-150600.13.13.1.x86_64.rpm postgresql17-17.5-150600.13.13.1.src.rpm postgresql17-contrib-17.5-150600.13.13.1.x86_64.rpm postgresql17-devel-17.5-150600.13.13.1.x86_64.rpm postgresql17-docs-17.5-150600.13.13.1.noarch.rpm postgresql17-plperl-17.5-150600.13.13.1.x86_64.rpm postgresql17-plpython-17.5-150600.13.13.1.x86_64.rpm postgresql17-pltcl-17.5-150600.13.13.1.x86_64.rpm postgresql17-server-17.5-150600.13.13.1.x86_64.rpm postgresql17-server-devel-17.5-150600.13.13.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-1888 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for nbdkit fixes the following issues: Update to version 1.40.6. Security fixes: - CVE-2025-47712: integer overflow in blocksize filter when processing client block status requests larger than 2**32 will trigger an assertion failure and cause a denial-of-service. (bsc#1243108). - CVE-2025-47711: off-by-one error when processing block status results from plugins on behalf of an NBD client may trigger an assertion failure and cause a denial of service (bsc#1243110). Other fixes and changes: - golang: Support GCC 15. - openbsd: curl: Include pthread.h. - rust: Fix "overindented" list in comment. - rust: Declare explicit extern "C" API. - plugins/rust: Use CStr literals for static strings. - vddk: do_extents: Avoid reading partial chunk beyond the end of the disk. - vddk: do_extents: Exit the function if we hit req_one condition. - vddk: do_extents: Mark some local variables const. - vddk: Cache the disk size in the handle. - vddk: Include <stdbool.h>. - python: examples: Fix comment above API_VERSION constant. - tcl: Fix for Tcl 9.0 compatibility. - plugins/ocaml/NBDKit.ml: Sort bindings into order. - ocaml: Don't call abort if caml_c_thread_unregister fails. - ocaml: Use real addresses instead of (void*)<constant>s. - evil: Link to nbdkit_parse_probability(3). nbdkit-1.40.6-150700.4.3.1.src.rpm nbdkit-1.40.6-150700.4.3.1.x86_64.rpm nbdkit-basic-filters-1.40.6-150700.4.3.1.x86_64.rpm nbdkit-basic-plugins-1.40.6-150700.4.3.1.x86_64.rpm nbdkit-curl-plugin-1.40.6-150700.4.3.1.x86_64.rpm nbdkit-nbd-plugin-1.40.6-150700.4.3.1.x86_64.rpm nbdkit-python-plugin-1.40.6-150700.4.3.1.x86_64.rpm nbdkit-server-1.40.6-150700.4.3.1.x86_64.rpm nbdkit-ssh-plugin-1.40.6-150700.4.3.1.x86_64.rpm nbdkit-vddk-plugin-1.40.6-150700.4.3.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-1747 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for grub2 fixes the following issues: Security fixes: - CVE-2025-4382: exposure of data from encrypted device through CLI once the root device is successfully unlocked via TPM (bsc#1242971). Other bug fixes: - Fix incorrect nvme disks and boot order in bootlist output (bsc#1237174). grub2-2.12-150700.19.3.1.src.rpm True grub2-x86_64-xen-2.12-150700.19.3.1.noarch.rpm True SUSE-SLE-Module-Server-Applications-15-SP7-2025-1787 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for bind fixes the following issues: Update to version 9.20.9. - Security issues fixed: * CVE-2025-40775: denial-of-service due to assertion failure caused by the processing of a NS message with an invalid TSIG (bsc#1243361). * CVE-2024-12705: CPU and memory exhaustion due to DNS-over-HTTPS issues that arise under heavy query load (bsc#1236597). * CVE-2024-11187: CPU exhaustion when processing queries that lead to responses containing several records in the Additional data section (bsc#1236596). - Changelog: - Feature changes: * Performance optimization for NSEC3 lookups introduced in BIND 9.20.2 was reverted to avoid risks associated with a complex code change. * The configuration clauses parental-agents and primaries are renamed to remote-servers. * Add none parameter to query-source and query-source-v6 to disable IPv4 or IPv6 upstream queries but allow listening to queries from clients on IPv4 or IPv6. * dnssec-ksr now supports KSK rollovers. * Print RFC 7314: EXPIRE option in transfer summary. * Emit more helpful log messages for exceeding max-records-per-type. * Harden key management when key files have become unavailable. - New Features: * Add support for EDE 20 (Not Authoritative). * Add support for EDE 7 and EDE 8. * `dig` can now display the received BADVERS message during negotiation. * Add an `rndc` command to reset some statistics counters. * Implement the min-transfer-rate-in configuration option. * Add HTTPS record query to host command line tool. * Implement sig0key-checks-limit and sig0message-checks-limit. * Adds support for EDE code 1 and 2. * Add an rndc command to toggle jemalloc profiling. * Add support for multiple extended DNS errors. * Print the expiration time of stale records. * Add Extended DNS Error Code 22 - No Reachable Authority. * Add a new option to configure the maximum number of outgoing queries per client request. * Use the Server Name Indication (SNI) extension for all outgoing TLS connections. * Update built-in bind.keys file with the new 2025 IANA root key. * Add an initial-ds entry to bind.keys for the new root key, ID 38696, which is scheduled for publication in January 2025. - Bug Fixes: * Restore NSEC3 closest-encloser lookup improvements. * Stop caching lack of EDNS support. * Fix resolver statistics counters for timed-out responses. * Nested DNS validation could cause an assertion failure. * Wait for memory reclamation to finish in `named-checkconf`. * Ensure `max-clients-per-query` is at least `clients-per-query`. * Fix write after free in validator code. * Don't enforce NOAUTH/NOCONF flags in DNSKEYs. * Fix several small DNSSEC timing issues. * Fix inconsistency in CNAME/DNAME handling during resolution. * Fix dual-stack-servers configuration option. * Fix a data race causing a permanent active client increase. * Fix deferred validation of unsigned DS and DNSKEY records. * Fix RPZ race condition during a reconfiguration. * "CNAME and other data check" not applied to all types. * Relax private DNSKEY and RRSIG constraints. * Remove NSEC/DS/NSEC3 RRSIG check from dns_message_parse(). * Fix TTL issue with ANY queries processed through RPZ "passthru";. * dnssec-signzone needs to check for a NULL key when setting offline. * Fix a bug in the statistics channel when querying zone transfer information. * Fix assertion failure when dumping recursing clients. * Dump the active resolver fetches from dns_resolver_dumpfetches(). * Recently expired records could be returned with a timestamp in future. * YAML string not terminated in negative response in delv. * Fix a bug in dnssec-signzone related to keys being offline. * Apply the memory limit only to ADB database items. * Avoid unnecessary locking in the zone/cache database. * Fix reporting of Extended DNS Error 22 (No Reachable Authority). * Fix nsupdate hang when processing a large update. * Fix possible assertion failure when reloading server while processing update policy rules. * Preserve cache across reconfig when using attach-cache. * Resolve the spurious drops in performance due to glue cache. * Fix dnssec-signzone signing non-DNSKEY RRsets with revoked keys. * Fix improper handling of unknown directives in resolv.conf. * Fix response policy zones and catalog zones with an $INCLUDE statement defined. * Use TLS for notifies if configured to do so. * Notifies configured to use TLS will now be sent over TLS, instead of plain text UDP or TCP. Also, failing to load the TLS configuration for notify now results in an error.' * {&dns} is as valid as {?dns} in a SVCB's dohpath. * dig failed to parse a valid SVCB record with a dohpath URI template containing a {&dns}, like "dohpath=/some/path?key=value{&dns}";. * Fix NSEC3 closest encloser lookup for names with empty non-terminals. * A previous performance optimization for finding the NSEC3 closest encloser when generating authoritative responses could cause servers to return incorrect NSEC3 records in some cases. This has been fixed. * recursive-clients statement with value 0 triggered an assertion failure. * BIND 9.20.0 broke recursive-clients 0;. This has now been fixed. * Parsing of hostnames in rndc.conf was broken. * When DSCP support was removed, parsing of hostnames in rndc.conf was accidentally broken, resulting in an assertion failure. This has been fixed. * `dig` options of the form [+-]option=<value> failed to display the value on the printed command line. This has been fixed. * Provide more visibility into TLS configuration errors by logging SSL_CTX_use_certificate_chain_file() and SSL_CTX_use_PrivateKey_file() errors individually. * Fix a race condition when canceling ADB find which could cause an assertion failure. * SERVFAIL cache memory cleaning is now more aggressive; it no longer consumes a lot of memory if the server encounters many SERVFAILs at once. * Fix trying the next primary XoT server when the previous one was marked as unreachable. * In some cases named failed to try the next primary server in the primaries list when the previous one was marked as unreachable. This has been fixed. bind-9.20.9-150700.3.3.1.src.rpm bind-9.20.9-150700.3.3.1.x86_64.rpm bind-doc-9.20.9-150700.3.3.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2256 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for xca fixes the following issue: - Keep serial number and revoke old certificate, otherwise the newly created certificate is immediately revoked (bsc#1240383). xca-2.3.0-150600.12.6.2.src.rpm xca-2.3.0-150600.12.6.2.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-907 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for kea fixes the following issues: Update to release 2.6.3 (bsc#1243240): - CVE-2025-32801: Loading a malicious hook library can lead to local privilege escalation. - CVE-2025-32802: Insecure handling of file paths allows multiple local attacks. - CVE-2025-32803: Insecure file permissions can result in confidential information leakage. kea-2.6.3-150700.3.3.5.src.rpm kea-2.6.3-150700.3.3.5.x86_64.rpm kea-devel-2.6.3-150700.3.3.5.x86_64.rpm kea-doc-2.6.3-150700.3.3.5.noarch.rpm kea-hooks-2.6.3-150700.3.3.5.x86_64.rpm libkea-asiodns49-2.6.3-150700.3.3.5.x86_64.rpm libkea-asiolink72-2.6.3-150700.3.3.5.x86_64.rpm libkea-cc68-2.6.3-150700.3.3.5.x86_64.rpm libkea-cfgclient66-2.6.3-150700.3.3.5.x86_64.rpm libkea-cryptolink50-2.6.3-150700.3.3.5.x86_64.rpm libkea-d2srv47-2.6.3-150700.3.3.5.x86_64.rpm libkea-database62-2.6.3-150700.3.3.5.x86_64.rpm libkea-dhcp++92-2.6.3-150700.3.3.5.x86_64.rpm libkea-dhcp_ddns57-2.6.3-150700.3.3.5.x86_64.rpm libkea-dhcpsrv111-2.6.3-150700.3.3.5.x86_64.rpm libkea-dns++57-2.6.3-150700.3.3.5.x86_64.rpm libkea-eval69-2.6.3-150700.3.3.5.x86_64.rpm libkea-exceptions33-2.6.3-150700.3.3.5.x86_64.rpm libkea-hooks100-2.6.3-150700.3.3.5.x86_64.rpm libkea-http72-2.6.3-150700.3.3.5.x86_64.rpm libkea-log61-2.6.3-150700.3.3.5.x86_64.rpm libkea-mysql71-2.6.3-150700.3.3.5.x86_64.rpm libkea-pgsql71-2.6.3-150700.3.3.5.x86_64.rpm libkea-process74-2.6.3-150700.3.3.5.x86_64.rpm libkea-stats41-2.6.3-150700.3.3.5.x86_64.rpm libkea-tcp19-2.6.3-150700.3.3.5.x86_64.rpm libkea-util-io0-2.6.3-150700.3.3.5.x86_64.rpm libkea-util86-2.6.3-150700.3.3.5.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-1942 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for valkey fixes the following issues: - CVE-2025-27151: Absence of filename size check may cause a stack overflow (bsc#1243804) - CVE-2025-49112: setDeferredReply integer underflow (bsc#1243913) - CVE-2025-21605: Output buffer denial of service (bsc#1241708) valkey-8.0.2-150700.3.5.1.src.rpm valkey-8.0.2-150700.3.5.1.x86_64.rpm valkey-compat-redis-8.0.2-150700.3.5.1.noarch.rpm valkey-devel-8.0.2-150700.3.5.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-1953 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2025-3891: Fixed denial of service via an empty POST request when OIDCPreservePost is enabled (bsc#1242015). apache2-mod_auth_openidc-2.3.8-150600.16.11.1.src.rpm apache2-mod_auth_openidc-2.3.8-150600.16.11.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2028 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for apache2-mod_security2 fixes the following issues: - CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes (bsc#1243978). - CVE-2025-48866: Fixed denial of service via excessive number of arguments in sanitiseArg (bsc#1243976). apache2-mod_security2-2.9.4-150400.3.9.1.src.rpm apache2-mod_security2-2.9.4-150400.3.9.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-1854 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for virt-manager fixes the following issues: - Add detection code for SLES 16 media (bsc#1236252, bsc#1243296) - Spec file changes for including the correct dependencies depending on the distro. (bsc#1241082 and bsc#1241119) - Upstream features and bug fixes (bsc#1027942) (jsc#PED-8910) - [Build 20250410] virt_install fails to launch: missing dependencies (bsc#1241082). Spec file modifications - [SLFO] virt-manager still has unresolved dependencies in beta2 (bsc#1239837) Remove dependencies on spice and other Gtk sources as these packages don't exist in SLES16. Cleanup other dependencies. virt-manager.spec - [SLES15 SP7] Refresh Virtualization Tools for Xen and KVM Management (jsc#PED-8910) virt-install-5.0.0-150700.7.3.1.noarch.rpm virt-manager-5.0.0-150700.7.3.1.noarch.rpm virt-manager-5.0.0-150700.7.3.1.src.rpm virt-manager-common-5.0.0-150700.7.3.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2512 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for libvirt fixes the following issues: - qemu: Fix NVRAM image conversion check (bsc#1245541) - qemu: Avoid crash in qemuDomainCheckCPU with unknown host CPU - cpu: Do not call g_strv_contains on NULL list - qemu: Be more forgiving when acquiring QUERY job when formatting domain XML - qemu: Fix failure when reverting to internal snapshots (bsc#1244488) - Add support for 'sparse' save image format - Add support for parallel save and restore - Improve VM Suspend and Resume Performance (jsc#PED-12599) libvirt-11.0.0-150700.4.7.1.src.rpm libvirt-11.0.0-150700.4.7.1.x86_64.rpm libvirt-client-11.0.0-150700.4.7.1.x86_64.rpm libvirt-client-qemu-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-common-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-config-network-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-config-nwfilter-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-driver-interface-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-driver-libxl-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-driver-network-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-driver-nodedev-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-driver-nwfilter-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-driver-qemu-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-driver-secret-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-driver-storage-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-driver-storage-core-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-driver-storage-disk-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-direct-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-driver-storage-logical-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-driver-storage-mpath-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-driver-storage-rbd-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-driver-storage-scsi-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-hooks-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-lock-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-log-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-plugin-lockd-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-plugin-sanlock-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-proxy-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-qemu-11.0.0-150700.4.7.1.x86_64.rpm libvirt-daemon-xen-11.0.0-150700.4.7.1.x86_64.rpm libvirt-devel-11.0.0-150700.4.7.1.x86_64.rpm libvirt-doc-11.0.0-150700.4.7.1.noarch.rpm libvirt-nss-11.0.0-150700.4.7.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2030 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for xen fixes the following issues: Security fixes: - CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection (ITS) (XSA-469) (bsc#1243117) Other fixes: - Upstream bug fixes (bsc#1027519) xen-4.20.0_12-150700.3.3.1.src.rpm True xen-4.20.0_12-150700.3.3.1.x86_64.rpm True xen-devel-4.20.0_12-150700.3.3.1.x86_64.rpm True xen-tools-4.20.0_12-150700.3.3.1.x86_64.rpm True xen-tools-xendomains-wait-disk-4.20.0_12-150700.3.3.1.noarch.rpm True SUSE-SLE-Module-Server-Applications-15-SP7-2025-2067 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for vsftpd fixes the following issues: - Apply a patch to introduce the new internal PRIV_SOCK_QUIT command which vsftpd sends to privileged parent processes to properly shut down the TLS connection in case we've received QUIT from the session client. This change avoids misleading error messages in the servers log file. (bsc#1199250) - Enable crypto-policies support: (bsc#1211301) vsftpd-3.0.5-150600.10.3.1.src.rpm vsftpd-3.0.5-150600.10.3.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4085 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for openldap2_5 fixes the following issues: Version update 2.5.20 - Enabling LTO objects for static libraries compilation. - Upstream patch rollup (bsc#1241901). - Re-enable libldapcpp for yast2-users. - Add provides for openldap2-devel. - added ppolicy-check-password module (jsc#PED-13741) openldap2_5-2.5.20+10-150500.11.35.1.src.rpm openldap2_5-2.5.20+10-150500.11.35.1.x86_64.rpm openldap2_5-contrib-2.5.20+10-150500.11.35.1.x86_64.rpm openldap2_5-ppolicy-check-password-2.5.20+10-150500.11.35.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2327 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for sysstat fixes the following issues: - Find command option -H added in /usr/lib64/sa/sa2. - Automatically enable systemd timers upon installation (bsc#1244553). - Determine whether the current readahead window tuning is appropriate for contemporary hardware(PED#12914). sysstat-12.0.2-150000.3.45.3.src.rpm sysstat-isag-12.0.2-150000.3.45.3.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2301 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for cyrus-sasl fixes the following issues: - Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097) - Add support for setting max ssf 0 to GSS-SPNEGO (bsc#1229655, jsc#PED-12097). cyrus-sasl-bdb-2.1.28-150600.7.6.2.src.rpm cyrus-sasl-bdb-devel-2.1.28-150600.7.6.2.x86_64.rpm cyrus-sasl-saslauthd-2.1.28-150600.7.6.2.src.rpm cyrus-sasl-sqlauxprop-2.1.28-150600.7.6.2.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2305 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for nginx fixes the following issues: - Changed service to prevent "timed out. Killing" messages on service stopping (bsc#1243502) nginx-1.21.5-150600.10.6.1.src.rpm nginx-1.21.5-150600.10.6.1.x86_64.rpm nginx-source-1.21.5-150600.10.6.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2063 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for qemu fixes the following issues: - Fix the *-video-gpu-ccw package not being present in products: * [openSUSE] rpm/spec: go back to only Recommending -video-gpu-ccw for s390x - Update to version 9.2.4: * target/hppa: Fix FPE exceptions * linux-user/hppa: Send proper si_code on SIGFPE exception * target/hppa: Copy instruction code into fr1 on FPU assist fault * migration: Allow caps to be set when preempt or multifd cap enabled * qapi/misc-target: Fix the doc to distinguish query-sgx and query-sgx-capabilities * hw/pci-host: Remove unused pci_host_data_be_ops * hw/pci-host/gt64120: Fix endianness handling * target/riscv/kvm: add kvm_csr_cfgs[] * target/riscv/kvm: turn kvm_riscv_reg_id_ulong() into a macro * target/riscv/kvm: turn u32/u64 reg functions into macros * target/riscv/kvm: fix leak in kvm_riscv_init_multiext_cfg() * target/riscv: Fix vslidedown with rvv_ta_all_1s * target/riscv: Fix the rvv reserved encoding of unmasked instructions * target/riscv: rvv: Apply vext_check_input_eew to vector indexed load/store instructions * target/riscv: rvv: Apply vext_check_input_eew to vector narrow/widen instructions * target/riscv: rvv: Apply vext_check_input_eew to vector integer extension instructions(OPMVV) * target/riscv: rvv: Apply vext_check_input_eew to vector slide instructions(OPIVI/OPIVX) * target/riscv: rvv: Apply vext_check_input_eew to OPIVV/OPFVV(vext_check_sss) instructions * target/riscv: rvv: Apply vext_check_input_eew to OPIVI/OPIVX/OPFVF(vext_check_ss) instructions * target/riscv: rvv: Apply vext_check_input_eew to vrgather instructions to check mismatched input EEWs encoding constraint * target/riscv: rvv: Add CHECK arg to GEN_OPFVF_WIDEN_TRANS * target/riscv: rvv: Source vector registers cannot overlap mask register * common-user/host/riscv: use tail pseudoinstruction for calling tail * target/riscv: fix endless translation loop on big endian systems * target/riscv: pmp: move Smepmp operation conversion into a function * virtio: Call set_features during reset * s390x: Fix leak in machine_set_loadparm * 9pfs: fix FD leak and reduce latency of v9fs_reclaim_fd() * 9pfs: fix concurrent v9fs_reclaim_fd() calls - all glib2 versions are recent enough to use pcre2: * qemu-linux-user: drop pcre (by Andreas Stieger) - Correct wrong bug mentioned in changelog (bsc#1236329) - Update to latest stable release (9.2.3) Fixes: bsc#1236329 * hw/intc/aspeed: Fix IRQ handler mask check * hw/misc/aspeed_hace: Fix buffer overflow in has_padding function * target/riscv: fix handling of nop for vstart >= vl in some vector instruction * target/riscv: refactor VSTART_CHECK_EARLY_EXIT() to accept vl as a parameter * Makefile: "make dist" generates a .xz, not .bz2 * target/ppc: Fix e200 duplicate SPRs * target/ppc: Fix facility interrupt checks for VSX * ppc/spapr: fix default cpu for pre-9.0 machines. * host/include/loongarch64: Fix inline assembly compatibility with Clang * linux-user/riscv: Fix handling of cpu mask in riscv_hwprobe syscall * target/riscv: fixes a bug against `ssamoswap` behavior in M-mode * target/riscv: fix access permission checks for CSR_SSP * docs/about/emulation: Fix broken link * vdpa: Allow vDPA to work on big-endian machine * vdpa: Fix endian bugs in shadow virtqueue * target/loongarch: Fix vldi inst * target/arm: Simplify pstate_sm check in sve_access_check * target/arm: Make DisasContext.{fp, sve}_access_checked tristate * util/cacheflush: Make first DSB unconditional on aarch64 * docs: Rename default-configs to configs * block: Zero block driver state before reopening * hw/xen/hvm: Fix Aarch64 typo * hw/net/smc91c111: Don't allow data register access to overrun buffer * hw/net/smc91c111: Sanitize packet length on tx * hw/net/smc91c111: Sanitize packet numbers * ppc/pnv/occ: Fix common area sensor offsets * xen: No need to flush the mapcache for grants (bsc#1236329) * net: move backend cleanup to NIC cleanup * net: parameterize the removing client from nc list * util/qemu-timer.c: Don't warp timer from timerlist_rearm() * target/arm: Correct STRD atomicity * target/arm: Correct LDRD atomicity and fault behaviour * hw/arm: enable secure EL2 timers for sbsa machine * hw/arm: enable secure EL2 timers for virt machine * target/arm: Implement SEL2 physical and virtual timers - [openSUSE][RPM] spec: Require ipxe and virtio-gpu packages for more arch-es (bsc#1240157) qemu-9.2.4-150700.3.5.1.src.rpm qemu-9.2.4-150700.3.5.1.x86_64.rpm qemu-accel-tcg-x86-9.2.4-150700.3.5.1.x86_64.rpm qemu-audio-alsa-9.2.4-150700.3.5.1.x86_64.rpm qemu-audio-dbus-9.2.4-150700.3.5.1.x86_64.rpm qemu-audio-pa-9.2.4-150700.3.5.1.x86_64.rpm qemu-audio-pipewire-9.2.4-150700.3.5.1.x86_64.rpm qemu-audio-spice-9.2.4-150700.3.5.1.x86_64.rpm qemu-block-curl-9.2.4-150700.3.5.1.x86_64.rpm qemu-block-iscsi-9.2.4-150700.3.5.1.x86_64.rpm qemu-block-nfs-9.2.4-150700.3.5.1.x86_64.rpm qemu-block-rbd-9.2.4-150700.3.5.1.x86_64.rpm qemu-block-ssh-9.2.4-150700.3.5.1.x86_64.rpm qemu-chardev-baum-9.2.4-150700.3.5.1.x86_64.rpm qemu-chardev-spice-9.2.4-150700.3.5.1.x86_64.rpm qemu-guest-agent-9.2.4-150700.3.5.1.x86_64.rpm qemu-headless-9.2.4-150700.3.5.1.x86_64.rpm qemu-hw-display-qxl-9.2.4-150700.3.5.1.x86_64.rpm qemu-hw-display-virtio-gpu-9.2.4-150700.3.5.1.x86_64.rpm qemu-hw-display-virtio-gpu-pci-9.2.4-150700.3.5.1.x86_64.rpm qemu-hw-display-virtio-vga-9.2.4-150700.3.5.1.x86_64.rpm qemu-hw-usb-host-9.2.4-150700.3.5.1.x86_64.rpm qemu-hw-usb-redirect-9.2.4-150700.3.5.1.x86_64.rpm qemu-ipxe-9.2.4-150700.3.5.1.noarch.rpm qemu-ksm-9.2.4-150700.3.5.1.x86_64.rpm qemu-lang-9.2.4-150700.3.5.1.noarch.rpm qemu-seabios-9.2.41.16.3_3_g3d33c746-150700.3.5.1.noarch.rpm qemu-spice-9.2.4-150700.3.5.1.x86_64.rpm qemu-ui-curses-9.2.4-150700.3.5.1.x86_64.rpm qemu-ui-dbus-9.2.4-150700.3.5.1.x86_64.rpm qemu-ui-gtk-9.2.4-150700.3.5.1.x86_64.rpm qemu-ui-opengl-9.2.4-150700.3.5.1.x86_64.rpm qemu-ui-spice-app-9.2.4-150700.3.5.1.x86_64.rpm qemu-ui-spice-core-9.2.4-150700.3.5.1.x86_64.rpm qemu-vgabios-9.2.41.16.3_3_g3d33c746-150700.3.5.1.noarch.rpm qemu-x86-9.2.4-150700.3.5.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2133 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for rmt-server contains the following fixes: - Version 2.22 * rmt-server-pubcloud: * Add pubcloud_reg_code column to systems table (jsc#PCT-473) * Add cache directories and their expiration times to the scrubber (jsc#PCT-473) * Add cache checking to reduce queries to SCC when activating a product (jsc#PCT-473) * Add cache checking to reduce queries to SCC when upgrading a product (jsc#PCT-473) * Refactor and move verify_instance from ZypperAuth to InstanceVerification * Add system_token to regsharing to find the system (bsc#1236600) * Add system_token to system without one * Add data_export engine for DataWarehouse telemetry (jsc#PCT-476) * Fix 500 errors (gh#1316, gh#1302) * Fix routing error(gh#1300) * Fix SUMA ARM64 (bsc#1236836) * Fix Migration from Micro 5.5 to Micro 6.X (bsc#1236816) * Add registry optional (bsc#1237373) * Update Puma webserver * rmt-cli: * Disable delta RPM mirroring by default (gh#1288) * Add option during 'rmt-cli mirror' to re-validate repodata and packages only when repodata was updated * rmt-server: Add `activejob` and `resque` gems to vendored gemfile, to enable background job support in RMT and all engines. rmt-server-2.22-150700.3.3.1.src.rpm rmt-server-2.22-150700.3.3.1.x86_64.rpm rmt-server-config-2.22-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2431 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for iputils fixes the following issues: - CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772). iputils-20211215-150400.3.22.1.src.rpm rarpd-20211215-150400.3.22.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2331 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for erlang26 fixes the following issues: - CVE-2025-4748: Fixed improper limitation of a pathname to a restricted directory vulnerability in Erlang OTP (stdlib modules) that allowed absolute path traversal (bsc#1244642) erlang26-26.2.1-150300.7.14.3.src.rpm erlang26-26.2.1-150300.7.14.3.x86_64.rpm erlang26-epmd-26.2.1-150300.7.14.3.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2332 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for erlang fixes the following issues: - CVE-2025-4748: Fixed improper limitation of a pathname to a restricted directory vulnerability in Erlang OTP (stdlib modules) that allowed absolute path traversal (bsc#1244642) erlang-23.3.4.19-150300.3.23.3.src.rpm erlang-23.3.4.19-150300.3.23.3.x86_64.rpm erlang-epmd-23.3.4.19-150300.3.23.3.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2181 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for ovmf fixes the following issues: - OvmfPkg/CcExitLib: Use the proper register when filtering MSRs (bsc#1243199) ovmf-202408-150700.3.3.1.src.rpm ovmf-202408-150700.3.3.1.x86_64.rpm ovmf-tools-202408-150700.3.3.1.x86_64.rpm qemu-ovmf-x86_64-202408-150700.3.3.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2570 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for vsftpd fixes the following issues: - adds a reference to our bug tracker to the installed vsftpd.conf. Updated that URL to point to the proper Bugzilla. (bsc#1182473) vsftpd-3.0.5-150600.10.6.1.src.rpm vsftpd-3.0.5-150600.10.6.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2346 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for proftpd fixes the following issues: - Fix a long-hidden bug in mod_sftp, where the list of GIDs for the logged-in user was not being appropriately copied out of the session pool. This issue could potentially crash the proftpd server. (bsc#1244559) proftpd-1.3.8b-150600.13.9.1.src.rpm proftpd-1.3.8b-150600.13.9.1.x86_64.rpm proftpd-devel-1.3.8b-150600.13.9.1.x86_64.rpm proftpd-doc-1.3.8b-150600.13.9.1.x86_64.rpm proftpd-lang-1.3.8b-150600.13.9.1.noarch.rpm proftpd-ldap-1.3.8b-150600.13.9.1.x86_64.rpm proftpd-mysql-1.3.8b-150600.13.9.1.x86_64.rpm proftpd-pgsql-1.3.8b-150600.13.9.1.x86_64.rpm proftpd-radius-1.3.8b-150600.13.9.1.x86_64.rpm proftpd-sqlite-1.3.8b-150600.13.9.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2550 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for ovmf fixes the following issues: - Re-enabling 'dynamic mmio window size' feature in ovmf can support big GPU passthrough to guest. (bsc#1245542, bsc#1205978) ovmf-202408-150700.3.6.1.src.rpm ovmf-202408-150700.3.6.1.x86_64.rpm ovmf-tools-202408-150700.3.6.1.x86_64.rpm qemu-ovmf-x86_64-202408-150700.3.6.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2315 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for xen fixes the following issues: - Update to Xen 4.20.1 - CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471) - CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470) xen-4.20.1_02-150700.3.8.1.src.rpm True xen-4.20.1_02-150700.3.8.1.x86_64.rpm True xen-devel-4.20.1_02-150700.3.8.1.x86_64.rpm True xen-tools-4.20.1_02-150700.3.8.1.x86_64.rpm True xen-tools-xendomains-wait-disk-4.20.1_02-150700.3.8.1.noarch.rpm True SUSE-SLE-Module-Server-Applications-15-SP7-2025-2925 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for pgaudit fixes the following issues: Version updates for various versions. - Fix issues related to 'pgaudit stack is not empty' errors. - Stop building for EOL postgresql12. - Added version 17 for postgresql 17. postgresql17-pgaudit-17.1-150600.13.10.2.src.rpm postgresql17-pgaudit-17.1-150600.13.10.2.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2330 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for rmt-server fixes the following issues: - Update to version 2.23 - CVE-2025-46727: Fixed Unbounded-Parameter DoS in Rack:QueryParser. (bsc#1242893) - CVE-2025-32441: Fixed a bug where simultaneous rack requests can restore a deleted rack session. (bsc#1242898) rmt-server-2.23-150700.3.6.1.src.rpm rmt-server-2.23-150700.3.6.1.x86_64.rpm rmt-server-config-2.23-150700.3.6.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2349 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for bind fixes the following issues: - Upgrade to release 9.20.11 - CVE-2025-40777: Fixed a possible assertion failure when stale-answer-client-timeout is set to 0. (bsc#1246548) bind-9.20.11-150700.3.6.1.src.rpm bind-9.20.11-150700.3.6.1.x86_64.rpm bind-doc-9.20.11-150700.3.6.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2561 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for 389-ds fixes the following issues: - resolve infinite loop due when loading RUV entryrdn (bsc#1243428) - lib389/replica.py is using nonexistent datetime.UTC in Python 3.9 - Backend creation cleanup and Database UI tab error handling - Improve paged result locking - Synchronise accept_thread with slapd_daemon - RootDN Access Control Plugin with wildcards for IP addresses - Exception thrown by dsconf instance repl get_ruv - Incorrect pwdpolicysubentry returned for an entry with user password policy - Update concread to 0.5.6 - Add a CI test - Password modify extended operation should skip password policy checks when executed by root DN - Enabling audit log makes slapd coredump - CI fails with Fedora 41 and DNF5 - Improve error message when bulk import connection is closed - RFE - database compaction interval should be persistent - Ignore replica busy condition in healthcheck - Add basic dsidm organizational unit tests - Fix dsidm service get_dn option - ns-slapd doesn't start in referral mode - statistics about index lookup report a wrong duration - Confusing error message from dsconf plugin set --enabled - lib389 get_db_lib function may returns the wrong db type - UI - schema editing and memberof shared config not working correctly 389-ds-2.5.3~git107.a0bf348e0-150700.3.3.1.src.rpm 389-ds-2.5.3~git107.a0bf348e0-150700.3.3.1.x86_64.rpm 389-ds-devel-2.5.3~git107.a0bf348e0-150700.3.3.1.x86_64.rpm lib389-2.5.3~git107.a0bf348e0-150700.3.3.1.x86_64.rpm libsvrcore0-2.5.3~git107.a0bf348e0-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2813 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for grub2 fixes the following issues: - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) Other fixes: - Fix test -f and -s do not work properly over the network files served via tftp and http (bsc#1246157, bsc#1246237) - Skip mount point in grub_find_device function (bsc#1246231) grub2-2.12-150700.19.13.2.src.rpm grub2-x86_64-xen-2.12-150700.19.13.2.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2594 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for valkey fixes the following issues: - CVE-2025-32023: Fixed an out-of-bounds write when working with HyperLogLog commands that can lead to remote code execution. (bsc#1246059) - CVE-2025-48367: Fixed unauthenticated connection causing repeated IP protocol erros that can lead to client starvation and DoS. (bsc#1246058) valkey-8.0.2-150700.3.8.1.src.rpm valkey-8.0.2-150700.3.8.1.x86_64.rpm valkey-compat-redis-8.0.2-150700.3.8.1.noarch.rpm valkey-devel-8.0.2-150700.3.8.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2682 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for apache2 fixes the following issues: - CVE-2024-42516: Fixed HTTP response splitting. (bsc#1246477) - CVE-2024-43204: Fixed a SSRF when mod_proxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. (bsc#1246305) - CVE-2024-47252: Fixed insufficient escaping of user-supplied data in mod_ssl allows an untrusted SSL/TLS client to insert escape characters into log file. (bsc#1246303) - CVE-2025-23048: Fixed access control bypass by trusted clients through TLS 1.3 session resumption in some mod_ssl configurations. (bsc#1246302) - CVE-2025-49630: Fixed denial of service can be triggered by untrusted clients causing an assertion in mod_proxy_http2. (bsc#1246307) - CVE-2025-49812: Fixed Opossum Attack Application Layer Desynchronization using Opportunistic TLS. (bsc#1246169) - CVE-2025-53020: Fixed HTTP/2 denial of service due to late release of memory after effective lifetime. (bsc#1246306) apache2-2.4.51-150400.6.46.1.src.rpm apache2-doc-2.4.51-150400.6.46.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2685 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for apache2 fixes the following issues: - CVE-2024-42516: Fixed HTTP response splitting. (bsc#1246477) - CVE-2024-43204: Fixed a SSRF when mod_proxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. (bsc#1246305) - CVE-2024-47252: Fixed insufficient escaping of user-supplied data in mod_ssl allows an untrusted SSL/TLS client to insert escape characters into log file. (bsc#1246303) - CVE-2025-23048: Fixed access control bypass by trusted clients through TLS 1.3 session resumption in some mod_ssl configurations. (bsc#1246302) - CVE-2025-49630: Fixed denial of service can be triggered by untrusted clients causing an assertion in mod_proxy_http2. (bsc#1246307) - CVE-2025-49812: Fixed Opossum Attack Application Layer Desynchronization using Opportunistic TLS. (bsc#1246169) - CVE-2025-53020: Fixed HTTP/2 denial of service due to late release of memory after effective lifetime. (bsc#1246306) apache2-devel-2.4.62-150700.4.3.1.src.rpm apache2-devel-2.4.62-150700.4.3.1.x86_64.rpm apache2-utils-2.4.62-150700.4.3.1.src.rpm apache2-utils-2.4.62-150700.4.3.1.x86_64.rpm apache2-worker-2.4.62-150700.4.3.1.src.rpm apache2-worker-2.4.62-150700.4.3.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2582 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for proftpd fixes the following issues: - The previously applied patch broke the build such that mod_sftp.so was no longer installed. This change updates the patch to remedy that issue. ([bsc#1246853) proftpd-1.3.8b-150600.13.12.1.src.rpm proftpd-1.3.8b-150600.13.12.1.x86_64.rpm proftpd-devel-1.3.8b-150600.13.12.1.x86_64.rpm proftpd-doc-1.3.8b-150600.13.12.1.x86_64.rpm proftpd-lang-1.3.8b-150600.13.12.1.noarch.rpm proftpd-ldap-1.3.8b-150600.13.12.1.x86_64.rpm proftpd-mysql-1.3.8b-150600.13.12.1.x86_64.rpm proftpd-pgsql-1.3.8b-150600.13.12.1.x86_64.rpm proftpd-radius-1.3.8b-150600.13.12.1.x86_64.rpm proftpd-sqlite-1.3.8b-150600.13.12.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2549 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for qemu fixes the following issues: - [roms] seabios: include "pciinit: don't misalign large BARs" (bsc#1246566) qemu-9.2.4-150700.3.8.1.src.rpm qemu-9.2.4-150700.3.8.1.x86_64.rpm qemu-accel-tcg-x86-9.2.4-150700.3.8.1.x86_64.rpm qemu-audio-alsa-9.2.4-150700.3.8.1.x86_64.rpm qemu-audio-dbus-9.2.4-150700.3.8.1.x86_64.rpm qemu-audio-pa-9.2.4-150700.3.8.1.x86_64.rpm qemu-audio-pipewire-9.2.4-150700.3.8.1.x86_64.rpm qemu-audio-spice-9.2.4-150700.3.8.1.x86_64.rpm qemu-block-curl-9.2.4-150700.3.8.1.x86_64.rpm qemu-block-iscsi-9.2.4-150700.3.8.1.x86_64.rpm qemu-block-nfs-9.2.4-150700.3.8.1.x86_64.rpm qemu-block-rbd-9.2.4-150700.3.8.1.x86_64.rpm qemu-block-ssh-9.2.4-150700.3.8.1.x86_64.rpm qemu-chardev-baum-9.2.4-150700.3.8.1.x86_64.rpm qemu-chardev-spice-9.2.4-150700.3.8.1.x86_64.rpm qemu-guest-agent-9.2.4-150700.3.8.1.x86_64.rpm qemu-headless-9.2.4-150700.3.8.1.x86_64.rpm qemu-hw-display-qxl-9.2.4-150700.3.8.1.x86_64.rpm qemu-hw-display-virtio-gpu-9.2.4-150700.3.8.1.x86_64.rpm qemu-hw-display-virtio-gpu-pci-9.2.4-150700.3.8.1.x86_64.rpm qemu-hw-display-virtio-vga-9.2.4-150700.3.8.1.x86_64.rpm qemu-hw-usb-host-9.2.4-150700.3.8.1.x86_64.rpm qemu-hw-usb-redirect-9.2.4-150700.3.8.1.x86_64.rpm qemu-ipxe-9.2.4-150700.3.8.1.noarch.rpm qemu-ksm-9.2.4-150700.3.8.1.x86_64.rpm qemu-lang-9.2.4-150700.3.8.1.noarch.rpm qemu-seabios-9.2.41.16.3_3_g3d33c746-150700.3.8.1.noarch.rpm qemu-spice-9.2.4-150700.3.8.1.x86_64.rpm qemu-ui-curses-9.2.4-150700.3.8.1.x86_64.rpm qemu-ui-dbus-9.2.4-150700.3.8.1.x86_64.rpm qemu-ui-gtk-9.2.4-150700.3.8.1.x86_64.rpm qemu-ui-opengl-9.2.4-150700.3.8.1.x86_64.rpm qemu-ui-spice-app-9.2.4-150700.3.8.1.x86_64.rpm qemu-ui-spice-core-9.2.4-150700.3.8.1.x86_64.rpm qemu-vgabios-9.2.41.16.3_3_g3d33c746-150700.3.8.1.noarch.rpm qemu-x86-9.2.4-150700.3.8.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2941 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for mariadb fixes the following issues: - Update to 11.8.2: https://mariadb.com/kb/en/mariadb-11-8-2-release-notes/ https://mariadb.com/kb/en/mariadb-11-8-2-changelog/ - Update list of skipped tests libmariadbd-devel-11.8.2-150700.3.3.1.x86_64.rpm libmariadbd19-11.8.2-150700.3.3.1.x86_64.rpm mariadb-11.8.2-150700.3.3.1.src.rpm mariadb-11.8.2-150700.3.3.1.x86_64.rpm mariadb-client-11.8.2-150700.3.3.1.x86_64.rpm mariadb-errormessages-11.8.2-150700.3.3.1.noarch.rpm mariadb-tools-11.8.2-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3054 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for openvswitch fixes the following issues: - Renamed python{3,311}-ovs to python{3,311}-openvswitch for distribution consistency. (jsc#PED-13221) libopenvswitch-3_5-0-3.5.0-150700.41.3.1.x86_64.rpm libovn-25_03-0-25.03.0-150700.41.3.1.x86_64.rpm openvswitch-3.5.0-150700.41.3.1.src.rpm openvswitch-3.5.0-150700.41.3.1.x86_64.rpm openvswitch-devel-3.5.0-150700.41.3.1.x86_64.rpm openvswitch-ipsec-3.5.0-150700.41.3.1.x86_64.rpm openvswitch-pki-3.5.0-150700.41.3.1.x86_64.rpm openvswitch-test-3.5.0-150700.41.3.1.x86_64.rpm openvswitch-vtep-3.5.0-150700.41.3.1.x86_64.rpm ovn-25.03.0-150700.41.3.1.x86_64.rpm ovn-central-25.03.0-150700.41.3.1.x86_64.rpm ovn-devel-25.03.0-150700.41.3.1.x86_64.rpm ovn-docker-25.03.0-150700.41.3.1.x86_64.rpm ovn-host-25.03.0-150700.41.3.1.x86_64.rpm ovn-vtep-25.03.0-150700.41.3.1.x86_64.rpm python3-openvswitch-3.5.0-150700.41.3.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3039 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for nginx fixes the following issues: - Drop root priviledges while running logrotate (bsc#1246090) nginx-1.21.5-150600.10.9.1.src.rpm nginx-1.21.5-150600.10.9.1.x86_64.rpm nginx-source-1.21.5-150600.10.9.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2769 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for amber-cli fixes the following issues: - Update to version 1.13.1+git20250329.c2e3bb8: * CVE-2025-30204: Fixed jwt-go excessive memory allocation during header parsing (bsc#1240511) * jwt version upgrade (#174) * Update policy size limit to 20k (#173) * Update tenant user model with latest changes (#172) * Fix/workflow (#171) * Upgrade GO version to 1.23.6 (#170) * Update golang jwt dependency (#169) * Update TMS roles struct (#167) * Update jwt dependency version (#165) * Add changes to support JWT (#163) * Update roles struct to be in sync with TMS (#164) * go upgrade to 1.22.7 (#162) * CASSINI-22266: Added permissions in ci workflow files (#153) * Add check for missing Security.md file (#150) * Go version upgrade to 1.22.5 (#148) * CLI changes (#140) * Bump github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7 (#147) * Update product model to include multiple plan IDs (#146) * Updated the help section (#145) * Mark policy type field as not required (#144) * Upgrade/goversion 1.22.3 (#143) * Remove policy type and attestation type check for policy creation (#142) * Go version upgrade 1.22.2 (#141) * Fix error message to include the correct set of characters (#138) * UT coverage 80.9% (#137) * Fix push installer workflow (#136) * 3rd party versions upgrade (#133) * GO version upgrade to 1.22.0 (#132) * Fix/go version 1.21.6 (#127) * Update API key validation regex as per latest changes (#125) * Update API key validation regex as per latest changes (#124) * dependency version upgrade (#123) * Update tag create model (#121) * CASSINI-10113: Add scans in CI (#99) * corrected minor check condition (#120) * Add check to validate env variable before setting (#119) * Add version-check script (#118) * Add file path check for invalid characters (#116) * Update compoenent version (#117) * Update README as per suggestions (#113) (#115) * Added HTTP scheme validation to avoid API Key leakage (#108) * CASSINI-10987 Golang version upgrade to 1.21.4 (#114) * Update policy model as per the latest changes (#109) * Remove branch info from on schedule (#106) * Add BDBA scan to CI (#104) * Update CLI URL (#105) * updated licenses (#102) * Updated version of all components to v1.0.0 for GA (#100) * Validate the email id input before requesting list of users (#98) * Remove redundant print statements (#97) * Request ID and trace ID should be visible on the console for errors as well (#96) * Update sample policy as per token profile update changes (#95) * Update CLI name from tenantclt to inteltrustauthority (#93) * Update the headers for request and trace id (#94) * cassini-9466-Go version update to 1.20.6 (#91) * Add retry logic to client in tenant CLI (#92) * Add request-id optional parameter for each command (#90) - Override build date with SOURCE_DATE_EPOCH (bsc#1047218) amber-cli-1.13.1+git20250329.c2e3bb8-150600.3.3.1.src.rpm amber-cli-1.13.1+git20250329.c2e3bb8-150600.3.3.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3072 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for sysstat fixes the following issues: - Renaming services to allow preset in systemd-presets-branding-SLE to work (bsc#1244553, bsc#1246835). - Fix argument order of find (bsc#1246852). - Fix systemd timers that are not enabled after upgrade (bsc#1244553). - deleted 90-sysstat.preset file, not needed anymore. sysstat-12.0.2-150000.3.48.3.src.rpm sysstat-isag-12.0.2-150000.3.48.3.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3234 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for rabbitmq-server313 fixes the following issues: - CVE-2025-50200: Fixed logging of Basic Auth header from an HTTP request (bsc#1245105) - Fixed bad logrotate configuration allowing potential escalation from rabbitmq to root (bsc#1246091) erlang-rabbitmq-client313-3.13.1-150600.13.11.1.x86_64.rpm rabbitmq-server313-3.13.1-150600.13.11.1.src.rpm rabbitmq-server313-3.13.1-150600.13.11.1.x86_64.rpm rabbitmq-server313-bash-completion-3.13.1-150600.13.11.1.noarch.rpm rabbitmq-server313-plugins-3.13.1-150600.13.11.1.x86_64.rpm rabbitmq-server313-zsh-completion-3.13.1-150600.13.11.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3841 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for ibmtss fixes the following issue: - Remove test certs, keys, data (bsc#1239985). ibmtss-2.4.0-150700.4.3.2.src.rpm ibmtss-2.4.0-150700.4.3.2.x86_64.rpm ibmtss-base-2.4.0-150700.4.3.2.noarch.rpm ibmtss-devel-2.4.0-150700.4.3.2.x86_64.rpm libibmtss2-2.4.0-150700.4.3.2.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3296 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for oracleasm fixes the following issues: - Add support for per-I/O block size selection - Fix oracleasm memory reclaimation not working (bsc#1235682). oracleasm-2.0.8-150700.22.3.2.src.rpm oracleasm-kmp-default-2.0.8_k6.4.0_150700.53.6-150700.22.3.2.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3895 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for openCryptoki fixes the following issues: - ocki, remove the use of MD5, it doesn't work in FIPS mode (bsc#1248002). - Added riscv64 to openCryptoki_64bit_arch openCryptoki-3.24.0-150700.5.3.2.src.rpm openCryptoki-3.24.0-150700.5.3.2.x86_64.rpm openCryptoki-64bit-3.24.0-150700.5.3.2.x86_64.rpm openCryptoki-devel-3.24.0-150700.5.3.2.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3005 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for postgresql16 fixes the following issues: Upgraded to 16.10: * CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table (bsc#1248120) * CVE-2025-8714: Fixed untrusted data inclusion in pg_dump allows superuser of origin server to execute arbitrary code in psql client (bsc#1248122) * CVE-2025-8715: Fixed improper neutralization of newlines in pg_dump leading to arbitrary code execution in the psql client and in the restore target server (bsc#1248119) postgresql16-16.10-150600.16.21.1.src.rpm postgresql16-16.10-150600.16.21.1.x86_64.rpm postgresql16-server-16.10-150600.16.21.1.x86_64.rpm postgresql16-server-devel-16.10-150600.16.21.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-2986 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for postgresql17 fixes the following issues: Updated to 17.6: * CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table (bsc#1248120) * CVE-2025-8714: Fixed untrusted data inclusion in pg_dump allows superuser of origin server to execute arbitrary code in psql client (bsc#1248122) * CVE-2025-8715: Fixed improper neutralization of newlines in pg_dump leading to arbitrary code execution in the psql client and in the restore target server (bsc#1248119) libecpg6-17.6-150600.13.16.1.x86_64.rpm postgresql17-17.6-150600.13.16.1.src.rpm postgresql17-contrib-17.6-150600.13.16.1.x86_64.rpm postgresql17-devel-17.6-150600.13.16.1.x86_64.rpm postgresql17-docs-17.6-150600.13.16.1.noarch.rpm postgresql17-plperl-17.6-150600.13.16.1.x86_64.rpm postgresql17-plpython-17.6-150600.13.16.1.x86_64.rpm postgresql17-pltcl-17.6-150600.13.16.1.x86_64.rpm postgresql17-server-17.6-150600.13.16.1.x86_64.rpm postgresql17-server-devel-17.6-150600.13.16.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3422 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for apache2-mod_security2 fixes the following issues: - CVE-2025-54571: Fixed insufficient return value handling on modsecurity leads to xss and source code disclosure (bsc#1247674) apache2-mod_security2-2.9.4-150400.3.12.1.src.rpm apache2-mod_security2-2.9.4-150400.3.12.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3306 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for sevctl fixes the following issues: - CVE-2024-12224: idna: Fixed improper validation of unsafe equivalence in punycode. (bsc#1243860) - CVE-2025-3416: openssl: Fixed use-after-free in Md::fetch and Cipher::fetch (bsc#1242618) sevctl-0.6.0-150700.3.3.1.src.rpm sevctl-0.6.0-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3163 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for ovmf fixes the following issues: - Update firmware descriptors to remove tab whitespace (bsc#1247847) * Replace tab whitespace with spaces in 50-ovmf-x86_64-sev.json * Replace tab whitespace with spaces in 50-ovmf-x86_64-sev-snp.json - Update firmware descriptors for SEV-SNP (bsc#1247847) * Add 50-ovmf-x86_64-sev-snp.json to support the 'amd-sev-snp' feature. * Remove the sev-snp feature from 50-ovmf-x86_64-sev.json. ovmf-202408-150700.3.9.1.src.rpm ovmf-202408-150700.3.9.1.x86_64.rpm ovmf-tools-202408-150700.3.9.1.x86_64.rpm qemu-ovmf-x86_64-202408-150700.3.9.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3273 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for python-h2 fixes the following issues: - CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers (bsc#1248737) python-h2-3.2.0-150200.3.5.1.src.rpm python3-h2-3.2.0-150200.3.5.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3453 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for frr fixes the following issues: - CVE-2024-55553: excessive resource consumption may lead to denial of service due to repeated RIB revalidation when processing several RPKI updates (bsc#1235237). frr-8.5.6-150500.4.33.1.src.rpm libmlag_pb0-8.5.6-150500.4.33.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3444 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for nginx fixes the following issues: - CVE-2025-53859: the server side may leak arbitrary bytes during the NGINX SMTP authentication process (bsc#1248070). - CVE-2025-23419: session resumption can bypass client certificate authentication requirements using TLSv1.3 (bsc#1236851). nginx-1.21.5-150600.10.12.1.src.rpm nginx-1.21.5-150600.10.12.1.x86_64.rpm nginx-source-1.21.5-150600.10.12.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3172 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for xen fixes the following issues: Security issues fixed: - CVE-2025-27466: NULL pointer dereference in the Viridian interface when updating the reference TSC area (bsc#1248807). - CVE-2025-58142: NULL pointer dereference in the Viridian interface due to assumption that the SIM page is mapped when a synthetic timer message has to be delivered (bsc#1248807). - CVE-2025-58143: information leak and reference counter underflow in the Viridian interface due to race in the mapping of the reference TSC page (bsc#1248807). Other issues fixed: - efi: Call FreePages() only if needed (bsc#1027519). - x86/hpet: do local APIC EOI after interrupt processing (bsc#1027519). - x86/hvm/ioreq: Fix condition in hvm_alloc_legacy_ioreq_gfn() (bsc#1027519). - x86/idle: Fix the C6 eoi_errata[] list to include NEHALEM_EX (bsc#1027519). - x86/iommu: setup MMCFG ahead of IOMMU (bsc#1027519). - x86/mce: Adjustments to intel_init_ppin() (bsc#1027519). - x86/mkelf32: pad load segment to 2Mb boundary (bsc#1027519). xen-4.20.1_04-150700.3.11.1.src.rpm True xen-4.20.1_04-150700.3.11.1.x86_64.rpm True xen-devel-4.20.1_04-150700.3.11.1.x86_64.rpm True xen-tools-4.20.1_04-150700.3.11.1.x86_64.rpm True xen-tools-xendomains-wait-disk-4.20.1_04-150700.3.11.1.noarch.rpm True SUSE-SLE-Module-Server-Applications-15-SP7-2025-3699 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. krb5-1.20.1-150600.11.14.1.src.rpm krb5-plugin-kdb-ldap-1.20.1-150600.11.14.1.x86_64.rpm krb5-server-1.20.1-150600.11.14.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3421 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for sysstat fixes the following issues: - removal of broken symlinks during the post-install phase (bsc#1244553). sysstat-12.0.2-150000.3.51.1.src.rpm sysstat-isag-12.0.2-150000.3.51.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4069 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for openmpi4 fixes the following issues: - Enable Grid Cluster Scheduler support (jsc#PED-13373, jsc#PED-13376) openmpi4-4.1.7-150700.4.3.1.src.rpm openmpi4-4.1.7-150700.4.3.1.x86_64.rpm openmpi4-config-4.1.7-150700.4.3.1.x86_64.rpm openmpi4-devel-4.1.7-150700.4.3.1.x86_64.rpm openmpi4-docs-4.1.7-150700.4.3.1.x86_64.rpm openmpi4-libs-4.1.7-150700.4.3.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3430 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for bind fixes the following issues: - ensure file descriptors 0-2 are in use before using libuv (bsc#1230649) bind-9.20.11-150700.3.9.1.src.rpm bind-9.20.11-150700.3.9.1.x86_64.rpm bind-doc-9.20.11-150700.3.9.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3486 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for grub2 fixes the following issues: - Fix boot hangs in setting up serial console when ACPI SPCR table is present and redirection is disabled (bsc#1249088) grub2-2.12-150700.19.16.1.src.rpm grub2-x86_64-xen-2.12-150700.19.16.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3694 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for mariadb fixes the following issues: - Read config files when doing mysql_upgrade (bsc#1249396) libmariadbd-devel-11.8.3-150700.3.6.1.x86_64.rpm libmariadbd19-11.8.3-150700.3.6.1.x86_64.rpm mariadb-11.8.3-150700.3.6.1.src.rpm mariadb-11.8.3-150700.3.6.1.x86_64.rpm mariadb-client-11.8.3-150700.3.6.1.x86_64.rpm mariadb-errormessages-11.8.3-150700.3.6.1.noarch.rpm mariadb-tools-11.8.3-150700.3.6.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3934 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). cyrus-sasl-bdb-2.1.28-150600.7.9.2.src.rpm cyrus-sasl-bdb-devel-2.1.28-150600.7.9.2.x86_64.rpm cyrus-sasl-saslauthd-2.1.28-150600.7.9.2.src.rpm cyrus-sasl-sqlauxprop-2.1.28-150600.7.9.2.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3692 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for 389-ds fixes the following issues: - prevent segfault on extremely large queries (bsc#1249033). - do not delete referrals on chain_on_update backend - prevent stack depth being hit - The parentId attribute is indexed with improper matching rule - When deferred memberof update is enabled after the server crashed it should not launch memberof fixup task by default - memberOf - ignored deferred updates with LMDB - Compilation failure with rust-1.89 on Fedora ELN - UI - Replace deprecated Select components with new TypeaheadSelect - UI - Fix typeahead Select fields losing values on Enter keypress - UI - Show error message when trying to use unavailable ports - More UI fixes - Revise time skew check in healthcheck tool and add option to exclude checks - UI - update Radio handlers and LDAP entries last modified time - dsconf monitor server fails with ldapi:// due to absent server ID - Make user/subtree policy creation idempotent - AddressSanitizer: leak in agmt_update_init_status - AddressSanitizer: leak in do_search - AddressSanitizer: memory leak in mdb_init - Memory leak in roles_cache_create_object_from_entry part 2 - Memory leak in roles_cache_create_object_from_entry - RFE - Allow system to manage uid/gid at startup - Adjust xfail marks - ns-slapd crashes when a referral is added - CLI - Fix default error log level - Fix disk monitoring test failures and improve test maintainability - Mask password hashes in audit logs - Add test for numSubordinates replication consistency with tombstones - Add test for entryUSN overflow on failed add operations - Crash if repl keep alive entry can not be created - Log user that is updated during password modify extended operation - dsconf - Replicas with the "consumer" role allow for viewing and modification of their changelog. - instance read-only mode is broken - Prevent repeated disconnect logs during shutdown - compressed log rotation creates files with world readable permission - str2filter is not fully applying matching rules - UI - schema attribute table expansion break after moving to a new page - CLI, UI - Properly handle disabled NDN cache - uiduniq: allow specifying match rules in the filter 389-ds-2.5.3~git144.95b15d57c-150700.3.6.1.src.rpm 389-ds-2.5.3~git144.95b15d57c-150700.3.6.1.x86_64.rpm 389-ds-devel-2.5.3~git144.95b15d57c-150700.3.6.1.x86_64.rpm lib389-2.5.3~git144.95b15d57c-150700.3.6.1.x86_64.rpm libsvrcore0-2.5.3~git144.95b15d57c-150700.3.6.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4360 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for apache2 fixes the following issues: - Fixed binary path for Apache's MPM that was partially duplicated when it can't be invoked/found (bsc#1249359) apache2-2.4.51-150400.6.49.1.src.rpm apache2-doc-2.4.51-150400.6.49.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4358 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for apache2 fixes the following issues: - Fixed binary path for Apache's MPM that was partially duplicated when it can't be invoked/found (bsc#1249359) apache2-devel-2.4.62-150700.4.6.1.src.rpm apache2-devel-2.4.62-150700.4.6.1.x86_64.rpm apache2-utils-2.4.62-150700.4.6.1.src.rpm apache2-utils-2.4.62-150700.4.6.1.x86_64.rpm apache2-worker-2.4.62-150700.4.6.1.src.rpm apache2-worker-2.4.62-150700.4.6.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3606 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for squid fixes the following issues: - CVE-2025-59362: fixed buffer overflow (bsc#1250627) squid-6.10-150600.3.9.1.src.rpm squid-6.10-150600.3.9.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3502 critical SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for valkey to version 8.0.6 fixes the following security issues: - CVE-2025-49844: Malicious Lua scripts may lead to remote code execution. [bsc#1250995] - CVE-2025-46817: Malicious Lua scripts may lead to integer overflow and potential remote code execution. [bsc#1250995] - CVE-2025-46818: Malicious Lua scripts can be executed in the context of another user. [bsc#1250995] - CVE-2025-46819: Malicious Lua scripts can trigger out-of-bound reads to facilitate denial-of-service attacks. [bsc#1250995] valkey-8.0.6-150700.3.11.1.src.rpm valkey-8.0.6-150700.3.11.1.x86_64.rpm valkey-compat-redis-8.0.6-150700.3.11.1.noarch.rpm valkey-devel-8.0.6-150700.3.11.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3977 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for ovmf fixes the following issues: - Add backported patch for ovmf (bsc#1250048) * MdeModulePkg: Leak Memory if Not RW on FreePages ovmf-202408-150700.3.12.1.src.rpm ovmf-202408-150700.3.12.1.x86_64.rpm ovmf-tools-202408-150700.3.12.1.x86_64.rpm qemu-ovmf-x86_64-202408-150700.3.12.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3750 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for libvirt fixes the following issues: - qemu: Fix firmware auto-selection for SEV-SNP enabled VMs (bsc#1241211) libvirt-11.0.0-150700.4.10.1.src.rpm libvirt-11.0.0-150700.4.10.1.x86_64.rpm libvirt-client-11.0.0-150700.4.10.1.x86_64.rpm libvirt-client-qemu-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-common-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-config-network-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-config-nwfilter-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-driver-interface-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-driver-libxl-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-driver-network-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-driver-nodedev-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-driver-nwfilter-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-driver-qemu-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-driver-secret-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-driver-storage-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-driver-storage-core-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-driver-storage-disk-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-direct-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-driver-storage-logical-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-driver-storage-mpath-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-driver-storage-rbd-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-driver-storage-scsi-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-hooks-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-lock-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-log-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-plugin-lockd-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-plugin-sanlock-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-proxy-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-qemu-11.0.0-150700.4.10.1.x86_64.rpm libvirt-daemon-xen-11.0.0-150700.4.10.1.x86_64.rpm libvirt-devel-11.0.0-150700.4.10.1.x86_64.rpm libvirt-doc-11.0.0-150700.4.10.1.noarch.rpm libvirt-nss-11.0.0-150700.4.10.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3792 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for qemu fixes the following issues: - [openSUSE] rpm/spec: qemu-vgabios is required on ppc (bsc#1230042) - [openSUSE][RPM] spec: Require ipxe and virtio-gpu packages for more arch-es (bsc#1240157) - [openSUSE] supportconfig: Adapt plugin to modern supportconfig (bsc#1251822) - tests/acpi: q35: Update host address width in DMAR (bsc#1228343) - intel_iommu: Set default aw_bits to 48 starting from QEMU 9.2 (bsc#1228343) - tests/acpi: q35: allow DMAR acpi table changes (bsc#1228343) qemu-7.1.0-150500.49.33.2.src.rpm qemu-sgabios-8-150500.49.33.2.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3809 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for rabbitmq-server fixes the following issues: - CVE-2025-50200: prevented logging of Basic Auth header from HTTP requests (bsc#1245105) - fixed a bad logrotate configuration that allowed escalation from rabbitmq to root, /var/log/rabbitmq ownership is now 750 (bsc#1246091) erlang-rabbitmq-client-3.8.11-150300.3.22.2.x86_64.rpm rabbitmq-server-3.8.11-150300.3.22.2.src.rpm rabbitmq-server-3.8.11-150300.3.22.2.x86_64.rpm rabbitmq-server-plugins-3.8.11-150300.3.22.2.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3990 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for mirror fixes the following issue: - Fix the %licence tag for the package (bsc#1252164). mirror-2.9-150000.3.9.2.noarch.rpm mirror-2.9-150000.3.9.2.src.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3793 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for xen fixes the following issues: - CVE-2025-58147, CVE-2025-58148: fixed input sanitisation in Viridian hypercalls (XSA-475, bsc#1251271) xen-4.20.1_06-150700.3.14.1.src.rpm xen-4.20.1_06-150700.3.14.1.x86_64.rpm xen-devel-4.20.1_06-150700.3.14.1.x86_64.rpm xen-tools-4.20.1_06-150700.3.14.1.x86_64.rpm xen-tools-xendomains-wait-disk-4.20.1_06-150700.3.14.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3807 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for erlang fixes the following issues: - CVE-2025-48041: fixed erlang exhaustion of file handles in SSH (bsc#1249473) erlang-23.3.4.19-150300.3.26.1.src.rpm erlang-23.3.4.19-150300.3.26.1.x86_64.rpm erlang-epmd-23.3.4.19-150300.3.26.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-3903 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for bind fixes the following issues: Upgrade to release 9.20.15: - CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found (bsc#1252378). - CVE-2025-40778: Address various spoofing attacks (bsc#1252379). - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380). bind-9.20.15-150700.3.12.1.src.rpm bind-9.20.15-150700.3.12.1.x86_64.rpm bind-doc-9.20.15-150700.3.12.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4054 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for ongres-scram fixes the following issues: - CVE-2025-59432: Fixed timing attack vulnerability in SCRAM Authentication (bsc#1250399) ongres-scram-2.1-150400.8.5.1.noarch.rpm ongres-scram-2.1-150400.8.5.1.src.rpm ongres-scram-client-2.1-150400.8.5.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4035 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for erlang26 fixes the following issues: - CVE-2025-48041: Fixed exhaustion of file handles in ssh (bsc#1249473) erlang26-26.2.1-150300.7.19.1.src.rpm erlang26-26.2.1-150300.7.19.1.x86_64.rpm erlang26-epmd-26.2.1-150300.7.19.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4082 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for openvswitch fixes the following issues: - Update OVN to 25.03.1 - Update Openvswitch to 3.5.2 - Bug fixes (jsc#PED-13647) libopenvswitch-3_5-0-3.5.2-150700.41.6.1.x86_64.rpm libovn-25_03-0-25.03.1-150700.41.6.1.x86_64.rpm openvswitch-3.5.2-150700.41.6.1.src.rpm openvswitch-3.5.2-150700.41.6.1.x86_64.rpm openvswitch-devel-3.5.2-150700.41.6.1.x86_64.rpm openvswitch-ipsec-3.5.2-150700.41.6.1.x86_64.rpm openvswitch-pki-3.5.2-150700.41.6.1.x86_64.rpm openvswitch-test-3.5.2-150700.41.6.1.x86_64.rpm openvswitch-vtep-3.5.2-150700.41.6.1.x86_64.rpm ovn-25.03.1-150700.41.6.1.x86_64.rpm ovn-central-25.03.1-150700.41.6.1.x86_64.rpm ovn-devel-25.03.1-150700.41.6.1.x86_64.rpm ovn-docker-25.03.1-150700.41.6.1.x86_64.rpm ovn-host-25.03.1-150700.41.6.1.x86_64.rpm ovn-vtep-25.03.1-150700.41.6.1.x86_64.rpm python3-openvswitch-3.5.2-150700.41.6.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4026 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for squid fixes the following issues: - CVE-2025-62168: Fixed failure to redact HTTP authentication credentials in error handling leading to information disclosure (bsc#1252281) squid-6.10-150600.3.14.1.src.rpm squid-6.10-150600.3.14.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4052 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for dpdk fixes the following issues: - acl: fix build with GCC 15 on aarch64 - app/crypto-perf: fix AAD offset alignment - app/eventdev: fix number of releases sent during cleanup - app/testpmd: * fix: flow random item token and RSS hash key update * relax number of TCs in DCB command - buildtools/test: scan muti-line registrations - bus/auxiliary: fix crash in cleanup - bus: cleanup device lists - bus/fslmc: fix use after free - bus/pci/bsd: fix device existence check - bus/vmbus: * align ring buffer data to page boundary * use Hyper-V page size - common/cnxk: * fix: AES-CTR salt handling, aura offset, CQ tail drop, E-tag pattern parsing, qsize in CPT iq enable - common/dpaax: * fix: PDCP AES only 12-bit SN, PDCP key command race condition - common/mlx5: * fix: dependency detection on Windows and extraction of auxiliary device name - crypto/cnxk: * fix: out-of-bounds access in SM2, QP stats, uninitialized variable and update SG list population - crypto/dpaa2_sec: fix uninitialized variable - crypto/openssl: include private exponent in RSA session - crypto/qat: * fix: out-of-place chain/cipher/auth headers, out-of-place header bytes in AEAD raw API and size calculation for memset - crypto/virtio: * add request check on request side * fix cipher data source length and driver cleanup - doc: * add kernel options required for mlx5 * fix missing feature matrix for event device * remove reference to deprecated –use-device option - dts: fix deterministic doc - eal: * add description of service corelist in usage * fix return value of lcore role and warn if no lcore is available - eal/freebsd: unregister alarm callback before free - eal/linux: improve ASLR check and unregister alarm callback before free - eal/unix: fix log message for madvise failure - eal/x86: fix C++ build - ethdev: fix error struct in flow configure and keep promiscuous/allmulti value before disabling - event/cnxk: fix missing HW state checks - eventdev: fix flag types consistency - event/dlb2: * fix: default credits based on HW version, dequeue with CQ depth less than or equal to 16, num single link ports for DLB2.5,public symbol namespace, QID depth xstat, validaton of LDB port COS ID arguments - examples/flow_filtering: fix make clean - examples/ipsec-secgw: fix crash in event vector mode, crash with IPv6 and number of queue pairs - examples/ntb: check more heap allocations - mem: fix lockup on address space shortage - net/af_xdp: fix use after free in zero-copy Tx - net/bonding: avoid RSS RETA update in flow isolation mode - net/cnxk: fix descriptor count update on reconfig and lock for security session operations - net/e1000: fix EEPROM dump, igb Tx queue offloads capability and xstats name - net/ena: fix aenq timeout with low poll interval and control path interrupt mode - net: fix IPv6 check for IPv4 compat - net/fm10k/base: fix compilation warnings - net/hns3: * allow Tx vector when fast free not enabled, * check requirement for hardware GRO and Rx packet without CRC data * fix: CRC data segment,divide by zero, extra wait for link up, integer overflow in interrupt unmap, interrupt rollback, memory leak for indirect flow action, memory leak on failure, queue TC configuration on VF,resources release on reset, - net/i40e/base: fix compiler warnings and unused value warnings - net/i40e: fix RSS on plain IPv4 - net/iavf: fix VLAN strip disabling for ADQ v2 capability and setting after enabling filter - net/ice/base: fix integer overflow, media type check, type conversion and typo in device ID description - net/ice: * fix: flow creation failure, handling empty DCF RSS hash, querying RSS hash for DCF and support for 3 scheduler levels - net/idpf: fix truncation of constant value - net/ixgbe/base: * correct definition of endianness macro, * fix: compilation warnings, link status for E610 and lock checker errors - net/ixgbe: * enable ethertype filter for E610 * fix: indentation, port mask default value in filter, * remove VLANs and skip MACsec stats for E610 - net/mana: check vendor ID when probing RDMA device - net/mlx5: * align PF and VF/SF MAC address handling, avoid setting kernel MTU if not needed, * fix: access to auxiliary flow data, counter pool init error propagation counter service cleanup on init failure, crash in HWS counter pool destroy, crash on age query with indirect conntrack, error notification for large flow patterns, flex tunnel flow validation, crash in HWS counter pool destroy, crash on age query with indirect conntrack, GRE flow item validation, header modify action on group 0, hypervisor detection in VLAN workaround, link on Windows, mark action with shared Rx queue,masked indirect age action validation, maximal queue size query, out-of-order completions in ordinary Rx burst, template flow rule identification, validation for GENEVE options, VLAN stripping on hairpin queue, WQE size calculation for Tx queue, remove unsupported flow meter action in HWS, validate GTP PSC QFI width - net/mlx5/hws: fix send queue drain on FW WQE destroy - net/netvsc: add stats counters from VF and use Hyper-V page size - net/nfp: * fix: control message overflow, crash with null RSS hash key flow rule freeing , hash key length logic, * standardize: NFD3 Tx descriptor endianness and Rx descriptor endianness - net/ngbe: fix device statistics and MAC control frame forwarding - net/ntnic: * avoid divide by zero * fix ring queue operation * remove unused code * unmap DMA during queue release - net/null: fix packet copy - net/octeon_ep: * fix buffer refill * increase mailbox timeout - net/qede: fix use after free - net/sfc: fix action order on start failure - net/tap: fix qdisc add failure handling - net/txgbe: * add LRO flag in mbuf when enabled * fix: device statistics, FDIR perfect mode for IPv6 MAC control frame forwarding, ntuple filter parsing, packet type for FDIR filter, raw pattern match for FDIR rule reserved extra FDIR headroom, create FDIR filter for SCTP packet adn tunnel packet * restrict VLAN strip configuration on VF - pcapng: fix null dereference in close - power/intel_uncore: fix crash closing uninitialized driver - test/crypto: * fix: auth and cipher case IV length, EdDSA vector description, RSA decrypt validation, RSA vector as per RFC 8017 * set to null after freeing operation - test/lcore: fix race in per-lcore test - test/malloc: improve resiliency - trace: fix overflow in per-lcore trace buffer - vhost/crypto: fix cipher data length - vhost: * fix net control virtqueue used length, wrapping on control virtqueue rings * search virtqueues driver data in read-only area - Fix issue with always_inline on older gcc7 dpdk-24.11.3-150700.3.3.1.src.rpm dpdk-24.11.3-150700.3.3.1.x86_64.rpm dpdk-devel-24.11.3-150700.3.3.1.x86_64.rpm dpdk-tools-24.11.3-150700.3.3.1.x86_64.rpm libdpdk-25-24.11.3-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4068 critical SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for lasso fixes the following issues: - CVE-2025-46404: Fixed denial of service in Entr'ouvert Lasso (bsc#1253092) - CVE-2025-46705: Fixed denial of service in Entr'ouvert Lasso (bsc#1253093) - CVE-2025-47151: Fixed type confusion vulnerability in the lasso_node_impl_init_from_xml functionality (bsc#1253095) lasso-2.8.2-150600.3.5.1.src.rpm liblasso3-2.8.2-150600.3.5.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4155 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. cyrus-sasl-bdb-2.1.28-150600.7.14.1.src.rpm cyrus-sasl-bdb-devel-2.1.28-150600.7.14.1.x86_64.rpm cyrus-sasl-saslauthd-2.1.28-150600.7.14.1.src.rpm cyrus-sasl-sqlauxprop-2.1.28-150600.7.14.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4404 low SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for davfs2 fixes the following issue: - Add davfs2 to the SLES Basesystem (PED-13444) davfs2-1.5.4-150000.3.13.1.src.rpm davfs2-1.5.4-150000.3.13.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4419 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for xen fixes the following issues: Update to Xen 4.20.2 (jsc#PED-8907). Security issues fixed: - CVE-2025-58149: incorrect removal of permissions on PCI device unplug allows PV guests to access memory of devices no longer assigned to it (XSA-476, bsc#1252692). Other issues fixed: - Failure to restart xenstored (bsc#1254180). xen-4.20.2_02-150700.3.19.1.src.rpm True xen-4.20.2_02-150700.3.19.1.x86_64.rpm True xen-devel-4.20.2_02-150700.3.19.1.x86_64.rpm True xen-tools-4.20.2_02-150700.3.19.1.x86_64.rpm True xen-tools-xendomains-wait-disk-4.20.2_02-150700.3.19.1.noarch.rpm True SUSE-SLE-Module-Server-Applications-15-SP7-2025-4305 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for grub2 fixes the following issues: - CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931) - CVE-2025-54770: Fixed missing unregister call for net_set_vlan command may lead to use-after-free (bsc#1252930) - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) - CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) - CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) - CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) Other fixes: - Bump upstream SBAT generation to 6 - Fixed timeout when loading initrd via http after PPC CAS reboot (bsc#1245953) grub2-2.12-150700.19.19.1.src.rpm grub2-x86_64-xen-2.12-150700.19.19.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4403 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for virt-manager fixes the following issues: - Unable to create an SEV-SNP enabled guest with virt-manager. This simplifies the code from what used to be required for sev while adding initial tdx support. (bsc#1252105) - Fix issues with detection of openSUSE Leap 16. - Adjust how we detect sles16 as the media layout changes. (bsc#1244685, bsc#1249466) - In some cases KVM virt-manager detects windows 2025 as 2022 (bsc#1247865) - Add support for creating TDX guests in virt-install (jsc#PED-9265) - Could not find an installable distribution with virt-install command (bsc#1244685) - Additional Upstream bug fixes (bsc#1027942) virt-install-5.0.0-150700.7.8.1.noarch.rpm virt-manager-5.0.0-150700.7.8.1.noarch.rpm virt-manager-5.0.0-150700.7.8.1.src.rpm virt-manager-common-5.0.0-150700.7.8.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4402 low SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for libusb-compat fixes the following issues: - Ship libusb-0_1-4 to PackageHUB (bsc#1219583) libusb-0_1-4-0.1.13-150400.14.2.1.x86_64.rpm libusb-compat-0.1.7-150400.14.2.1.src.rpm libusb-compat-devel-0.1.7-150400.14.2.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4388 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for postgresql16 fixes the following issues: Upgraded to 16.11: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS (bsc#1253332) - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq (bsc#1253333) Other fixes: - Use %product_libs_llvm_ver to determine the LLVM version. - Remove conditionals for obsolete PostgreSQL releases. - Sync spec file from version 18. postgresql16-16.11-150600.16.25.1.src.rpm postgresql16-16.11-150600.16.25.1.x86_64.rpm postgresql16-server-16.11-150600.16.25.1.x86_64.rpm postgresql16-server-devel-16.11-150600.16.25.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4363 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: - Fix build with uring for post SLE15 code streams. Update to 18.1: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/18.1/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - pg_config --libs returns -lnuma so we need to require it. Update to 18.0: * https://www.postgresql.org/about/news/p-3142/ * https://www.postgresql.org/docs/18/release-18.html Changes in postgresql17: Update to 17.7: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/17.7/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - switch library to pg 18 libecpg6-18.1-150600.13.3.1.x86_64.rpm postgresql-18-150700.23.3.1.src.rpm postgresql-contrib-18-150700.23.3.1.noarch.rpm postgresql-devel-18-150700.23.3.1.noarch.rpm postgresql-docs-18-150700.23.3.1.noarch.rpm postgresql-plperl-18-150700.23.3.1.noarch.rpm postgresql-plpython-18-150700.23.3.1.noarch.rpm postgresql-pltcl-18-150700.23.3.1.noarch.rpm postgresql-server-18-150700.23.3.1.noarch.rpm postgresql-server-devel-18-150700.23.3.1.noarch.rpm postgresql17-17.7-150600.13.19.1.src.rpm postgresql17-contrib-17.7-150600.13.19.1.x86_64.rpm postgresql17-devel-17.7-150600.13.19.1.x86_64.rpm postgresql17-docs-17.7-150600.13.19.1.noarch.rpm postgresql17-plperl-17.7-150600.13.19.1.x86_64.rpm postgresql17-plpython-17.7-150600.13.19.1.x86_64.rpm postgresql17-pltcl-17.7-150600.13.19.1.x86_64.rpm postgresql17-server-17.7-150600.13.19.1.x86_64.rpm postgresql17-server-devel-17.7-150600.13.19.1.x86_64.rpm postgresql18-18.1-150600.13.3.1.src.rpm postgresql18-contrib-18.1-150600.13.3.1.x86_64.rpm postgresql18-devel-18.1-150600.13.3.1.x86_64.rpm postgresql18-docs-18.1-150600.13.3.1.noarch.rpm postgresql18-plperl-18.1-150600.13.3.1.x86_64.rpm postgresql18-plpython-18.1-150600.13.3.1.x86_64.rpm postgresql18-pltcl-18.1-150600.13.3.1.x86_64.rpm postgresql18-server-18.1-150600.13.3.1.x86_64.rpm postgresql18-server-devel-18.1-150600.13.3.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4497 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for rmt-server contains the following fixes: - Version 2.24: * Enable mirroring xz compressed repositories. (bsc#1246976) * Rack 2.2.20 security update. (bsc#1253953, bsc#1251937) * Drop some de-published products from RMT * rmt-server-pubcloud: * Do not decode instance data coming from the system; (bsc#1248510) * Include Live-Patching for SLES 15.X. (jsc#PCT-630) * Handle only one data exporter. (bsc#1248869) * Do not decode instance data from db to access registry. (bsc#1248510) * Handle instance verification exceptions rmt-server-2.24-150700.3.9.3.src.rpm rmt-server-2.24-150700.3.9.3.x86_64.rpm rmt-server-config-2.24-150700.3.9.3.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4418 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for openCryptoki fixes the following issues: - Upgrade openCryptoki to 3.26 (bsc#1254422) * Soft: Add support for RSA keys up to 16K bits. * CCA: Add support for RSA keys up to 8K bits (requires CCA v8.4 or v7.6 or later). * p11sak: Add support for generating RSA keys up to 16K bits. * Soft/ICA: Add support for SHA512/224 and SHA512/256 key derivation mechanism * Soft/ICA/CCA/EP11: Add support for SHA-HMAC key types CKK_SHAxxx_HMAC and key gen mechanisms CKM_SHAxxx_KEY_GEN. * p11sak: Add support for SHA-HMAC key types and key generation. * p11sak: Add support for key wrap and unwrap commands to export and import private and secret keys by means of key wrapping/unwrapping with various key wrapping mechanism. * p11kmip: Add support for using an HSM-protected TLS client key via a PKCS#11 provider. * p11sak: Add support for exporting non-sensitive private keys to password protected PEM files. * Add support for canceling an operation via NULL mechanism pointer at C_XxxInit() call as an alternative to C_SessionCancel() (PKCS#11 v3.0). * EP11: Add support for pairing friendly BLS12-381 EC curve for sign/verify using CKM_IBM_ECDSA_OTHER and signature/public key aggregation using CKM_IBM_EC_AGGREGATE. * p11sak: Add support for generating BLS12-381 EC keys. * EP11: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms * CCA: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms * Soft: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms * p11sak: Add support for IBM-specific ML-DSA and ML-KEM key types. * Bug fixes. - Upgrade openCryptoki to version 3.25 (jsc#PED-3361) * ICA/Soft: Add support for PKCS#11 v3.0 SHAKE key derivation * EP11: Add support for PKCS#11 v3.0 SHA3 and SHA3-HMAC mechanisms * EP11: Add support for PKCS#11 v3.0 SHA3 mechanisms and MGFs for RSA-OAEP * EP11: Add support for PKCS#11 v3.0 SHA3 variants of RSA-PKCS and ECDSA mechanisms * CCA: Add support for CCA AES CIPHER secure key types * CCA: Add support for the CKM_ECDH1_DERIVE mechanism * Soft/ICA: Add support for the CKM_AES_KEY_WRAP[_*] mechanisms * CCA/Soft/ICA: Add support for the CKM_RSA_AES_KEY_WRAP mechanism * Soft/ICA: Add support for the CKM_ECDH_AES_KEY_WRAP mechanism * ICA: Report mechanisms dependent on if libica is in FIPS mode * P11KMIP: Add a tool for import and exporting PKCS#11 keys to a KMIP server * EP11: Add support for opaque secure key blob import via C_CreateObject * Soft/ICA: Add support for key wrapping with AES-GCM * CCA: Add support for newer CCA versions on s390x and non-s390x platforms * CCA: Add support for CKM_AES_GCM (single-part operations only) * Bug fixes - Amended the .spec file openCryptoki-3.26.0-150700.5.6.1.src.rpm openCryptoki-3.26.0-150700.5.6.1.x86_64.rpm openCryptoki-64bit-3.26.0-150700.5.6.1.x86_64.rpm openCryptoki-devel-3.26.0-150700.5.6.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-2 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for pgaudit fixes the following issues: Added support for pg 18 by adding the 18.0 version - bug fixes: - Error when required hooks are skipped. - Improvements: - SELECT FOR UPDATE object logging improvement. - Disable logging in parallel workers. - Use strpbrk() instead of strstr() where applicable. - Fix search_path for trigger functions. - Minor code optimizations. - Features: - PostgreSQL 18 support. postgresql17-pgaudit-17.1-150600.13.13.1.src.rpm postgresql17-pgaudit-17.1-150600.13.13.1.x86_64.rpm postgresql18-pgaudit-18.0-150600.13.13.1.src.rpm postgresql18-pgaudit-18.0-150600.13.13.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-3 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for pgvector fixes the following issues: - enable postgresql 18 pgvector was updated to 0.8.1: * Added support for Postgres 18 rc1 * Improved performance of `binary_quantize` function - Update to 0.7.0 pgvector-0.8.1-150600.13.6.1.src.rpm pgvector-devel-0.8.1-150600.13.6.1.x86_64.rpm postgresql16-pgvector-0.8.1-150600.13.6.1.src.rpm postgresql16-pgvector-0.8.1-150600.13.6.1.x86_64.rpm postgresql17-pgvector-0.8.1-150600.13.6.1.src.rpm postgresql17-pgvector-0.8.1-150600.13.6.1.x86_64.rpm postgresql18-pgvector-0.8.1-150600.13.6.1.src.rpm postgresql18-pgvector-0.8.1-150600.13.6.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4438 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for mariadb fixes the following issues: - CVE-2025-13699: Fixed MariaDB mariadb-dump utility vulnerable to Path Traversal and Remote Code Execution (bsc#1254313) Other fixes: - Updated to 11.8.5 - Added %license tags to license files (bsc#1252162) - Added INSTALL_DOCREADMEDIR cmake flag to install readme and license files libmariadbd-devel-11.8.5-150700.3.9.1.x86_64.rpm libmariadbd19-11.8.5-150700.3.9.1.x86_64.rpm mariadb-11.8.5-150700.3.9.1.src.rpm mariadb-11.8.5-150700.3.9.1.x86_64.rpm mariadb-client-11.8.5-150700.3.9.1.x86_64.rpm mariadb-errormessages-11.8.5-150700.3.9.1.noarch.rpm mariadb-tools-11.8.5-150700.3.9.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4518 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for apache2 fixes the following issues: - CVE-2025-55753: Fixed mod_md (ACME) unintended retry intervals (bsc#1254511) - CVE-2025-65082: Fixed CGI environment variable override (bsc#1254514) - CVE-2025-58098: Fixed Server Side Includes adding query string to #exec cmd=... (bsc#1254512) - CVE-2025-66200: Fixed mod_userdir+suexec bypass via AllowOverride FileInfo (bsc#1254515) apache2-devel-2.4.62-150700.4.9.1.src.rpm apache2-devel-2.4.62-150700.4.9.1.x86_64.rpm apache2-utils-2.4.62-150700.4.9.1.src.rpm apache2-utils-2.4.62-150700.4.9.1.x86_64.rpm apache2-worker-2.4.62-150700.4.9.1.src.rpm apache2-worker-2.4.62-150700.4.9.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-19 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for apache2 fixes the following issues: - CVE-2025-55753: Fixed mod_md (ACME) unintended retry intervals (bsc#1254511) - CVE-2025-65082: Fixed CGI environment variable override (bsc#1254514) - CVE-2025-58098: Fixed Server Side Includes adding query string to #exec cmd=... (bsc#1254512) - CVE-2025-66200: Fixed mod_userdir+suexec bypass via AllowOverride FileInfo (bsc#1254515) apache2-2.4.51-150400.6.52.1.src.rpm apache2-doc-2.4.51-150400.6.52.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2025-4532 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for apache2-mod_auth_openidc fixes the following issues: - Update to 2.4.17.1 (bsc#1248806 / PED-14130). - Remove many patches, as they've been merged upstream. apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.src.rpm apache2-mod_auth_openidc-2.4.17.1-150600.16.14.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-288 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for qemu fixes the following issues: Security issues fixed: - CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host (bsc#1253002). - CVE-2025-11234: use-after-free in WebSocket handshake operations can be exploited by a malicious client with network access to the VNC WebSocket port to cause a denial-of-service (bsc#1250984). Other updates and bugfixes: - [openSUSE][RPM] spec: require qemu-hw-display-virtio-gpu-pci for x86 too. - [openSUSE][RPM] spec: make glusterfs support conditional (bsc#1254494). - [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286). - block/curl: fix curl internal handles handling (bsc#1252768). - [openSUSE][RPM] spec: qemu-vgabios is required on ppc (bsc#1230042). qemu-9.2.4-150700.3.11.1.src.rpm qemu-9.2.4-150700.3.11.1.x86_64.rpm qemu-accel-tcg-x86-9.2.4-150700.3.11.1.x86_64.rpm qemu-audio-alsa-9.2.4-150700.3.11.1.x86_64.rpm qemu-audio-dbus-9.2.4-150700.3.11.1.x86_64.rpm qemu-audio-pa-9.2.4-150700.3.11.1.x86_64.rpm qemu-audio-pipewire-9.2.4-150700.3.11.1.x86_64.rpm qemu-audio-spice-9.2.4-150700.3.11.1.x86_64.rpm qemu-block-curl-9.2.4-150700.3.11.1.x86_64.rpm qemu-block-iscsi-9.2.4-150700.3.11.1.x86_64.rpm qemu-block-nfs-9.2.4-150700.3.11.1.x86_64.rpm qemu-block-rbd-9.2.4-150700.3.11.1.x86_64.rpm qemu-block-ssh-9.2.4-150700.3.11.1.x86_64.rpm qemu-chardev-baum-9.2.4-150700.3.11.1.x86_64.rpm qemu-chardev-spice-9.2.4-150700.3.11.1.x86_64.rpm qemu-guest-agent-9.2.4-150700.3.11.1.x86_64.rpm qemu-headless-9.2.4-150700.3.11.1.x86_64.rpm qemu-hw-display-qxl-9.2.4-150700.3.11.1.x86_64.rpm qemu-hw-display-virtio-gpu-9.2.4-150700.3.11.1.x86_64.rpm qemu-hw-display-virtio-gpu-pci-9.2.4-150700.3.11.1.x86_64.rpm qemu-hw-display-virtio-vga-9.2.4-150700.3.11.1.x86_64.rpm qemu-hw-usb-host-9.2.4-150700.3.11.1.x86_64.rpm qemu-hw-usb-redirect-9.2.4-150700.3.11.1.x86_64.rpm qemu-ipxe-9.2.4-150700.3.11.1.noarch.rpm qemu-ksm-9.2.4-150700.3.11.1.x86_64.rpm qemu-lang-9.2.4-150700.3.11.1.noarch.rpm qemu-seabios-9.2.41.16.3_3_g3d33c746-150700.3.11.1.noarch.rpm qemu-spice-9.2.4-150700.3.11.1.x86_64.rpm qemu-ui-curses-9.2.4-150700.3.11.1.x86_64.rpm qemu-ui-dbus-9.2.4-150700.3.11.1.x86_64.rpm qemu-ui-gtk-9.2.4-150700.3.11.1.x86_64.rpm qemu-ui-opengl-9.2.4-150700.3.11.1.x86_64.rpm qemu-ui-spice-app-9.2.4-150700.3.11.1.x86_64.rpm qemu-ui-spice-core-9.2.4-150700.3.11.1.x86_64.rpm qemu-vgabios-9.2.41.16.3_3_g3d33c746-150700.3.11.1.noarch.rpm qemu-x86-9.2.4-150700.3.11.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-39 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for qemu fixes the following issues: - CVE-2024-6505: qemu-kvm: virtio-net: Fixed queue index out-of-bounds access in software RSS (bsc#1227397) - CVE-2025-12464: net: pad packets to minimum length in qemu_receive_packet() (bsc#1253002) - CVE-2025-11234: qemu-kvm: Fixed use-after-free in websocket handshake code leading to denial of service (bsc#1250984) Other fixes: - Fixed *-virtio-gpu-pci dependency on ARM (bsc#1254286) - block/curl: Fixed curl internal handles handling (bsc#1252768) qemu-7.1.0-150500.49.36.2.src.rpm qemu-sgabios-8-150500.49.36.2.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-60 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for capstone fixes the following issues: Security issues fixed: - CVE-2025-67873: missing bounds check on user-provided skipdata callback can lead to a heap buffer overflow (bsc#1255309). - CVE-2025-68114: unchecked `vsnprintf` return value can lead to a stack buffer overflow (bsc#1255310). Other updates and bugfixes: - Enable static library, and add `libcapstone-devel-static` subpackage. capstone-4.0.2-150500.3.3.1.src.rpm libcapstone-devel-4.0.2-150500.3.3.1.x86_64.rpm libcapstone4-4.0.2-150500.3.3.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-23 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for erlang26 fixes the following issues: - CVE-2025-48040: Excessive Resource Consumption (bsc#1249472) - CVE-2025-48039: Excessive Use of System Resources (bsc#1249469) - CVE-2025-48038: Excessive Use of System Resources (bsc#1249470) erlang26-26.2.1-150300.7.22.1.src.rpm erlang26-26.2.1-150300.7.22.1.x86_64.rpm erlang26-epmd-26.2.1-150300.7.22.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-279 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for libvirt fixes the following issues: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots (bsc#1253703) - CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML (bsc#1253278) libvirt-11.0.0-150700.4.13.1.src.rpm libvirt-11.0.0-150700.4.13.1.x86_64.rpm libvirt-client-11.0.0-150700.4.13.1.x86_64.rpm libvirt-client-qemu-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-common-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-config-network-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-config-nwfilter-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-driver-interface-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-driver-libxl-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-driver-network-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-driver-nodedev-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-driver-nwfilter-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-driver-qemu-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-driver-secret-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-driver-storage-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-driver-storage-core-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-driver-storage-disk-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-direct-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-driver-storage-logical-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-driver-storage-mpath-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-driver-storage-rbd-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-driver-storage-scsi-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-hooks-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-lock-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-log-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-plugin-lockd-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-plugin-sanlock-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-proxy-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-qemu-11.0.0-150700.4.13.1.x86_64.rpm libvirt-daemon-xen-11.0.0-150700.4.13.1.x86_64.rpm libvirt-devel-11.0.0-150700.4.13.1.x86_64.rpm libvirt-doc-11.0.0-150700.4.13.1.noarch.rpm libvirt-nss-11.0.0-150700.4.13.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-230 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). util-linux-systemd-2.40.4-150700.4.3.1.src.rpm uuidd-2.40.4-150700.4.3.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-256 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for openldap2_5 fixes the following issues: Security fixes: - CVE-2026-22185: Fixed possible crash in malicious DB (bsc#1256297) Other fixes: - Update to version 2.5.20+11: * ITS#10421 mdb_load: check for malicious input openldap2_5-2.5.20+11-150500.11.38.1.src.rpm openldap2_5-2.5.20+11-150500.11.38.1.x86_64.rpm openldap2_5-contrib-2.5.20+11-150500.11.38.1.x86_64.rpm openldap2_5-ppolicy-check-password-2.5.20+11-150500.11.38.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-241 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for libHBAAPI2 fixes the following issues: - use %license tag for COPYING [bsc#1252158] libHBAAPI2-2.2.10-150000.3.3.1.src.rpm libHBAAPI2-devel-2.2.10-150000.3.3.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-238 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for dpdk fixes the following issues: Update to version 24.11.4: - CVE-2025-23259: Fixed an attacker on a VM in the system can cause information disclosure and denial of service (bsc#1254161). Changelog: https://doc.dpdk.org/guides-24.11/rel_notes/release_24_11.html#id10 https://doc.dpdk.org/guides-24.11/rel_notes/release_24_11.html#id5 dpdk-24.11.4-150700.3.6.1.src.rpm dpdk-24.11.4-150700.3.6.1.x86_64.rpm dpdk-devel-24.11.4-150700.3.6.1.x86_64.rpm dpdk-tools-24.11.4-150700.3.6.1.x86_64.rpm libdpdk-25-24.11.4-150700.3.6.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-250 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for openvswitch fixes the following issues: - OVN update to version 25.03.2 (jsc#PED-13646): * Bug fixes * Dynamic Routing: + Add the option "dynamic-routing-redistribute-local-only" to Logical Routers and Logical Router Ports which refines the way in which chassis-specific Advertised_Routes (e.g., for NAT and LB IPs) are advertised. + Add the option "dynamic-routing-vrf-id" to Logical Routers which allows CMS to specify the Linux routing table id for a given vrf. * Add ovn-nbctl lsp-add-router-port which will create router port on specified LS. * Add ovn-nbctl lsp-add-localnet-port which will create localnet port on specified LS. libopenvswitch-3_5-0-3.5.2-150700.41.9.1.x86_64.rpm libovn-25_03-0-25.03.2-150700.41.9.1.x86_64.rpm openvswitch-3.5.2-150700.41.9.1.src.rpm openvswitch-3.5.2-150700.41.9.1.x86_64.rpm openvswitch-devel-3.5.2-150700.41.9.1.x86_64.rpm openvswitch-ipsec-3.5.2-150700.41.9.1.x86_64.rpm openvswitch-pki-3.5.2-150700.41.9.1.x86_64.rpm openvswitch-test-3.5.2-150700.41.9.1.x86_64.rpm openvswitch-vtep-3.5.2-150700.41.9.1.x86_64.rpm ovn-25.03.2-150700.41.9.1.x86_64.rpm ovn-central-25.03.2-150700.41.9.1.x86_64.rpm ovn-devel-25.03.2-150700.41.9.1.x86_64.rpm ovn-docker-25.03.2-150700.41.9.1.x86_64.rpm ovn-host-25.03.2-150700.41.9.1.x86_64.rpm ovn-vtep-25.03.2-150700.41.9.1.x86_64.rpm python3-openvswitch-3.5.2-150700.41.9.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-329 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for xen fixes the following issues: - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing (XSA-477) (bsc#1256745) - CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation (XSA-479) (bsc#1256747) xen-4.20.2_04-150700.3.22.1.src.rpm True xen-4.20.2_04-150700.3.22.1.x86_64.rpm True xen-devel-4.20.2_04-150700.3.22.1.x86_64.rpm True xen-tools-4.20.2_04-150700.3.22.1.x86_64.rpm True xen-tools-xendomains-wait-disk-4.20.2_04-150700.3.22.1.noarch.rpm True SUSE-SLE-Module-Server-Applications-15-SP7-2026-348 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for bind fixes the following issues: Upgrade to release 9.20.18: - CVE-2025-13878: Fixed incorrect length checks for BRID and HHIT records (bsc#1256997) Feature Changes: * Add more information to the rndc recursing output about fetches. * Reduce the number of outgoing queries. * Provide more information when memory allocation fails. Bug Fixes: * Make DNSSEC key rollovers more robust. * Fix a catalog zone issue, where member zones could fail to load. * Allow glue in delegations with QTYPE=ANY. * Fix slow speed when signing a large delegation zone with NSEC3 opt-out. * Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to be invalid. * Fix a possible catalog zone issue during reconfiguration. * Fix the charts in the statistics channel. * Adding NSEC3 opt-out records could leave invalid records in chain. * Fix spurious timeouts while resolving names. * Fix bug where zone switches from NSEC3 to NSEC after retransfer. * AMTRELAY type 0 presentation format handling was wrong. * Fix parsing bug in remote-servers with key or TLS. * Fix DoT reconfigure/reload bug in the resolver. * Skip unsupported algorithms when looking for a signing key. * Fix dnssec-keygen key collision checking for KEY RRtype keys. * dnssec-verify now uses exit code 1 when failing due to illegal options. * Prevent assertion failures of dig when a server is specified before the -b option. * Skip buffer allocations if not logging. bind-9.20.18-150700.3.15.1.src.rpm bind-9.20.18-150700.3.15.1.x86_64.rpm bind-doc-9.20.18-150700.3.15.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-291 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for openCryptoki fixes the following issues: - CVE-2026-22791: Fixed supplying malformed compressed EC public key can lead to heap corruption or denial-of-service (bsc#1256673). openCryptoki-3.26.0-150700.5.9.1.src.rpm openCryptoki-3.26.0-150700.5.9.1.x86_64.rpm openCryptoki-64bit-3.26.0-150700.5.9.1.x86_64.rpm openCryptoki-devel-3.26.0-150700.5.9.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-481 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for openCryptoki fixes the following issues: - CVE-2026-23893: Privilege Escalation or Data Exposure via Symlink Following (bsc#1257116). openCryptoki-3.26.0-150700.5.12.1.src.rpm openCryptoki-3.26.0-150700.5.12.1.x86_64.rpm openCryptoki-64bit-3.26.0-150700.5.12.1.x86_64.rpm openCryptoki-devel-3.26.0-150700.5.12.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-636 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for libvirt fixes the following issues: - virsh: Introduce new hypervisor-cpu-models command (jsc#PED-13062) - wireshark: Adapt to wireshark-4.6.0 (jsc#PED-15400) libvirt-11.0.0-150700.4.16.1.src.rpm libvirt-11.0.0-150700.4.16.1.x86_64.rpm libvirt-client-11.0.0-150700.4.16.1.x86_64.rpm libvirt-client-qemu-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-common-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-config-network-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-config-nwfilter-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-driver-interface-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-driver-libxl-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-driver-network-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-driver-nodedev-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-driver-nwfilter-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-driver-qemu-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-driver-secret-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-driver-storage-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-driver-storage-core-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-driver-storage-disk-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-direct-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-driver-storage-logical-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-driver-storage-mpath-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-driver-storage-rbd-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-driver-storage-scsi-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-hooks-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-lock-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-log-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-plugin-lockd-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-plugin-sanlock-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-proxy-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-qemu-11.0.0-150700.4.16.1.x86_64.rpm libvirt-daemon-xen-11.0.0-150700.4.16.1.x86_64.rpm libvirt-devel-11.0.0-150700.4.16.1.x86_64.rpm libvirt-doc-11.0.0-150700.4.16.1.noarch.rpm libvirt-nss-11.0.0-150700.4.16.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-445 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for qemu fixes the following issues: - CVE-2026-0665: Added PIRQ bounds check in xen_physdev_map_pirq to avoid an out-of-bounds heap. (bsc#1256484) Other fixes: - Fixed that QEMU migration fails if a qemu-vdagent channel is present in the VM (bsc#1257474) qemu-9.2.4-150700.3.14.1.src.rpm qemu-9.2.4-150700.3.14.1.x86_64.rpm qemu-accel-tcg-x86-9.2.4-150700.3.14.1.x86_64.rpm qemu-audio-alsa-9.2.4-150700.3.14.1.x86_64.rpm qemu-audio-dbus-9.2.4-150700.3.14.1.x86_64.rpm qemu-audio-pa-9.2.4-150700.3.14.1.x86_64.rpm qemu-audio-pipewire-9.2.4-150700.3.14.1.x86_64.rpm qemu-audio-spice-9.2.4-150700.3.14.1.x86_64.rpm qemu-block-curl-9.2.4-150700.3.14.1.x86_64.rpm qemu-block-iscsi-9.2.4-150700.3.14.1.x86_64.rpm qemu-block-nfs-9.2.4-150700.3.14.1.x86_64.rpm qemu-block-rbd-9.2.4-150700.3.14.1.x86_64.rpm qemu-block-ssh-9.2.4-150700.3.14.1.x86_64.rpm qemu-chardev-baum-9.2.4-150700.3.14.1.x86_64.rpm qemu-chardev-spice-9.2.4-150700.3.14.1.x86_64.rpm qemu-guest-agent-9.2.4-150700.3.14.1.x86_64.rpm qemu-headless-9.2.4-150700.3.14.1.x86_64.rpm qemu-hw-display-qxl-9.2.4-150700.3.14.1.x86_64.rpm qemu-hw-display-virtio-gpu-9.2.4-150700.3.14.1.x86_64.rpm qemu-hw-display-virtio-gpu-pci-9.2.4-150700.3.14.1.x86_64.rpm qemu-hw-display-virtio-vga-9.2.4-150700.3.14.1.x86_64.rpm qemu-hw-usb-host-9.2.4-150700.3.14.1.x86_64.rpm qemu-hw-usb-redirect-9.2.4-150700.3.14.1.x86_64.rpm qemu-ipxe-9.2.4-150700.3.14.1.noarch.rpm qemu-ksm-9.2.4-150700.3.14.1.x86_64.rpm qemu-lang-9.2.4-150700.3.14.1.noarch.rpm qemu-seabios-9.2.41.16.3_3_g3d33c746-150700.3.14.1.noarch.rpm qemu-spice-9.2.4-150700.3.14.1.x86_64.rpm qemu-ui-curses-9.2.4-150700.3.14.1.x86_64.rpm qemu-ui-dbus-9.2.4-150700.3.14.1.x86_64.rpm qemu-ui-gtk-9.2.4-150700.3.14.1.x86_64.rpm qemu-ui-opengl-9.2.4-150700.3.14.1.x86_64.rpm qemu-ui-spice-app-9.2.4-150700.3.14.1.x86_64.rpm qemu-ui-spice-core-9.2.4-150700.3.14.1.x86_64.rpm qemu-vgabios-9.2.41.16.3_3_g3d33c746-150700.3.14.1.noarch.rpm qemu-x86-9.2.4-150700.3.14.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-677 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for grub2 fixes the following issues: - Support dm multipath bootlist on PowerPC (bsc#1254415) - Backport upstream's commit to prevent BIOS assert (bsc#1258022) - Fix error "grub-core/script/lexer.c:352:out of memory" after PowerPC CAS Reboot (bsc#1254299) * Fix PowerPC CAS reboot to evaluate menu context grub2-2.12-150700.19.26.1.src.rpm grub2-x86_64-xen-2.12-150700.19.26.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-609 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for proftpd fixes the following issues: - Removed "ProtectSystem=full" from proftpd.service (bsc#1256827). * That directive prevents proftpd from writing to the /usr directory hierarchy, which means that logged-in and properly authorized FTP users cannot upload files or create directories there either. * This is not what system administrators who set up FTP access for local users expect and it's inconsistent with how others FTP servers like vsftpd are configured by default. proftpd-1.3.8b-150600.13.15.1.src.rpm proftpd-1.3.8b-150600.13.15.1.x86_64.rpm proftpd-devel-1.3.8b-150600.13.15.1.x86_64.rpm proftpd-doc-1.3.8b-150600.13.15.1.x86_64.rpm proftpd-lang-1.3.8b-150600.13.15.1.noarch.rpm proftpd-ldap-1.3.8b-150600.13.15.1.x86_64.rpm proftpd-mysql-1.3.8b-150600.13.15.1.x86_64.rpm proftpd-pgsql-1.3.8b-150600.13.15.1.x86_64.rpm proftpd-radius-1.3.8b-150600.13.15.1.x86_64.rpm proftpd-sqlite-1.3.8b-150600.13.15.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-835 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for apache2 fixes the following issues: - Fix: apache2 default config gives a warning AH00317 (bsc#1229147). * The default value for MaxRequestWorkers should be a multiple of 25, so we're setting it from 256 down to 250, which is what Apache was doing during runtime in any case. apache2-devel-2.4.62-150700.4.12.1.src.rpm apache2-devel-2.4.62-150700.4.12.1.x86_64.rpm apache2-utils-2.4.62-150700.4.12.1.src.rpm apache2-utils-2.4.62-150700.4.12.1.x86_64.rpm apache2-worker-2.4.62-150700.4.12.1.src.rpm apache2-worker-2.4.62-150700.4.12.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-620 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for snpguest fixes the following issues: Update to version 0.10.0. Security issues fixed: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257927). - CVE-2025-3416: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242601). - CVE-2024-12224: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bcs#1243869). Other updates and bugfixes: - Update to version 0.10.0 * fails to generate attestation reports on SEV-SNP guests with firmware API (bsc#1257877). * chore: updating tool version to 0.10.0 * refactor(certs): remove redundant branch in file-write logic * Docs: Adding verify measure, host-data, report-data to docs * verify: verify measurent, host data, and report data attributes from the attestation report. * library: Updating sev library to 7.1.0 * ci: replace deprecated gh actions * feat: multi-format integer parsing for key subcommand arguments * chore(main): remove unused import `clap::arg` * feat(fetch): add fetch crl subcommand * .github/lint: Bump toolchain version to 1.86 * Bump rust version to 1.86 * feat: bumping tool to version 0.9.2 * fix(verify): silence mismatched_lifetime_syntaxes in SnpOid::oid * feat: support SEV-SNP ABI Spec 1.58 (bump sev to v6.3.0) * docs: restore and clarify Global Options section * doc: fix CL argument orders + address recent changes * fix(hyperv): downgrade VMPL check from error to warning * fix(report.rs): remove conflict check between --random flag and Hyper-V * fix(report.rs): Decouple runtime behavior from hyperv build feature * refactor: clarify --platform error message * docs: add Azure/Hyper-V build note for --platform * report: Writing Req Data as Binary (#101) * deps: bump virtee/sev to 6.2.1 (fix TCB-serialization bug) (#99) * Updating SEV library to 6.1.0 and updating version to 0.9.1 * Update version (0.9.0) * HyperV: Fixing report command failure on Azure confidential VM * Removing intird and append requirement for kernel measurements (#93) * Updating to version 6 of library and fixing attestation (#89) * CI: Fixing create_release workflow (#91) * Minor update (0.8.3) * Adding build script * Update preattestation.rs * Fix certificate fetch bug for Turin * Minor update * Update bitfield to 0.15.0 * Update to 0.8.1 * Update asn1-rs and x509-parser * Update to 0.8.0 * key: Fix guest_field_select typo * Adding Turin support and updating ASK cn snpguest-0.10.0-150700.3.3.1.src.rpm snpguest-0.10.0-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-881 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for postgresql18 fixes the following issues: Update to version 18.3 (bsc#1258754). Security issues fixed: - CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory (bsc#1258008). - CVE-2026-2004: intarray missing validation of type of input to selectivity estimator could lead to arbitrary code execution (bsc#1258009). - CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions could lead to arbitrary code execution (bsc#1258010). - CVE-2026-2006: inadequate validation of multibyte character lengths could lead to arbitrary code execution (bsc#1258011). - CVE-2026-2007: pg_trgm heap buffer overflow can cause to write pattern onto server memory (bsc#1258012). Regression fixes: - the substring() function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column (caused by CVE-2026-2006 fix). - a standby may halt and return an error "could not access status of transaction". libecpg6-18.3-150600.13.8.1.x86_64.rpm postgresql18-18.3-150600.13.8.1.src.rpm postgresql18-contrib-18.3-150600.13.8.1.x86_64.rpm postgresql18-devel-18.3-150600.13.8.1.x86_64.rpm postgresql18-docs-18.3-150600.13.8.1.noarch.rpm postgresql18-plperl-18.3-150600.13.8.1.x86_64.rpm postgresql18-plpython-18.3-150600.13.8.1.x86_64.rpm postgresql18-pltcl-18.3-150600.13.8.1.x86_64.rpm postgresql18-server-18.3-150600.13.8.1.x86_64.rpm postgresql18-server-devel-18.3-150600.13.8.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-883 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for postgresql17 fixes the following issues: Update to version 17.9 (bsc#1258754). Security issues fixed: - CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory (bsc#1258008). - CVE-2026-2004: intarray missing validation of type of input to selectivity estimator could lead to arbitrary code execution (bsc#1258009). - CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions could lead to arbitrary code execution (bsc#1258010). - CVE-2026-2006: inadequate validation of multibyte character lengths could lead to arbitrary code execution (bsc#1258011). Regression fixes: - the substring() function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column (caused by CVE-2026-2006 fix). - a standby may halt and return an error "could not access status of transaction". postgresql17-17.9-150600.13.24.1.src.rpm postgresql17-contrib-17.9-150600.13.24.1.x86_64.rpm postgresql17-devel-17.9-150600.13.24.1.x86_64.rpm postgresql17-docs-17.9-150600.13.24.1.noarch.rpm postgresql17-plperl-17.9-150600.13.24.1.x86_64.rpm postgresql17-plpython-17.9-150600.13.24.1.x86_64.rpm postgresql17-pltcl-17.9-150600.13.24.1.x86_64.rpm postgresql17-server-17.9-150600.13.24.1.x86_64.rpm postgresql17-server-devel-17.9-150600.13.24.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-882 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for postgresql16 fixes the following issues: Update to version 16.13 (bsc#1258754). Security issues fixed: - CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory (bsc#1258008). - CVE-2026-2004: intarray missing validation of type of input to selectivity estimator could lead to arbitrary code execution (bsc#1258009). - CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions could lead to arbitrary code execution (bsc#1258010). - CVE-2026-2006: inadequate validation of multibyte character lengths could lead to arbitrary code execution (bsc#1258011). Regression fixes: - the substring() function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column (caused by CVE-2026-2006 fix). - a standby may halt and return an error "could not access status of transaction". postgresql16-16.13-150600.16.30.1.src.rpm postgresql16-16.13-150600.16.30.1.x86_64.rpm postgresql16-server-16.13-150600.16.30.1.x86_64.rpm postgresql16-server-devel-16.13-150600.16.30.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-589 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for xen fixes the following issues: - CVE-2025-58150: buffer overrun with shadow paging + tracing (XSA-477) (bsc#1256745). - CVE-2026-23553: incomplete IBPB for vCPU isolation (XSA-479) (bsc#1256747). xen-4.20.2_06-150700.3.25.1.src.rpm xen-4.20.2_06-150700.3.25.1.x86_64.rpm xen-devel-4.20.2_06-150700.3.25.1.x86_64.rpm xen-tools-4.20.2_06-150700.3.25.1.x86_64.rpm xen-tools-xendomains-wait-disk-4.20.2_06-150700.3.25.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-638 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for squid fixes the following issues: - fix working with crypto module (bsc#1250223) squid-6.10-150600.3.17.1.src.rpm squid-6.10-150600.3.17.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-665 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for frr fixes the following issues: - CVE-2025-61099: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. (bsc#1252838) - CVE-2025-61100: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. (bsc#1252829) - CVE-2025-61101: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. (bsc#1252833) - CVE-2025-61102: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. (bsc#1252835) - CVE-2025-61103: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. (bsc#1252810) - CVE-2025-61104: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. (bsc#1252811) - CVE-2025-61105: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. (bsc#1252761) - CVE-2025-61106: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. (bsc#1252812) - CVE-2025-61107: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. (bsc#1252813) frr-10.2.1-150700.3.5.1.src.rpm frr-10.2.1-150700.3.5.1.x86_64.rpm frr-devel-10.2.1-150700.3.5.1.x86_64.rpm libfrr0-10.2.1-150700.3.5.1.x86_64.rpm libfrr_pb0-10.2.1-150700.3.5.1.x86_64.rpm libfrrcares0-10.2.1-150700.3.5.1.x86_64.rpm libfrrfpm_pb0-10.2.1-150700.3.5.1.x86_64.rpm libfrrospfapiclient0-10.2.1-150700.3.5.1.x86_64.rpm libfrrsnmp0-10.2.1-150700.3.5.1.x86_64.rpm libfrrzmq0-10.2.1-150700.3.5.1.x86_64.rpm libmgmt_be_nb0-10.2.1-150700.3.5.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-915 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for 389-ds fixes the following issues: Update to LTS branch 2.7 (jsc#PED-14342): - CVE-2025-14905: Fixed heap buffer overflow due to improper size calculation in `schema_attr_enum_callback` callback (bsc#1258727). Bug fixes: - Resolve python build error that caused lib389 to be missing some libraries. (bsc#1258689) 389-ds-2.7.0~git144.f597a91d8-150700.3.13.1.src.rpm 389-ds-2.7.0~git144.f597a91d8-150700.3.13.1.x86_64.rpm 389-ds-devel-2.7.0~git144.f597a91d8-150700.3.13.1.x86_64.rpm lib389-2.7.0~git144.f597a91d8-150700.3.13.1.x86_64.rpm libsvrcore0-2.7.0~git144.f597a91d8-150700.3.13.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-661 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for erlang fixes the following issues: - CVE-2025-48039:Fixed an excessive use of system resources. (bsc#1249469) - CVE-2025-48038:Fixed an excessive use of system resources. (bsc#1249470) - CVE-2025-48040:Fixed an excessive resource consumption. (bsc#1249472) erlang-23.3.4.19-150300.3.29.1.src.rpm erlang-23.3.4.19-150300.3.29.1.x86_64.rpm erlang-epmd-23.3.4.19-150300.3.29.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1169 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for wireshark fixes the following issues: Update Wireshark to version 4.6.4 (jsc#PED-15400). - CVE-2024-9780: ITS dissector crash (bsc#1231475). - CVE-2024-9781: AppleTalk and RELOAD Framing dissector crash (bsc#1231476). - CVE-2024-11595: Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark (bsc#1233594). - CVE-2024-11596: Buffer Over-read in Wireshark (bsc#1233593). - CVE-2025-1492: Uncontrolled Recursion in Wireshark (bsc#1237414). - CVE-2025-5601: Column handling crashes in Wireshark allows denial of service (bsc#1244081). - CVE-2025-9817: NULL Pointer Dereference in ssh dissector (bsc#1249090). - CVE-2025-13499: a malformed packet can lead to a Kafka dissector crash (bsc#1254108). - CVE-2025-13674: injecting a malformed packet can cause a crash (bsc#1254262). - CVE-2025-13945: HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service (bsc#1254471). - CVE-2025-13946: MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service (bsc#1254472). - CVE-2026-0959: denial of service via IEEE 802.11 protocol dissector crash (bsc#1256734). - CVE-2026-0960: denial of Service via HTTP3 protocol dissector infinite loop (bsc#1256736). - CVE-2026-0961: denial of Service vulnerability in BLF file parser (bsc#1256738). - CVE-2026-0962: denial of Service via SOME/IP-SD protocol dissector crash (bsc#1256739). - CVE-2026-3201: missing limit checks in USB HID protocol dissector's `parse_report_descriptor` function can lead to memory exhaustion (bsc#1258907). - CVE-2026-3202: missing checks in NTS-KE protocol dissector can lead to crash (bsc#1258908). - CVE-2026-3203: missing length checks in the RF4CE Profile protocol dissector can lead to illegal memory access and crash (bsc#1258909). Also libvirt was rebuilt against wireshark for the libvirt plugin. libvirt-11.0.0-150700.4.19.1.src.rpm libvirt-11.0.0-150700.4.19.1.x86_64.rpm libvirt-client-11.0.0-150700.4.19.1.x86_64.rpm libvirt-client-qemu-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-common-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-config-network-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-config-nwfilter-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-driver-interface-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-driver-libxl-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-driver-network-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-driver-nodedev-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-driver-nwfilter-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-driver-qemu-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-driver-secret-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-driver-storage-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-driver-storage-core-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-driver-storage-disk-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-direct-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-driver-storage-logical-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-driver-storage-mpath-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-driver-storage-rbd-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-driver-storage-scsi-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-hooks-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-lock-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-log-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-plugin-lockd-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-plugin-sanlock-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-proxy-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-qemu-11.0.0-150700.4.19.1.x86_64.rpm libvirt-daemon-xen-11.0.0-150700.4.19.1.x86_64.rpm libvirt-devel-11.0.0-150700.4.19.1.x86_64.rpm libvirt-doc-11.0.0-150700.4.19.1.noarch.rpm libvirt-nss-11.0.0-150700.4.19.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-848 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for valkey fixes the following issues: Update to version 8.0.7. Security issues fixed: - CVE-2025-67733: data tampering and denial of service via improper null character handling in Lua scripts (bsc#1258746). - CVE-2026-21863: denial of service via invalid clusterbus packet (bsc#1258788). Other updates and bugfixes: - ltrim should not call signalModifiedKey when no elements are removed (#2787) - chained replica crash when doing dual channel replication (#2983) - used_memory_dataset underflow due to miscalculated used_memory_overhead (#3005) - avoids crash during MODULE UNLOAD when ACL rules reference a module command and subcommand (#3160) - server assert on ACL LOAD and resetchannels (#3182) - bug causing no response flush sometimes when IO threads are busy (#3205) valkey-8.0.7-150700.3.14.1.src.rpm valkey-8.0.7-150700.3.14.1.x86_64.rpm valkey-compat-redis-8.0.7-150700.3.14.1.noarch.rpm valkey-devel-8.0.7-150700.3.14.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-807 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for rmt-server fixes the following issues: - Upgrade to version 2.25: * Fix rmt-cli list and purge commands for large data (bsc#1253146 and bsc#1253147) * Fix mirroring of SLE16 NVIDIA-GPU-Compute-Toolkit-CUDA repo (bsc#1256826) * Support for new redirect_repo_hosts config, to exclude some repo hosts from mirroring, and send clients directly there (jsc#SCC-452) * rmt-server-pubcloud: + Clearer error message (bsc#1256883) + Add Valkey + Sidekiq for async processing + Handle zypper response when data exporter raises an error (bsc#1257133) rmt-server-2.25-150700.3.12.2.src.rpm rmt-server-2.25-150700.3.12.2.x86_64.rpm rmt-server-config-2.25-150700.3.12.2.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-832 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for qemu fixes the following issues: Security issue: - CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto (bsc#1255400). Non security issues: - * hw/virtio: Also include md stubs in case CONFIG_VIRTIO_PCI is not set (jsc#PED-14271). - * s390x/pv: prepare for memory devices (jsc#PED-14271). - * s390x/s390-skeys: prepare for memory devices (jsc#PED-14271). - * s390x/s390-stattrib-kvm: prepare for memory devices and sparse memory layouts (jsc#PED-14271). - * s390x/s390-virtio-ccw: prepare for memory devices (jsc#PED-14271). - * s390x/virtio-ccw: add support for virtio based memory devices (jsc#PED-14271). - * s390x: remember the maximum page size (jsc#PED-14271). - * s390x: virtio-mem support (jsc#PED-14271). qemu-9.2.4-150700.3.17.1.src.rpm qemu-9.2.4-150700.3.17.1.x86_64.rpm qemu-accel-tcg-x86-9.2.4-150700.3.17.1.x86_64.rpm qemu-audio-alsa-9.2.4-150700.3.17.1.x86_64.rpm qemu-audio-dbus-9.2.4-150700.3.17.1.x86_64.rpm qemu-audio-pa-9.2.4-150700.3.17.1.x86_64.rpm qemu-audio-pipewire-9.2.4-150700.3.17.1.x86_64.rpm qemu-audio-spice-9.2.4-150700.3.17.1.x86_64.rpm qemu-block-curl-9.2.4-150700.3.17.1.x86_64.rpm qemu-block-iscsi-9.2.4-150700.3.17.1.x86_64.rpm qemu-block-nfs-9.2.4-150700.3.17.1.x86_64.rpm qemu-block-rbd-9.2.4-150700.3.17.1.x86_64.rpm qemu-block-ssh-9.2.4-150700.3.17.1.x86_64.rpm qemu-chardev-baum-9.2.4-150700.3.17.1.x86_64.rpm qemu-chardev-spice-9.2.4-150700.3.17.1.x86_64.rpm qemu-guest-agent-9.2.4-150700.3.17.1.x86_64.rpm qemu-headless-9.2.4-150700.3.17.1.x86_64.rpm qemu-hw-display-qxl-9.2.4-150700.3.17.1.x86_64.rpm qemu-hw-display-virtio-gpu-9.2.4-150700.3.17.1.x86_64.rpm qemu-hw-display-virtio-gpu-pci-9.2.4-150700.3.17.1.x86_64.rpm qemu-hw-display-virtio-vga-9.2.4-150700.3.17.1.x86_64.rpm qemu-hw-usb-host-9.2.4-150700.3.17.1.x86_64.rpm qemu-hw-usb-redirect-9.2.4-150700.3.17.1.x86_64.rpm qemu-ipxe-9.2.4-150700.3.17.1.noarch.rpm qemu-ksm-9.2.4-150700.3.17.1.x86_64.rpm qemu-lang-9.2.4-150700.3.17.1.noarch.rpm qemu-seabios-9.2.41.16.3_3_g3d33c746-150700.3.17.1.noarch.rpm qemu-spice-9.2.4-150700.3.17.1.x86_64.rpm qemu-ui-curses-9.2.4-150700.3.17.1.x86_64.rpm qemu-ui-dbus-9.2.4-150700.3.17.1.x86_64.rpm qemu-ui-gtk-9.2.4-150700.3.17.1.x86_64.rpm qemu-ui-opengl-9.2.4-150700.3.17.1.x86_64.rpm qemu-ui-spice-app-9.2.4-150700.3.17.1.x86_64.rpm qemu-ui-spice-core-9.2.4-150700.3.17.1.x86_64.rpm qemu-vgabios-9.2.41.16.3_3_g3d33c746-150700.3.17.1.noarch.rpm qemu-x86-9.2.4-150700.3.17.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-889 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for qemu fixes the following issue: - CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto (bsc#1255400). qemu-7.1.0-150500.49.39.2.src.rpm qemu-sgabios-8-150500.49.39.2.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-850 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for virt-manager fixes the following issues: - Fix: A VM will fail to boot with Intel TDX or AMD SNP with a TPM device defined in the VM (bsc#1257182) - Fix: virt-manager: Missing upstream bug fixes (bsc#1027942) virt-install-5.0.0-150700.7.11.1.noarch.rpm virt-manager-5.0.0-150700.7.11.1.noarch.rpm virt-manager-5.0.0-150700.7.11.1.src.rpm virt-manager-common-5.0.0-150700.7.11.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-809 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for openvswitch fixes the following issues: - Update openvswitch to 3.5.3: * DPDK: OVS validated with DPDK 24.11.3. * Bug fixes libopenvswitch-3_5-0-3.5.3-150700.41.12.1.x86_64.rpm libovn-25_03-0-25.03.2-150700.41.12.1.x86_64.rpm openvswitch-3.5.3-150700.41.12.1.src.rpm openvswitch-3.5.3-150700.41.12.1.x86_64.rpm openvswitch-devel-3.5.3-150700.41.12.1.x86_64.rpm openvswitch-ipsec-3.5.3-150700.41.12.1.x86_64.rpm openvswitch-pki-3.5.3-150700.41.12.1.x86_64.rpm openvswitch-test-3.5.3-150700.41.12.1.x86_64.rpm openvswitch-vtep-3.5.3-150700.41.12.1.x86_64.rpm ovn-25.03.2-150700.41.12.1.x86_64.rpm ovn-central-25.03.2-150700.41.12.1.x86_64.rpm ovn-devel-25.03.2-150700.41.12.1.x86_64.rpm ovn-docker-25.03.2-150700.41.12.1.x86_64.rpm ovn-host-25.03.2-150700.41.12.1.x86_64.rpm ovn-vtep-25.03.2-150700.41.12.1.x86_64.rpm python3-openvswitch-3.5.3-150700.41.12.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1406 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for util-linux fixes the following issues: Security issue: - CVE-2026-3184: access control bypass due to improper hostname canonicalization in `login` (bsc#1258859). Non security issues: - recognize fuse "portal" as a virtual file system (bsc#1234736). - fdisk: fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465). util-linux-systemd-2.40.4-150700.4.10.1.src.rpm uuidd-2.40.4-150700.4.10.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1326 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for apache2-mod_auth_openidc fixes the following issues: - actually run the testsuite (jsc#PED-14130) apache2-mod_auth_openidc-2.4.17.1-150600.16.17.1.src.rpm apache2-mod_auth_openidc-2.4.17.1-150600.16.17.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1093 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for xen fixes the following issues: - CVE-2026-23554: xen: Use after free of paging structures in EPT (bsc#1259247, XSA-480) - CVE-2026-23555: xen: Xenstored DoS by unprivileged domain (bsc#1259248, XSA-481) xen-4.20.2_08-150700.3.28.1.src.rpm xen-4.20.2_08-150700.3.28.1.x86_64.rpm xen-devel-4.20.2_08-150700.3.28.1.x86_64.rpm xen-tools-4.20.2_08-150700.3.28.1.x86_64.rpm xen-tools-xendomains-wait-disk-4.20.2_08-150700.3.28.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-893 low SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for rdma-core fixes the following issue: - ship libibverbs1-32bit to packagehub, to meet requirements of libpcap1-32bit. ibacm-54.0-150700.3.2.1.x86_64.rpm iwpmd-54.0-150700.3.2.1.x86_64.rpm libibverbs-utils-54.0-150700.3.2.1.x86_64.rpm librdmacm-utils-54.0-150700.3.2.1.x86_64.rpm rdma-core-54.0-150700.3.2.1.src.rpm rdma-ndd-54.0-150700.3.2.1.x86_64.rpm srp_daemon-54.0-150700.3.2.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1374 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for virt-manager fixes the following issues: - UEFI as default for new SLES 16 VMs (jsc#PED-14636 ). - Fix media detection failure to distinguish between sles16 and sles16.1 virt-install-5.0.0-150700.7.14.2.noarch.rpm virt-manager-5.0.0-150700.7.14.2.noarch.rpm virt-manager-5.0.0-150700.7.14.2.src.rpm virt-manager-common-5.0.0-150700.7.14.2.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-934 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for libosinfo fixes the following issue: - UEFI as default for new VMs (jsc#PED-14636). libosinfo-1.12.0-150700.3.3.2.src.rpm libosinfo-devel-1.12.0-150700.3.3.2.x86_64.rpm typelib-1_0-Libosinfo-1_0-1.12.0-150700.3.3.2.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1063 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for frr fixes the following issues: Security issues: - CVE-2025-61099: NULL Pointer Dereference in FRRouting (bsc#1252838). - CVE-2025-61100: NULL Pointer Dereference in FRRouting (bsc#1252829). - CVE-2025-61101: NULL Pointer Dereference in FRRouting (bsc#1252833). - CVE-2025-61102: NULL Pointer Dereference in FRRouting (bsc#1252835). - CVE-2025-61103: NULL pointer dereference in show_vty_ext_link_lan_adj_sid() in ospf_ext.c (bsc#1252810). - CVE-2025-61104: NULL pointer dereference in show_vty_unknown_tlv() in ospf_ext.c (bsc#1252811). - CVE-2025-61105: NULL pointer dereference in show_vty_link_info() in ospf_ext.c (bsc#1252761). - CVE-2025-61106: NULL pointer dereference in show_vty_ext_pref_pref_sid() in ospf_ext.c (bsc#1252812). Non-security issues: - Fix /var/run leftovers in logrotate config file, create /var/log and /var/lib via tmpfiles.d (jsc#PED-14796). frr-8.5.6-150500.4.36.1.src.rpm libmlag_pb0-8.5.6-150500.4.36.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1069 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for linuxptp fixes the following issues: - Move to DevicePolicy=closed instead of -PrivateDevices=true to allow access to devices (bsc#1256059) linuxptp-4.4-150700.3.3.1.src.rpm linuxptp-4.4-150700.3.3.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1413 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for ovmf fixes the following issue: - CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting (bsc#1252441). ovmf-202408-150700.3.15.1.src.rpm ovmf-202408-150700.3.15.1.x86_64.rpm ovmf-tools-202408-150700.3.15.1.x86_64.rpm qemu-ovmf-x86_64-202408-150700.3.15.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1434 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for apparmor fixes the following issues: - samba gives denied in audit with apparmor (bsc#1225811). - apparmor denies printing with profiles on sle15-sp7 (bsc#1259441). apache2-mod_apparmor-3.1.7-150600.5.12.2.x86_64.rpm apparmor-3.1.7-150600.5.12.2.src.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1068 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for pgvector fixes the following issue: Update to pgvector 0.8.2: - CVE-2026-3172: Buffer overflow in parallel HNSW index build (bsc#1258945). Changelog: * Fixed Index Searches in EXPLAIN output for Postgres 18 pgvector-0.8.2-150600.13.9.1.src.rpm pgvector-devel-0.8.2-150600.13.9.1.x86_64.rpm postgresql16-pgvector-0.8.2-150600.13.9.1.src.rpm postgresql16-pgvector-0.8.2-150600.13.9.1.x86_64.rpm postgresql17-pgvector-0.8.2-150600.13.9.1.src.rpm postgresql17-pgvector-0.8.2-150600.13.9.1.x86_64.rpm postgresql18-pgvector-0.8.2-150600.13.9.1.src.rpm postgresql18-pgvector-0.8.2-150600.13.9.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1108 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for rmt-server fixes the following issues: - Update to version 2.26: * Add support for processing, storing, and syncing system profiles (jsc#TEL-265) rmt-server-2.26-150700.3.15.1.src.rpm rmt-server-2.26-150700.3.15.1.x86_64.rpm rmt-server-config-2.26-150700.3.15.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1167 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for apache2 fixes the following issues: - Update to 2.4.66: * ECO: (jsc#PED-15953): * Fix: apache2-worker segfaults (bsc#1254182) - Removed patches, as they've been merged/fixed upstream. - Removed these FIPS-related patches too, as they too have been merged upstream apache2-devel-2.4.66-150700.4.15.1.src.rpm apache2-devel-2.4.66-150700.4.15.1.x86_64.rpm apache2-utils-2.4.66-150700.4.15.1.src.rpm apache2-utils-2.4.66-150700.4.15.1.x86_64.rpm apache2-worker-2.4.66-150700.4.15.1.src.rpm apache2-worker-2.4.66-150700.4.15.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1112 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for rsyslog fixes the following issue: - add the rsyslog-module-ossl (openssl TLS support). rsyslog-8.2406.0-150700.3.2.1.src.rpm rsyslog-module-gssapi-8.2406.0-150700.3.2.1.x86_64.rpm rsyslog-module-gtls-8.2406.0-150700.3.2.1.x86_64.rpm rsyslog-module-mmnormalize-8.2406.0-150700.3.2.1.x86_64.rpm rsyslog-module-mysql-8.2406.0-150700.3.2.1.x86_64.rpm rsyslog-module-pgsql-8.2406.0-150700.3.2.1.x86_64.rpm rsyslog-module-relp-8.2406.0-150700.3.2.1.x86_64.rpm rsyslog-module-snmp-8.2406.0-150700.3.2.1.x86_64.rpm rsyslog-module-udpspoof-8.2406.0-150700.3.2.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1545 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for ipmitool fixes the following issue: - Fix bad pid file creation in ipmievd (bsc#1259310). ipmitool-1.8.19.13.gbe11d94-150700.3.3.1.src.rpm ipmitool-bmc-snmp-proxy-1.8.19.13.gbe11d94-150700.3.3.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1219 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for libteam fixes the following issues: - Fix: teamd incorrect Slave MAC (dev_addr) in LACP on SLES15SP7 (bsc#1258224): * teamd: + add port_hwaddr_changed for ab runner + add port_hwaddr_changed for lacp runner + add port_hwaddr_changed for lb runner libteam-1.27-150000.4.18.1.src.rpm libteam-tools-1.27-150000.4.18.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1378 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for kea fixes the following issues: Update to release 2.6.5: * A large number of bracket pairs in a JSON payload directed to any endpoint would result in a stack overflow, due to recursive calls when parsing the JSON. This has been fixed. (CVE-2026-3608) [bsc#1260380] * A null dereference is now no longer possible when configuring the Control Agent with a socket that lacks the mandatory socket-name entry. * UNIX sockets are now created as group-writable. * Corrected an issue in logging configuration when parsing "syslog:" * Earlier Kea versions could crash when handling misconfigured global reservations. This has been fixed. * Support for recent versions of Sphinx has been added. kea-2.6.5-150700.3.6.1.src.rpm kea-2.6.5-150700.3.6.1.x86_64.rpm kea-devel-2.6.5-150700.3.6.1.x86_64.rpm kea-doc-2.6.5-150700.3.6.1.noarch.rpm kea-hooks-2.6.5-150700.3.6.1.x86_64.rpm libkea-asiodns49-2.6.5-150700.3.6.1.x86_64.rpm libkea-asiolink72-2.6.5-150700.3.6.1.x86_64.rpm libkea-cc69-2.6.5-150700.3.6.1.x86_64.rpm libkea-cfgclient67-2.6.5-150700.3.6.1.x86_64.rpm libkea-cryptolink50-2.6.5-150700.3.6.1.x86_64.rpm libkea-d2srv47-2.6.5-150700.3.6.1.x86_64.rpm libkea-database62-2.6.5-150700.3.6.1.x86_64.rpm libkea-dhcp++92-2.6.5-150700.3.6.1.x86_64.rpm libkea-dhcp_ddns57-2.6.5-150700.3.6.1.x86_64.rpm libkea-dhcpsrv112-2.6.5-150700.3.6.1.x86_64.rpm libkea-dns++57-2.6.5-150700.3.6.1.x86_64.rpm libkea-eval69-2.6.5-150700.3.6.1.x86_64.rpm libkea-exceptions33-2.6.5-150700.3.6.1.x86_64.rpm libkea-hooks102-2.6.5-150700.3.6.1.x86_64.rpm libkea-http72-2.6.5-150700.3.6.1.x86_64.rpm libkea-log61-2.6.5-150700.3.6.1.x86_64.rpm libkea-mysql71-2.6.5-150700.3.6.1.x86_64.rpm libkea-pgsql71-2.6.5-150700.3.6.1.x86_64.rpm libkea-process76-2.6.5-150700.3.6.1.x86_64.rpm libkea-stats41-2.6.5-150700.3.6.1.x86_64.rpm libkea-tcp19-2.6.5-150700.3.6.1.x86_64.rpm libkea-util-io0-2.6.5-150700.3.6.1.x86_64.rpm libkea-util87-2.6.5-150700.3.6.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1351 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for bind fixes the following issues: Security issues: - CVE-2026-1519: maliciously crafted DNSSEC-validated zone can lead to denial of service (bsc#1260805). - CVE-2026-3104: memory leak in code preparing DNSSEC proofs of non-existence allows for DoS (bsc#1260567). - CVE-2026-3119: authenticated queries containing a TKEY record may cause `named` to terminate unexpectedly (bsc#1260568). - CVE-2026-3591: stack use-after-return flaw in SIG(0) handling code allows for ACL bypass (bsc#1260569). - use-after-free error in `dns_client_resolve()` triggered by a DNAME response (bsc#1259202). Upgrade to release 9.20.21 Security Fixes: * Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. (CVE-2026-1519) [bsc#1260805] * Fix memory leaks in code preparing DNSSEC proofs of non-existence. (CVE-2026-3104) [bsc#1260567] * Prevent a crash in code processing queries containing a TKEY record. (CVE-2026-3119) [bsc#1260568] * Fix a stack use-after-return flaw in SIG(0) handling code. (CVE-2026-3591) [bsc#1260569] * Fix a use-after-free error in dns_client_resolve() triggered by a DNAME response. This issue only affected the delv tool and it has now been fixed. [bsc#1259202] Feature Changes: * Record query time for all dnstap responses. * Optimize TCP source port selection on Linux. Bug Fixes: * Fix the handling of key statements defined inside views. * Fix an assertion failure triggered by non-minimal IXFRs. * Fix a crash when retrying a NOTIFY over TCP. * Fetch loop detection improvements. * Randomize nameserver selection. * Fix dnstap logging of forwarded queries. * A stale answer could have been served in case of multiple upstream failures when following CNAME chains. This has been fixed. * Fail DNSKEY validation when supported but invalid DS is found. * Importing an invalid SKR file might corrupt stack memory. * Return FORMERR for queries with the EDNS Client Subnet FAMILY field set to 0. * Fix inbound IXFR performance regression. * Make catalog zone names and member zones' entry names case-insensitive. * Fix implementation of BRID and HHIT record types. * Fix implementation of DSYNC record type. * Fix response policy and catalog zones to work with $INCLUDE directive. bind-9.20.21-150700.3.18.1.src.rpm bind-9.20.21-150700.3.18.1.x86_64.rpm bind-doc-9.20.21-150700.3.18.1.noarch.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1388 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for libtpms fixes the following issues: - CVE-2025-49133: Fixed potential out of bounds (OOB) read vulnerability (bsc#1244528) libtpms-0.9.6-150600.3.3.1.src.rpm libtpms-devel-0.9.6-150600.3.3.1.x86_64.rpm libtpms0-0.9.6-150600.3.3.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1367 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for mariadb fixes the following issues: Update to version 11.8.6. - https://mariadb.com/docs/release-notes/community-server/11.8/11.8.6 - https://mariadb.com/docs/release-notes/community-server/changelogs/11.8/11.8.6 Security issues fixed: - CVE-2026-32710: heap-based buffer overflow via `JSON_SCHEMA_VALID()` can lead to crash or remote code execution (bsc#1260081). Updating mariadb might impact the database service. Do you want to proceed with the update? libmariadbd-devel-11.8.6-150700.3.12.1.x86_64.rpm libmariadbd19-11.8.6-150700.3.12.1.x86_64.rpm mariadb-11.8.6-150700.3.12.1.src.rpm mariadb-11.8.6-150700.3.12.1.x86_64.rpm mariadb-client-11.8.6-150700.3.12.1.x86_64.rpm mariadb-errormessages-11.8.6-150700.3.12.1.noarch.rpm mariadb-tools-11.8.6-150700.3.12.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1341 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for wxWidgets-3_0 fixes the following issues: - Included wxWidgets-lang and libwx_baseu-suse3_0_5 in PackageHub (no source changes) (bsc#1260578) libwx_baseu-suse3_0_5-3.0.5.1-150200.11.9.1.x86_64.rpm libwx_gtk2u_core-suse3_0_5-3.0.5.1-150200.11.9.1.x86_64.rpm wxWidgets-3_0-3.0.5.1-150200.11.9.1.src.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1569 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for opensm fixes the following issue: - Fix issue with NDR switches related to MTU packet size (bsc#1258143). libopensm9-3.3.24-150500.8.3.2.x86_64.rpm libosmcomp5-3.3.24-150500.8.3.2.x86_64.rpm libosmvendor5-3.3.24-150500.8.3.2.x86_64.rpm opensm-3.3.24-150500.8.3.2.src.rpm opensm-3.3.24-150500.8.3.2.x86_64.rpm opensm-devel-3.3.24-150500.8.3.2.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1439 moderate SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for openvswitch fixes the following issue: Security updates: - CVE-2026-34956: Invalid memory access in conntrack FTP alg (bsc#1261273). Other updates: - Update openvswitch to 3.5.4 libopenvswitch-3_5-0-3.5.4-150700.41.15.1.x86_64.rpm libovn-25_03-0-25.03.2-150700.41.15.1.x86_64.rpm openvswitch-3.5.4-150700.41.15.1.src.rpm openvswitch-3.5.4-150700.41.15.1.x86_64.rpm openvswitch-devel-3.5.4-150700.41.15.1.x86_64.rpm openvswitch-ipsec-3.5.4-150700.41.15.1.x86_64.rpm openvswitch-pki-3.5.4-150700.41.15.1.x86_64.rpm openvswitch-test-3.5.4-150700.41.15.1.x86_64.rpm openvswitch-vtep-3.5.4-150700.41.15.1.x86_64.rpm ovn-25.03.2-150700.41.15.1.x86_64.rpm ovn-central-25.03.2-150700.41.15.1.x86_64.rpm ovn-devel-25.03.2-150700.41.15.1.x86_64.rpm ovn-docker-25.03.2-150700.41.15.1.x86_64.rpm ovn-host-25.03.2-150700.41.15.1.x86_64.rpm ovn-vtep-25.03.2-150700.41.15.1.x86_64.rpm python3-openvswitch-3.5.4-150700.41.15.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1551 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for libteam fixes the following issues: - Fix: teamd LACP initialization failure (-ENOMEM / Race condition) two BCM57414 25Gbps cards (bsc#1260370) * libteam: double NETLINK_RCVBUF to fix -ENOMEM error libteam-1.27-150000.4.21.1.src.rpm libteam-tools-1.27-150000.4.21.1.x86_64.rpm SUSE-SLE-Module-Server-Applications-15-SP7-2026-1426 important SUSE Updates SLE-Module-Server-Applications 15-SP7 x86 64 This update for grub2 fixes the following issues: - Fix missing install device check in grub2-install on PowerPC which could lead to bootlist corruption (bsc#1221126) * add mandatoryminstallmdevicemcheckmformPowerPC - Fix PowerPC network boot prefix to correctly locate grub.cfg (bsc#1249385) * use net config for boot location instead of - Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543) * btrfs: add ability to boot from subvolumes * btrfs: get default subvolume grub2-2.12-150700.19.29.1.src.rpm grub2-x86_64-xen-2.12-150700.19.29.1.noarch.rpm