Key Updates:
1. CUPS (Common Unix Printing System):
- Version: 2.4.14-1.1
- Severity: Moderate
- Vulnerabilities Addressed: CVE-2025-58060 and CVE-2025-58364, with CVSS scores suggesting significant security risks.
- Affected Products: openSUSE Tumbleweed.
2. Cairo:
- Severity: Low
- Vulnerability Addressed: CVE-2025-50422, which can lead to a crash in the Poppler library.
- Affected Products: openSUSE Leap 15.4 and various SUSE Linux Enterprise Micro versions.
3. CMake:
- Severity: Low
- Vulnerability Addressed: CVE-2025-9301, related to improper validation causing assertion failures.
- Affected Products: openSUSE Leap 15.4.
4. Linux Kernel:
- Severity: Important
- Multiple Vulnerabilities: A total of 22 vulnerabilities were addressed, including significant issues like CVE-2025-38180 and CVE-2024-53177, with CVSS scores indicating high severity.
- Affected Products: openSUSE Leap 15.5 and SUSE Linux Enterprise Micro 5.5.
5. Chromium:
- Severity: Important
- Multiple Vulnerabilities: Updates for CVE-2025-10500, CVE-2025-10501, and others, addressing critical security flaws related to type confusion and memory handling.
- Affected Products: openSUSE Backports SLE-15-SP6 and SLE-15-SP7.
6. BlueZ:
- Severity: Moderate
- Vulnerability Addressed: CVE-2023-45866, which allows potential keystroke injection through HID device connections.
- Affected Products: openSUSE Leap 15.4 and SUSE Linux Enterprise Micro versions.
7. FRR (Free Range Routing):
- Severity: Moderate
- Vulnerability Addressed: CVE-2024-55553, which can cause excessive resource consumption leading to denial of service.
- Affected Products: openSUSE Leap 15.3.
8. MariaDB:
- Severity: Moderate
- Multiple Vulnerabilities: Updates to address several issues (CVE-2023-52969, CVE-2023-52970, CVE-2025-30693, and CVE-2025-30722) that allow unauthorized data manipulation and potential server crashes.
- Affected Products: Multiple versions of SUSE Linux Enterprise and openSUSE.
9. KubeVirt:
- Severity: Important
- Multiple Vulnerabilities: Updates addressing security issues (CVE-2024-45337, CVE-2024-45338, CVE-2025-22872) related to virtual container management.
- Affected Products: openSUSE Leap 15.6 and SUSE Linux Enterprise Server versions.
Installation Instructions:
Users are encouraged to perform updates using SUSE's recommended methods, such as YaST online_update or `zypper patch`. Specific commands for each product version are provided in the announcements.Conclusion:
These updates are crucial for maintaining system security and stability across SUSE and openSUSE distributions. Users should promptly apply these patches to protect against identified vulnerabilitiesCUPS, Cairo, Kernel, and more updates for SUSE
SUSE has released security updates for various packages, including the Linux Kernel and Chromium. The Linux Kernel update is considered important, while the Chromium updates are also important. Additionally, there are moderate security updates for bluez, frr, mariadb, and other packages such as cups, cairo, cmake, and more.
openSUSE-SU-2025:15562-1: moderate: cups-2.4.14-1.1 on GA media
SUSE-SU-2025:03280-1: low: Security update for cairo
SUSE-SU-2025:03281-1: low: Security update for cmake
SUSE-SU-2025:03283-1: important: Security update for the Linux Kernel
openSUSE-SU-2025:0367-1: important: Security update for chromium
openSUSE-SU-2025:0368-1: important: Security update for chromium
SUSE-SU-2025:03277-1: moderate: Security update for bluez
SUSE-SU-2025:03274-1: moderate: Security update for frr
SUSE-SU-2025:03275-1: moderate: Security update for mariadb
SUSE-SU-2025:03276-1: moderate: Security update for mariadb
SUSE-SU-2025:03278-1: important: Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-contai ...CUPS, Cairo, Kernel, and more updates for SUSE @ Linux Compatible
