libPocoActiveRecord112-1.14.2-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:16384 Final 1 1 2025-07-08T00:00:00Z current 2025-07-08T00:00:00Z 2025-07-08T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libPocoActiveRecord112-1.14.2-1.1 on GA media These are all security issues fixed in the libPocoActiveRecord112-1.14.2-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-16384 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-52389/ SUSE CVE CVE-2023-52389 page https://www.suse.com/security/cve/CVE-2025-6375/ SUSE CVE CVE-2025-6375 page openSUSE Tumbleweed libPocoActiveRecord112-1.14.2-1.1 libPocoCppParser112-1.14.2-1.1 libPocoCrypto112-1.14.2-1.1 libPocoData112-1.14.2-1.1 libPocoDataMySQL112-1.14.2-1.1 libPocoDataODBC112-1.14.2-1.1 libPocoDataPostgreSQL112-1.14.2-1.1 libPocoDataSQLite112-1.14.2-1.1 libPocoEncodings112-1.14.2-1.1 libPocoFoundation112-1.14.2-1.1 libPocoJSON112-1.14.2-1.1 libPocoJWT112-1.14.2-1.1 libPocoMongoDB112-1.14.2-1.1 libPocoNet112-1.14.2-1.1 libPocoNetSSL112-1.14.2-1.1 libPocoPDF112-1.14.2-1.1 libPocoPrometheus112-1.14.2-1.1 libPocoRedis112-1.14.2-1.1 libPocoUtil112-1.14.2-1.1 libPocoXML112-1.14.2-1.1 libPocoZip112-1.14.2-1.1 poco-cpspc-1.14.2-1.1 poco-devel-1.14.2-1.1 libPocoActiveRecord112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoCppParser112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoCrypto112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoData112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoDataMySQL112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoDataODBC112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoDataPostgreSQL112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoDataSQLite112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoEncodings112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoFoundation112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoJSON112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoJWT112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoMongoDB112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoNet112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoNetSSL112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoPDF112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoPrometheus112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoRedis112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoUtil112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoXML112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoZip112-1.14.2-1.1 as a component of openSUSE Tumbleweed poco-cpspc-1.14.2-1.1 as a component of openSUSE Tumbleweed poco-devel-1.14.2-1.1 as a component of openSUSE Tumbleweed UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0. CVE-2023-52389 openSUSE Tumbleweed:libPocoActiveRecord112-1.14.2-1.1 openSUSE Tumbleweed:libPocoCppParser112-1.14.2-1.1 openSUSE Tumbleweed:libPocoCrypto112-1.14.2-1.1 openSUSE Tumbleweed:libPocoData112-1.14.2-1.1 openSUSE Tumbleweed:libPocoDataMySQL112-1.14.2-1.1 openSUSE Tumbleweed:libPocoDataODBC112-1.14.2-1.1 openSUSE Tumbleweed:libPocoDataPostgreSQL112-1.14.2-1.1 openSUSE Tumbleweed:libPocoDataSQLite112-1.14.2-1.1 openSUSE Tumbleweed:libPocoEncodings112-1.14.2-1.1 openSUSE Tumbleweed:libPocoFoundation112-1.14.2-1.1 openSUSE Tumbleweed:libPocoJSON112-1.14.2-1.1 openSUSE Tumbleweed:libPocoJWT112-1.14.2-1.1 openSUSE Tumbleweed:libPocoMongoDB112-1.14.2-1.1 openSUSE Tumbleweed:libPocoNet112-1.14.2-1.1 openSUSE Tumbleweed:libPocoNetSSL112-1.14.2-1.1 openSUSE Tumbleweed:libPocoPDF112-1.14.2-1.1 openSUSE Tumbleweed:libPocoPrometheus112-1.14.2-1.1 openSUSE Tumbleweed:libPocoRedis112-1.14.2-1.1 openSUSE Tumbleweed:libPocoUtil112-1.14.2-1.1 openSUSE Tumbleweed:libPocoXML112-1.14.2-1.1 openSUSE Tumbleweed:libPocoZip112-1.14.2-1.1 openSUSE Tumbleweed:poco-cpspc-1.14.2-1.1 openSUSE Tumbleweed:poco-devel-1.14.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-52389.html CVE-2023-52389 https://bugzilla.suse.com/1219269 SUSE Bug 1219269 A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component. CVE-2025-6375 openSUSE Tumbleweed:libPocoActiveRecord112-1.14.2-1.1 openSUSE Tumbleweed:libPocoCppParser112-1.14.2-1.1 openSUSE Tumbleweed:libPocoCrypto112-1.14.2-1.1 openSUSE Tumbleweed:libPocoData112-1.14.2-1.1 openSUSE Tumbleweed:libPocoDataMySQL112-1.14.2-1.1 openSUSE Tumbleweed:libPocoDataODBC112-1.14.2-1.1 openSUSE Tumbleweed:libPocoDataPostgreSQL112-1.14.2-1.1 openSUSE Tumbleweed:libPocoDataSQLite112-1.14.2-1.1 openSUSE Tumbleweed:libPocoEncodings112-1.14.2-1.1 openSUSE Tumbleweed:libPocoFoundation112-1.14.2-1.1 openSUSE Tumbleweed:libPocoJSON112-1.14.2-1.1 openSUSE Tumbleweed:libPocoJWT112-1.14.2-1.1 openSUSE Tumbleweed:libPocoMongoDB112-1.14.2-1.1 openSUSE Tumbleweed:libPocoNet112-1.14.2-1.1 openSUSE Tumbleweed:libPocoNetSSL112-1.14.2-1.1 openSUSE Tumbleweed:libPocoPDF112-1.14.2-1.1 openSUSE Tumbleweed:libPocoPrometheus112-1.14.2-1.1 openSUSE Tumbleweed:libPocoRedis112-1.14.2-1.1 openSUSE Tumbleweed:libPocoUtil112-1.14.2-1.1 openSUSE Tumbleweed:libPocoXML112-1.14.2-1.1 openSUSE Tumbleweed:libPocoZip112-1.14.2-1.1 openSUSE Tumbleweed:poco-cpspc-1.14.2-1.1 openSUSE Tumbleweed:poco-devel-1.14.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-6375.html CVE-2025-6375 https://bugzilla.suse.com/1245177 SUSE Bug 1245177