SUSE Linux has announced a series of critical updates for various software packages, enhancing security and resolving vulnerabilities. The updates include significant enhancements for tomcat10, gpg2, python311-pycares, libpoppler-cpp, avif-tools, libxml2, and djvulibre. Here's a summary of the key updates:
1. Tomcat10: This important security update (SUSE-SU-2025:02261-1) addresses three vulnerabilities (CVE-2025-46701, CVE-2025-48988, CVE-2025-49125), which involve issues related to the CGI servlet, multipart request handling, and permissions hardening. The new version, Tomcat 10.1.42, includes various enhancements like support for multiple path parameters in URLs and improved request processing.
2. Gpg2: The low-severity update (SUSE-SU-2025:02259-1) fixes a denial-of-service vulnerability (CVE-2025-30258) caused by a malicious subkey in the keyring. Additional bug fixes also address issues with expired certificates and key importing.
3. Python311-Pycares, Libpoppler-CPP, AVIF-Tools, LibXML2, Djvulibre: Each of these packages has received moderate updates, addressing specific vulnerabilities:
- Python311-Pycares: Fixes a vulnerability (CVE-2025-48945) in version 4.9.0-1.1.
- Libpoppler-CPP: Addresses a vulnerability (CVE-2025-52886) in version 25.06.0-1.1.
- AVIF-Tools: Resolves a vulnerability (CVE-2025-48174) in version 1.3.0-2.1.
- LibXML2: This update resolves multiple vulnerabilities (CVE-2025-49794, CVE-2025-49795, CVE-2025-49796, CVE-2025-6021, CVE-2025-6170) in version 2.13.8-2.1.
- Djvulibre: Addresses a vulnerability (CVE-2025-53367) in version 3.5.29-1.1.
Installation Instructions: Users are advised to apply these updates using the SUSE recommended methods, such as YaST online_update or the command line with `zypper patch`. Each package update has specific commands for installation based on the product version.
Additional Notes: The updates demonstrate SUSE's commitment to maintaining a secure operating environment for users by promptly addressing vulnerabilities and improving software functionality continuously. Users should regularly check for updates and apply them to ensure their systems remain secure.
In conclusion, these updates not only patch significant security holes but also introduce enhancements that improve the overall performance and reliability of the affected software packages. Regularly maintaining and updating software is critical in protecting against potential cyber threats
1. Tomcat10: This important security update (SUSE-SU-2025:02261-1) addresses three vulnerabilities (CVE-2025-46701, CVE-2025-48988, CVE-2025-49125), which involve issues related to the CGI servlet, multipart request handling, and permissions hardening. The new version, Tomcat 10.1.42, includes various enhancements like support for multiple path parameters in URLs and improved request processing.
2. Gpg2: The low-severity update (SUSE-SU-2025:02259-1) fixes a denial-of-service vulnerability (CVE-2025-30258) caused by a malicious subkey in the keyring. Additional bug fixes also address issues with expired certificates and key importing.
3. Python311-Pycares, Libpoppler-CPP, AVIF-Tools, LibXML2, Djvulibre: Each of these packages has received moderate updates, addressing specific vulnerabilities:
- Python311-Pycares: Fixes a vulnerability (CVE-2025-48945) in version 4.9.0-1.1.
- Libpoppler-CPP: Addresses a vulnerability (CVE-2025-52886) in version 25.06.0-1.1.
- AVIF-Tools: Resolves a vulnerability (CVE-2025-48174) in version 1.3.0-2.1.
- LibXML2: This update resolves multiple vulnerabilities (CVE-2025-49794, CVE-2025-49795, CVE-2025-49796, CVE-2025-6021, CVE-2025-6170) in version 2.13.8-2.1.
- Djvulibre: Addresses a vulnerability (CVE-2025-53367) in version 3.5.29-1.1.
Installation Instructions: Users are advised to apply these updates using the SUSE recommended methods, such as YaST online_update or the command line with `zypper patch`. Each package update has specific commands for installation based on the product version.
Additional Notes: The updates demonstrate SUSE's commitment to maintaining a secure operating environment for users by promptly addressing vulnerabilities and improving software functionality continuously. Users should regularly check for updates and apply them to ensure their systems remain secure.
In conclusion, these updates not only patch significant security holes but also introduce enhancements that improve the overall performance and reliability of the affected software packages. Regularly maintaining and updating software is critical in protecting against potential cyber threats
Tomcat10, Gpg2, Python311-Pycares, Libpoppler-CPP, AVIF-Tools, LibXML2, Djvulibre updates for SUSE
SUSE Linux has been updated with multiple security enhancements, including tomcat10, gpg2, python311-pycares, libpoppler-cpp, avif-tools, libxml2, and djvulibre:
SUSE-SU-2025:02261-1: important: Security update for tomcat10
SUSE-SU-2025:02259-1: low: Recommended update for gpg2
openSUSE-SU-2025:15324-1: moderate: python311-pycares-4.9.0-1.1 on GA media
openSUSE-SU-2025:15323-1: moderate: libpoppler-cpp2-25.06.0-1.1 on GA media
openSUSE-SU-2025:15320-1: moderate: avif-tools-1.3.0-2.1 on GA media
openSUSE-SU-2025:15321-1: moderate: libxml2-2-2.13.8-2.1 on GA media
openSUSE-SU-2025:15319-1: moderate: djvulibre-3.5.29-1.1 on GA media
