SLES 15

SLES 15 — openssl — multiple vulnerabilities (20 CVEs) — patch and remediation guide — diagnosis and fix on SLES 15

SLES 15 — openssl — multiple vulnerabilities (20 CVEs) — patch and remediation guide

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory RHSA-2026:1472 (see also SUSE bugzilla) Related CVEs: CVE-2025-15467 CVE-2021-3711 CVE-2026-28388 CVE-2026-31789 CVE-2025-9230 CVE-2024-12797 CVE-2024-9143 CVE-2024-41996  +12 more Upstream summary: Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters […]

Read more
SLES 15 — libmysofa1 — multiple vulnerabilities (15 CVEs) — patch and remediation guide — diagnosis and fix on SLES 15

SLES 15 — libmysofa1 — multiple vulnerabilities (15 CVEs) — patch and remediation guide

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2019-10672 CVE-2019-16092 CVE-2019-16093 CVE-2021-3756 CVE-2019-16091 CVE-2019-16094 CVE-2019-16095 CVE-2019-20063  +7 more Upstream summary: treeRead in hdf/btree.c in libmysofa before 0.7 does not properly validate multiplications and […]

Read more
SLES 15 — openvpn — multiple vulnerabilities (15 CVEs) — patch and remediation guide — diagnosis and fix on SLES 15

SLES 15 — openvpn — multiple vulnerabilities (15 CVEs) — patch and remediation guide

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2023-46850 CVE-2025-13086 CVE-2022-0547 CVE-2017-7521 CVE-2017-7522 CVE-2025-2704 CVE-2024-5594 CVE-2024-28882  +7 more Upstream summary: Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined […]

Read more
SLES 15 — kernel-docs — multiple vulnerabilities (20 CVEs) — patch and remediation guide — diagnosis and fix on SLES 15

SLES 15 — kernel-docs — multiple vulnerabilities (20 CVEs) — patch and remediation guide

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-SA:2011:019 (see also SUSE bugzilla) Related CVEs: CVE-2011-1180 CVE-2022-2991 CVE-2021-39713 CVE-2020-0433 CVE-2021-0935 CVE-2021-23133 CVE-2018-25020 CVE-2020-0429  +12 more Upstream summary: Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux […]

Read more
SLES 15 — ntp — multiple vulnerabilities (20 CVEs) — patch and remediation guide — diagnosis and fix on SLES 15

SLES 15 — ntp — multiple vulnerabilities (20 CVEs) — patch and remediation guide

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2015:2058-1 (see also SUSE bugzilla) Related CVEs: CVE-2015-7705 CVE-2015-7853 CVE-2015-7871 CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 CVE-2014-9297  +12 more Upstream summary: The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 […]

Read more
SLES 15 — cloud-init — multiple vulnerabilities (8 CVEs) — patch and remediation guide — diagnosis and fix on SLES 15

SLES 15 — cloud-init — multiple vulnerabilities (8 CVEs) — patch and remediation guide

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory RHSA-2025:10848 (see also SUSE bugzilla) Related CVEs: CVE-2024-6174 CVE-2020-8631 CVE-2020-8632 CVE-2024-11584 CVE-2021-3429 CVE-2022-2084 CVE-2023-1786 CVE-2019-0816 Upstream summary: When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with […]

Read more
SLES 15 — dnsdist — multiple vulnerabilities (15 CVEs) — patch and remediation guide — diagnosis and fix on SLES 15

SLES 15 — dnsdist — multiple vulnerabilities (15 CVEs) — patch and remediation guide

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:0888-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-8671 CVE-2025-30193 CVE-2025-30194 CVE-2024-25581 CVE-2016-7069 CVE-2026-24028 CVE-2026-24029 CVE-2026-24030  +7 more Upstream summary: A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the […]

Read more
SLES 15 — alloy — multiple vulnerabilities (4 CVEs) — patch and remediation guide — diagnosis and fix on SLES 15

SLES 15 — alloy — multiple vulnerabilities (4 CVEs) — patch and remediation guide

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:0327-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-68156 CVE-2025-47913 CVE-2025-11065 CVE-2025-58058 Upstream summary: Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, […]

Read more
SLES 15 — ucode-intel — multiple vulnerabilities (20 CVEs) — patch and remediation guide — diagnosis and fix on SLES 15

SLES 15 — ucode-intel — multiple vulnerabilities (20 CVEs) — patch and remediation guide

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:03052-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-20053 CVE-2025-20109 CVE-2025-22839 CVE-2025-22840 CVE-2025-22889 CVE-2025-26403 CVE-2025-32086 CVE-2024-21820  +12 more Upstream summary: Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may […]

Read more
SLES 15 — gdm — multiple vulnerabilities (8 CVEs) — patch and remediation guide — diagnosis and fix on SLES 15

SLES 15 — gdm — multiple vulnerabilities (8 CVEs) — patch and remediation guide

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-RU-2025:20479-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-6018 CVE-2020-16125 CVE-2011-1709 CVE-2017-12164 CVE-2018-14424 CVE-2019-3825 CVE-2020-27837 CVE-2015-7496 Upstream summary: A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication […]

Read more
CHAT