SUSE Blog

Author: Marcus Meissner

Avatar photo
By: Marcus Meissner

January 15, 2026 2:08 pm

114 views

Installing FIPS certified packages on SUSE Linux Enterprise Server 15 SP6 and SP7

SUSE has certified and is currently certifying various cryptographic modules for FIPS 140-3 on SUSE Linux Enterprise Server 15 SP6. Nearly all of those modules certified on SLES 15 SP6 can also be used on SLES 15 SP7, and for this purpose they are delivered to the SLES 15 SP7 Certifications Module. The modules consists […]

Read More

Categories: Compliance, Security, SUSE Linux Enterprise Server, Technical Solutions

Avatar photo
By: Marcus Meissner

December 4, 2025 9:42 am

448 views

SUSE state of and strategy for Post Quantum Cryptography at the end of 2025

SUSE's strategy on implementing post quantum cryptography (PQC) has been to adopt standards and upstream implementations when they become available, and deliver support to customers via maintenance or newer product revisions. Standardization status Cryptography and protocols on top of it needs to interoperate world wide between a wide range of third parties. This requires that […]

Read More

Categories: Security, SUSE Linux Enterprise Server

Avatar photo
By: Marcus Meissner

March 20, 2025 3:33 pm

1,317 views

Statement on CVE-2024-22033 – Compromise of Open Build Service via source services

Maxime Rinaudo of Fenrisk (http://fenrisk.com) found a security vulnerability in one of the services that are available on the open build service (https://build.opensuse.org/). He disclosed this to us privately to allow us to fix it before he publicly discloses it. We appreciate this very much and would like to thank him for […]

Read More

Categories: DevOps, Security

Avatar photo
By: Marcus Meissner

September 20, 2024 1:54 pm

2,586 views

SUSE has received first FIPS 140-3 cryptographic certificates

After several years of work the NIST CMVP agency has improved upon the existing FIPS 140-2 certification and established the FIPS 140-3 certification. The new standard brings many changes which are described in the Implementation Guidance. They established new requirements on lifecycle of cryptographic primitives and extended in the area of self-tests. They also took […]

Read More

Categories: Compliance, Security, SUSE Linux Enterprise Server, SUSE Secure

Avatar photo
By: Marcus Meissner

March 29, 2024 5:33 pm

9,376 views

SUSE addresses supply chain attack against xz compression library

SUSE received notification of a supply chain attack against the "xz" compression tool and "liblzma5" library. Background Security Researcher Andres Freund reported to Debian that the xz / liblzma library had been backdoored. This backdoor was introduced in the upstream github xz project with release 5.6.0 in February 2024. For the […]

Read More

Categories: Corporate, Security

Avatar photo
By: Marcus Meissner

December 18, 2023 4:08 pm

12,763 views

SUSE addresses the SSH v2 protocol Terrapin Attack aka CVE-2023-48795

Today, on December 18th 2023, researchers from the Ruhr University Bochum published a protocol flaw in the SSH v2 protocol, codenamed Terrapin Attack. The flaw allows removing encrypted SSH messages at the begin of the communication, allowing downgrade of some security aspects of SSH connections. The flaw does not allow injecting new traffic or commands. […]

Read More

Categories: Security, SUSE Linux Enterprise Server

Avatar photo
By: Marcus Meissner

September 20, 2023 2:30 pm

5,860 views

GO and FIPS 140-2 / 140-3 certified cryptography

The current FIPS 140-2 and ongoing FIPS 140-3 certification efforts by SUSE cover a wide range of system libraries and its users, and the Linux Kernel. One gap recently closed is the missing FIPS 140 support for applications written in the GO language. To allow building GO binaries with cryptography compliant to FIPS 140, SUSE […]

Read More

Categories: Compliance, Containers, Security, SUSE Linux Enterprise Server

Avatar photo
By: Marcus Meissner

April 3, 2023 12:44 pm

6,561 views

SUSE Linux Enterprise and SBOM support

After recent supply chain attacks and with ever increasing security automation especially the software inventory management becomes more and more important. Governments and other regulated industries now require publishing a so called Software Bill Of Materials (SBOM) to software products. Various SBOM formats have appeared in the market. SUSE has started to publish SBOM in […]

Read More

Categories: Compliance, Security, SUSE Linux Enterprise Server, Technical Solutions

Avatar photo
By: Marcus Meissner

September 15, 2022 2:14 pm

4,330 views

SUSE adds security automation support for Kernel Live Patches

SUSE has found that security automation is not handling SUSEs kernel livepatches very well. To understand the underlying problem and ways toward a solution, lets first look at the underlying concepts. Kernel Livepatching Kernel livepatching is a technology where functions within a running Linux kernel are patched to fix security issues, without rebooting or even […]

Read More

Categories: Achieve Nonstop IT, Security, SUSE Linux Enterprise Server, Technical Solutions

    Section Title

    Search

    Social Media

    Recent Posts Title

    Recent Blog Posts

    Recent Posts

    Popular Posts Title

    Popular Blog Posts

    Popular Posts

    Categories

    Archives

    About Links

    SUSE History
    SUSE Management Team
    SUSE Logos & Imagery