SUSE Linux has recently rolled out several important security updates, including moderate patches for the Firefox-ESR and CMCTL applications, as well as significant live patches for the Linux Kernel. The updates are as follows:
1. Firefox-ESR (openSUSE-SU-2025:15040-1): This update addresses a vulnerability identified as CVE-2025-2817, which carries a moderate severity rating with CVSS scores of 7.8 and 8.5, depending on the context. The updated package version is firefox-esr-128.10.0-1.1, and it is applicable for openSUSE Tumbleweed. Users can install this update to mitigate the vulnerabilities.
2. CMCTL (openSUSE-SU-2025:15039-1): This update fixes the vulnerability CVE-2024-40635, rated moderate with a CVSS score of 4.6. The updated package version is cmctl-2.2.0-1.1, also applicable to openSUSE Tumbleweed.
3. Linux Kernel Security Updates:
- For SLE 15 SP3 (SUSE-SU-2025:1423-1): This important update addresses three vulnerabilities, including CVE-2023-52885, CVE-2024-50205, and CVE-2024-56650. The Linux Kernel version affected is 5.3.18-150300_59_167, and it is relevant for multiple SUSE products, including SUSE Linux Enterprise Server 15 SP3.
- For SLE 15 SP4 (SUSE-SU-2025:1425-1): Similar to the SP3 update, this important update addresses vulnerabilities CVE-2024-50205, CVE-2024-56650, and CVE-2024-8805. The affected kernel version is 5.14.21-150400_24_136, and users of SUSE Linux Enterprise Server 15 SP4 and related products are advised to apply this update.
Installation Instructions: Users can utilize the standard SUSE installation methods, such as YaST online_update or the zypper command-line tool, to install these updates. Specific commands and package lists for each update are provided in the announcement.
References: Additional details, including CVE descriptions and patch instructions, are available through SUSE's security website and bug tracking system.
In summary, these updates enhance the security and stability of SUSE Linux environments by addressing known vulnerabilities in essential software components. Users are encouraged to apply these updates promptly to safeguard their systems
1. Firefox-ESR (openSUSE-SU-2025:15040-1): This update addresses a vulnerability identified as CVE-2025-2817, which carries a moderate severity rating with CVSS scores of 7.8 and 8.5, depending on the context. The updated package version is firefox-esr-128.10.0-1.1, and it is applicable for openSUSE Tumbleweed. Users can install this update to mitigate the vulnerabilities.
2. CMCTL (openSUSE-SU-2025:15039-1): This update fixes the vulnerability CVE-2024-40635, rated moderate with a CVSS score of 4.6. The updated package version is cmctl-2.2.0-1.1, also applicable to openSUSE Tumbleweed.
3. Linux Kernel Security Updates:
- For SLE 15 SP3 (SUSE-SU-2025:1423-1): This important update addresses three vulnerabilities, including CVE-2023-52885, CVE-2024-50205, and CVE-2024-56650. The Linux Kernel version affected is 5.3.18-150300_59_167, and it is relevant for multiple SUSE products, including SUSE Linux Enterprise Server 15 SP3.
- For SLE 15 SP4 (SUSE-SU-2025:1425-1): Similar to the SP3 update, this important update addresses vulnerabilities CVE-2024-50205, CVE-2024-56650, and CVE-2024-8805. The affected kernel version is 5.14.21-150400_24_136, and users of SUSE Linux Enterprise Server 15 SP4 and related products are advised to apply this update.
Installation Instructions: Users can utilize the standard SUSE installation methods, such as YaST online_update or the zypper command-line tool, to install these updates. Specific commands and package lists for each update are provided in the announcement.
References: Additional details, including CVE descriptions and patch instructions, are available through SUSE's security website and bug tracking system.
In summary, these updates enhance the security and stability of SUSE Linux environments by addressing known vulnerabilities in essential software components. Users are encouraged to apply these updates promptly to safeguard their systems
Firefox-ESR, CMCTL, Kernel updates for SUSE
SUSE Linux has received security updates, including moderate patches for Firefox-ESR, CMCTL, and live patches for the Linux Kernel:
openSUSE-SU-2025:15040-1: moderate: firefox-esr-128.10.0-1.1 on GA media
openSUSE-SU-2025:15039-1: moderate: cmctl-2.2.0-1.1 on GA media
SUSE-SU-2025:1423-1: important: Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)
SUSE-SU-2025:1425-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4)Firefox-ESR, CMCTL, Kernel updates for SUSE @ Linux Compatible
