Security update for protobuf SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02311-1 Final 1 1 2025-07-15T09:15:50Z current 2025-07-15T09:15:50Z 2025-07-15T09:15:50Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for protobuf This update for protobuf fixes the following issues: - CVE-2025-4565: Fix parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages that can lead to crash due to RecursionError (bsc#1244663). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container containers/milvus:2.4-2025-2311,Container containers/open-webui:0-2025-2311,SUSE-2025-2311,SUSE-SLE-Module-Basesystem-15-SP6-2025-2311,SUSE-SLE-Module-Basesystem-15-SP7-2025-2311,SUSE-SLE-Module-Development-Tools-15-SP6-2025-2311,SUSE-SLE-Module-Development-Tools-15-SP7-2025-2311,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2311,SUSE-SLE-Module-Python3-15-SP6-2025-2311,SUSE-SLE-Module-Python3-15-SP7-2025-2311,openSUSE-SLE-15.6-2025-2311 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502311-1/ Link for SUSE-SU-2025:02311-1 https://lists.suse.com/pipermail/sle-updates/2025-July/040709.html E-Mail link for SUSE-SU-2025:02311-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1244663 SUSE Bug 1244663 https://www.suse.com/security/cve/CVE-2025-4565/ SUSE CVE CVE-2025-4565 page Container containers/milvus:2.4 Container containers/open-webui:0 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Module for Development Tools 15 SP6 SUSE Linux Enterprise Module for Development Tools 15 SP7 SUSE Linux Enterprise Module for Package Hub 15 SP6 SUSE Linux Enterprise Module for Python 3 15 SP6 SUSE Linux Enterprise Module for Python 3 15 SP7 openSUSE Leap 15.6 libprotobuf25_1_0-25.1-150600.16.13.1 libprotobuf-lite25_1_0-25.1-150600.16.13.1 libprotobuf-lite25_1_0-32bit-25.1-150600.16.13.1 libprotobuf-lite25_1_0-64bit-25.1-150600.16.13.1 libprotobuf25_1_0-32bit-25.1-150600.16.13.1 libprotobuf25_1_0-64bit-25.1-150600.16.13.1 libprotoc25_1_0-25.1-150600.16.13.1 libprotoc25_1_0-32bit-25.1-150600.16.13.1 libprotoc25_1_0-64bit-25.1-150600.16.13.1 protobuf-devel-25.1-150600.16.13.1 protobuf-java-25.1-150600.16.13.1 protobuf-java-bom-25.1-150600.16.13.1 protobuf-java-parent-25.1-150600.16.13.1 python311-protobuf-4.25.1-150600.16.13.1 libprotobuf25_1_0-25.1-150600.16.13.1 as a component of Container containers/milvus:2.4 libprotobuf25_1_0-25.1-150600.16.13.1 as a component of Container containers/open-webui:0 libprotobuf-lite25_1_0-25.1-150600.16.13.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libprotobuf25_1_0-25.1-150600.16.13.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libprotoc25_1_0-25.1-150600.16.13.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libprotobuf-lite25_1_0-25.1-150600.16.13.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libprotobuf25_1_0-25.1-150600.16.13.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libprotoc25_1_0-25.1-150600.16.13.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 protobuf-devel-25.1-150600.16.13.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP6 protobuf-devel-25.1-150600.16.13.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP7 python311-protobuf-4.25.1-150600.16.13.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP6 python311-protobuf-4.25.1-150600.16.13.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP7 libprotobuf-lite25_1_0-25.1-150600.16.13.1 as a component of openSUSE Leap 15.6 libprotobuf-lite25_1_0-32bit-25.1-150600.16.13.1 as a component of openSUSE Leap 15.6 libprotobuf25_1_0-25.1-150600.16.13.1 as a component of openSUSE Leap 15.6 libprotobuf25_1_0-32bit-25.1-150600.16.13.1 as a component of openSUSE Leap 15.6 libprotoc25_1_0-25.1-150600.16.13.1 as a component of openSUSE Leap 15.6 libprotoc25_1_0-32bit-25.1-150600.16.13.1 as a component of openSUSE Leap 15.6 protobuf-devel-25.1-150600.16.13.1 as a component of openSUSE Leap 15.6 protobuf-java-25.1-150600.16.13.1 as a component of openSUSE Leap 15.6 protobuf-java-bom-25.1-150600.16.13.1 as a component of openSUSE Leap 15.6 protobuf-java-parent-25.1-150600.16.13.1 as a component of openSUSE Leap 15.6 python311-protobuf-4.25.1-150600.16.13.1 as a component of openSUSE Leap 15.6 Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashing the application with a RecursionError. We recommend upgrading to version =>6.31.1 or beyond commit 17838beda2943d08b8a9d4df5b68f5f04f26d901 CVE-2025-4565 Container containers/milvus:2.4:libprotobuf25_1_0-25.1-150600.16.13.1 Container containers/open-webui:0:libprotobuf25_1_0-25.1-150600.16.13.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libprotobuf-lite25_1_0-25.1-150600.16.13.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libprotobuf25_1_0-25.1-150600.16.13.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libprotoc25_1_0-25.1-150600.16.13.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libprotobuf-lite25_1_0-25.1-150600.16.13.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libprotobuf25_1_0-25.1-150600.16.13.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libprotoc25_1_0-25.1-150600.16.13.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:protobuf-devel-25.1-150600.16.13.1 SUSE Linux Enterprise Module for Development Tools 15 SP7:protobuf-devel-25.1-150600.16.13.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python311-protobuf-4.25.1-150600.16.13.1 SUSE Linux Enterprise Module for Python 3 15 SP7:python311-protobuf-4.25.1-150600.16.13.1 openSUSE Leap 15.6:libprotobuf-lite25_1_0-25.1-150600.16.13.1 openSUSE Leap 15.6:libprotobuf-lite25_1_0-32bit-25.1-150600.16.13.1 openSUSE Leap 15.6:libprotobuf25_1_0-25.1-150600.16.13.1 openSUSE Leap 15.6:libprotobuf25_1_0-32bit-25.1-150600.16.13.1 openSUSE Leap 15.6:libprotoc25_1_0-25.1-150600.16.13.1 openSUSE Leap 15.6:libprotoc25_1_0-32bit-25.1-150600.16.13.1 openSUSE Leap 15.6:protobuf-devel-25.1-150600.16.13.1 openSUSE Leap 15.6:protobuf-java-25.1-150600.16.13.1 openSUSE Leap 15.6:protobuf-java-bom-25.1-150600.16.13.1 openSUSE Leap 15.6:protobuf-java-parent-25.1-150600.16.13.1 openSUSE Leap 15.6:python311-protobuf-4.25.1-150600.16.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502311-1/ https://www.suse.com/security/cve/CVE-2025-4565.html CVE-2025-4565 https://bugzilla.suse.com/1244663 SUSE Bug 1244663